62548c66d11776c84706553bdd76afd7248d2c3e69b0f47215c0dc307f0dd06a

Resubmissions

10-07-2024 12:56

240710-p6khfs1eng 10

10-07-2024 12:56

240710-p6ft9s1end 10

10-07-2024 12:55

240710-p57llaygpj 10

Sharing

Copy URL

Twitter E-mail

General

Target

62548c66d11776c84706553bdd76afd7248d2c3e69b0f47215c0dc307f0dd06a
Size

438KB
MD5

9afb4103021c5ec8b2dea2772f39178e
SHA1

bc773e17fc6e7080b4243a9b72ac75292d17bc90
SHA256

62548c66d11776c84706553bdd76afd7248d2c3e69b0f47215c0dc307f0dd06a
SHA512

82c5fd97d80bd79c0377b1c8ea3a6e2f00f10b7ae14febc0ba9c8e5bd1405c05f62f2c66db1571b0596bd0a459e32dd58c8e9bf894068418d5b40b54b488ef33
SSDEEP

12288:LW7Ck8jvhUX7Arm+PJnGdijUR9MEuqbZv:LWeLaQnhGEYjfhbZv

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/System.dll
unpack001/Skriveblokkes/libdatrie-1.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

62548c66d11776c84706553bdd76afd7248d2c3e69b0f47215c0dc307f0dd06a
.exe windows:4 windows x86 arch:x86

b78ecf47c0a3e24a6f4af114e2d1f5de

Code Sign

1d:25:ed:1d:21:27:9c:31:ca:95:e3:1c:c9:0f:a3:e7:07:be:26:46
Certificate

Issuer

OU=Louvers Nonfinishing\ ,O=Subiya,L=Riverside,ST=Utah,C=US,1.2.840.113549.1.9.1=#0c20556e7175657374696f6e696e674044796276616e6473626f6d6265722e61666c

Not Before

30-06-2022 06:13

Not After

29-06-2025 06:13

Subject

OU=Louvers Nonfinishing\ ,O=Subiya,L=Riverside,ST=Utah,C=US,1.2.840.113549.1.9.1=#0c20556e7175657374696f6e696e674044796276616e6473626f6d6265722e61666c

1d:25:ed:1d:21:27:9c:31:ca:95:e3:1c:c9:0f:a3:e7:07:be:26:46
Certificate

Issuer

OU=Louvers Nonfinishing\ ,O=Subiya,L=Riverside,ST=Utah,C=US,1.2.840.113549.1.9.1=#0c20556e7175657374696f6e696e674044796276616e6473626f6d6265722e61666c

Not Before

30-06-2022 06:13

Not After

29-06-2025 06:13

Subject

OU=Louvers Nonfinishing\ ,O=Subiya,L=Riverside,ST=Utah,C=US,1.2.840.113549.1.9.1=#0c20556e7175657374696f6e696e674044796276616e6473626f6d6265722e61666c

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d3:19:74:5a:76:59:02:8c:77:50:81:e7:14:ba:0e:cf:81:d1:e2:77:c7:6b:62:06:35:4e:6b:ee:d9:bc:c8:6e
Signer

Actual PE Digest

d3:19:74:5a:76:59:02:8c:77:50:81:e7:14:ba:0e:cf:81:d1:e2:77:c7:6b:62:06:35:4e:6b:ee:d9:bc:c8:6e

Digest Algorithm

sha256

PE Digest Matches

true

76:ab:10:cf:b9:c0:98:a2:66:af:fe:5b:29:38:11:b9:1e:d4:d6:d5
Signer

Actual PE Digest

76:ab:10:cf:b9:c0:98:a2:66:af:fe:5b:29:38:11:b9:1e:d4:d6:d5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEnvironmentVariableA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
GetFileAttributesA
SetFileAttributesA
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
lstrlenA
GetVersion
SetErrorMode
lstrcpynA
ExitProcess
GetFullPathNameA
GlobalLock
CreateThread
GetLastError
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
ReadFile
WriteFile
lstrcpyA
MoveFileExA
lstrcatA
GetSystemDirectoryA
GetProcAddress
CloseHandle
SetCurrentDirectoryA
MoveFileA
CompareFileTime
GetShortPathNameA
SearchPathA
lstrcmpiA
SetFileTime
lstrcmpA
ExpandEnvironmentStringsA
GlobalUnlock
GetDiskFreeSpaceA
GlobalFree
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
GetPrivateProfileStringA
FindClose
MultiByteToWideChar
FreeLibrary
MulDiv
WritePrivateProfileStringA
LoadLibraryExA
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
GlobalAlloc

user32

ScreenToClient
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
PostQuitMessage
GetWindowRect
EnableMenuItem
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndDialog
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
GetDC
CreateDialogParamA
SetTimer
GetDlgItem
SetWindowLongA
SetForegroundWindow
LoadImageA
IsWindow
SendMessageTimeoutA
FindWindowExA
OpenClipboard
TrackPopupMenu
AppendMenuA
EndPaint
DestroyWindow
wsprintfA
ShowWindow
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA

advapi32

RegDeleteKeyA
SetFileSecurityA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegEnumValueA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 104KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 174KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

8c8a576201f68de1a3f26fc723b9f30f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GlobalFree
GlobalSize
lstrcpynA
lstrcpyA
GetProcAddress
VirtualFree
FreeLibrary
lstrlenA
LoadLibraryA
GetModuleHandleA
GlobalAlloc
WideCharToMultiByte
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 851B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Ansvarshavende.til
MonitorPlugin.dll
.dll windows:6 windows x64 arch:x64

ef041f7605c2f0b880a648adcfb0fb41

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19-09-2018 00:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

32:b5:c7:f8:c1:8a:7a:2b:fb:b5:27:46
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

04-06-2019 05:45

Not After

04-06-2022 05:45

Subject

SERIALNUMBER=23638777,CN=ASUSTEK COMPUTER INCORPORATION,O=ASUSTEK COMPUTER INCORPORATION,STREET=4F\, NO. 150\, LI-TE RD.\, PEI TOU,L=TAIPEI,ST=TAIPEI,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f0:d8:2f:cf:6a:ff:24:66:3e:e9:4e:61:73:27:d0:4e:33:75:99:6b:90:d9:57:74:69:99:f3:61:b1:9c:0c:ab
Signer

Actual PE Digest

f0:d8:2f:cf:6a:ff:24:66:3e:e9:4e:61:73:27:d0:4e:33:75:99:6b:90:d9:57:74:69:99:f3:61:b1:9c:0c:ab

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\SourceCode\GC3.Overclocking\production_V4.2\Service\ServiceSDK\Release\ThrottlePlugin\MonitorPlugin.pdb

Imports

kernel32

FlushFileBuffers
WriteFile
DuplicateHandle
GetOverlappedResult
lstrlenW
WTSGetActiveConsoleSessionId
GetPrivateProfileStringW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
CreateThread
GetExitCodeProcess
TerminateProcess
GetCurrentProcess
WaitForMultipleObjects
Sleep
ResetEvent
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
SetFileAttributesW
FindResourceW
DeleteFileW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetModuleHandleW
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
MultiByteToWideChar
IsDebuggerPresent
SystemTimeToFileTime
FileTimeToSystemTime
lstrcmpA
SetLastError
FileTimeToLocalFileTime
CreateFileW
LocalFree
LoadLibraryW
GetProcAddress
GetModuleFileNameW
CreateEventW
WaitForSingleObject
SetEvent
DeleteCriticalSection
SizeofResource
InitializeCriticalSectionEx
GetLastError
RaiseException
CloseHandle
LockResource
LoadResource
LoadLibraryExW
FreeLibrary
FindResourceExW
GetCurrentProcessorNumberEx
OpenProcess
GetThreadId
CreateProcessW
GetFileAttributesW
GetCurrentThreadId
OutputDebugStringW

user32

wsprintfW
RegisterWindowMessageW
GetWindowThreadProcessId
GetShellWindow

advapi32

OpenProcessToken
AdjustTokenPrivileges
DuplicateTokenEx
GetTokenInformation
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LookupPrivilegeValueW
CreateProcessWithTokenW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegDeleteKeyExW
CreateProcessAsUserW

shell32

SHGetKnownFolderPath
SHGetSpecialFolderPathW

ole32

CoCreateInstance
CoInitializeSecurity
CoSetProxyBlanket
CoInitializeEx
CoUninitialize

oleaut32

VariantClear
VariantInit
SysFreeString
SysAllocString

shlwapi

PathFileExistsW
PathRemoveFileSpecW
PathAddBackslashW
PathAppendW
StrCmpW

nativegamingcenterhelper

GetCPUVendor
One_WMIMethod_INT
GetProcessorNameString
RetriveSystemInfo
CheckXTUImagePath
IsXTUServiceRunning
HasBeenUsed
StartXTUService
StartUsed

gpucontrollibrary

?WriteUnlock@CSharedSectionWrapper@@QEAAXXZ
?WriteLock@CSharedSectionWrapper@@QEAAXXZ
??1CSharedSectionWrapper@@QEAA@XZ
??0CSharedSectionWrapper@@QEAA@XZ
?DestroyDevice@DisplayAdapterController@@QEAAJPEAPEAUIDisplayAdapterDevice@@@Z
?CreateDevice@DisplayAdapterController@@QEAAJPEAPEAUIDisplayAdapterDevice@@@Z
?Refresh@DisplayAdapterController@@QEAAXK@Z
?Uninitialize@DisplayAdapterController@@QEAAHPEAX@Z
?Initialize@DisplayAdapterController@@QEAAHPEAXP6AX0@Z@Z
?Get@DisplayAdapterController@@SAPEAV1@XZ
?ReadUnlock@CSharedSectionWrapper@@QEAAXXZ
?ReadLock@CSharedSectionWrapper@@QEAAXXZ

xtuwrapperfornativecode

?StartMonitor@XTUWrapperForNativeCode@XTUWrapperLibrary@@QEAAXXZ
?IsMonitorRunning@XTUWrapperForNativeCode@XTUWrapperLibrary@@QEAA_NXZ
?GetMonitorValue@XTUWrapperForNativeCode@XTUWrapperLibrary@@QEAANI@Z
??0XTUWrapperForNativeCode@XTUWrapperLibrary@@QEAA@XZ
?Initialize@XTUWrapperForNativeCode@XTUWrapperLibrary@@QEAA_NXZ
??1XTUWrapperForNativeCode@XTUWrapperLibrary@@QEAA@XZ
?StopMonitor@XTUWrapperForNativeCode@XTUWrapperLibrary@@QEAAXXZ

msvcp140

?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
??Bid@locale@std@@QEAA_KXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ

bcrypt

BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider
BCryptDestroyKey
BCryptImportKey
BCryptDecrypt
BCryptGetProperty

pdh

PdhCloseQuery
PdhAddEnglishCounterW
PdhGetFormattedCounterValue
PdhCollectQueryData
PdhOpenQueryW
PdhRemoveCounter

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory
WTSQueryUserToken
WTSEnumerateSessionsW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

externalgpuconfighelper

?GetEGPUID@CDockingController@@QEAAJPEAU_EGC_GPUID@@@Z
?Uninitialize@CDockingController@@QEAAHPEAX@Z
?Initialize@CDockingController@@QEAAHPEAXP6AX0@Z@Z
?Get@CDockingController@@SAPEAV1@XZ
?GetEGPUConfig@CDockingController@@QEAAJPEAPEAU_EGC_BASEINFO@@PEAGPEAK@Z
?GetFanSpeed@CDockingController@@QEAAJPEAK0@Z

setupapi

SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo

crypt32

CryptQueryObject
CertGetNameStringW
CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CryptMsgGetParam
CryptDecodeObject
CryptMsgClose

wintrust

WinVerifyTrust

vcruntime140

__std_type_info_destroy_list
_purecall
memcmp
memmove
__C_specific_handler
wcsstr
__std_exception_destroy
__std_exception_copy
memcpy
__CxxFrameHandler3
__std_terminate
_CxxThrowException
memset

api-ms-win-crt-runtime-l1-1-0

_cexit
_initterm
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_crt_atexit
_invalid_parameter_noinfo_noreturn
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_errno
_invalid_parameter_noinfo

api-ms-win-crt-string-l1-1-0

wcsncmp
wcscpy_s
_wcsicmp
wcscat_s
towlower
wmemcpy_s
wcsncpy_s
_wcsnicmp
_stricmp
strncpy_s

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
free

api-ms-win-crt-stdio-l1-1-0

_get_stream_buffer_pointers
fclose
__stdio_common_vsnwprintf_s
fflush
__stdio_common_vsscanf
fgetc
fgetpos
__stdio_common_vsprintf_s
fputc
__stdio_common_vswprintf_s
fread
__stdio_common_vswprintf
fsetpos
_fseeki64
ungetc
setvbuf
fwrite

api-ms-win-crt-math-l1-1-0

round

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-convert-l1-1-0

_wtoi

api-ms-win-crt-time-l1-1-0

clock
_time64

Exports

Exports

QueryLibrary

Sections

.text
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 484B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Skriveblokkes/battery-level-70-charging-symbolic.svg
.xml
Skriveblokkes/libdatrie-1.dll
.dll windows:4 windows x64 arch:x64

1f324cb5ca03bc6de1334d6c51f5137d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleFileNameW
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery

msvcrt

__iob_func
_amsg_exit
_exit
_initterm
_lock
_snwprintf
_unlock
abort
calloc
fclose
fopen
fread
free
fseek
ftell
fwprintf
fwrite
malloc
memcpy
memmove
memset
raise
realloc
signal
strlen
strncmp
vfprintf
wcscpy

user32

MessageBoxW

Exports

Exports

alpha_char_strcmp
alpha_char_strlen
alpha_map_add_range
alpha_map_clone
alpha_map_free
alpha_map_new
trie_delete
trie_enumerate
trie_fread
trie_free
trie_fwrite
trie_is_dirty
trie_iterator_free
trie_iterator_get_data
trie_iterator_get_key
trie_iterator_new
trie_iterator_next
trie_new
trie_new_from_file
trie_retrieve
trie_root
trie_save
trie_state_clone
trie_state_copy
trie_state_free
trie_state_get_data
trie_state_is_single
trie_state_is_walkable
trie_state_rewind
trie_state_walk
trie_state_walkable_chars
trie_store
trie_store_if_absent

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 929B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Uncrosses.Mol
location-services-active-symbolic.symbolic.png
.png

Resubmissions

Sharing

General

Malware Config

Signatures

Files

b78ecf47c0a3e24a6f4af114e2d1f5de

Code Sign

1d:25:ed:1d:21:27:9c:31:ca:95:e3:1c:c9:0f:a3:e7:07:be:26:46Certificate

1d:25:ed:1d:21:27:9c:31:ca:95:e3:1c:c9:0f:a3:e7:07:be:26:46Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

d3:19:74:5a:76:59:02:8c:77:50:81:e7:14:ba:0e:cf:81:d1:e2:77:c7:6b:62:06:35:4e:6b:ee:d9:bc:c8:6eSigner

76:ab:10:cf:b9:c0:98:a2:66:af:fe:5b:29:38:11:b9:1e:d4:d6:d5Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 105KB

.ndata Size: - Virtual size: 104KB

.rsrc Size: 174KB - Virtual size: 174KB

8c8a576201f68de1a3f26fc723b9f30f

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 851B

.data Size: 512B - Virtual size: 104B

.reloc Size: 1024B - Virtual size: 608B

ef041f7605c2f0b880a648adcfb0fb41

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6aCertificate

Key Usages

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0fCertificate

Extended Key Usages

Key Usages

32:b5:c7:f8:c1:8a:7a:2b:fb:b5:27:46Certificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

f0:d8:2f:cf:6a:ff:24:66:3e:e9:4e:61:73:27:d0:4e:33:75:99:6b:90:d9:57:74:69:99:f3:61:b1:9c:0c:abSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

nativegamingcenterhelper

gpucontrollibrary

1d:25:ed:1d:21:27:9c:31:ca:95:e3:1c:c9:0f:a3:e7:07:be:26:46
Certificate

1d:25:ed:1d:21:27:9c:31:ca:95:e3:1c:c9:0f:a3:e7:07:be:26:46
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

d3:19:74:5a:76:59:02:8c:77:50:81:e7:14:ba:0e:cf:81:d1:e2:77:c7:6b:62:06:35:4e:6b:ee:d9:bc:c8:6e
Signer

76:ab:10:cf:b9:c0:98:a2:66:af:fe:5b:29:38:11:b9:1e:d4:d6:d5
Signer

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 105KB

.ndata
Size: - Virtual size: 104KB

.rsrc
Size: 174KB - Virtual size: 174KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 851B

.data
Size: 512B - Virtual size: 104B

.reloc
Size: 1024B - Virtual size: 608B

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

32:b5:c7:f8:c1:8a:7a:2b:fb:b5:27:46
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

f0:d8:2f:cf:6a:ff:24:66:3e:e9:4e:61:73:27:d0:4e:33:75:99:6b:90:d9:57:74:69:99:f3:61:b1:9c:0c:ab
Signer

.text
Size: 137KB - Virtual size: 137KB

.rdata
Size: 65KB - Virtual size: 65KB

.data
Size: 2KB - Virtual size: 5KB

.pdata
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 484B

.text
Size: 20KB - Virtual size: 20KB

.data
Size: 512B - Virtual size: 144B

.rdata
Size: 2KB - Virtual size: 2KB

.pdata
Size: 2KB - Virtual size: 1KB

.xdata
Size: 2KB - Virtual size: 1KB

.bss
Size: - Virtual size: 2KB

.edata
Size: 1024B - Virtual size: 929B

.idata
Size: 2KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 88B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 512B - Virtual size: 96B