3a73e4f3779af51a05d8561eccf9415500a535cdd148d0485090632e0df69761

Sharing

Copy URL Twitter E-mail

General

Target

3a73e4f3779af51a05d8561eccf9415500a535cdd148d0485090632e0df69761
Size

10.8MB
MD5

e5c80e12cc59c75bc5632361fb6d1642
SHA1

dcb3f1bea5a04b9a6df2f2d57198e99b03a8012b
SHA256

3a73e4f3779af51a05d8561eccf9415500a535cdd148d0485090632e0df69761
SHA512

eaeee2110b31146df37acc3cc80d27bd9dcee4739e0b4eab88d73f1778504586f3a8b830d2222cd6d37cb5fd7d95ac8f3b31a8c5dcfd2294e9405cb03882468c
SSDEEP

196608:JbDU9LMh5vpkMAe92bGGonfrbYqPQe+/VJpHVgmIMBKK768D+KV2tra+:JbDU9wf72gfrbYqvqPp1ljRKnrL

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/LARK M1/LARK M1升级程序.exe
unpack001/LARK M1/hidapi.dll
unpack001/LARK M1/libusb-1.0.dll
unpack001/LARK M1/ucrtbased.dll

Files

3a73e4f3779af51a05d8561eccf9415500a535cdd148d0485090632e0df69761
.zip
LARK M1/LARK M1升级程序.exe
.exe windows:4 windows x86 arch:x86

b3b5ee3f645033846a028786ee03452b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

CopySid
FreeSid
GetLengthSid
GetTokenInformation
OpenProcessToken
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegFlushKey
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW

gdi32

AddFontMemResourceEx
AddFontResourceExW
BitBlt
ChoosePixelFormat
CombineRgn
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
CreateDIBSection
CreateFontIndirectW
CreateRectRgn
DeleteDC
DeleteObject
DescribePixelFormat
EnumFontFamiliesExW
ExtTextOutW
GdiFlush
GetBitmapBits
GetCharABCWidthsFloatW
GetCharABCWidthsW
GetDIBits
GetDeviceCaps
GetFontData
GetGlyphOutlineW
GetObjectW
GetOutlineTextMetricsW
GetPixelFormat
GetRegionData
GetStockObject
GetTextExtentPoint32W
GetTextFaceW
GetTextMetricsW
OffsetRgn
RemoveFontMemResourceEx
RemoveFontResourceExW
SelectClipRgn
SelectObject
SetBkMode
SetGraphicsMode
SetPixelFormat
SetTextAlign
SetTextColor
SetWorldTransform
SwapBuffers

imm32

ImmAssociateContext
ImmGetCompositionStringW
ImmGetContext
ImmGetDefaultIMEWnd
ImmNotifyIME
ImmReleaseContext
ImmSetCandidateWindow
ImmSetCompositionWindow

kernel32

CancelIo
CheckRemoteDebuggerPresent
ClearCommBreak
ClearCommError
CloseHandle
CompareStringW
CopyFileW
CreateDirectoryW
CreateEventA
CreateEventW
CreateFileA
CreateFileMappingW
CreateFileW
CreateMutexW
CreateProcessW
CreateSemaphoreA
CreateThread
DeleteCriticalSection
DeleteFileW
DeviceIoControl
DuplicateHandle
EnterCriticalSection
EscapeCommFunction
ExitProcess
ExpandEnvironmentStringsW
FileTimeToSystemTime
FindClose
FindCloseChangeNotification
FindFirstChangeNotificationW
FindFirstFileExW
FindFirstFileW
FindNextChangeNotification
FindNextFileW
FlushFileBuffers
FormatMessageW
FreeLibrary
GetCommModemStatus
GetCommState
GetCommTimeouts
GetCommandLineW
GetConsoleWindow
GetCurrencyFormatW
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetDriveTypeW
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileSize
GetFileType
GetFullPathNameW
GetGeoInfoW
GetHandleInformation
GetLastError
GetLocalTime
GetLocaleInfoW
GetLogicalDrives
GetLongPathNameW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetNativeSystemInfo
GetOverlappedResult
GetProcAddress
GetProcessAffinityMask
GetStartupInfoA
GetStartupInfoW
GetSystemDirectoryW
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathW
GetThreadContext
GetThreadPriority
GetTickCount
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLCID
GetUserDefaultLangID
GetUserDefaultUILanguage
GetUserGeoID
GetVersionExW
GetVolumeInformationW
GlobalAlloc
GlobalLock
GlobalSize
GlobalUnlock
InitializeCriticalSection
IsDBCSLeadByteEx
IsValidLanguageGroup
IsValidLocale
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalFree
MapViewOfFile
MoveFileExW
MoveFileW
MultiByteToWideChar
OpenProcess
OutputDebugStringW
PurgeComm
QueryPerformanceCounter
QueryPerformanceFrequency
ReadFile
ReleaseMutex
ReleaseSemaphore
RemoveDirectoryW
ResetEvent
ResumeThread
SetCommBreak
SetCommMask
SetCommState
SetCommTimeouts
SetCriticalSectionSpinCount
SetCurrentDirectoryW
SetEndOfFile
SetErrorMode
SetEvent
SetFilePointer
SetFilePointerEx
SetLastError
SetProcessAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
SwitchToThread
SystemTimeToTzSpecificLocalTime
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
UnmapViewOfFile
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitCommEvent
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
WideCharToMultiByte
WriteFile
lstrcmpW
lstrlenA

msvcrt

__dllonexit
__doserrno
__getmainargs
__initenv
__lconv_init
__mb_cur_max
__pioinfo
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_beginthreadex
_cexit
_clearfp
_close
_close
_control87
_endthreadex
_errno
_exit
_fdopen
_filelengthi64
_fileno
_fileno
_fmode
_fstat64
_ftime
_get_osfhandle
_getdrive
_initterm
_iob
_lock
_lseek
_lseeki64
_onexit
_open_osfhandle
_open
_putenv
_read
_read
_setjmp3
_setmode
_snprintf
_snwprintf
_strdup
_strdup
_strnicmp
_timezone
_tzname
_tzset
_unlink
_unlock
_vsnprintf
_waccess
_wchmod
_wgetdcwd
_write
_write
abort
acos
asin
atan
atan2
atof
atoi
bsearch
atol
calloc
exit
fclose
feof
ferror
fflush
fgetc
fgetpos
fgets
fopen
fprintf
fputc
fputs
fread
free
frexp
fscanf
fseek
fsetpos
ftell
fwprintf
fwrite
getc
getenv
getwc
gmtime
isalpha
islower
isprint
isspace
isupper
iswctype
isxdigit
localtime
localeconv
log10
longjmp
malloc
mktime
memchr
memcmp
memcpy
memmove
memset
printf
putc
puts
putwc
qsort
raise
rand
realloc
rewind
setlocale
setvbuf
signal
sprintf
srand
sscanf
strcat
strchr
strcmp
strcoll
strcpy
strerror
strftime
strlen
strncmp
strncpy
strrchr
strstr
strtok
strtol
strtoul
strxfrm
tan
tmpfile
tmpnam
tolower
toupper
towlower
towupper
ungetc
ungetwc
vfprintf
vsprintf
wcscmp
wcscoll
wcscpy
wcsftime
wcslen
wcsrchr
wcsxfrm

ole32

CoCreateGuid
CoCreateInstance
CoGetMalloc
CoInitialize
CoLockObjectExternal
CoTaskMemFree
CoUninitialize
DoDragDrop
OleFlushClipboard
OleGetClipboard
OleInitialize
OleIsCurrentClipboard
OleSetClipboard
OleUninitialize
RegisterDragDrop
ReleaseStgMedium
RevokeDragDrop

oleaut32

SysAllocStringLen
VariantInit

opengl32

glBindTexture
glBlendFunc
glClear
glClearColor
glClearDepth
glClearStencil
glColorMask
glCopyTexImage2D
glCopyTexSubImage2D
glCullFace
glDeleteTextures
glDepthFunc
glDepthMask
glDepthRange
glDisable
glDrawArrays
glDrawElements
glEnable
glFinish
glFlush
glFrontFace
glGenTextures
glGetBooleanv
glGetError
glGetFloatv
glGetIntegerv
glGetString
glGetTexParameterfv
glGetTexParameteriv
glHint
glIsEnabled
glIsTexture
glLineWidth
glPixelStorei
glPolygonOffset
glReadPixels
glScissor
glStencilFunc
glStencilMask
glStencilOp
glTexImage2D
glTexParameterf
glTexParameterfv
glTexParameteri
glTexParameteriv
glTexSubImage2D
glViewport

setupapi

CM_Get_DevNode_Status
CM_Get_Device_IDW
CM_Get_Device_ID_Size
CM_Get_Parent
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
SetupDiGetDeviceRegistryPropertyW
SetupDiOpenDevRegKey

shell32

CommandLineToArgvW
SHBrowseForFolderW
SHGetFileInfoW
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderPathW
ShellExecuteW

user32

AdjustWindowRectEx
BeginPaint
CallNextHookEx
ChangeClipboardChain
CharNextExA
ChildWindowFromPointEx
ClientToScreen
CreateCaret
CreateCursor
CreateIconIndirect
CreateWindowExW
DefWindowProcW
DestroyCaret
DestroyCursor
DestroyIcon
DestroyWindow
DispatchMessageW
DrawIconEx
EnableMenuItem
EndPaint
EnumDisplayMonitors
EnumWindows
FlashWindowEx
GetAncestor
GetAsyncKeyState
GetCapture
GetCaretBlinkTime
GetClassInfoW
GetClientRect
GetClipboardFormatNameW
GetCursor
GetCursorInfo
GetCursorPos
GetDC
GetDesktopWindow
GetDoubleClickTime
GetFocus
GetForegroundWindow
GetIconInfo
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardState
GetMenu
GetMessageExtraInfo
GetMonitorInfoW
GetParent
GetQueueStatus
GetSysColor
GetSysColorBrush
GetSystemMenu
GetSystemMetrics
GetUpdateRect
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowTextW
GetWindowThreadProcessId
HideCaret
InvalidateRect
IsChild
IsIconic
IsWindowVisible
IsZoomed
KillTimer
LoadCursorW
LoadIconW
LoadImageW
MapVirtualKeyW
MessageBeep
MessageBoxW
MoveWindow
MsgWaitForMultipleObjectsEx
NotifyWinEvent
PeekMessageW
PostMessageW
RealGetWindowClassW
RegisterClassExW
RegisterClassW
RegisterClipboardFormatW
RegisterWindowMessageW
ReleaseCapture
ReleaseDC
ScreenToClient
SendMessageW
SetCapture
SetCaretPos
SetClipboardViewer
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetMenuItemInfoW
SetParent
SetTimer
SetWindowLongW
SetWindowPlacement
SetWindowPos
SetWindowRgn
SetWindowTextW
SetWindowsHookExW
ShowWindow
SystemParametersInfoW
ToAscii
ToUnicode
TrackMouseEvent
TrackPopupMenuEx
TranslateMessage
UnhookWindowsHookEx
UnregisterClassW

winmm

PlaySoundW

ws2_32

WSAAsyncSelect

hidapi

hid_init
hid_enumerate
hid_open_path
hid_close
hid_read
hid_write
hid_error
hid_set_nonblocking

Exports

Exports

z_adler32
z_adler32_combine
z_adler32_combine64
z_compress
z_compress2
z_compressBound
z_crc32
z_crc32_combine
z_crc32_combine64
z_deflate
z_deflateBound
z_deflateCopy
z_deflateEnd
z_deflateInit2_
z_deflateInit_
z_deflateParams
z_deflatePrime
z_deflateReset
z_deflateSetDictionary
z_deflateSetHeader
z_deflateTune
z_get_crc_table
z_inflate
z_inflateCopy
z_inflateEnd
z_inflateGetHeader
z_inflateInit2_
z_inflateInit_
z_inflateMark
z_inflatePrime
z_inflateReset
z_inflateReset2
z_inflateSetDictionary
z_inflateSync
z_inflateSyncPoint
z_inflateUndermine
z_uncompress
z_zError
z_zlibCompileFlags
z_zlibVersion

Sections

.text
Size: 11.1MB - Virtual size: 11.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmetad
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 282KB - Virtual size: 282KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LARK M1/debuglog.log
LARK M1/hidapi.dll
.dll windows:6 windows x86 arch:x86

170f668950a72610cd4e26df19fdfc1c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\work\9802E_GD32\GDF105_9802E\f130\hidapi-0.7.0\hidapi-0.7.0\windows\Debug\hidapi.pdb

Imports

setupapi

SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList

kernel32

VirtualQuery
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetProcessHeap
CreateFileA
ReadFile
WriteFile
CloseHandle
GetLastError
DeviceIoControl
GetOverlappedResult
CancelIo
ResetEvent
WaitForSingleObject
CreateEventW
FreeLibrary
GetProcAddress
LoadLibraryA
LocalFree
FormatMessageW
IsProcessorFeaturePresent
HeapFree
HeapAlloc
GetModuleHandleW
GetStartupInfoW
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
WideCharToMultiByte
MultiByteToWideChar
RaiseException
IsDebuggerPresent
UnhandledExceptionFilter

vcruntime140d

memset
strstr
__std_type_info_destroy_list
__current_exception
__current_exception_context
_except_handler4_common
__vcrt_GetModuleFileNameW
__vcrt_GetModuleHandleW
__vcrt_LoadLibraryExW
memcpy

ucrtbased

_crt_atexit
_crt_at_quick_exit
_cexit
terminate
_wmakepath_s
_wsplitpath_s
wcscpy_s
_register_onexit_function
strtol
malloc
free
calloc
strncpy
strlen
wcscmp
_wcsdup
_execute_onexit_table
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
__stdio_common_vsprintf_s
strcat_s
strcpy_s
_initterm_e
_initterm
_CrtDbgReportW
_CrtDbgReport

Exports

Exports

hid_close
hid_enumerate
hid_error
hid_exit
hid_free_enumeration
hid_get_feature_report
hid_get_indexed_string
hid_get_manufacturer_string
hid_get_product_string
hid_get_serial_number_string
hid_init
hid_open
hid_open_path
hid_read
hid_read_timeout
hid_send_feature_report
hid_set_nonblocking
hid_write

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 265B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LARK M1/ini/6502_upgrader.ini
LARK M1/ini/V1.7.3.3_ota.bin
LARK M1/libusb-1.0.dll
.dll windows:6 windows x86 arch:x86

673b5848729daaf5af8799bae6b82834

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\ccq\Printer\libusb-1.0.23\libusb-1.0.23\Win32\Debug\dll\libusb-1.0.pdb

Imports

kernel32

InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SleepEx
GetCurrentThreadId
TlsGetValue
TryEnterCriticalSection
InitializeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
TlsAlloc
TlsSetValue
TlsFree
CloseHandle
GetLastError
SetLastError
SetEvent
ResetEvent
WaitForSingleObject
CreateEventW
WaitForMultipleObjects
CreateThread
VerSetConditionMask
QueryPerformanceCounter
QueryPerformanceFrequency
GetOverlappedResult
CancelIoEx
ReleaseMutex
CreateMutexA
GetCurrentProcess
GetCurrentProcessId
GetVersionExA
IsWow64Process
FormatMessageA
VerifyVersionInfoA
FreeLibrary
GetProcAddress
LoadLibraryA
CreateFileA
ReadFile
WriteFile
DeviceIoControl
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
GetModuleHandleW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter

vcruntime140d

memset
memcmp
strstr
_except_handler4_common
memcpy
__std_type_info_destroy_list
memmove

ucrtbased

_wassert
_errno
strlen
_strnicmp
_timespec64_get
strcmp
_strdup
isdigit
toupper
_stricmp
strncmp
strtok
fputs
_initterm
_initterm_e
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_cexit
terminate
__acrt_iob_func
calloc
__stdio_common_vsprintf
strcpy
getenv
atoi
realloc
malloc
__stdio_common_vsscanf
free

Exports

Exports

_libusb_set_option
libusb_alloc_streams
libusb_alloc_streams
libusb_alloc_transfer
libusb_alloc_transfer
libusb_attach_kernel_driver
libusb_attach_kernel_driver
libusb_bulk_transfer
libusb_bulk_transfer
libusb_cancel_transfer
libusb_cancel_transfer
libusb_claim_interface
libusb_claim_interface
libusb_clear_halt
libusb_clear_halt
libusb_close
libusb_close
libusb_control_transfer
libusb_control_transfer
libusb_detach_kernel_driver
libusb_detach_kernel_driver
libusb_dev_mem_alloc
libusb_dev_mem_alloc
libusb_dev_mem_free
libusb_dev_mem_free
libusb_error_name
libusb_error_name
libusb_event_handler_active
libusb_event_handler_active
libusb_event_handling_ok
libusb_event_handling_ok
libusb_exit
libusb_exit
libusb_free_bos_descriptor
libusb_free_bos_descriptor
libusb_free_config_descriptor
libusb_free_config_descriptor
libusb_free_container_id_descriptor
libusb_free_container_id_descriptor
libusb_free_device_list
libusb_free_device_list
libusb_free_pollfds
libusb_free_pollfds
libusb_free_ss_endpoint_companion_descriptor
libusb_free_ss_endpoint_companion_descriptor
libusb_free_ss_usb_device_capability_descriptor
libusb_free_ss_usb_device_capability_descriptor
libusb_free_streams
libusb_free_streams
libusb_free_transfer
libusb_free_transfer
libusb_free_usb_2_0_extension_descriptor
libusb_free_usb_2_0_extension_descriptor
libusb_get_active_config_descriptor
libusb_get_active_config_descriptor
libusb_get_bos_descriptor
libusb_get_bos_descriptor
libusb_get_bus_number
libusb_get_bus_number
libusb_get_config_descriptor
libusb_get_config_descriptor
libusb_get_config_descriptor_by_value
libusb_get_config_descriptor_by_value
libusb_get_configuration
libusb_get_configuration
libusb_get_container_id_descriptor
libusb_get_container_id_descriptor
libusb_get_device
libusb_get_device
libusb_get_device_address
libusb_get_device_address
libusb_get_device_descriptor
libusb_get_device_descriptor
libusb_get_device_list
libusb_get_device_list
libusb_get_device_speed
libusb_get_device_speed
libusb_get_max_iso_packet_size
libusb_get_max_iso_packet_size
libusb_get_max_packet_size
libusb_get_max_packet_size
libusb_get_next_timeout
libusb_get_next_timeout
libusb_get_parent
libusb_get_parent
libusb_get_pollfds
libusb_get_pollfds
libusb_get_port_number
libusb_get_port_number
libusb_get_port_numbers
libusb_get_port_numbers
libusb_get_port_path
libusb_get_port_path
libusb_get_ss_endpoint_companion_descriptor
libusb_get_ss_endpoint_companion_descriptor
libusb_get_ss_usb_device_capability_descriptor
libusb_get_ss_usb_device_capability_descriptor
libusb_get_string_descriptor_ascii
libusb_get_string_descriptor_ascii
libusb_get_usb_2_0_extension_descriptor
libusb_get_usb_2_0_extension_descriptor
libusb_get_version
libusb_get_version
libusb_handle_events
libusb_handle_events
libusb_handle_events_completed
libusb_handle_events_completed
libusb_handle_events_locked
libusb_handle_events_locked
libusb_handle_events_timeout
libusb_handle_events_timeout
libusb_handle_events_timeout_completed
libusb_handle_events_timeout_completed
libusb_has_capability
libusb_has_capability
libusb_hotplug_deregister_callback
libusb_hotplug_deregister_callback
libusb_hotplug_get_user_data
libusb_hotplug_get_user_data
libusb_hotplug_register_callback
libusb_hotplug_register_callback
libusb_init
libusb_init
libusb_interrupt_event_handler
libusb_interrupt_event_handler
libusb_interrupt_transfer
libusb_interrupt_transfer
libusb_kernel_driver_active
libusb_kernel_driver_active
libusb_lock_event_waiters
libusb_lock_event_waiters
libusb_lock_events
libusb_lock_events
libusb_open
libusb_open
libusb_open_device_with_vid_pid
libusb_open_device_with_vid_pid
libusb_pollfds_handle_timeouts
libusb_pollfds_handle_timeouts
libusb_ref_device
libusb_ref_device
libusb_release_interface
libusb_release_interface
libusb_reset_device
libusb_reset_device
libusb_set_auto_detach_kernel_driver
libusb_set_auto_detach_kernel_driver
libusb_set_configuration
libusb_set_configuration
libusb_set_debug
libusb_set_debug
libusb_set_interface_alt_setting
libusb_set_interface_alt_setting
libusb_set_log_cb
libusb_set_log_cb
libusb_set_option
libusb_set_pollfd_notifiers
libusb_set_pollfd_notifiers
libusb_setlocale
libusb_setlocale
libusb_strerror
libusb_strerror
libusb_submit_transfer
libusb_submit_transfer
libusb_transfer_get_stream_id
libusb_transfer_get_stream_id
libusb_transfer_set_stream_id
libusb_transfer_set_stream_id
libusb_try_lock_events
libusb_try_lock_events
libusb_unlock_event_waiters
libusb_unlock_event_waiters
libusb_unlock_events
libusb_unlock_events
libusb_unref_device
libusb_unref_device
libusb_wait_for_event
libusb_wait_for_event

Sections

.text
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 47KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LARK M1/ucrtbase.dll
.dll windows:10 windows x86 arch:x86

7a86ba02a97907fb532ad47d5e59b822

Code Sign

33:00:00:00:bc:e1:20:fd:d2:7c:c8:ee:93:00:00:00:00:00:bc
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/08/2015, 17:15

Not After

18/11/2016, 17:15

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ce:30:8b:39:3f:2c:f4:52:79:d8:dd:d9:54:b0:59:66:39:1c:4d:a8:e2:ec:2e:69:b9:9f:f6:b6:05:86:4a:dc
Signer

Actual PE Digest

ce:30:8b:39:3f:2c:f4:52:79:d8:dd:d9:54:b0:59:66:39:1c:4d:a8:e2:ec:2e:69:b9:9f:f6:b6:05:86:4a:dc

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ucrtbase.pdb

Imports

api-ms-win-core-string-l1-1-0

GetStringTypeW
CompareStringW
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter
SetErrorMode
GetLastError
RaiseException

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
GetTimeZoneInformation
SystemTimeToFileTime

api-ms-win-core-file-l1-1-0

ReadFile
FlushFileBuffers
SetEndOfFile
GetFullPathNameA
FindNextFileA
UnlockFileEx
DeleteFileW
RemoveDirectoryW
LockFileEx
FindFirstFileExA
CreateDirectoryW
GetFullPathNameW
SetFileAttributesW
WriteFile
GetFileAttributesExW
FindNextFileW
GetFileInformationByHandle
FindClose
SetFilePointerEx
GetFileType
CreateFileW
FindFirstFileExW
SetFileTime
GetDriveTypeW
GetDiskFreeSpaceW
GetLogicalDrives

api-ms-win-core-namedpipe-l1-1-0

CreatePipe
PeekNamedPipe

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapSize
HeapQueryInformation
HeapCompact
HeapWalk
HeapReAlloc
HeapAlloc
HeapValidate

api-ms-win-core-libraryloader-l1-1-0

LoadLibraryExW
GetModuleHandleW
GetModuleHandleExW
GetProcAddress
GetModuleFileNameA
GetModuleFileNameW
LoadLibraryExA
FreeLibrary
FreeLibraryAndExitThread

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
WaitForSingleObject

api-ms-win-core-processthreads-l1-1-0

ResumeThread
TlsGetValue
CreateProcessA
TlsSetValue
TlsAlloc
TlsFree
GetCurrentProcess
GetCurrentThreadId
GetExitCodeProcess
GetCurrentThread
CreateThread
GetCurrentProcessId
ExitProcess
TerminateProcess
CreateProcessW
ExitThread
GetStartupInfoW

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineA
GetCommandLineW
GetCurrentDirectoryA
SetCurrentDirectoryW
GetCurrentDirectoryW
SetCurrentDirectoryA
SetStdHandle
GetStdHandle
SetEnvironmentVariableA
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW

api-ms-win-core-localization-l1-2-0

IsValidLocale
GetUserDefaultLCID
GetLocaleInfoW
EnumSystemLocalesW
LCMapStringW
GetCPInfo
IsValidCodePage
GetACP
GetOEMCP

api-ms-win-core-sysinfo-l1-1-0

GetLocalTime
GetSystemTimeAsFileTime
GetTickCount
GetSystemInfo
SetLocalTime

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-console-l1-1-0

ReadConsoleInputA
GetConsoleMode
GetConsoleCP
SetConsoleMode
GetNumberOfConsoleInputEvents
PeekConsoleInputA
ReadConsoleInputW
SetConsoleCtrlHandler
ReadConsoleW
WriteConsoleW

api-ms-win-core-debug-l1-1-0

OutputDebugStringA
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualProtect
VirtualAlloc

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer
Beep

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlUnwind

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InterlockedFlushSList

Exports

Exports

_CIacos
_CIasin
_CIatan
_CIatan2
_CIcos
_CIcosh
_CIexp
_CIfmod
_CIlog
_CIlog10
_CIpow
_CIsin
_CIsinh
_CIsqrt
_CItan
_CItanh
_Cbuild
_Cmulcc
_Cmulcr
_CreateFrameInfo
_CxxThrowException
_EH_prolog
_Exit
_FCbuild
_FCmulcc
_FCmulcr
_FindAndUnlinkFrame
_Getdays
_Getmonths
_Gettnames
_IsExceptionObjectToBeDestroyed
_LCbuild
_LCmulcc
_LCmulcr
_NLG_Dispatch2
_NLG_Return
_NLG_Return2
_SetWinRTOutOfMemoryExceptionCallback
_Strftime
_W_Getdays
_W_Getmonths
_W_Gettnames
_Wcsftime
__AdjustPointer
__BuildCatchObject
__BuildCatchObjectHelper
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxFrameHandler2
__CxxFrameHandler3
__CxxLongjmpUnwind
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__FrameUnwindFilter
__GetPlatformExceptionInfo
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__TypeMatch
___lc_codepage_func
___lc_collate_cp_func
___lc_locale_name_func
___mb_cur_max_func
___mb_cur_max_l_func
__acrt_iob_func
__conio_common_vcprintf
__conio_common_vcprintf_p
__conio_common_vcprintf_s
__conio_common_vcscanf
__conio_common_vcwprintf
__conio_common_vcwprintf_p
__conio_common_vcwprintf_s
__conio_common_vcwscanf
__control87_2
__current_exception
__current_exception_context
__daylight
__dcrt_get_wide_environment_from_os
__dcrt_initial_narrow_environment
__doserrno
__dstbias
__fpe_flt_rounds
__fpecode
__initialize_lconv_for_unsigned_char
__intrinsic_abnormal_termination
__intrinsic_setjmp
__isascii
__iscsym
__iscsymf
__iswcsym
__iswcsymf
__libm_sse2_acos
__libm_sse2_acosf
__libm_sse2_asin
__libm_sse2_asinf
__libm_sse2_atan
__libm_sse2_atan2
__libm_sse2_atanf
__libm_sse2_cos
__libm_sse2_cosf
__libm_sse2_exp
__libm_sse2_expf
__libm_sse2_log
__libm_sse2_log10
__libm_sse2_log10f
__libm_sse2_logf
__libm_sse2_pow
__libm_sse2_powf
__libm_sse2_sin
__libm_sse2_sinf
__libm_sse2_tan
__libm_sse2_tanf
__p___argc
__p___argv
__p___wargv
__p__acmdln
__p__commode
__p__environ
__p__fmode
__p__mbcasemap
__p__mbctype
__p__pgmptr
__p__wcmdln
__p__wenviron
__p__wpgmptr
__pctype_func
__processing_throw
__pwctype_func
__pxcptinfoptrs
__report_gsfailure
__setusermatherr
__std_exception_copy
__std_exception_destroy
__std_type_info_compare
__std_type_info_destroy_list
__std_type_info_hash
__std_type_info_name
__stdio_common_vfprintf
__stdio_common_vfprintf_p
__stdio_common_vfprintf_s
__stdio_common_vfscanf
__stdio_common_vfwprintf
__stdio_common_vfwprintf_p
__stdio_common_vfwprintf_s
__stdio_common_vfwscanf
__stdio_common_vsnprintf_s
__stdio_common_vsnwprintf_s
__stdio_common_vsprintf
__stdio_common_vsprintf_p
__stdio_common_vsprintf_s
__stdio_common_vsscanf
__stdio_common_vswprintf
__stdio_common_vswprintf_p
__stdio_common_vswprintf_s
__stdio_common_vswscanf
__strncnt
__sys_errlist
__sys_nerr
__threadhandle
__threadid
__timezone
__toascii
__tzname
__unDName
__unDNameEx
__uncaught_exception
__wcserror
__wcserror_s
__wcsncnt
_abs64
_access
_access_s
_aligned_free
_aligned_malloc
_aligned_msize
_aligned_offset_malloc
_aligned_offset_realloc
_aligned_offset_recalloc
_aligned_realloc
_aligned_recalloc
_assert
_atodbl
_atodbl_l
_atof_l
_atoflt
_atoflt_l
_atoi64
_atoi64_l
_atoi_l
_atol_l
_atoldbl
_atoldbl_l
_atoll_l
_beep
_beginthread
_beginthreadex
_byteswap_uint64
_byteswap_ulong
_byteswap_ushort
_c_exit
_cabs
_callnewh
_calloc_base
_cexit
_cgets
_cgets_s
_cgetws
_cgetws_s
_chdir
_chdrive
_chgsign
_chgsignf
_chkesp
_chmod
_chsize
_chsize_s
_clearfp
_close
_commit
_configthreadlocale
_configure_narrow_argv
_configure_wide_argv
_control87
_controlfp
_controlfp_s
_copysign
_copysignf
_cputs
_cputws
_creat
_create_locale
_crt_at_quick_exit
_crt_atexit
_crt_debugger_hook
_ctime32
_ctime32_s
_ctime64
_ctime64_s
_cwait
_d_int
_dclass
_dexp
_difftime32
_difftime64
_dlog
_dnorm
_dpcomp
_dpoly
_dscale
_dsign
_dsin
_dtest
_dunscale
_dup
_dup2
_dupenv_s
_ecvt
_ecvt_s
_endthread
_endthreadex
_eof
_errno
_except1
_except_handler2
_except_handler3
_except_handler4_common
_execl
_execle
_execlp
_execlpe
_execute_onexit_table
_execv
_execve
_execvp
_execvpe
_exit
_expand
_fclose_nolock
_fcloseall
_fcvt
_fcvt_s
_fd_int
_fdclass
_fdexp
_fdlog
_fdnorm
_fdopen
_fdpcomp
_fdpoly
_fdscale
_fdsign
_fdsin
_fdtest
_fdunscale
_fflush_nolock
_fgetc_nolock
_fgetchar
_fgetwc_nolock
_fgetwchar
_filelength
_filelengthi64
_fileno
_findclose
_findfirst32
_findfirst32i64
_findfirst64
_findfirst64i32
_findnext32
_findnext32i64
_findnext64
_findnext64i32
_finite
_flushall
_fpclass
_fpieee_flt
_fpreset
_fputc_nolock
_fputchar
_fputwc_nolock
_fputwchar
_fread_nolock
_fread_nolock_s
_free_base
_free_locale
_fseek_nolock
_fseeki64
_fseeki64_nolock
_fsopen
_fstat32
_fstat32i64
_fstat64
_fstat64i32
_ftell_nolock
_ftelli64
_ftelli64_nolock
_ftime32
_ftime32_s
_ftime64
_ftime64_s
_ftol
_fullpath
_futime32
_futime64
_fwrite_nolock
_gcvt
_gcvt_s
_get_current_locale
_get_daylight
_get_doserrno
_get_dstbias
_get_errno
_get_fmode
_get_heap_handle
_get_initial_narrow_environment
_get_initial_wide_environment
_get_invalid_parameter_handler
_get_narrow_winmain_command_line
_get_osfhandle
_get_pgmptr
_get_printf_count_output
_get_purecall_handler
_get_stream_buffer_pointers
_get_terminate
_get_thread_local_invalid_parameter_handler
_get_timezone
_get_tzname
_get_unexpected
_get_wide_winmain_command_line
_get_wpgmptr
_getc_nolock
_getch
_getch_nolock
_getche
_getche_nolock
_getcwd
_getdcwd
_getdiskfree
_getdllprocaddr
_getdrive
_getdrives
_getmaxstdio
_getmbcp
_getpid
_getsystime
_getw
_getwc_nolock
_getwch
_getwch_nolock
_getwche
_getwche_nolock
_getws
_getws_s
_global_unwind2
_gmtime32
_gmtime32_s
_gmtime64
_gmtime64_s
_heapchk
_heapmin
_heapwalk
_hypot
_hypotf
_i64toa
_i64toa_s
_i64tow
_i64tow_s
_initialize_narrow_environment
_initialize_onexit_table
_initialize_wide_environment
_initterm
_initterm_e
_invalid_parameter_noinfo
_invalid_parameter_noinfo_noreturn
_invoke_watson
_is_exception_typeof
_isalnum_l
_isalpha_l
_isatty
_isblank_l
_iscntrl_l
_isctype
_isctype_l
_isdigit_l
_isgraph_l
_isleadbyte_l
_islower_l
_ismbbalnum
_ismbbalnum_l
_ismbbalpha
_ismbbalpha_l
_ismbbblank
_ismbbblank_l
_ismbbgraph
_ismbbgraph_l
_ismbbkalnum
_ismbbkalnum_l
_ismbbkana
_ismbbkana_l
_ismbbkprint
_ismbbkprint_l
_ismbbkpunct
_ismbbkpunct_l
_ismbblead
_ismbblead_l
_ismbbprint
_ismbbprint_l
_ismbbpunct
_ismbbpunct_l
_ismbbtrail
_ismbbtrail_l
_ismbcalnum
_ismbcalnum_l
_ismbcalpha
_ismbcalpha_l
_ismbcblank
_ismbcblank_l
_ismbcdigit
_ismbcdigit_l
_ismbcgraph
_ismbcgraph_l
_ismbchira
_ismbchira_l
_ismbckata
_ismbckata_l
_ismbcl0
_ismbcl0_l
_ismbcl1
_ismbcl1_l
_ismbcl2
_ismbcl2_l
_ismbclegal
_ismbclegal_l
_ismbclower
_ismbclower_l
_ismbcprint
_ismbcprint_l
_ismbcpunct
_ismbcpunct_l
_ismbcspace
_ismbcspace_l
_ismbcsymbol
_ismbcsymbol_l
_ismbcupper
_ismbcupper_l
_ismbslead
_ismbslead_l
_ismbstrail
_ismbstrail_l
_isnan
_isprint_l
_ispunct_l
_isspace_l
_isupper_l
_iswalnum_l
_iswalpha_l
_iswblank_l
_iswcntrl_l

Sections

.text
Size: 850KB - Virtual size: 850KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LARK M1/ucrtbased.dll
.dll windows:10 windows x86 arch:x86

cd42ec775c91efd2367fa09fef65a372

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ucrtbased.pdb

Imports

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
GetStringTypeW
WideCharToMultiByte
CompareStringW

api-ms-win-core-errorhandling-l1-1-0

SetErrorMode
RaiseException
UnhandledExceptionFilter
GetLastError
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-file-l1-1-0

GetFullPathNameA
FlushFileBuffers
CreateFileW
GetDriveTypeW
DeleteFileW
RemoveDirectoryW
GetFullPathNameW
LockFileEx
FindFirstFileExA
ReadFile
CreateDirectoryW
SetFileAttributesW
GetDiskFreeSpaceW
GetLogicalDrives
WriteFile
FindNextFileA
FindNextFileW
FindFirstFileExW
FindClose
GetFileAttributesExW
UnlockFileEx
GetFileType
SetFileTime
SetFilePointerEx
SetEndOfFile

api-ms-win-core-timezone-l1-1-0

GetTimeZoneInformation
SystemTimeToFileTime
FileTimeToSystemTime
TzSpecificLocalTimeToSystemTime
SystemTimeToTzSpecificLocalTime

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-namedpipe-l1-1-0

PeekNamedPipe
CreatePipe

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapSize
HeapReAlloc
HeapCompact
HeapWalk
HeapValidate
HeapAlloc
HeapQueryInformation

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
SetLocalTime
GetTickCount
GetLocalTime
GetSystemTimeAsFileTime

api-ms-win-core-libraryloader-l1-1-0

LoadLibraryExA
LoadLibraryExW
FreeLibrary
GetModuleFileNameW
GetProcAddress
GetModuleHandleW
FreeLibraryAndExitThread
GetModuleHandleExW
GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TlsAlloc
CreateProcessW
CreateProcessA
TlsGetValue
TlsSetValue
TlsFree
TerminateProcess
GetCurrentThread
GetCurrentProcessId
GetExitCodeProcess
GetCurrentThreadId
CreateThread
GetStartupInfoW
ExitProcess
ResumeThread
ExitThread

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle
GetCurrentDirectoryA
SetCurrentDirectoryW
GetCurrentDirectoryW
SetCurrentDirectoryA
GetCommandLineA
SetStdHandle
SetEnvironmentVariableA
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW

api-ms-win-core-localization-l1-2-0

GetLocaleInfoW
GetCPInfo
EnumSystemLocalesW
IsValidCodePage
GetUserDefaultLCID
IsValidLocale
GetACP
GetOEMCP
LCMapStringW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-console-l1-1-0

WriteConsoleW
ReadConsoleW
SetConsoleMode
GetNumberOfConsoleInputEvents
ReadConsoleInputA
PeekConsoleInputA
ReadConsoleInputW
GetConsoleCP
SetConsoleCtrlHandler
GetConsoleMode

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
OutputDebugStringA

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualProtect
VirtualAlloc

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer
Beep

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlUnwind

api-ms-win-core-interlocked-l1-1-0

InterlockedFlushSList
InterlockedPushEntrySList

Exports

Exports

_CIacos
_CIasin
_CIatan
_CIatan2
_CIcos
_CIcosh
_CIexp
_CIfmod
_CIlog
_CIlog10
_CIpow
_CIsin
_CIsinh
_CIsqrt
_CItan
_CItanh
_Cbuild
_Cmulcc
_Cmulcr
_CreateFrameInfo
_CrtCheckMemory
_CrtDbgReport
_CrtDbgReportW
_CrtDoForAllClientObjects
_CrtDumpMemoryLeaks
_CrtGetAllocHook
_CrtGetDebugFillThreshold
_CrtGetDumpClient
_CrtGetReportHook
_CrtIsMemoryBlock
_CrtIsValidHeapPointer
_CrtIsValidPointer
_CrtMemCheckpoint
_CrtMemDifference
_CrtMemDumpAllObjectsSince
_CrtMemDumpStatistics
_CrtReportBlockType
_CrtSetAllocHook
_CrtSetBreakAlloc
_CrtSetDbgBlockType
_CrtSetDbgFlag
_CrtSetDebugFillThreshold
_CrtSetDumpClient
_CrtSetReportFile
_CrtSetReportHook
_CrtSetReportHook2
_CrtSetReportHookW2
_CrtSetReportMode
_CxxThrowException
_EH_prolog
_Exit
_FCbuild
_FCmulcc
_FCmulcr
_FindAndUnlinkFrame
_Getdays
_Getmonths
_Gettnames
_IsExceptionObjectToBeDestroyed
_LCbuild
_LCmulcc
_LCmulcr
_NLG_Dispatch2
_NLG_Return
_NLG_Return2
_SetWinRTOutOfMemoryExceptionCallback
_Strftime
_VCrtDbgReportA
_VCrtDbgReportW
_W_Getdays
_W_Getmonths
_W_Gettnames
_Wcsftime
__AdjustPointer
__BuildCatchObject
__BuildCatchObjectHelper
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxFrameHandler2
__CxxFrameHandler3
__CxxLongjmpUnwind
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__FrameUnwindFilter
__GetPlatformExceptionInfo
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__TypeMatch
___lc_codepage_func
___lc_collate_cp_func
___lc_locale_name_func
___mb_cur_max_func
___mb_cur_max_l_func
__acrt_iob_func
__conio_common_vcprintf
__conio_common_vcprintf_p
__conio_common_vcprintf_s
__conio_common_vcscanf
__conio_common_vcwprintf
__conio_common_vcwprintf_p
__conio_common_vcwprintf_s
__conio_common_vcwscanf
__control87_2
__current_exception
__current_exception_context
__daylight
__dcrt_get_wide_environment_from_os
__dcrt_initial_narrow_environment
__doserrno
__dstbias
__fpe_flt_rounds
__fpecode
__initialize_lconv_for_unsigned_char
__intrinsic_abnormal_termination
__intrinsic_setjmp
__isascii
__iscsym
__iscsymf
__iswcsym
__iswcsymf
__libm_sse2_acos
__libm_sse2_acosf
__libm_sse2_asin
__libm_sse2_asinf
__libm_sse2_atan
__libm_sse2_atan2
__libm_sse2_atanf
__libm_sse2_cos
__libm_sse2_cosf
__libm_sse2_exp
__libm_sse2_expf
__libm_sse2_log
__libm_sse2_log10
__libm_sse2_log10f
__libm_sse2_logf
__libm_sse2_pow
__libm_sse2_powf
__libm_sse2_sin
__libm_sse2_sinf
__libm_sse2_tan
__libm_sse2_tanf
__p___argc
__p___argv
__p___wargv
__p__acmdln
__p__commode
__p__crtBreakAlloc
__p__crtDbgFlag
__p__environ
__p__fmode
__p__mbcasemap
__p__mbctype
__p__pgmptr
__p__wcmdln
__p__wenviron
__p__wpgmptr
__pctype_func
__processing_throw
__pwctype_func
__pxcptinfoptrs
__report_gsfailure
__setusermatherr
__std_exception_copy
__std_exception_destroy
__std_type_info_compare
__std_type_info_destroy_list
__std_type_info_hash
__std_type_info_name
__stdio_common_vfprintf
__stdio_common_vfprintf_p
__stdio_common_vfprintf_s
__stdio_common_vfscanf
__stdio_common_vfwprintf
__stdio_common_vfwprintf_p
__stdio_common_vfwprintf_s
__stdio_common_vfwscanf
__stdio_common_vsnprintf_s
__stdio_common_vsnwprintf_s
__stdio_common_vsprintf
__stdio_common_vsprintf_p
__stdio_common_vsprintf_s
__stdio_common_vsscanf
__stdio_common_vswprintf
__stdio_common_vswprintf_p
__stdio_common_vswprintf_s
__stdio_common_vswscanf
__strncnt
__sys_errlist
__sys_nerr
__threadhandle
__threadid
__timezone
__toascii
__tzname
__unDName
__unDNameEx
__uncaught_exception
__wcserror
__wcserror_s
__wcsncnt
_abs64
_access
_access_s
_aligned_free
_aligned_free_dbg
_aligned_malloc
_aligned_malloc_dbg
_aligned_msize
_aligned_msize_dbg
_aligned_offset_malloc
_aligned_offset_malloc_dbg
_aligned_offset_realloc
_aligned_offset_realloc_dbg
_aligned_offset_recalloc
_aligned_offset_recalloc_dbg
_aligned_realloc
_aligned_realloc_dbg
_aligned_recalloc
_aligned_recalloc_dbg
_assert
_atodbl
_atodbl_l
_atof_l
_atoflt
_atoflt_l
_atoi64
_atoi64_l
_atoi_l
_atol_l
_atoldbl
_atoldbl_l
_atoll_l
_beep
_beginthread
_beginthreadex
_byteswap_uint64
_byteswap_ulong
_byteswap_ushort
_c_exit
_cabs
_callnewh
_calloc_base
_calloc_dbg
_cexit
_cgets
_cgets_s
_cgetws
_cgetws_s
_chdir
_chdrive
_chgsign
_chgsignf
_chkesp
_chmod
_chsize
_chsize_s
_chvalidator
_chvalidator_l
_clearfp
_close
_commit
_configthreadlocale
_configure_narrow_argv
_configure_wide_argv
_control87
_controlfp
_controlfp_s
_copysign
_copysignf
_cputs
_cputws
_creat
_create_locale
_crt_at_quick_exit
_crt_atexit
_crt_debugger_hook
_ctime32
_ctime32_s
_ctime64
_ctime64_s
_cwait
_d_int
_dclass
_dexp
_difftime32
_difftime64
_dlog
_dnorm
_dpcomp
_dpoly
_dscale
_dsign
_dsin
_dtest
_dunscale
_dup
_dup2
_dupenv_s
_dupenv_s_dbg
_ecvt
_ecvt_s
_endthread
_endthreadex
_eof
_errno
_except1
_except_handler2
_except_handler3
_except_handler4_common
_execl
_execle
_execlp
_execlpe
_execute_onexit_table
_execv
_execve
_execvp
_execvpe
_exit
_expand
_expand_dbg
_fclose_nolock
_fcloseall
_fcvt
_fcvt_s
_fd_int
_fdclass
_fdexp
_fdlog
_fdnorm
_fdopen
_fdpcomp
_fdpoly
_fdscale
_fdsign
_fdsin
_fdtest
_fdunscale
_fflush_nolock
_fgetc_nolock
_fgetchar
_fgetwc_nolock
_fgetwchar
_filelength
_filelengthi64
_fileno
_findclose
_findfirst32
_findfirst32i64
_findfirst64
_findfirst64i32
_findnext32
_findnext32i64
_findnext64
_findnext64i32
_finite
_flushall
_fpclass
_fpieee_flt
_fpreset
_fputc_nolock
_fputchar
_fputwc_nolock
_fputwchar
_fread_nolock
_fread_nolock_s
_free_base
_free_dbg
_free_locale
_fseek_nolock
_fseeki64
_fseeki64_nolock
_fsopen
_fstat32
_fstat32i64
_fstat64
_fstat64i32
_ftell_nolock
_ftelli64
_ftelli64_nolock
_ftime32
_ftime32_s
_ftime64
_ftime64_s
_ftol
_fullpath
_fullpath_dbg
_futime32
_futime64
_fwrite_nolock
_gcvt
_gcvt_s
_get_current_locale
_get_daylight
_get_doserrno
_get_dstbias
_get_errno
_get_fmode
_get_heap_handle
_get_initial_narrow_environment
_get_initial_wide_environment
_get_invalid_parameter_handler
_get_narrow_winmain_command_line
_get_osfhandle
_get_pgmptr
_get_printf_count_output
_get_purecall_handler
_get_stream_buffer_pointers
_get_terminate
_get_thread_local_invalid_parameter_handler
_get_timezone
_get_tzname
_get_unexpected
_get_wide_winmain_command_line
_get_wpgmptr
_getc_nolock
_getch
_getch_nolock
_getche
_getche_nolock
_getcwd
_getcwd_dbg
_getdcwd
_getdcwd_dbg
_getdiskfree
_getdllprocaddr
_getdrive
_getdrives
_getmaxstdio
_getmbcp
_getpid
_getsystime
_getw
_getwc_nolock
_getwch
_getwch_nolock
_getwche
_getwche_nolock
_getws
_getws_s
_global_unwind2
_gmtime32
_gmtime32_s
_gmtime64
_gmtime64_s
_heapchk
_heapmin
_heapwalk
_hypot
_hypotf
_i64toa
_i64toa_s
_i64tow
_i64tow_s
_initialize_narrow_environment
_initialize_onexit_table
_initialize_wide_environment
_initterm
_initterm_e
_invalid_parameter
_invalid_parameter_noinfo
_invalid_parameter_noinfo_noreturn
_invoke_watson
_is_exception_typeof
_isalnum_l
_isalpha_l
_isatty
_isblank_l
_iscntrl_l
_isctype
_isctype_l
_isdigit_l
_isgraph_l
_isleadbyte_l
_islower_l
_ismbbalnum
_ismbbalnum_l
_ismbbalpha
_ismbbalpha_l
_ismbbblank
_ismbbblank_l
_ismbbgraph
_ismbbgraph_l
_ismbbkalnum
_ismbbkalnum_l
_ismbbkana
_ismbbkana_l
_ismbbkprint
_ismbbkprint_l
_ismbbkpunct
_ismbbkpunct_l
_ismbblead
_ismbblead_l
_ismbbprint
_ismbbprint_l
_ismbbpunct

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LARK M1/vcruntime140.dll
.dll windows:6 windows x64 arch:x64

33da3684eb6a5f91c8d92da28927c116

Code Sign

33:00:00:00:70:f4:18:bf:23:21:fc:50:9d:00:00:00:00:00:70
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/03/2015, 17:32

Not After

20/06/2016, 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:ca:6c:d5:32:12:35:c4:e1:55:00:01:00:00:00:ca
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/04/2014, 17:39

Not After

22/07/2015, 17:39

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:38:8d:23:6d:16:27:a3:26:e0:00:00:00:00:00:38
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/10/2014, 18:11

Not After

01/01/2016, 18:11

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

23:50:06:6d:30:78:06:26:39:68:71:df:46:48:ab:c5:b1:0d:1d:ad:9c:8f:58:ea:fd:81:c5:d2:8f:b0:32:df
Signer

Actual PE Digest

23:50:06:6d:30:78:06:26:39:68:71:df:46:48:ab:c5:b1:0d:1d:ad:9c:8f:58:ea:fd:81:c5:d2:8f:b0:32:df

Digest Algorithm

sha256

PE Digest Matches

true

ba:81:52:5d:b2:c7:b9:71:a2:86:90:c1:f3:64:1c:a0:a0:41:39:f0
Signer

Actual PE Digest

ba:81:52:5d:b2:c7:b9:71:a2:86:90:c1:f3:64:1c:a0:a0:41:39:f0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

vcruntime140.amd64.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

abort
terminate

api-ms-win-crt-heap-l1-1-0

_free_base
malloc
free
_calloc_base
_malloc_base

api-ms-win-crt-string-l1-1-0

strcpy_s

api-ms-win-crt-convert-l1-1-0

atol

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s

advapi32

SystemFunction036

kernel32

TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
IsProcessorFeaturePresent
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
RtlLookupFunctionEntry
GetModuleHandleW
GetModuleFileNameW
GetSystemTimeAsFileTime
LeaveCriticalSection
RtlUnwindEx
EncodePointer
RaiseException
RtlPcToFileHeader
InterlockedPushEntrySList
InterlockedFlushSList
EnterCriticalSection
DeleteCriticalSection
SetLastError
GetLastError
InitializeCriticalSectionAndSpinCount
GetProcAddress
TlsAlloc
TlsGetValue
FreeLibrary
LoadLibraryExW
TlsSetValue
TlsFree

Exports

Exports

_CreateFrameInfo
_CxxThrowException
_FindAndUnlinkFrame
_IsExceptionObjectToBeDestroyed
_SetWinRTOutOfMemoryExceptionCallback
__AdjustPointer
__BuildCatchObject
__BuildCatchObjectHelper
__C_specific_handler
__C_specific_handler_noexcept
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxFrameHandler2
__CxxFrameHandler3
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__FrameUnwindFilter
__GetPlatformExceptionInfo
__NLG_Dispatch2
__NLG_Return2
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__TypeMatch
__current_exception
__current_exception_context
__intrinsic_setjmp
__intrinsic_setjmpex
__processing_throw
__report_gsfailure
__std_exception_copy
__std_exception_destroy
__std_terminate
__std_type_info_compare
__std_type_info_destroy_list
__std_type_info_hash
__std_type_info_name
__telemetry_main_invoke_trigger
__telemetry_main_return_trigger
__unDName
__unDNameEx
__uncaught_exception
__uncaught_exceptions
__vcrt_GetModuleFileNameW
__vcrt_GetModuleHandleW
__vcrt_InitializeCriticalSectionEx
__vcrt_LoadLibraryExW
_get_purecall_handler
_get_unexpected
_is_exception_typeof
_local_unwind
_purecall
_set_purecall_handler
_set_se_translator
longjmp
memchr
memcmp
memcpy
memmove
memset
set_unexpected
strchr
strrchr
strstr
unexpected
wcschr
wcsrchr
wcsstr

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LARK M1/vcruntime140d.dll
.dll windows:6 windows x86 arch:x86

e7bcb5226ece332bac5057c99f8fe074

Code Sign

33:00:00:00:70:f4:18:bf:23:21:fc:50:9d:00:00:00:00:00:70
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/03/2015, 17:32

Not After

20/06/2016, 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:ca:6c:d5:32:12:35:c4:e1:55:00:01:00:00:00:ca
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/04/2014, 17:39

Not After

22/07/2015, 17:39

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:38:8d:23:6d:16:27:a3:26:e0:00:00:00:00:00:38
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/10/2014, 18:11

Not After

01/01/2016, 18:11

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f0:f8:2a:a1:43:4a:6c:ba:17:9f:7d:32:40:7f:98:9b:e5:39:22:ff:7d:cf:b3:3b:8a:b9:d1:cc:70:e0:82:d0
Signer

Actual PE Digest

f0:f8:2a:a1:43:4a:6c:ba:17:9f:7d:32:40:7f:98:9b:e5:39:22:ff:7d:cf:b3:3b:8a:b9:d1:cc:70:e0:82:d0

Digest Algorithm

sha256

PE Digest Matches

true

b4:d4:7a:ac:5b:94:8a:94:66:a6:be:7a:60:97:a8:51:a9:71:cc:b7
Signer

Actual PE Digest

b4:d4:7a:ac:5b:94:8a:94:66:a6:be:7a:60:97:a8:51:a9:71:cc:b7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

vcruntime140d.i386.pdb

Imports

ucrtbased

atol
__stdio_common_vsprintf_s
wcslen
abort
_calloc_dbg
_malloc_dbg
_free_dbg
strlen
strcpy_s
malloc
free
strcmp
terminate
_CrtDbgReportW
_CrtDbgReport

advapi32

SystemFunction036

kernel32

GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
IsProcessorFeaturePresent
GetModuleHandleW
GetModuleFileNameW
LoadLibraryExW
GetProcAddress
FreeLibrary
TlsFree
QueryPerformanceCounter
EnterCriticalSection
RtlUnwind
VirtualQuery
EncodePointer
InterlockedPushEntrySList
InterlockedFlushSList
RaiseException
LeaveCriticalSection
DeleteCriticalSection
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue

Exports

Exports

_CreateFrameInfo
_CxxThrowException
_EH_prolog
_FindAndUnlinkFrame
_IsExceptionObjectToBeDestroyed
_NLG_Dispatch2
_NLG_Return
_NLG_Return2
_SetWinRTOutOfMemoryExceptionCallback
__AdjustPointer
__BuildCatchObject
__BuildCatchObjectHelper
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxFrameHandler2
__CxxFrameHandler3
__CxxLongjmpUnwind
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__FrameUnwindFilter
__GetPlatformExceptionInfo
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__TypeMatch
__current_exception
__current_exception_context
__intrinsic_setjmp
__processing_throw
__report_gsfailure
__std_exception_copy
__std_exception_destroy
__std_terminate
__std_type_info_compare
__std_type_info_destroy_list
__std_type_info_hash
__std_type_info_name
__telemetry_main_invoke_trigger
__telemetry_main_return_trigger
__unDName
__unDNameEx
__uncaught_exception
__uncaught_exceptions
__vcrt_GetModuleFileNameW
__vcrt_GetModuleHandleW
__vcrt_InitializeCriticalSectionEx
__vcrt_LoadLibraryExW
_chkesp
_except_handler2
_except_handler3
_except_handler4_common
_get_purecall_handler
_get_unexpected
_global_unwind2
_is_exception_typeof
_local_unwind2
_local_unwind4
_longjmpex
_purecall
_seh_longjmp_unwind
_seh_longjmp_unwind4
_set_purecall_handler
_set_se_translator
_setjmp3
longjmp
memchr
memcmp
memcpy
memmove
memset
set_unexpected
strchr
strrchr
strstr
unexpected
wcschr
wcsrchr
wcsstr

Sections

.text
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LARK M1固件升级指引.txt

Sharing

General

Malware Config

Signatures

Files

b3b5ee3f645033846a028786ee03452b

Headers

File Characteristics

Imports

advapi32

gdi32

imm32

kernel32

msvcrt

ole32

oleaut32

opengl32

setupapi

shell32

user32

winmm

ws2_32

hidapi

Exports

Exports

Sections

.text Size: 11.1MB - Virtual size: 11.1MB

.data Size: 66KB - Virtual size: 65KB

.rdata Size: 3.1MB - Virtual size: 3.1MB

.qtmetad Size: 3KB - Virtual size: 3KB

.eh_fram Size: 2.1MB - Virtual size: 2.1MB

.bss Size: - Virtual size: 64KB

.edata Size: 1KB - Virtual size: 1KB

.idata Size: 17KB - Virtual size: 16KB

.CRT Size: 512B - Virtual size: 56B

.tls Size: 512B - Virtual size: 32B

.rsrc Size: 10KB - Virtual size: 10KB

.reloc Size: 282KB - Virtual size: 282KB

170f668950a72610cd4e26df19fdfc1c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

setupapi

kernel32

vcruntime140d

ucrtbased

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 10KB - Virtual size: 9KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 3KB - Virtual size: 3KB

.00cfg Size: 512B - Virtual size: 265B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

673b5848729daaf5af8799bae6b82834

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

vcruntime140d

ucrtbased

Exports

Exports

Sections

.text Size: 130KB - Virtual size: 130KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 47KB - Virtual size: 49KB

.idata Size: 3KB - Virtual size: 3KB

.00cfg Size: 512B - Virtual size: 260B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 7KB - Virtual size: 7KB

7a86ba02a97907fb532ad47d5e59b822

Code Sign

33:00:00:00:bc:e1:20:fd:d2:7c:c8:ee:93:00:00:00:00:00:bcCertificate

.text
Size: 11.1MB - Virtual size: 11.1MB

.data
Size: 66KB - Virtual size: 65KB

.rdata
Size: 3.1MB - Virtual size: 3.1MB

.qtmetad
Size: 3KB - Virtual size: 3KB

.eh_fram
Size: 2.1MB - Virtual size: 2.1MB

.bss
Size: - Virtual size: 64KB

.edata
Size: 1KB - Virtual size: 1KB

.idata
Size: 17KB - Virtual size: 16KB

.CRT
Size: 512B - Virtual size: 56B

.tls
Size: 512B - Virtual size: 32B

.rsrc
Size: 10KB - Virtual size: 10KB

.reloc
Size: 282KB - Virtual size: 282KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 10KB - Virtual size: 9KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 3KB - Virtual size: 3KB

.00cfg
Size: 512B - Virtual size: 265B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 130KB - Virtual size: 130KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 47KB - Virtual size: 49KB

.idata
Size: 3KB - Virtual size: 3KB

.00cfg
Size: 512B - Virtual size: 260B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 7KB - Virtual size: 7KB

33:00:00:00:bc:e1:20:fd:d2:7c:c8:ee:93:00:00:00:00:00:bc
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

ce:30:8b:39:3f:2c:f4:52:79:d8:dd:d9:54:b0:59:66:39:1c:4d:a8:e2:ec:2e:69:b9:9f:f6:b6:05:86:4a:dc
Signer

.text
Size: 850KB - Virtual size: 850KB

.data
Size: 3KB - Virtual size: 6KB

.idata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 22KB - Virtual size: 22KB