ohok[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ohok.zip
Size

10.5MB
MD5

e02bfbbd372fdcb1983c1be661d68472
SHA1

2fa2e2937a92a9f97060efadc28c2524db671d16
SHA256

4566ae83ab0b869ba3d80e69966e7b296126ef28d9d5fe2e6c00b6a95ac3325d
SHA512

7e69a1c7fa2cb06adda7fb5d7a73cd589cdf94f465be7b1112571530e59b898646d48b9f6017b9d86dbd3e5a399a0eac021837147534fff249c0343831bc73cb
SSDEEP

196608:4FpcM8l1Woj6MCV7X6BfBKjlkZPo0Ba5RFTv07ygLyjQRl6Djw:4R+1WFMCV7Xe0jlkFhBuFMygLyEl68

Score

1^/10

Malware Config

Signatures

Files

ohok.zip
.zip
1ASPX.exe
.exe windows:6 windows x64 arch:x64

f24c4fa95541488eed81258d72fa6336

Code Sign

b1:3c:53:37:b0:86:3b:4a:d8:5e:c3:42:3c:e8:3f:be
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

23/02/2024, 00:00

Not After

22/02/2027, 23:59

Subject

SERIALNUMBER=53481265A,CN=PURSLANE,O=PURSLANE,ST=North West,C=SG,2.5.4.15=#130f427573696e65737320456e74697479,1.3.6.1.4.1.311.60.2.1.3=#13025347

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

01:bd:3f:a3:6a:2f:45:b2:04:7f:4e:7d:59:18:54:68:5d:2f:57:6f:b2:b1:bc:f0:66:6d:3b:03:92:fb:e6:42
Signer

Actual PE Digest

01:bd:3f:a3:6a:2f:45:b2:04:7f:4e:7d:59:18:54:68:5d:2f:57:6f:b2:b1:bc:f0:66:6d:3b:03:92:fb:e6:42

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

desktop_drop_plugin

DesktopDropPluginRegisterWithRegistrar

desktop_multi_window_plugin

DesktopMultiWindowSetWindowCreatedCallback
DesktopMultiWindowPluginRegisterWithRegistrar

file_selector_windows_plugin

FileSelectorWindowsRegisterWithRegistrar

flutter_custom_cursor_plugin

FlutterCustomCursorPluginRegisterWithRegistrar

flutter_gpu_texture_renderer_plugin

FlutterGpuTextureRendererPluginCApiRegisterWithRegistrar

screen_retriever_plugin

ScreenRetrieverPluginRegisterWithRegistrar

texture_rgba_renderer_plugin

TextureRgbaRendererPluginCApiRegisterWithRegistrar

uni_links_desktop_plugin

UniLinksDesktopPluginRegisterWithRegistrar
DispatchToUniLinksDesktop

url_launcher_windows_plugin

UrlLauncherWindowsRegisterWithRegistrar

window_manager_plugin

WindowManagerPluginRegisterWithRegistrar

window_size_plugin

WindowSizePluginRegisterWithRegistrar

flutter_windows

FlutterDesktopMessengerRelease
FlutterDesktopMessengerAddRef
FlutterDesktopMessengerSetCallback
FlutterDesktopMessengerSendResponse
FlutterDesktopMessengerSendWithReply
FlutterDesktopMessengerSend
FlutterDesktopViewControllerHandleTopLevelWindowProc
FlutterDesktopViewControllerGetView
FlutterDesktopViewControllerDestroy
FlutterDesktopViewControllerCreate
FlutterDesktopEngineGetMessenger
FlutterDesktopEngineGetPluginRegistrar
FlutterDesktopEngineReloadSystemFonts
FlutterDesktopEngineDestroy
FlutterDesktopEngineCreate
FlutterDesktopGetDpiForMonitor
FlutterDesktopResyncOutputStreams
FlutterDesktopViewGetHWND
FlutterDesktopMessengerIsAvailable
FlutterDesktopMessengerLock
FlutterDesktopMessengerUnlock

kernel32

WriteConsoleW
SetEndOfFile
HeapSize
CreateFileW
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapReAlloc
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
ReadFile
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
CloseHandle
SetStdHandle
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
HeapAlloc
HeapFree
WriteFile
GetStdHandle
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
DuplicateHandle
LoadLibraryExW
TlsFree
TlsSetValue
IsDebuggerPresent
GetProcAddress
LoadLibraryA
AttachConsole
GetCommandLineW
LocalFree
WideCharToMultiByte
AllocConsole
FreeLibrary
GetModuleHandleW
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
GetLastError
RaiseException
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
LCMapStringEx
GetStringTypeW

user32

TranslateMessage
GetMessageW
CreateWindowExW
ShowWindow
MonitorFromPoint
LoadIconW
LoadCursorW
SetParent
SetWindowLongPtrW
GetWindowLongPtrW
GetClientRect
SetFocus
SetWindowPos
MoveWindow
DestroyWindow
SetForegroundWindow
UnregisterClassW
RegisterClassW
PostQuitMessage
DefWindowProcW
FindWindowW
DispatchMessageW

shell32

CommandLineToArgvW

ole32

CoInitializeEx
CoCreateInstance
CoUninitialize

Sections

.text
Size: 150KB - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
aeolotropy.yaml
desktop_drop_plugin.dll
.dll windows:6 windows x64 arch:x64

673dff6bf055269eceda6b27909f59d8

Code Sign

b1:3c:53:37:b0:86:3b:4a:d8:5e:c3:42:3c:e8:3f:be
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

23/02/2024, 00:00

Not After

22/02/2027, 23:59

Subject

SERIALNUMBER=53481265A,CN=PURSLANE,O=PURSLANE,ST=North West,C=SG,2.5.4.15=#130f427573696e65737320456e74697479,1.3.6.1.4.1.311.60.2.1.3=#13025347

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

35:58:e0:8f:14:a2:48:16:a7:8e:dd:f7:bb:1e:24:ec:05:00:17:c3:ef:a9:50:91:7f:04:97:62:57:51:9e:7e
Signer

Actual PE Digest

35:58:e0:8f:14:a2:48:16:a7:8e:dd:f7:bb:1e:24:ec:05:00:17:c3:ef:a9:50:91:7f:04:97:62:57:51:9e:7e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

flutter_windows

FlutterDesktopPluginRegistrarGetView
FlutterDesktopViewGetHWND
FlutterDesktopMessengerSend
FlutterDesktopMessengerSendResponse
FlutterDesktopMessengerSendWithReply
FlutterDesktopTextureRegistrarMarkExternalTextureFrameAvailable
FlutterDesktopMessengerSetCallback
FlutterDesktopRegistrarGetTextureRegistrar
FlutterDesktopPluginRegistrarGetMessenger
FlutterDesktopPluginRegistrarSetDestructionHandler
FlutterDesktopTextureRegistrarUnregisterExternalTexture
FlutterDesktopTextureRegistrarRegisterExternalTexture
FlutterDesktopMessengerUnlock
FlutterDesktopMessengerLock
FlutterDesktopMessengerIsAvailable
FlutterDesktopMessengerRelease
FlutterDesktopMessengerAddRef

kernel32

GetModuleHandleW
WriteConsoleW
CreateFileW
HeapSize
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GlobalUnlock
GlobalLock
WideCharToMultiByte
HeapReAlloc
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
ReadFile
GetConsoleMode
GetConsoleOutputCP
WriteFile
FlushFileBuffers
CloseHandle
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
LCMapStringEx
GetStringTypeW
GetCPInfo
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
RtlUnwindEx
InterlockedFlushSList
RtlPcToFileHeader
RaiseException
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
GetStdHandle
GetFileType
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW

user32

ScreenToClient

shell32

DragQueryFileW

ole32

OleUninitialize
RegisterDragDrop
RevokeDragDrop
ReleaseStgMedium
OleInitialize

Exports

Exports

DesktopDropPluginRegisterWithRegistrar

Sections

.text
Size: 202KB - Virtual size: 202KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
desktop_multi_window_plugin.dll
.dll windows:6 windows x64 arch:x64

aed708095f8a606f273ae8bc017b3eca

Code Sign

b1:3c:53:37:b0:86:3b:4a:d8:5e:c3:42:3c:e8:3f:be
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

23/02/2024, 00:00

Not After

22/02/2027, 23:59

Subject

SERIALNUMBER=53481265A,CN=PURSLANE,O=PURSLANE,ST=North West,C=SG,2.5.4.15=#130f427573696e65737320456e74697479,1.3.6.1.4.1.311.60.2.1.3=#13025347

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c8:1d:dc:cd:f1:57:74:03:c9:21:84:51:ca:18:18:fa:94:d5:71:e0:20:bc:2a:c5:2c:6a:dd:2d:e8:9f:a2:e1
Signer

Actual PE Digest

c8:1d:dc:cd:f1:57:74:03:c9:21:84:51:ca:18:18:fa:94:d5:71:e0:20:bc:2a:c5:2c:6a:dd:2d:e8:9f:a2:e1

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

url_launcher_windows_plugin

UrlLauncherWindowsRegisterWithRegistrar

window_size_plugin

WindowSizePluginRegisterWithRegistrar

texture_rgba_renderer_plugin

TextureRgbaRendererPluginCApiRegisterWithRegistrar

flutter_windows

FlutterDesktopPluginRegistrarGetMessenger
FlutterDesktopViewControllerHandleTopLevelWindowProc
FlutterDesktopViewControllerGetView
FlutterDesktopViewControllerDestroy
FlutterDesktopViewControllerCreate
FlutterDesktopEngineGetMessenger
FlutterDesktopEngineGetPluginRegistrar
FlutterDesktopEngineReloadSystemFonts
FlutterDesktopEngineDestroy
FlutterDesktopEngineCreate
FlutterDesktopRegistrarGetTextureRegistrar
FlutterDesktopPluginRegistrarSetDestructionHandler
FlutterDesktopTextureRegistrarMarkExternalTextureFrameAvailable
FlutterDesktopTextureRegistrarUnregisterExternalTexture
FlutterDesktopTextureRegistrarRegisterExternalTexture
FlutterDesktopMessengerUnlock
FlutterDesktopMessengerLock
FlutterDesktopMessengerIsAvailable
FlutterDesktopMessengerRelease
FlutterDesktopMessengerAddRef
FlutterDesktopMessengerSetCallback
FlutterDesktopMessengerSendResponse
FlutterDesktopMessengerSendWithReply
FlutterDesktopMessengerSend
FlutterDesktopGetDpiForMonitor
FlutterDesktopPluginRegistrarGetView
FlutterDesktopViewGetHWND

kernel32

WriteConsoleW
CreateFileW
HeapSize
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapReAlloc
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
ReadFile
GetConsoleMode
GetConsoleOutputCP
WriteFile
FlushFileBuffers
CloseHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
FlsFree
FlsSetValue
GetVersion
FreeLibrary
GetProcAddress
LoadLibraryA
MultiByteToWideChar
FlsGetValue
FlsAlloc
GetFileType
GetStdHandle
HeapAlloc
HeapFree
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
GetLastError
RaiseException
RtlPcToFileHeader
InterlockedFlushSList
RtlUnwindEx
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleW
DeleteCriticalSection
RtlVirtualUnwind
RtlLookupFunctionEntry
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
RtlUnwind
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext

user32

GetAncestor
RegisterClassW
GetMonitorInfoW
MonitorFromWindow
MonitorFromRect
GetWindow
SetWindowLongW
GetWindowLongW
GetCursorPos
GetWindowRect
SetWindowTextW
SetForegroundWindow
ReleaseCapture
IsZoomed
IsWindowVisible
GetWindowPlacement
ShowWindowAsync
PostMessageW
SendMessageW
MonitorFromPoint
LoadIconW
LoadCursorW
SetParent
SetWindowLongPtrW
GetWindowLongPtrW
GetClientRect
SetFocus
SetWindowPos
MoveWindow
ShowWindow
DestroyWindow
CreateWindowExW
UnregisterClassW
DefWindowProcW

gdi32

GetStockObject

dwmapi

DwmExtendFrameIntoClientArea

Exports

Exports

DesktopMultiWindowPluginRegisterWithRegistrar
DesktopMultiWindowSetWindowCreatedCallback

Sections

.text
Size: 239KB - Virtual size: 239KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
file_selector_windows_plugin.dll
.dll windows:6 windows x64 arch:x64

2e04a9a3bb22f9e811f283688d3dd807

Code Sign

b1:3c:53:37:b0:86:3b:4a:d8:5e:c3:42:3c:e8:3f:be
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

23/02/2024, 00:00

Not After

22/02/2027, 23:59

Subject

SERIALNUMBER=53481265A,CN=PURSLANE,O=PURSLANE,ST=North West,C=SG,2.5.4.15=#130f427573696e65737320456e74697479,1.3.6.1.4.1.311.60.2.1.3=#13025347

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

7f:cc:75:f1:49:e3:f3:fd:10:ab:43:f3:23:61:7c:6d:d4:6a:e9:cf:b2:f8:a7:bd:41:e2:ff:b0:f1:29:18:94
Signer

Actual PE Digest

7f:cc:75:f1:49:e3:f3:fd:10:ab:43:f3:23:61:7c:6d:d4:6a:e9:cf:b2:f8:a7:bd:41:e2:ff:b0:f1:29:18:94

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

flutter_windows

FlutterDesktopMessengerLock
FlutterDesktopMessengerUnlock
FlutterDesktopMessengerRelease
FlutterDesktopMessengerAddRef
FlutterDesktopPluginRegistrarSetDestructionHandler
FlutterDesktopTextureRegistrarRegisterExternalTexture
FlutterDesktopMessengerSendWithReply
FlutterDesktopMessengerSend
FlutterDesktopRegistrarGetTextureRegistrar
FlutterDesktopPluginRegistrarGetMessenger
FlutterDesktopViewGetHWND
FlutterDesktopPluginRegistrarGetView
FlutterDesktopTextureRegistrarUnregisterExternalTexture
FlutterDesktopTextureRegistrarMarkExternalTextureFrameAvailable
FlutterDesktopMessengerSendResponse
FlutterDesktopMessengerIsAvailable
FlutterDesktopMessengerSetCallback

kernel32

SetLastError
WriteConsoleW
CreateFileW
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
MultiByteToWideChar
WideCharToMultiByte
HeapSize
HeapReAlloc
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
ReadFile
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
LocalFree
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
GetLastError
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlPcToFileHeader
RaiseException
RtlUnwindEx
InterlockedFlushSList
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapFree
HeapAlloc
GetStdHandle
GetFileType
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
CloseHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP

user32

GetAncestor

shell32

SHCreateItemFromParsingName

ole32

CoTaskMemFree
CoCreateInstance

Exports

Exports

FileSelectorWindowsRegisterWithRegistrar

Sections

.text
Size: 220KB - Virtual size: 219KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
flutter_custom_cursor_plugin.dll
.dll windows:6 windows x64 arch:x64

e56962f24da8ed794b0dab78319e1dd6

Code Sign

b1:3c:53:37:b0:86:3b:4a:d8:5e:c3:42:3c:e8:3f:be
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

23/02/2024, 00:00

Not After

22/02/2027, 23:59

Subject

SERIALNUMBER=53481265A,CN=PURSLANE,O=PURSLANE,ST=North West,C=SG,2.5.4.15=#130f427573696e65737320456e74697479,1.3.6.1.4.1.311.60.2.1.3=#13025347

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0a:ab:81:44:0e:d8:60:57:00:11:e8:c2:b4:39:7a:67:1e:2b:2f:f5:39:e8:3c:d3:8e:28:d7:a7:39:83:5d:ee
Signer

Actual PE Digest

0a:ab:81:44:0e:d8:60:57:00:11:e8:c2:b4:39:7a:67:1e:2b:2f:f5:39:e8:3c:d3:8e:28:d7:a7:39:83:5d:ee

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

flutter_windows

FlutterDesktopRegistrarGetTextureRegistrar
FlutterDesktopPluginRegistrarGetMessenger
FlutterDesktopTextureRegistrarMarkExternalTextureFrameAvailable
FlutterDesktopTextureRegistrarUnregisterExternalTexture
FlutterDesktopTextureRegistrarRegisterExternalTexture
FlutterDesktopMessengerUnlock
FlutterDesktopMessengerLock
FlutterDesktopMessengerIsAvailable
FlutterDesktopMessengerRelease
FlutterDesktopMessengerAddRef
FlutterDesktopMessengerSetCallback
FlutterDesktopMessengerSendResponse
FlutterDesktopMessengerSendWithReply
FlutterDesktopMessengerSend
FlutterDesktopPluginRegistrarUnregisterTopLevelWindowProcDelegate
FlutterDesktopPluginRegistrarRegisterTopLevelWindowProcDelegate
FlutterDesktopPluginRegistrarGetView
FlutterDesktopPluginRegistrarSetDestructionHandler

user32

LoadCursorW
SetCursor
LoadCursorFromFileA

kernel32

RaiseException
WriteConsoleW
CreateFileW
HeapSize
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapReAlloc
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
LCMapStringEx
GetStringTypeW
GetCPInfo
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
InterlockedFlushSList
RtlPcToFileHeader
RtlUnwind
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapFree
HeapAlloc
GetStdHandle
GetFileType
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
CloseHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
ReadFile

Exports

Exports

FlutterCustomCursorPluginRegisterWithRegistrar

Sections

.text
Size: 197KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
flutter_gpu_texture_renderer_plugin.dll
.dll windows:6 windows x64 arch:x64

86f9565b2be1c9cabdba83abc034fb18

Code Sign

b1:3c:53:37:b0:86:3b:4a:d8:5e:c3:42:3c:e8:3f:be
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

23/02/2024, 00:00

Not After

22/02/2027, 23:59

Subject

SERIALNUMBER=53481265A,CN=PURSLANE,O=PURSLANE,ST=North West,C=SG,2.5.4.15=#130f427573696e65737320456e74697479,1.3.6.1.4.1.311.60.2.1.3=#13025347

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

31:37:05:bf:89:b6:89:e1:05:8c:65:62:65:ca:4e:69:a9:e6:84:68:41:74:31:e9:c1:24:5f:64:54:9b:8e:ae
Signer

Actual PE Digest

31:37:05:bf:89:b6:89:e1:05:8c:65:62:65:ca:4e:69:a9:e6:84:68:41:74:31:e9:c1:24:5f:64:54:9b:8e:ae

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

flutter_windows

FlutterDesktopTextureRegistrarMarkExternalTextureFrameAvailable
FlutterDesktopTextureRegistrarUnregisterExternalTexture
FlutterDesktopTextureRegistrarRegisterExternalTexture
FlutterDesktopMessengerUnlock
FlutterDesktopMessengerLock
FlutterDesktopMessengerIsAvailable
FlutterDesktopMessengerRelease
FlutterDesktopMessengerAddRef
FlutterDesktopPluginRegistrarSetDestructionHandler
FlutterDesktopMessengerSendResponse
FlutterDesktopMessengerSendWithReply
FlutterDesktopMessengerSend
FlutterDesktopRegistrarGetTextureRegistrar
FlutterDesktopPluginRegistrarGetMessenger
FlutterDesktopViewGetGraphicsAdapter
FlutterDesktopPluginRegistrarGetView
FlutterDesktopMessengerSetCallback

kernel32

IsProcessorFeaturePresent
WriteConsoleW
CreateFileW
HeapSize
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
GetCurrentThreadId
FormatMessageA
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
QueryPerformanceCounter
QueryPerformanceFrequency
LocalFree
GetLocaleInfoEx
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
GetCPInfo
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RtlUnwind
GetCurrentProcessId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwindEx
InterlockedFlushSList
RtlPcToFileHeader
RaiseException
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapFree
HeapAlloc
GetStdHandle
GetFileType
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileSizeEx
SetFilePointerEx
CloseHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
ReadFile
ReadConsoleW
HeapReAlloc

Exports

Exports

FlutterGpuTextureRendererPluginCApiGetAdapterLuid
FlutterGpuTextureRendererPluginCApiRegisterWithRegistrar
FlutterGpuTextureRendererPluginCApiSetTexture

Sections

.text
Size: 219KB - Virtual size: 218KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
flutter_windows.dll
.dll windows:5 windows x64 arch:x64

46af01a86bd2fb049906d2bc854f3552

Code Sign

b1:3c:53:37:b0:86:3b:4a:d8:5e:c3:42:3c:e8:3f:be
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

23/02/2024, 00:00

Not After

22/02/2027, 23:59

Subject

SERIALNUMBER=53481265A,CN=PURSLANE,O=PURSLANE,ST=North West,C=SG,2.5.4.15=#130f427573696e65737320456e74697479,1.3.6.1.4.1.311.60.2.1.3=#13025347

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

d7:0b:9c:ba:47:65:7c:9f:44:ec:e4:02:6d:42:36:9d:cb:6b:49:39:e8:58:22:c2:77:ab:fd:ba:24:22:c3:50
Signer

Actual PE Digest

d7:0b:9c:ba:47:65:7c:9f:44:ec:e4:02:6d:42:36:9d:cb:6b:49:39:e8:58:22:c2:77:ab:fd:ba:24:22:c3:50

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\b\s\w\ir\cache\builder\src\out\host_release\flutter_windows.dll.pdb

Imports

advapi32

RegOpenKeyExW
RegCloseKey
RegGetValueW
RegNotifyChangeKeyValue
RegQueryInfoKeyW
RegEnumKeyExW
SystemFunction036
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW

iphlpapi

GetAdaptersAddresses

ole32

CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc

oleaut32

SysFreeString
SysStringLen
SafeArrayCreateVector
SafeArrayPutElement
LoadTypeLi
VariantClear
SafeArrayGetVartype
VariantCopy
VarBstrCmp
SafeArrayGetDim
VarUI4FromStr
LoadRegTypeLi
SafeArrayDestroy
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocString
SafeArrayGetLBound
SafeArrayGetUBound
SysAllocStringLen
VariantInit

psapi

EnumProcessModules
GetProcessMemoryInfo

shlwapi

PathIsRelativeW

rpcrt4

UuidCreateSequential
UuidToStringW
RpcStringFreeW

winmm

timeEndPeriod
timeBeginPeriod

ws2_32

connect
getaddrinfo
recv
send
shutdown
closesocket
socket
setsockopt
ioctlsocket
getsockopt
WSAGetLastError
WSASetLastError
WSAIoctl
WSARecv
WSASend
WSASendTo
WSARecvFrom
gethostname
htons
ntohs
WSAAddressToStringW
WSAStartup
getsockname
getpeername
getnameinfo
InetPtonW
InetNtopW
bind
freeaddrinfo
WSASocketW
listen

imm32

ImmSetCompositionStringW
ImmReleaseContext
ImmSetCompositionWindow
ImmNotifyIME
ImmGetCompositionStringW
ImmSetCandidateWindow
ImmGetContext

user32

OpenClipboard
CloseClipboard
MessageBeep
GetKeyState
CloseTouchInputHandle
EnumThreadWindows
DestroyCaret
ReleaseCapture
CreateCaret
SetCapture
GetMessageExtraInfo
DefWindowProcW
RegisterTouchWindow
SetWindowLongPtrW
SendMessageW
MapVirtualKeyW
PeekMessageW
RegisterClassW
GetWindowLongPtrW
TrackMouseEvent
ScreenToClient
GetCursorPos
SetCursor
IsWindowVisible
IsClipboardFormatAvailable
SetTimer
SetUserObjectInformationA
CreateWindowExW
LoadCursorW
SystemParametersInfoW
ClientToScreen
MonitorFromPoint
MonitorFromWindow
UnregisterClassW
CreateIconIndirect
ReleaseDC
GetDC
GetParent
CharNextW
NotifyWinEvent
UnregisterClassA
IsWindow
GetClassInfoW
GetClientRect
WindowFromDC
GetWindowThreadProcessId
IsIconic
InvalidateRect
CreateWindowExA
GetClipboardData
EmptyClipboard
SetClipboardData
GetSysColor
PostMessageW
KillTimer
GetFocus
SetCaretPos
DestroyWindow
PostQuitMessage
GetTouchInputInfo

opengl32

wglGetProcAddress
wglGetCurrentContext

bcrypt

BCryptGenRandom

ntdll

RtlUnwindEx
RtlUnwind
VerSetConditionMask

oleacc

LresultFromObject

uiautomationcore

UiaRaiseAutomationEvent
UiaRaiseAutomationPropertyChangedEvent
UiaGetReservedNotSupportedValue
UiaGetReservedMixedAttributeValue
UiaHostProviderFromHwnd

propsys

VariantCompare

dxgi

CreateDXGIFactory1
CreateDXGIFactory

gdi32

DeleteDC
SetPixel
GetPixel
SelectObject
GetDeviceCaps
GetObjectW
CreateCompatibleDC
CreateDIBSection
DeleteObject
CreateCompatibleBitmap
SetDIBitsToDevice
GetPixelFormat
SetPixelFormat
DescribePixelFormat
SwapBuffers
ChoosePixelFormat

d3d9

D3DPERF_SetMarker
D3DPERF_GetStatus
Direct3DCreate9
D3DPERF_EndEvent
D3DPERF_BeginEvent

kernel32

FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
LCMapStringEx
EncodePointer
InitializeCriticalSectionEx
RtlPcToFileHeader
GetStringTypeW
InitOnceComplete
InitOnceBeginInitialize
GetExitCodeThread
SwitchToThread
GetFileInformationByHandleEx
FindFirstFileExW
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
GetEnvironmentVariableW
SetEnvironmentVariableW
CompareStringEx
GetCPInfo
FreeLibraryAndExitThread
ExitThread
GetDriveTypeW
CreateThread
PeekNamedPipe
ReadConsoleW
GetTempFileNameA
GetModuleHandleExW
LoadLibraryExA
GetModuleHandleExA
GetModuleHandleA
LocaleNameToLCID
lstrcmpiW
SizeofResource
LoadResource
FindResourceW
GetTimeZoneInformationForYear
SleepConditionVariableSRW
VirtualQuery
InterlockedFlushSList
CreatePipe
SetEvent
LoadLibraryExW
QueryPerformanceFrequency
WakeAllConditionVariable
WakeConditionVariable
SleepConditionVariableCS
InitializeConditionVariable
TryAcquireSRWLockExclusive
SetFileTime
DeviceIoControl
MoveFileW
CopyFileExW
CreateSymbolicLinkW
VirtualFree
VirtualProtect
SetFilePointerEx
VirtualAlloc
SetFileAttributesW
MoveFileExW
GetConsoleScreenBufferInfo
GetExitCodeProcess
CreateNamedPipeW
TerminateProcess
OpenProcess
WaitForMultipleObjects
CreateProcessW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetUserDefaultLocaleName
SetUnhandledExceptionFilter
SetCurrentDirectoryW
GetCurrentDirectoryW
GetQueuedCompletionStatus
ReadDirectoryChangesW
PostQueuedCompletionStatus
GetFileType
OpenThread
CancelIoEx
CreateIoCompletionPort
SetStdHandle
SetConsoleMode
GetConsoleMode
GetStdHandle
SetConsoleCP
SetConsoleOutputCP
GetConsoleOutputCP
SetConsoleCtrlHandler
GetFinalPathNameByHandleA
GetProcessHeap
WaitForSingleObjectEx
WriteFile
UnlockFileEx
SystemTimeToFileTime
TzSpecificLocalTimeToSystemTime
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
TlsFree
InterlockedPushEntrySList
Sleep
QueryPerformanceCounter
LockFileEx
InitializeCriticalSectionAndSpinCount
GetLastError
FormatMessageW
DecodePointer
DeleteCriticalSection
LoadLibraryA
GetProcAddress
CreateEventW
RegisterWaitForSingleObject
ResetEvent
UnregisterWait
CloseHandle
OutputDebugStringW
LocalFree
GetCurrentProcess
GetModuleHandleW
GetCurrentThread
SetThreadPriority
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
GetLocaleInfoEx
GetCurrentThreadId
GetCurrentProcessId
CreateToolhelp32Snapshot
Thread32Next
Thread32First
FormatMessageA
GetThreadPreferredUILanguages
CreateSemaphoreW
WaitForSingleObject
ReleaseSemaphore
RaiseException
GetCommandLineW
WideCharToMultiByte
GetTempPathW
CreateDirectoryW
CreateFileW
DuplicateHandle
GetFileInformationByHandle
GetFileAttributesW
RemoveDirectoryW
DeleteFileW
SetFilePointer
SetEndOfFile
FlushViewOfFile
FlushFileBuffers
FindFirstFileW
FindNextFileW
FindClose
GetFinalPathNameByHandleW
GetFileSize
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CreateWaitableTimerW
VerifyVersionInfoW
SetWaitableTimer
LoadLibraryW
FreeLibrary
GetModuleFileNameW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
GetSystemTimeAsFileTime
CreateFileA
IsDebuggerPresent
GetNativeSystemInfo
MultiByteToWideChar
OutputDebugStringA
GetFileSizeEx
ReadFile
ExitProcess
InitOnceExecuteOnce
InitializeSRWLock
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSRWLockExclusive
TlsGetValue
TlsAlloc
SetLastError
TlsSetValue
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
AreFileApisANSI
GetFileAttributesExW
GetFullPathNameW
GetSystemInfo
GetTempPathA
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
WriteConsoleW

crypt32

CertFreeCertificateContext
CertEnumCertificatesInStore
CertOpenStore
CertCloseStore

Exports

Exports

FlutterDesktopEngineCreate
FlutterDesktopEngineDestroy
FlutterDesktopEngineGetMessenger
FlutterDesktopEngineGetPluginRegistrar
FlutterDesktopEngineGetTextureRegistrar
FlutterDesktopEngineProcessExternalWindowMessage
FlutterDesktopEngineProcessMessages
FlutterDesktopEngineReloadSystemFonts
FlutterDesktopEngineRun
FlutterDesktopEngineSetNextFrameCallback
FlutterDesktopGetDpiForHWND
FlutterDesktopGetDpiForMonitor
FlutterDesktopMessengerAddRef
FlutterDesktopMessengerIsAvailable
FlutterDesktopMessengerLock
FlutterDesktopMessengerRelease
FlutterDesktopMessengerSend
FlutterDesktopMessengerSendResponse
FlutterDesktopMessengerSendWithReply
FlutterDesktopMessengerSetCallback
FlutterDesktopMessengerUnlock
FlutterDesktopPluginRegistrarGetMessenger
FlutterDesktopPluginRegistrarGetView
FlutterDesktopPluginRegistrarRegisterTopLevelWindowProcDelegate
FlutterDesktopPluginRegistrarSetDestructionHandler
FlutterDesktopPluginRegistrarUnregisterTopLevelWindowProcDelegate
FlutterDesktopRegistrarGetTextureRegistrar
FlutterDesktopResyncOutputStreams
FlutterDesktopTextureRegistrarMarkExternalTextureFrameAvailable
FlutterDesktopTextureRegistrarRegisterExternalTexture
FlutterDesktopTextureRegistrarUnregisterExternalTexture
FlutterDesktopViewControllerCreate
FlutterDesktopViewControllerDestroy
FlutterDesktopViewControllerForceRedraw
FlutterDesktopViewControllerGetEngine
FlutterDesktopViewControllerGetView
FlutterDesktopViewControllerHandleTopLevelWindowProc
FlutterDesktopViewGetGraphicsAdapter
FlutterDesktopViewGetHWND

Sections

.text
Size: 13.4MB - Virtual size: 13.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 360KB - Virtual size: 436KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 455KB - Virtual size: 454KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
importunacy.tiff
screen_retriever_plugin.dll
.dll windows:6 windows x64 arch:x64

76ceae767fbb99ba353ca524750073bd

Code Sign

b1:3c:53:37:b0:86:3b:4a:d8:5e:c3:42:3c:e8:3f:be
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

23/02/2024, 00:00

Not After

22/02/2027, 23:59

Subject

SERIALNUMBER=53481265A,CN=PURSLANE,O=PURSLANE,ST=North West,C=SG,2.5.4.15=#130f427573696e65737320456e74697479,1.3.6.1.4.1.311.60.2.1.3=#13025347

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

a7:4c:16:af:25:62:14:dc:3a:44:78:6c:b2:18:cc:2f:55:2a:33:b3:ac:4b:de:1c:02:7c:a4:0e:5c:cc:0e:d4
Signer

Actual PE Digest

a7:4c:16:af:25:62:14:dc:3a:44:78:6c:b2:18:cc:2f:55:2a:33:b3:ac:4b:de:1c:02:7c:a4:0e:5c:cc:0e:d4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

flutter_windows

FlutterDesktopRegistrarGetTextureRegistrar
FlutterDesktopPluginRegistrarGetMessenger
FlutterDesktopTextureRegistrarMarkExternalTextureFrameAvailable
FlutterDesktopTextureRegistrarUnregisterExternalTexture
FlutterDesktopTextureRegistrarRegisterExternalTexture
FlutterDesktopMessengerUnlock
FlutterDesktopMessengerLock
FlutterDesktopMessengerIsAvailable
FlutterDesktopMessengerRelease
FlutterDesktopMessengerAddRef
FlutterDesktopMessengerSetCallback
FlutterDesktopMessengerSendResponse
FlutterDesktopMessengerSendWithReply
FlutterDesktopMessengerSend
FlutterDesktopGetDpiForMonitor
FlutterDesktopPluginRegistrarGetView
FlutterDesktopPluginRegistrarSetDestructionHandler

user32

GetMonitorInfoW
MonitorFromPoint
GetCursorPos
EnumDisplayMonitors

kernel32

RaiseException
WriteConsoleW
CreateFileW
HeapSize
SetStdHandle
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetTimeZoneInformation
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
ReadFile
WideCharToMultiByte
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
GetLocaleInfoEx
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
CompareStringEx
GetCPInfo
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
InterlockedFlushSList
RtlPcToFileHeader
RtlUnwind
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapFree
HeapAlloc
GetStdHandle
GetFileType
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapReAlloc
CloseHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode

Exports

Exports

ScreenRetrieverPluginRegisterWithRegistrar

Sections

.text
Size: 393KB - Virtual size: 393KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
texture_rgba_renderer_plugin.dll
.dll windows:6 windows x64 arch:x64

b606dada6e918fa5080c5e892e065fab

Code Sign

b1:3c:53:37:b0:86:3b:4a:d8:5e:c3:42:3c:e8:3f:be
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

23/02/2024, 00:00

Not After

22/02/2027, 23:59

Subject

SERIALNUMBER=53481265A,CN=PURSLANE,O=PURSLANE,ST=North West,C=SG,2.5.4.15=#130f427573696e65737320456e74697479,1.3.6.1.4.1.311.60.2.1.3=#13025347

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

27:c2:54:cc:16:a7:c7:aa:c7:73:ea:1e:45:b4:98:4a:83:26:11:71:18:49:0d:6b:ae:38:6a:29:ef:b7:14:28
Signer

Actual PE Digest

27:c2:54:cc:16:a7:c7:aa:c7:73:ea:1e:45:b4:98:4a:83:26:11:71:18:49:0d:6b:ae:38:6a:29:ef:b7:14:28

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

flutter_windows

FlutterDesktopTextureRegistrarMarkExternalTextureFrameAvailable
FlutterDesktopTextureRegistrarUnregisterExternalTexture
FlutterDesktopTextureRegistrarRegisterExternalTexture
FlutterDesktopMessengerUnlock
FlutterDesktopMessengerLock
FlutterDesktopMessengerIsAvailable
FlutterDesktopMessengerRelease
FlutterDesktopMessengerAddRef
FlutterDesktopPluginRegistrarSetDestructionHandler
FlutterDesktopMessengerSendResponse
FlutterDesktopMessengerSendWithReply
FlutterDesktopMessengerSend
FlutterDesktopRegistrarGetTextureRegistrar
FlutterDesktopPluginRegistrarGetMessenger
FlutterDesktopPluginRegistrarGetView
FlutterDesktopMessengerSetCallback

kernel32

GetCurrentProcessId
WriteConsoleW
CreateFileW
HeapSize
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
GetCurrentThreadId
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
LCMapStringEx
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
GetStringTypeW
GetCPInfo
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
RtlUnwind
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwindEx
InterlockedFlushSList
RtlPcToFileHeader
RaiseException
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapFree
HeapAlloc
GetStdHandle
GetFileType
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
CloseHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
ReadFile
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
HeapReAlloc
FindClose

Exports

Exports

FlutterRgbaRendererPluginOnRgba
TextureRgbaRendererPluginCApiRegisterWithRegistrar

Sections

.text
Size: 203KB - Virtual size: 203KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uni_links_desktop_plugin.dll
.dll windows:6 windows x64 arch:x64

e20589b6bde4b9818a10a5c5fb6f71b1

Code Sign

b1:3c:53:37:b0:86:3b:4a:d8:5e:c3:42:3c:e8:3f:be
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

23/02/2024, 00:00

Not After

22/02/2027, 23:59

Subject

SERIALNUMBER=53481265A,CN=PURSLANE,O=PURSLANE,ST=North West,C=SG,2.5.4.15=#130f427573696e65737320456e74697479,1.3.6.1.4.1.311.60.2.1.3=#13025347

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

39:f7:f3:9a:0b:8e:38:6e:d7:45:4d:a6:9d:fb:9d:b8:96:7e:ce:99:fa:ba:b3:5d:9c:4d:5b:7b:e3:29:e2:fb
Signer

Actual PE Digest

39:f7:f3:9a:0b:8e:38:6e:d7:45:4d:a6:9d:fb:9d:b8:96:7e:ce:99:fa:ba:b3:5d:9c:4d:5b:7b:e3:29:e2:fb

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

flutter_windows

FlutterDesktopPluginRegistrarGetView
FlutterDesktopRegistrarGetTextureRegistrar
FlutterDesktopPluginRegistrarGetMessenger
FlutterDesktopTextureRegistrarMarkExternalTextureFrameAvailable
FlutterDesktopTextureRegistrarUnregisterExternalTexture
FlutterDesktopTextureRegistrarRegisterExternalTexture
FlutterDesktopMessengerUnlock
FlutterDesktopMessengerLock
FlutterDesktopMessengerIsAvailable
FlutterDesktopMessengerRelease
FlutterDesktopMessengerAddRef
FlutterDesktopMessengerSetCallback
FlutterDesktopMessengerSendResponse
FlutterDesktopMessengerSendWithReply
FlutterDesktopMessengerSend
FlutterDesktopPluginRegistrarUnregisterTopLevelWindowProcDelegate
FlutterDesktopPluginRegistrarRegisterTopLevelWindowProcDelegate
FlutterDesktopPluginRegistrarSetDestructionHandler

kernel32

InterlockedFlushSList
WriteConsoleW
CreateFileW
HeapSize
SetStdHandle
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetTimeZoneInformation
ReadConsoleW
GetCommandLineW
LocalFree
SetFilePointerEx
GetFileSizeEx
ReadFile
GetConsoleMode
GetConsoleOutputCP
WideCharToMultiByte
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
GetLocaleInfoEx
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
CompareStringEx
GetCPInfo
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
RtlUnwind
RtlPcToFileHeader
RaiseException
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
GetStdHandle
GetFileType
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapReAlloc
CloseHandle
FlushFileBuffers
WriteFile

user32

SendMessageW

shell32

CommandLineToArgvW

Exports

Exports

DispatchToUniLinksDesktop
UniLinksDesktopPluginRegisterWithRegistrar

Sections

.text
Size: 388KB - Virtual size: 388KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
url_launcher_windows_plugin.dll
.dll windows:6 windows x64 arch:x64

25112fb0be341a4fce9a45a99613a225

Code Sign

b1:3c:53:37:b0:86:3b:4a:d8:5e:c3:42:3c:e8:3f:be
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

23/02/2024, 00:00

Not After

22/02/2027, 23:59

Subject

SERIALNUMBER=53481265A,CN=PURSLANE,O=PURSLANE,ST=North West,C=SG,2.5.4.15=#130f427573696e65737320456e74697479,1.3.6.1.4.1.311.60.2.1.3=#13025347

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

f5:52:5c:7e:ef:4c:2e:33:2d:63:de:42:4e:7c:73:d9:15:8c:4c:b3:87:97:b3:b6:fc:43:3c:fc:6a:2a:3d:37
Signer

Actual PE Digest

f5:52:5c:7e:ef:4c:2e:33:2d:63:de:42:4e:7c:73:d9:15:8c:4c:b3:87:97:b3:b6:fc:43:3c:fc:6a:2a:3d:37

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

flutter_windows

FlutterDesktopPluginRegistrarGetView
FlutterDesktopTextureRegistrarMarkExternalTextureFrameAvailable
FlutterDesktopTextureRegistrarUnregisterExternalTexture
FlutterDesktopTextureRegistrarRegisterExternalTexture
FlutterDesktopMessengerUnlock
FlutterDesktopMessengerLock
FlutterDesktopMessengerIsAvailable
FlutterDesktopMessengerRelease
FlutterDesktopMessengerAddRef
FlutterDesktopMessengerSetCallback
FlutterDesktopMessengerSendResponse
FlutterDesktopMessengerSendWithReply
FlutterDesktopMessengerSend
FlutterDesktopRegistrarGetTextureRegistrar
FlutterDesktopPluginRegistrarGetMessenger
FlutterDesktopPluginRegistrarSetDestructionHandler

kernel32

HeapSize
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
CreateFileW
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
MultiByteToWideChar
FindClose
HeapReAlloc
WriteConsoleW
GetOEMCP
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
RtlUnwind
InterlockedFlushSList
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapFree
HeapAlloc
GetStdHandle
GetFileType
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
CloseHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
ReadFile
GetFileSizeEx
SetFilePointerEx
ReadConsoleW

shell32

ShellExecuteW

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

Exports

Exports

UrlLauncherWindowsRegisterWithRegistrar

Sections

.text
Size: 202KB - Virtual size: 202KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
window_manager_plugin.dll
.dll windows:6 windows x64 arch:x64

bbb1de563d2e7da5c7d09beb21f2304a

Code Sign

b1:3c:53:37:b0:86:3b:4a:d8:5e:c3:42:3c:e8:3f:be
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

23/02/2024, 00:00

Not After

22/02/2027, 23:59

Subject

SERIALNUMBER=53481265A,CN=PURSLANE,O=PURSLANE,ST=North West,C=SG,2.5.4.15=#130f427573696e65737320456e74697479,1.3.6.1.4.1.311.60.2.1.3=#13025347

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

19:da:4f:32:df:64:ff:15:21:0d:3b:c3:87:f1:f1:00:fc:f4:65:c6:e0:27:f8:89:66:07:f6:85:a0:af:be:c2
Signer

Actual PE Digest

19:da:4f:32:df:64:ff:15:21:0d:3b:c3:87:f1:f1:00:fc:f4:65:c6:e0:27:f8:89:66:07:f6:85:a0:af:be:c2

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

flutter_windows

FlutterDesktopMessengerIsAvailable
FlutterDesktopViewGetHWND
FlutterDesktopPluginRegistrarGetView
FlutterDesktopPluginRegistrarRegisterTopLevelWindowProcDelegate
FlutterDesktopRegistrarGetTextureRegistrar
FlutterDesktopPluginRegistrarGetMessenger
FlutterDesktopTextureRegistrarMarkExternalTextureFrameAvailable
FlutterDesktopTextureRegistrarUnregisterExternalTexture
FlutterDesktopTextureRegistrarRegisterExternalTexture
FlutterDesktopMessengerUnlock
FlutterDesktopMessengerLock
FlutterDesktopPluginRegistrarSetDestructionHandler
FlutterDesktopMessengerRelease
FlutterDesktopMessengerAddRef
FlutterDesktopMessengerSetCallback
FlutterDesktopMessengerSendResponse
FlutterDesktopMessengerSendWithReply
FlutterDesktopMessengerSend
FlutterDesktopPluginRegistrarUnregisterTopLevelWindowProcDelegate

kernel32

ReleaseSRWLockExclusive
WriteConsoleW
CreateFileW
HeapSize
SetStdHandle
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetTimeZoneInformation
ReadConsoleW
GetVersion
FreeLibrary
GetProcAddress
LoadLibraryW
SetFilePointerEx
GetFileSizeEx
ReadFile
GetConsoleMode
GetConsoleOutputCP
WriteFile
FlushFileBuffers
CloseHandle
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetFileType
GetStdHandle
HeapAlloc
HeapFree
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
GetLastError
RaiseException
RtlPcToFileHeader
InterlockedFlushSList
RtlUnwindEx
InitializeSListHead
WideCharToMultiByte
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
GetLocaleInfoEx
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
CompareStringEx
GetCPInfo
RtlUnwind
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime

user32

SendMessageW
PostMessageW
SetLayeredWindowAttributes
ShowWindow
GetActiveWindow
ShowWindowAsync
GetAncestor
GetMonitorInfoW
MonitorFromWindow
LoadImageW
GetWindow
FindWindowExW
SetClassLongW
GetClassLongW
SetWindowLongPtrW
GetWindowLongPtrW
SetWindowLongW
GetWindowLongW
GetCursorPos
GetWindowRect
GetClientRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
SetForegroundWindow
TrackPopupMenu
GetSystemMenu
GetSystemMetrics
ReleaseCapture
SetWindowPos
IsZoomed
IsWindowVisible
GetWindowPlacement
PostQuitMessage

shell32

SHAppBarMessage

ole32

CoInitialize
CoCreateInstance

dwmapi

DwmSetWindowAttribute
DwmExtendFrameIntoClientArea

Exports

Exports

WindowManagerPluginRegisterWithRegistrar

Sections

.text
Size: 426KB - Virtual size: 425KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
window_size_plugin.dll
.dll windows:6 windows x64 arch:x64

385939a1f25c59c8d15c26f38de1da14

Code Sign

b1:3c:53:37:b0:86:3b:4a:d8:5e:c3:42:3c:e8:3f:be
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

23/02/2024, 00:00

Not After

22/02/2027, 23:59

Subject

SERIALNUMBER=53481265A,CN=PURSLANE,O=PURSLANE,ST=North West,C=SG,2.5.4.15=#130f427573696e65737320456e74697479,1.3.6.1.4.1.311.60.2.1.3=#13025347

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6e:9c:d9:12:fb:56:10:b8:6b:b6:a7:c2:0b:3b:0c:ca:23:d8:e0:62:0e:02:84:27:63:8b:ea:6a:35:0b:ef:c0
Signer

Actual PE Digest

6e:9c:d9:12:fb:56:10:b8:6b:b6:a7:c2:0b:3b:0c:ca:23:d8:e0:62:0e:02:84:27:63:8b:ea:6a:35:0b:ef:c0

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

flutter_windows

FlutterDesktopRegistrarGetTextureRegistrar
FlutterDesktopPluginRegistrarGetMessenger
FlutterDesktopTextureRegistrarMarkExternalTextureFrameAvailable
FlutterDesktopTextureRegistrarUnregisterExternalTexture
FlutterDesktopTextureRegistrarRegisterExternalTexture
FlutterDesktopMessengerUnlock
FlutterDesktopMessengerLock
FlutterDesktopMessengerIsAvailable
FlutterDesktopMessengerRelease
FlutterDesktopMessengerAddRef
FlutterDesktopMessengerSetCallback
FlutterDesktopMessengerSendResponse
FlutterDesktopMessengerSendWithReply
FlutterDesktopMessengerSend
FlutterDesktopGetDpiForMonitor
FlutterDesktopGetDpiForHWND
FlutterDesktopPluginRegistrarUnregisterTopLevelWindowProcDelegate
FlutterDesktopPluginRegistrarRegisterTopLevelWindowProcDelegate
FlutterDesktopPluginRegistrarGetView
FlutterDesktopViewGetHWND
FlutterDesktopPluginRegistrarSetDestructionHandler

user32

GetAncestor
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromWindow
GetWindowRect
SetWindowTextW
SetWindowPos
ShowWindow

kernel32

RtlUnwindEx
WriteConsoleW
CreateFileW
HeapSize
SetStdHandle
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetTimeZoneInformation
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
ReadFile
GetConsoleMode
GetConsoleOutputCP
WriteFile
FlushFileBuffers
CloseHandle
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
WideCharToMultiByte
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
GetLocaleInfoEx
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
CompareStringEx
GetCPInfo
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwind
InterlockedFlushSList
RtlPcToFileHeader
RaiseException
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapFree
HeapAlloc
GetStdHandle
GetFileType
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale

Exports

Exports

WindowSizePluginRegisterWithRegistrar

Sections

.text
Size: 388KB - Virtual size: 387KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f24c4fa95541488eed81258d72fa6336

Code Sign

b1:3c:53:37:b0:86:3b:4a:d8:5e:c3:42:3c:e8:3f:beCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

01:bd:3f:a3:6a:2f:45:b2:04:7f:4e:7d:59:18:54:68:5d:2f:57:6f:b2:b1:bc:f0:66:6d:3b:03:92:fb:e6:42Signer

Headers

DLL Characteristics

File Characteristics

Imports

desktop_drop_plugin

desktop_multi_window_plugin

file_selector_windows_plugin

flutter_custom_cursor_plugin

flutter_gpu_texture_renderer_plugin

screen_retriever_plugin

texture_rgba_renderer_plugin

uni_links_desktop_plugin

url_launcher_windows_plugin

window_manager_plugin

window_size_plugin

flutter_windows

kernel32

user32

shell32

ole32

Sections

.text Size: 150KB - Virtual size: 150KB

.rdata Size: 70KB - Virtual size: 69KB

.data Size: 5KB - Virtual size: 12KB

.pdata Size: 9KB - Virtual size: 9KB

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 2KB - Virtual size: 2KB

673dff6bf055269eceda6b27909f59d8

Code Sign

b1:3c:53:37:b0:86:3b:4a:d8:5e:c3:42:3c:e8:3f:beCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

35:58:e0:8f:14:a2:48:16:a7:8e:dd:f7:bb:1e:24:ec:05:00:17:c3:ef:a9:50:91:7f:04:97:62:57:51:9e:7eSigner

Headers

DLL Characteristics

File Characteristics

Imports

flutter_windows

kernel32

user32

shell32

ole32

Exports

Exports

Sections

.text Size: 202KB - Virtual size: 202KB

.rdata Size: 81KB - Virtual size: 80KB

.data Size: 8KB - Virtual size: 13KB

.pdata Size: 11KB - Virtual size: 11KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 3KB - Virtual size: 2KB

aed708095f8a606f273ae8bc017b3eca

Code Sign

b1:3c:53:37:b0:86:3b:4a:d8:5e:c3:42:3c:e8:3f:beCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

b1:3c:53:37:b0:86:3b:4a:d8:5e:c3:42:3c:e8:3f:be
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

01:bd:3f:a3:6a:2f:45:b2:04:7f:4e:7d:59:18:54:68:5d:2f:57:6f:b2:b1:bc:f0:66:6d:3b:03:92:fb:e6:42
Signer

.text
Size: 150KB - Virtual size: 150KB

.rdata
Size: 70KB - Virtual size: 69KB

.data
Size: 5KB - Virtual size: 12KB

.pdata
Size: 9KB - Virtual size: 9KB

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 2KB - Virtual size: 2KB

b1:3c:53:37:b0:86:3b:4a:d8:5e:c3:42:3c:e8:3f:be
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

35:58:e0:8f:14:a2:48:16:a7:8e:dd:f7:bb:1e:24:ec:05:00:17:c3:ef:a9:50:91:7f:04:97:62:57:51:9e:7e
Signer

.text
Size: 202KB - Virtual size: 202KB

.rdata
Size: 81KB - Virtual size: 80KB

.data
Size: 8KB - Virtual size: 13KB

.pdata
Size: 11KB - Virtual size: 11KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 3KB - Virtual size: 2KB

b1:3c:53:37:b0:86:3b:4a:d8:5e:c3:42:3c:e8:3f:be
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

c8:1d:dc:cd:f1:57:74:03:c9:21:84:51:ca:18:18:fa:94:d5:71:e0:20:bc:2a:c5:2c:6a:dd:2d:e8:9f:a2:e1
Signer

.text
Size: 239KB - Virtual size: 239KB

.rdata
Size: 92KB - Virtual size: 91KB

.data
Size: 10KB - Virtual size: 15KB

.pdata
Size: 13KB - Virtual size: 12KB

.rsrc
Size: 23KB - Virtual size: 22KB

.reloc
Size: 3KB - Virtual size: 2KB

b1:3c:53:37:b0:86:3b:4a:d8:5e:c3:42:3c:e8:3f:be
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

7f:cc:75:f1:49:e3:f3:fd:10:ab:43:f3:23:61:7c:6d:d4:6a:e9:cf:b2:f8:a7:bd:41:e2:ff:b0:f1:29:18:94
Signer

.text
Size: 220KB - Virtual size: 219KB

.rdata
Size: 86KB - Virtual size: 85KB

.data
Size: 8KB - Virtual size: 14KB

.pdata
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 3KB - Virtual size: 2KB

b1:3c:53:37:b0:86:3b:4a:d8:5e:c3:42:3c:e8:3f:be
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

0a:ab:81:44:0e:d8:60:57:00:11:e8:c2:b4:39:7a:67:1e:2b:2f:f5:39:e8:3c:d3:8e:28:d7:a7:39:83:5d:ee
Signer