wextract.pdb
Static task
static1
1 signatures
General
-
Target
Downwell.rar
-
Size
38.8MB
-
MD5
c63e85a84045e392a251da3846b375d7
-
SHA1
1b87681a1f82dc1a86809743901da9f20ba0d17d
-
SHA256
556a2fa83cc5c4fbe4475f5689e2e09acabea10e9f155f1a6c5fc7f32a112e6f
-
SHA512
c7b04b6754d4000248ffe047978dfb9232644299dfeff1123f4e7645784ef7d9d888e9a84e0f8c4eb12ca5c6870f6511c75bb7dea3070f4b2bc20d10c6ab5c86
-
SSDEEP
786432:iutoctevZln4SpAHtNOIisvjKsb/oAGeWdUKLMdjdUQ1cGM56Kl6/Hk:7C+SC78Id/oAGerdjV2l53lSE
Score
3/10
Malware Config
Signatures
-
Unsigned PE 3 IoCs
Checks for missing Authenticode signature.
resource unpack001/Downwell/Downwell.exe unpack001/Downwell/LAUNCHER.exe unpack001/Downwell/SmartSteamEmu.dll
Files
-
Downwell.rar.rar
-
Downwell/Downwell.exe.exe windows:6 windows x86 arch:x86
bc70c4fa605f17c85050b7c7b6d42e44
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
advapi32
OpenProcessToken
GetTokenInformation
RegSetValueExA
EqualSid
RegQueryValueExA
LookupPrivilegeValueA
RegCreateKeyExA
RegOpenKeyExA
RegQueryInfoKeyA
RegDeleteValueA
AllocateAndInitializeSid
FreeSid
AdjustTokenPrivileges
RegCloseKey
kernel32
GetPrivateProfileIntA
GetFileAttributesA
IsDBCSLeadByte
GetSystemDirectoryA
GlobalUnlock
GetShortPathNameA
CreateDirectoryA
FindFirstFileA
GetLastError
GetProcAddress
RemoveDirectoryA
SetFileAttributesA
GlobalFree
FindClose
GetPrivateProfileStringA
LoadLibraryA
LocalAlloc
WritePrivateProfileStringA
GetModuleFileNameA
FindNextFileA
CompareStringA
_lopen
CloseHandle
LocalFree
DeleteFileA
ExitProcess
DosDateTimeToFileTime
CreateFileA
FindResourceA
GlobalAlloc
ExpandEnvironmentStringsA
LoadResource
WaitForSingleObject
SetEvent
GetModuleHandleW
FormatMessageA
SetFileTime
WriteFile
GetDriveTypeA
GetVolumeInformationA
TerminateThread
SizeofResource
CreateEventA
GetExitCodeProcess
CreateProcessA
_llseek
SetCurrentDirectoryA
GetTempFileNameA
ResetEvent
LockResource
GetSystemInfo
LoadLibraryExA
CreateMutexA
GetCurrentDirectoryA
GetVersionExA
GetVersion
GetTempPathA
CreateThread
LocalFileTimeToFileTime
SetFilePointer
GetWindowsDirectoryA
lstrcmpA
_lclose
GlobalLock
GetCurrentProcess
FreeResource
FreeLibrary
Sleep
GetStartupInfoA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
OutputDebugStringA
RtlUnwind
GetModuleHandleA
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
EnumResourceLanguagesA
MulDiv
GetDiskFreeSpaceA
ReadFile
gdi32
GetDeviceCaps
user32
GetDC
SendMessageA
SetForegroundWindow
MsgWaitForMultipleObjects
SendDlgItemMessageA
GetWindowRect
MessageBoxA
GetWindowLongA
PeekMessageA
ReleaseDC
GetDlgItem
SetWindowPos
ShowWindow
DispatchMessageA
SetWindowTextA
EnableWindow
CallWindowProcA
DialogBoxIndirectParamA
GetDlgItemTextA
LoadStringA
MessageBeep
CharUpperA
CharNextA
ExitWindowsEx
CharPrevA
EndDialog
GetDesktopWindow
SetDlgItemTextA
SetWindowLongA
GetSystemMetrics
msvcrt
memset
?terminate@@YAXXZ
_controlfp
memcpy
_ismbblead
__p__fmode
_cexit
_exit
exit
__set_app_type
__getmainargs
_acmdln
_initterm
_amsg_exit
__p__commode
_XcptFilter
_errno
_vsnprintf
__setusermatherr
comctl32
ord17
cabinet
ord22
ord23
ord21
ord20
version
GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA
Sections
.text Size: 26KB - Virtual size: 26KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 32.3MB - Virtual size: 32.3MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Downwell/Downwell.ico
-
Downwell/LAUNCHER.exe.exe windows:5 windows x86 arch:x86
8d50648aba4e0eea26780a196e32e747
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
D:\Developments\Games\SmartSteamEmu\Release\SmartSteamLoader.pdb
Imports
kernel32
GetPrivateProfileIntW
GetPrivateProfileStringW
FindFirstFileW
FindClose
GetCommandLineW
GetModuleFileNameW
GetCurrentDirectoryW
GetPrivateProfileSectionNamesW
GetCurrentProcessId
OpenProcess
CreateThread
CreateProcessW
LoadLibraryW
GetProcAddress
FreeLibrary
ResumeThread
WaitForSingleObject
MultiByteToWideChar
Sleep
GetCurrentProcess
GetLastError
DecodePointer
InterlockedExchange
InterlockedCompareExchange
WideCharToMultiByte
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
HeapSetInformation
OpenFileMappingA
CreateSemaphoreW
SetEvent
CreateEventA
MapViewOfFile
CreateFileMappingA
CloseHandle
GetExitCodeThread
UnmapViewOfFile
EncodePointer
user32
TranslateMessage
SendMessageW
PostQuitMessage
DestroyWindow
DispatchMessageW
CreateDialogParamW
IsDialogMessageW
GetMessageW
ShowWindow
MoveWindow
GetDesktopWindow
GetWindowRect
MessageBoxW
advapi32
RegSetValueExA
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegCreateKeyExA
RegOpenKeyExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueExA
shell32
CommandLineToArgvW
msvcp100
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
psapi
GetModuleFileNameExW
wintrust
WinVerifyTrust
msvcr100
memset
_CxxThrowException
_wcsicmp
memcpy
__CxxFrameHandler3
_controlfp_s
??3@YAXPAX@Z
memmove
??0exception@std@@QAE@ABV01@@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
??2@YAPAXI@Z
_wputenv
_vswprintf_c_l
tolower
_wtoi
fopen_s
fread
fclose
atoi
sprintf_s
memchr
??_V@YAXPAX@Z
_unlock
__dllonexit
_lock
_onexit
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
__set_app_type
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_invoke_watson
Sections
.text Size: 26KB - Virtual size: 25KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 87KB - Virtual size: 87KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Downwell/Redist/dxwebsetup.exe.exe windows:5 windows x86 arch:x86
1494de9b53e05fc1f40cb92afbdd6ce4
Code Sign
2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate
IssuerCN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft CorporationNot Before22/08/2007, 22:31Not After25/08/2012, 07:00SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:01:cf:3e:00:00:00:00:00:0fCertificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before07/12/2009, 22:40Not After07/03/2011, 22:40SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate
IssuerCN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft CorporationNot Before16/09/2006, 01:04Not After15/09/2019, 07:00SubjectCN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:05:a2:30:00:00:00:00:00:08Certificate
IssuerCN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before25/07/2008, 19:01Not After25/07/2013, 19:11SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:b8:85:36:04:6e:46:6d:2f:58:b3:18:fd:18:43:f0:b8:4b:28:d3Signer
Actual PE Digest47:b8:85:36:04:6e:46:6d:2f:58:b3:18:fd:18:43:f0:b8:4b:28:d3Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
advapi32
FreeSid
AllocateAndInitializeSid
EqualSid
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
RegCloseKey
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegQueryInfoKeyA
kernel32
LocalFree
LocalAlloc
GetLastError
GetCurrentProcess
GetModuleFileNameA
lstrlenA
GetSystemDirectoryA
RemoveDirectoryA
FindClose
FindNextFileA
DeleteFileA
SetFileAttributesA
lstrcmpA
FindFirstFileA
lstrcatA
lstrcpyA
_lclose
_llseek
_lopen
WritePrivateProfileStringA
GetWindowsDirectoryA
CreateDirectoryA
GetFileAttributesA
ExpandEnvironmentStringsA
IsDBCSLeadByte
GetShortPathNameA
GetPrivateProfileStringA
GetPrivateProfileIntA
lstrcmpiA
GetProcAddress
GlobalUnlock
GlobalLock
GlobalAlloc
FreeResource
CloseHandle
LoadResource
SizeofResource
FindResourceA
ReadFile
WriteFile
SetFilePointer
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
SetCurrentDirectoryA
GetTempFileNameA
ExitProcess
CreateFileA
LoadLibraryExA
lstrcpynA
GetVolumeInformationA
FormatMessageA
GetCurrentDirectoryA
GetVersionExA
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
GetTempPathA
GetSystemInfo
CreateMutexA
SetEvent
CreateEventA
CreateThread
ResetEvent
TerminateThread
GetDriveTypeA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
LockResource
LoadLibraryA
GetDiskFreeSpaceA
MulDiv
EnumResourceLanguagesA
FreeLibrary
GlobalFree
gdi32
GetDeviceCaps
user32
ExitWindowsEx
wsprintfA
CharNextA
CharUpperA
CharPrevA
SetWindowLongA
GetWindowLongA
CallWindowProcA
DispatchMessageA
MsgWaitForMultipleObjects
PeekMessageA
SendMessageA
SetWindowPos
ReleaseDC
GetDC
GetWindowRect
SendDlgItemMessageA
GetDlgItem
SetForegroundWindow
SetWindowTextA
MessageBoxA
DialogBoxIndirectParamA
ShowWindow
EnableWindow
GetDlgItemTextA
EndDialog
GetDesktopWindow
MessageBeep
SetDlgItemTextA
LoadStringA
GetSystemMetrics
comctl32
ord17
version
GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA
Sections
.text Size: 34KB - Virtual size: 33KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 239KB - Virtual size: 240KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Downwell/Redist/oalinst.exe.exe windows:4 windows x86 arch:x86
1ff011c2e13ea492fe69b2fbfc802083
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before16/07/2004, 00:00Not After15/07/2014, 23:59SubjectCN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
36:33:6d:83:6a:19:e2:44:ff:0e:52:88:2e:b5:b1:deCertificate
IssuerCN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=USNot Before30/06/2006, 00:00Not After14/07/2009, 23:59SubjectCN=Creative Labs Inc,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=CLI,O=Creative Labs Inc,L=Milpitas,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
61:0c:12:06:00:00:00:00:00:1bCertificate
IssuerCN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before23/05/2006, 17:01Not After23/05/2016, 17:11SubjectOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
cb:34:e3:72:3d:d1:2b:57:d7:86:46:9b:d8:78:2f:92:cf:2d:5d:4fSigner
Actual PE Digestcb:34:e3:72:3d:d1:2b:57:d7:86:46:9b:d8:78:2f:92:cf:2d:5d:4fDigest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
c:\cbs\build\ec922632-90cb-1015-8202-b7f05167b5ef\in\CTSDK\AL_Installer\Release\oalinst.pdb
Imports
version
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
kernel32
GetFileAttributesA
GetProcAddress
LoadLibraryA
FreeResource
SizeofResource
LoadResource
FindResourceA
ReadFile
SetEndOfFile
GetLocaleInfoW
HeapSize
IsValidCodePage
IsValidLocale
DeleteFileA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetFilePointer
FlushFileBuffers
SetStdHandle
InterlockedExchange
RemoveDirectoryA
CreateDirectoryA
GetModuleFileNameA
GetSystemDirectoryA
CopyFileA
GetTempFileNameA
LockResource
MoveFileExA
GetTimeZoneInformation
CompareStringA
CompareStringW
EnumSystemLocalesA
VirtualAlloc
GetLastError
HeapFree
HeapAlloc
MoveFileA
GetCommandLineA
GetVersionExA
GetProcessHeap
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
SetEnvironmentVariableA
HeapReAlloc
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
CloseHandle
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
RtlUnwind
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetCurrentThread
LCMapStringA
MultiByteToWideChar
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSection
Sleep
SetConsoleCtrlHandler
FreeLibrary
user32
LoadCursorA
RegisterClassExA
ShowWindow
UpdateWindow
GetMessageA
TranslateMessage
DispatchMessageA
MessageBoxA
PostQuitMessage
LoadIconA
SetClassLongA
LoadImageA
CreateWindowExA
SendMessageA
BeginPaint
GetClientRect
MoveWindow
DrawTextA
EndPaint
DefWindowProcA
gdi32
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
GetStockObject
advapi32
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegDeleteKeyA
Sections
.text Size: 116KB - Virtual size: 113KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 16KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 12KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 636KB - Virtual size: 633KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Downwell/Redist/vcredist_x86.exe.exe windows:5 windows x86 arch:x86
a1f6f100bff4507a3332f3f0cdfc24f5
Code Sign
2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate
IssuerCN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft CorporationNot Before22/08/2007, 22:31Not After25/08/2012, 07:00SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:01:cf:3e:00:00:00:00:00:0fCertificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before07/12/2009, 22:40Not After07/03/2011, 22:40SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate
IssuerCN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft CorporationNot Before16/09/2006, 01:04Not After15/09/2019, 07:00SubjectCN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:06:94:2d:00:00:00:00:00:09Certificate
IssuerCN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before25/07/2008, 19:02Not After25/07/2013, 19:12SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
8a:19:aa:3a:87:7f:dd:23:dc:03:96:64:c9:5b:23:7c:35:b0:fd:3dSigner
Actual PE Digest8a:19:aa:3a:87:7f:dd:23:dc:03:96:64:c9:5b:23:7c:35:b0:fd:3dDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
PDB Paths
sfxcab.pdb
Imports
msvcrt
__setusermatherr
_initterm
__getmainargs
__initenv
exit
_cexit
_adjust_fdiv
_exit
_c_exit
strncpy
strstr
_strlwr
strrchr
_stricmp
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_XcptFilter
_snprintf
sprintf
strchr
_strnicmp
_vsnprintf
advapi32
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
AllocateAndInitializeSid
OpenProcessToken
GetTokenInformation
GetLengthSid
InitiateSystemShutdownA
InitializeSecurityDescriptor
kernel32
CreateThread
GetFileSize
ExpandEnvironmentStringsA
CreateProcessA
GetExitCodeProcess
InitializeCriticalSectionAndSpinCount
LocalFileTimeToFileTime
SetFileTime
SetEndOfFile
CreateEventA
QueryDosDeviceA
GetDiskFreeSpaceA
GetSystemTime
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentDirectoryA
GetProcessHeap
CopyFileA
SetFileAttributesA
DosDateTimeToFileTime
SetEvent
GetVersionExA
ReadFile
SetFilePointer
MoveFileExA
RemoveDirectoryA
GetLastError
CreateDirectoryA
GetTickCount
SetErrorMode
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
CloseHandle
DeviceIoControl
CreateFileA
GetDriveTypeA
HeapFree
FormatMessageA
LeaveCriticalSection
DeleteFileA
EnterCriticalSection
TerminateProcess
WaitForMultipleObjects
CreateEventW
FindFirstFileA
Sleep
SetEnvironmentVariableA
GetEnvironmentVariableA
WideCharToMultiByte
HeapAlloc
SetLastError
WriteFile
MoveFileA
ExitProcess
DeleteCriticalSection
FlushFileBuffers
WaitForSingleObject
OpenEventA
GetCurrentProcess
GetFileAttributesA
GetCommandLineA
GetModuleFileNameA
FindClose
FindNextFileA
SystemTimeToFileTime
user32
SendDlgItemMessageA
SendMessageA
DialogBoxParamA
MessageBoxA
SetParent
EndDialog
LoadStringA
ShowWindow
ntdll
NtOpenProcessToken
NtAdjustPrivilegesToken
NtClose
NtShutdownSystem
comctl32
ord17
shell32
SHBrowseForFolderA
SHGetPathFromIDListA
Sections
.text Size: 33KB - Virtual size: 33KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 68KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4.8MB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Downwell/SmartSteamEmu.dll.dll windows:5 windows x86 arch:x86
b06839158f384bac81596ea4d789095c
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
D:\Developments\Games\SmartSteamEmu\Release\SmartSteamEmu.pdb
Imports
kernel32
GetCurrentThread
DeleteCriticalSection
InitializeCriticalSection
InterlockedIncrement
InterlockedDecrement
CreateThread
TerminateThread
CreateEventW
WaitForSingleObject
CloseHandle
SetEvent
Sleep
InterlockedExchange
QueryPerformanceFrequency
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
WaitForMultipleObjects
CreateFileA
WriteFile
ReadFile
FindClose
GetFileSize
MoveFileW
CreateFileW
GetExitCodeThread
InterlockedExchangeAdd
ExpandEnvironmentStringsW
CreateDirectoryW
FindFirstFileW
FindNextFileW
DeleteFileW
ResetEvent
GetSystemPowerStatus
LoadLibraryW
GetProcAddress
FreeLibrary
GetPrivateProfileIntW
GetPrivateProfileStringW
GetPrivateProfileSectionW
GetComputerNameW
GetLastError
WritePrivateProfileStringW
CopyFileW
WideCharToMultiByte
MultiByteToWideChar
WaitNamedPipeW
SetNamedPipeHandleState
CreateNamedPipeW
ConnectNamedPipe
DisconnectNamedPipe
FlushFileBuffers
TryEnterCriticalSection
SetFilePointer
GetModuleHandleExW
GetModuleHandleA
SetUnhandledExceptionFilter
GetSystemDirectoryW
CreateProcessW
EnterCriticalSection
GetVersionExW
GetWindowsDirectoryA
CompareStringW
WriteConsoleW
IsValidLocale
EnumSystemLocalesA
LeaveCriticalSection
InterlockedCompareExchange
GetTickCount
GetModuleFileNameW
DisableThreadLibraryCalls
IsBadReadPtr
GetLocaleInfoA
GetUserDefaultLCID
GetModuleFileNameA
GetCurrentDirectoryW
GetFullPathNameW
SetEnvironmentVariableW
SetEnvironmentVariableA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetLocaleInfoW
GetProcessHeap
SetEndOfFile
GetConsoleMode
GetConsoleCP
SetStdHandle
HeapSize
IsProcessorFeaturePresent
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
GetStartupInfoW
InitializeCriticalSectionAndSpinCount
SetHandleCount
HeapDestroy
HeapCreate
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetStringTypeW
GetFileInformationByHandle
FindFirstFileExA
GetDriveTypeA
GetCPInfo
LCMapStringW
RtlUnwind
RaiseException
GetCommandLineA
GetDateFormatA
GetTimeFormatA
GetFullPathNameA
FindFirstFileExW
GetDriveTypeW
FileTimeToLocalFileTime
FileTimeToSystemTime
ExitThread
HeapReAlloc
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetModuleHandleW
VirtualQuery
GetCurrentProcess
FlushInstructionCache
VirtualProtect
DeviceIoControl
CreateDirectoryA
HeapAlloc
HeapFree
GetEnvironmentVariableA
lstrcmpW
SignalObjectAndWait
GetThreadPriority
GetPriorityClass
ResumeThread
CreateWaitableTimerA
SetWaitableTimer
WaitForMultipleObjectsEx
CancelWaitableTimer
GetVersionExA
GlobalFree
GlobalAlloc
ExpandEnvironmentStringsA
GetStdHandle
GetFileType
PeekNamedPipe
SleepEx
SetLastError
VerSetConditionMask
VerifyVersionInfoA
LoadLibraryA
FormatMessageA
LocalFree
SetThreadPriority
WaitForSingleObjectEx
CreateEventA
ExitProcess
DecodePointer
EncodePointer
user32
GetAsyncKeyState
GetForegroundWindow
GetWindowThreadProcessId
advapi32
CryptCreateHash
CryptDestroyHash
CryptReleaseContext
CryptHashData
CryptAcquireContextA
GetUserNameW
GetCurrentHwProfileA
RegCloseKey
RegQueryValueExW
CryptGetHashParam
shell32
SHGetFolderPathW
ws2_32
listen
WSACleanup
getsockname
getsockopt
accept
__WSAFDIsSet
gethostname
WSAStartup
ntohs
WSAGetLastError
setsockopt
bind
select
htons
connect
gethostbyname
ioctlsocket
socket
inet_addr
inet_ntoa
closesocket
recv
recvfrom
send
sendto
ntohl
htonl
WSAIoctl
WSASetLastError
getpeername
freeaddrinfo
getaddrinfo
secur32
GetUserNameExW
wldap32
ord32
ord35
ord79
ord200
ord33
ord301
ord27
ord41
ord46
ord26
ord50
ord60
ord143
ord211
ord22
ord30
normaliz
IdnToAscii
winmm
waveOutWrite
waveInAddBuffer
waveInUnprepareHeader
waveOutUnprepareHeader
waveInClose
waveOutClose
waveOutGetDevCapsA
waveOutMessage
waveInGetDevCapsA
waveInMessage
waveOutOpen
waveOutGetPosition
waveInOpen
waveInReset
timeEndPeriod
timeBeginPeriod
timeGetTime
waveOutReset
waveOutPrepareHeader
waveInPrepareHeader
waveInGetNumDevs
waveOutGetNumDevs
waveOutRestart
waveInStart
waveOutGetErrorTextA
waveOutPause
waveInGetErrorTextA
setupapi
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceRegistryPropertyW
SetupDiOpenDeviceInterfaceRegKey
SetupDiGetDeviceInterfaceAlias
SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList
ole32
CoTaskMemFree
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoUninitialize
CoInitializeEx
PropVariantClear
CoCreateInstance
CoInitialize
Exports
Exports
Breakpad_SetSteamID
Breakpad_SteamMiniDumpInit
Breakpad_SteamSetSteamID
Breakpad_SteamWriteMiniDumpSetComment
Breakpad_SteamWriteMiniDumpUsingExceptionInfoWithBuildId
CreateInterface
GetHSteamPipe
GetHSteamUser
GetSSeApi
InitSSE
MySteamAPI_RegisterCallResult
MySteamAPI_RegisterCallback
MySteamAPI_UnregisterCallResult
MySteamAPI_UnregisterCallback
SSECreateProcess
SteamAPI_GetHSteamPipe
SteamAPI_GetHSteamUser
SteamAPI_GetSteamInstallPath
SteamAPI_Init
SteamAPI_InitSafe
SteamAPI_IsSteamRunning
SteamAPI_RegisterCallResult
SteamAPI_RegisterCallback
SteamAPI_RestartAppIfNecessary
SteamAPI_RunCallbacks
SteamAPI_SetBreakpadAppID
SteamAPI_SetMiniDumpComment
SteamAPI_SetTryCatchCallbacks
SteamAPI_Shutdown
SteamAPI_UnregisterCallResult
SteamAPI_UnregisterCallback
SteamAPI_UseBreakpadCrashHandler
SteamAPI_WriteMiniDump
SteamAppList
SteamApps
SteamCheckAppOwnership
SteamCleanup
SteamClient
SteamController
SteamController_GetControllerState
SteamController_Init
SteamController_SetOverrideMode
SteamController_Shutdown
SteamController_TriggerHapticPulse
SteamFriends
SteamGameServer
SteamGameServerApps
SteamGameServerHTTP
SteamGameServerNetworking
SteamGameServerStats
SteamGameServerUGC
SteamGameServerUtils
SteamGameServer_BSecure
SteamGameServer_GetHSteamPipe
SteamGameServer_GetHSteamUser
SteamGameServer_GetIPCCallCount
SteamGameServer_GetSteamID
SteamGameServer_Init
SteamGameServer_InitSafe
SteamGameServer_RunCallbacks
SteamGameServer_Shutdown
SteamGetLocalClientVersion
SteamGetVersion
SteamHTMLSurface
SteamHTTP
SteamInventory
SteamIsAppSubscribed
SteamIsLoggedIn
SteamIsSubscribed
SteamLogin
SteamLogout
SteamMatchmaking
SteamMatchmakingServers
SteamMusic
SteamMusicRemote
SteamNetworking
SteamRemoteStorage
SteamShutdownEngine
SteamShutdownSteamBridgeInterface
SteamStartEngine
SteamStartEngineEx
SteamStartup
SteamUGC
SteamUnifiedMessages
SteamUser
SteamUserStats
SteamUtils
SteamVideo
Steam_BConnected
Steam_BGetCallback
Steam_BLoggedOn
Steam_BReleaseSteamPipe
Steam_ConnectToGlobalUser
Steam_CreateGlobalUser
Steam_CreateLocalUser
Steam_CreateSteamPipe
Steam_FreeLastCallback
Steam_GSBLoggedOn
Steam_GSBSecure
Steam_GSGetSteam2GetEncryptionKeyToSendToNewClient
Steam_GSLogOff
Steam_GSLogOn
Steam_GSRemoveUserConnect
Steam_GSSendSteam2UserConnect
Steam_GSSendUserDisconnect
Steam_GSSendUserStatusResponse
Steam_GSSetServerType
Steam_GSSetSpawnCount
Steam_GSUpdateStatus
Steam_GetAPICallResult
Steam_GetGSHandle
Steam_GetHSteamUserCurrent
Steam_InitiateGameConnection
Steam_LogOff
Steam_LogOn
Steam_RegisterInterfaceFuncs
Steam_ReleaseUser
Steam_RunCallbacks
Steam_SetLocalIPBinding
Steam_TerminateGameConnection
g_pSteamClientGameServer
Sections
.text Size: 2.8MB - Virtual size: 2.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 463KB - Virtual size: 462KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 133KB - Virtual size: 150KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 226KB - Virtual size: 225KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Downwell/SmartSteamEmu.ini
-
Downwell/SmartSteamEmu.txt
-
Downwell/steam_appid.txt