Electron Keyless[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Electron Keyless.zip
Size

27.0MB
MD5

74b62fc1112ea7f95e7461e3116830df
SHA1

5c5305abd7148b324915ccbfba13f1076c2c496e
SHA256

1fe63cb7bdb6dcb7f95ed896f1c2821a4f3fadca077a2739bc3606aa8516a088
SHA512

fa72b702f5616fd77aae81f8d21abaf9664eda04e2d0e94ad6eed51ee7c7543072e774ff77147dbf73217639a0402d04d003e9c1f7eb56acde2e4006f5b648df
SSDEEP

393216:G5C7Ona3lzjKYLDMlLJxuOyJZeTs/n6J5/4fYMeRcr6LRsf/YNKwtZAz+O4iI94R:G5CCn2K6ABJxOeTP5wxexi3vr+O4H94R

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack002/Electron Executor.exe
unpack002/instcuter/app.asar.unpacked/node_modules/btime/binding.node
unpack002/instcuter/app.asar.unpacked/node_modules/get-fonts/binding.node
unpack002/instcuter/app.asar.unpacked/node_modules/vibrancy-win/binding.node

Files

Electron Keyless.zip
.zip

Password: electron2024
Electron.zip
.zip

Password: electron2024
Electron Executor.exe
.exe windows:4 windows x86 arch:x86

Password: electron2024

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 641KB - Virtual size: 641KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MicrosoftWebView.dll
Scripts/af.pak
Scripts/am.pak
Scripts/ar.pak
Scripts/bg.pak
Scripts/bn.pak
Scripts/ca.pak
Scripts/cs.pak
Scripts/da.pak
Scripts/de.pak
.ps1
Scripts/el.pak
Scripts/en-GB.pak
Scripts/en-US.pak
Scripts/es-419.pak
Scripts/es.pak
Scripts/et.pak
Scripts/fa.pak
Scripts/fi.pak
Scripts/fil.pak
Scripts/fr.pak
Scripts/gu.pak
Scripts/he.pak
Scripts/hi.pak
Scripts/hr.pak
Scripts/hu.pak
Scripts/id.pak
Scripts/it.pak
Scripts/ja.pak
Scripts/kn.pak
Scripts/ko.pak
Scripts/lt.pak
Scripts/lv.pak
Scripts/pt-BR.pak
Scripts/pt-PT.pak
Scripts/ro.pak
Scripts/sk.pak
Scripts/sl.pak
Scripts/sr.pak
Scripts/sv.pak
Scripts/sw.pak
Scripts/ta.pak
Scripts/te.pak
Scripts/th.pak
Scripts/tr.pak
Scripts/uk.pak
Scripts/ur.pak
Scripts/vi.pak
Scripts/zh-CN.pak
Scripts/zh-TW.pak
instcuter/LICENSE.electron.txt
instcuter/LICENSES.chromium.html
instcuter/app.asar.unpacked/node_modules/btime/binding.node
.dll windows:6 windows x64 arch:x64

Password: electron2024

0242ceb286e744ddd6dd8e963da637ee

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\obsidian-stage\electron\btime\build\Release\binding.pdb

Imports

kernel32

GetModuleHandleA
SetFileTime
CreateFileW
MultiByteToWideChar
GetLastError
CloseHandle
LoadLibraryExA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapFree
HeapAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
GetSystemInfo
VirtualProtect
VirtualQuery

Exports

Exports

_register_binding_

Sections

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
instcuter/app.asar.unpacked/node_modules/get-fonts/binding.node
.dll windows:6 windows x64 arch:x64

Password: electron2024

2a1b9a0a23b390c22659b30f7660d0da

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\obsidian-stage\electron\get-fonts\build\Release\binding.pdb

Imports

kernel32

LoadLibraryExA
WideCharToMultiByte
GetUserDefaultLocaleName
GetModuleHandleA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
GetLastError
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
CreateFileW
CloseHandle
WriteConsoleW
GetSystemInfo
VirtualProtect
VirtualQuery

dwrite

DWriteCreateFactory

Exports

Exports

_register_binding_

Sections

.text
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
instcuter/app.asar.unpacked/node_modules/vibrancy-win/binding.node
.dll windows:6 windows x64 arch:x64

Password: electron2024

56e83fb6e818a708f7895cf9d6058c3a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\obsidian-stage\electron\vibrancy-win\build\Release\binding.pdb

Imports

kernel32

GetModuleHandleA
GetProcAddress
GetModuleHandleW
LoadLibraryExA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
GetLastError
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
CreateFileW
CloseHandle
WriteConsoleW
GetSystemInfo
VirtualProtect
VirtualQuery

Exports

Exports

_register_binding_

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
instcuter/ffmpeg.dll
.dll windows:5 windows x64 arch:x64

Password: electron2024

14338d2168d869b1b53d66354179e8c5

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9c:90:57:dc:1e:df:33:b0:32:69:ff:6e:54:dc:f1:57
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

15/10/2021, 00:00

Not After

14/10/2024, 23:59

Subject

CN=Dynalist Inc,O=Dynalist Inc,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9c:90:57:dc:1e:df:33:b0:32:69:ff:6e:54:dc:f1:57
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

15/10/2021, 00:00

Not After

14/10/2024, 23:59

Subject

CN=Dynalist Inc,O=Dynalist Inc,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

93:ff:ec:ac:52:29:4a:93:b7:ec:c5:f8:9b:5f:2e:c7:01:cc:e8:fd:76:d1:9c:39:b3:9c:a6:4b:a5:a4:1d:1e
Signer

Actual PE Digest

93:ff:ec:ac:52:29:4a:93:b7:ec:c5:f8:9b:5f:2e:c7:01:cc:e8:fd:76:d1:9c:39:b3:9c:a6:4b:a5:a4:1d:1e

Digest Algorithm

sha256

PE Digest Matches

true

d7:f3:d1:71:d3:a4:7e:1d:40:93:13:69:a4:d4:9d:5f:be:4a:bd:5c
Signer

Actual PE Digest

d7:f3:d1:71:d3:a4:7e:1d:40:93:13:69:a4:d4:9d:5f:be:4a:bd:5c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ffmpeg.dll.pdb

Imports

kernel32

AcquireSRWLockExclusive
CloseHandle
CompareStringW
CreateEventW
CreateFileW
CreateThread
DeleteCriticalSection
EncodePointer
EnterCriticalSection
EnumSystemLocalesW
ExitProcess
ExitThread
FindClose
FindFirstFileExW
FindNextFileW
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryAndExitThread
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetConsoleOutputCP
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatW
GetEnvironmentStringsW
GetFileSizeEx
GetFileType
GetLastError
GetLocaleInfoW
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessAffinityMask
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemTimeAsFileTime
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLCID
HeapAlloc
HeapFree
HeapQueryInformation
HeapReAlloc
HeapSize
InitOnceBeginInitialize
InitOnceComplete
InitializeConditionVariable
InitializeCriticalSectionAndSpinCount
InitializeSListHead
InitializeSRWLock
InterlockedFlushSList
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
LCMapStringW
LeaveCriticalSection
LoadLibraryExW
MultiByteToWideChar
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadConsoleW
ReadFile
ReleaseSRWLockExclusive
ResetEvent
RtlCaptureContext
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwind
RtlUnwindEx
RtlVirtualUnwind
SetEnvironmentVariableW
SetEvent
SetFilePointerEx
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
Sleep
SleepConditionVariableSRW
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
WaitForSingleObjectEx
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFile

Exports

Exports

av_buffer_create
av_buffer_get_opaque
av_dict_count
av_dict_free
av_dict_get
av_dict_set
av_force_cpu_flags
av_frame_alloc
av_frame_clone
av_frame_free
av_frame_unref
av_free
av_get_bytes_per_sample
av_get_cpu_flags
av_image_check_size
av_init_packet
av_log_set_level
av_malloc
av_max_alloc
av_new_packet
av_packet_alloc
av_packet_copy_props
av_packet_free
av_packet_get_side_data
av_packet_unref
av_rdft_calc
av_rdft_end
av_rdft_init
av_read_frame
av_rescale_q
av_samples_get_buffer_size
av_seek_frame
av_stream_get_first_dts
av_stream_get_side_data
av_strerror
avcodec_align_dimensions
avcodec_alloc_context3
avcodec_descriptor_get
avcodec_descriptor_next
avcodec_find_decoder
avcodec_flush_buffers
avcodec_free_context
avcodec_get_name
avcodec_open2
avcodec_parameters_to_context
avcodec_receive_frame
avcodec_send_packet
avformat_alloc_context
avformat_close_input
avformat_find_stream_info
avformat_free_context
avformat_open_input
avio_alloc_context
avio_close

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 459KB - Virtual size: 459KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gxfg
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.retplne
Size: 512B - Virtual size: 92B

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.voltbl
Size: 512B - Virtual size: 56B

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
instcuter/icudtl.dat
instcuter/mkl_mc3.1.dll
.dll windows:6 windows x64 arch:x64

Password: electron2024

5e6d5c0dd72cf0e0075c17b32e860f2e

Code Sign

56:00:00:0c:87:de:d2:d0:b4:fd:c0:8f:fc:00:00:00:00:0c:87
Certificate

Issuer

CN=Intel External Issuing CA 7B,O=Intel Corporation,L=Santa Clara,ST=CA,C=US

Not Before

31/08/2020, 11:24

Not After

17/06/2021, 23:59

Subject

CN=Intel(R) Software Development Products,O=Intel Corporation,L=Santa Clara,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

06:9b:5e:99:27:72:84:c8:76:7f:13:68:a7:de:b0:f3
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

28/10/2015, 00:00

Not After

17/06/2021, 23:59

Subject

CN=Intel External Issuing CA 7B,O=Intel Corporation,L=Santa Clara,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

81:a4:4a:61:f1:79:fa:95:a6:49:12:a4:7f:70:f1:96:76:95:0f:02:80:5a:4c:0d:3d:86:b1:c5:f6:87:36:64
Signer

Actual PE Digest

81:a4:4a:61:f1:79:fa:95:a6:49:12:a4:7f:70:f1:96:76:95:0f:02:80:5a:4c:0d:3d:86:b1:c5:f6:87:36:64

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameW
GetModuleHandleExW
LoadLibraryW
MultiByteToWideChar
LoadLibraryA
GetThreadLocale
FormatMessageA
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetLastError
HeapFree
GetModuleHandleW
GetProcAddress
HeapAlloc
WideCharToMultiByte
SetLastError
GetCurrentThreadId
GetACP
GetStdHandle
GetFileType
GetStartupInfoW
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
FreeLibrary
LoadLibraryExW
CompareStringW
LCMapStringW
GetProcessHeap
GetStringTypeW
GetCPInfo
IsValidCodePage
GetOEMCP
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
ExitProcess
SetFilePointerEx
CloseHandle
WriteConsoleW
CreateFileW
HeapSize
HeapReAlloc
RaiseException
QueryPerformanceCounter
GetCurrentProcessId
InitializeSListHead
RtlUnwindEx
InterlockedFlushSList
GetModuleFileNameA
FindClose
FindFirstFileExA
FindNextFileA
GetCommandLineA
GetCommandLineW
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA

Exports

Exports

dll_cpu_version
mkl_blas_lp64_caxpy
mkl_blas_lp64_ccopy
mkl_blas_lp64_cdotu
mkl_blas_lp64_cscal
mkl_blas_lp64_daxpy
mkl_blas_lp64_dcopy
mkl_blas_lp64_ddot
mkl_blas_lp64_dscal
mkl_blas_lp64_saxpy
mkl_blas_lp64_scopy
mkl_blas_lp64_sdot
mkl_blas_lp64_sscal
mkl_blas_lp64_zaxpy
mkl_blas_lp64_zcopy
mkl_blas_lp64_zdotu
mkl_blas_lp64_zscal
mkl_blas_mc3_caxpyi
mkl_blas_mc3_cdotci
mkl_blas_mc3_cdotui
mkl_blas_mc3_cgbmv
mkl_blas_mc3_cgem2vc
mkl_blas_mc3_cgemm3m_copyac
mkl_blas_mc3_cgemm3m_copyan
mkl_blas_mc3_cgemm3m_copyat
mkl_blas_mc3_cgemm3m_copybc
mkl_blas_mc3_cgemm3m_copybn
mkl_blas_mc3_cgemm3m_copybt
mkl_blas_mc3_cgemm_api_support
mkl_blas_mc3_cgemm_blk_info_bdz
mkl_blas_mc3_cgemm_free_bufs
mkl_blas_mc3_cgemm_get_blks_size
mkl_blas_mc3_cgemm_get_bufs
mkl_blas_mc3_cgemm_get_bufs_size
mkl_blas_mc3_cgemm_get_kernel
mkl_blas_mc3_cgemm_get_optimal_kernel
mkl_blas_mc3_cgemm_initialize_buffers
mkl_blas_mc3_cgemm_initialize_kernel_info
mkl_blas_mc3_cgemm_map_thread_to_kernel
mkl_blas_mc3_cgemm_mscale
mkl_blas_mc3_cgemm_num_kernels
mkl_blas_mc3_cgemm_set_blks_size
mkl_blas_mc3_cgemm_zero_desc
mkl_blas_mc3_cgthr
mkl_blas_mc3_cgthrz
mkl_blas_mc3_chbmv
mkl_blas_mc3_chemv
mkl_blas_mc3_cher
mkl_blas_mc3_cher2
mkl_blas_mc3_cherk_pst
mkl_blas_mc3_chpmv
mkl_blas_mc3_chpr
mkl_blas_mc3_chpr2
mkl_blas_mc3_crotg
mkl_blas_mc3_csctr
mkl_blas_mc3_csyrk_pst
mkl_blas_mc3_ctbmv
mkl_blas_mc3_ctbsv
mkl_blas_mc3_ctpmv
mkl_blas_mc3_ctpsv
mkl_blas_mc3_daxpyi
mkl_blas_mc3_dcabs1
mkl_blas_mc3_ddoti
mkl_blas_mc3_dgbmv
mkl_blas_mc3_dgem2vu
mkl_blas_mc3_dgemm_api_support
mkl_blas_mc3_dgemm_blk_info_0_brc
mkl_blas_mc3_dgemm_blk_info_1_brc
mkl_blas_mc3_dgemm_blk_info_bdz
mkl_blas_mc3_dgemm_blk_info_hi_thr_bdz
mkl_blas_mc3_dgemm_copyan
mkl_blas_mc3_dgemm_copyat
mkl_blas_mc3_dgemm_copybn
mkl_blas_mc3_dgemm_copybt
mkl_blas_mc3_dgemm_free_bufs
mkl_blas_mc3_dgemm_get_blks_size
mkl_blas_mc3_dgemm_get_bufs
mkl_blas_mc3_dgemm_get_bufs_size
mkl_blas_mc3_dgemm_get_kernel
mkl_blas_mc3_dgemm_get_optimal_kernel
mkl_blas_mc3_dgemm_initialize_buffers
mkl_blas_mc3_dgemm_initialize_kernel_info
mkl_blas_mc3_dgemm_map_thread_to_kernel
mkl_blas_mc3_dgemm_mscale
mkl_blas_mc3_dgemm_num_kernels
mkl_blas_mc3_dgemm_pack_get_size
mkl_blas_mc3_dgemm_set_blks_size
mkl_blas_mc3_dgemm_zero_desc
mkl_blas_mc3_dgthr
mkl_blas_mc3_dgthrz
mkl_blas_mc3_drotg
mkl_blas_mc3_droti
mkl_blas_mc3_drotmg
mkl_blas_mc3_dsbmv
mkl_blas_mc3_dsctr
mkl_blas_mc3_dspmv
mkl_blas_mc3_dspr
mkl_blas_mc3_dspr2
mkl_blas_mc3_dsyrk_4k
mkl_blas_mc3_dsyrk_pst
mkl_blas_mc3_dtbmv
mkl_blas_mc3_dtbsv
mkl_blas_mc3_dtpmv
mkl_blas_mc3_dtpsv
mkl_blas_mc3_dzgemm_copyb
mkl_blas_mc3_dzgemm_copyc_bwd
mkl_blas_mc3_dzgemm_copyc_fwd
mkl_blas_mc3_dzgemm_freebufs
mkl_blas_mc3_dzgemm_getbufs
mkl_blas_mc3_dzgemm_mscale
mkl_blas_mc3_dzgemv
mkl_blas_mc3_gemm_bf16bf16f32_initialize_buffers
mkl_blas_mc3_gemm_bf16bf16f32_initialize_kernel_info
mkl_blas_mc3_gemm_bf16bf16f32_map_thread_to_kernel
mkl_blas_mc3_gemm_bf16bf16f32_pack_get_size
mkl_blas_mc3_gemm_s16s16s32_initialize_buffers
mkl_blas_mc3_gemm_s16s16s32_initialize_kernel_info
mkl_blas_mc3_gemm_s16s16s32_map_thread_to_kernel
mkl_blas_mc3_gemm_s16s16s32_pack_get_size
mkl_blas_mc3_gemm_s8u8s32_initialize_buffers
mkl_blas_mc3_gemm_s8u8s32_initialize_kernel_info
mkl_blas_mc3_gemm_s8u8s32_map_thread_to_kernel
mkl_blas_mc3_gemm_s8u8s32_pack_get_size
mkl_blas_mc3_get_bkernel_api_version
mkl_blas_mc3_get_ikernel_api_version
mkl_blas_mc3_get_kernel_api_version
mkl_blas_mc3_jit_create_xcgemm
mkl_blas_mc3_jit_create_xdgemm
mkl_blas_mc3_jit_create_xsgemm
mkl_blas_mc3_jit_create_xzgemm
mkl_blas_mc3_mkl_cgemm_jit
mkl_blas_mc3_mkl_dgemm_jit
mkl_blas_mc3_mkl_jit_create_cgemm
mkl_blas_mc3_mkl_jit_create_dgemm
mkl_blas_mc3_mkl_jit_create_sgemm
mkl_blas_mc3_mkl_jit_create_zgemm
mkl_blas_mc3_mkl_jit_destroy
mkl_blas_mc3_mkl_jit_get_cgemm_ptr
mkl_blas_mc3_mkl_jit_get_dgemm_ptr
mkl_blas_mc3_mkl_jit_get_sgemm_ptr
mkl_blas_mc3_mkl_jit_get_zgemm_ptr
mkl_blas_mc3_mkl_sgemm_jit
mkl_blas_mc3_mkl_zgemm_jit
mkl_blas_mc3_saxpyi
mkl_blas_mc3_scabs1
mkl_blas_mc3_scgemm_copyc_bwd
mkl_blas_mc3_scgemm_copyc_fwd
mkl_blas_mc3_scgemm_freebufs
mkl_blas_mc3_scgemm_getbufs
mkl_blas_mc3_scgemm_mscale
mkl_blas_mc3_scgemv
mkl_blas_mc3_sdoti
mkl_blas_mc3_sgbmv
mkl_blas_mc3_sgem2vu
mkl_blas_mc3_sgemm_api_support
mkl_blas_mc3_sgemm_blk_info_bdz
mkl_blas_mc3_sgemm_free_bufs
mkl_blas_mc3_sgemm_get_blks_size
mkl_blas_mc3_sgemm_get_bufs
mkl_blas_mc3_sgemm_get_bufs_size
mkl_blas_mc3_sgemm_get_kernel
mkl_blas_mc3_sgemm_get_optimal_kernel
mkl_blas_mc3_sgemm_initialize_buffers
mkl_blas_mc3_sgemm_initialize_kernel_info
mkl_blas_mc3_sgemm_map_thread_to_kernel
mkl_blas_mc3_sgemm_mscale
mkl_blas_mc3_sgemm_num_kernels
mkl_blas_mc3_sgemm_pack_get_size
mkl_blas_mc3_sgemm_set_blks_size
mkl_blas_mc3_sgemm_zero_desc
mkl_blas_mc3_sgthr
mkl_blas_mc3_sgthrz
mkl_blas_mc3_srotg
mkl_blas_mc3_sroti
mkl_blas_mc3_srotmg
mkl_blas_mc3_ssbmv
mkl_blas_mc3_ssctr
mkl_blas_mc3_sspmv
mkl_blas_mc3_sspr
mkl_blas_mc3_sspr2
mkl_blas_mc3_ssyrk_4k
mkl_blas_mc3_ssyrk_pst
mkl_blas_mc3_stbmv
mkl_blas_mc3_stbsv
mkl_blas_mc3_stpmv
mkl_blas_mc3_stpsv
mkl_blas_mc3_xcaxpby
mkl_blas_mc3_xcaxpy
mkl_blas_mc3_xccopy
mkl_blas_mc3_xcdotc
mkl_blas_mc3_xcdotu
mkl_blas_mc3_xcgemm
mkl_blas_mc3_xcgemm3m
mkl_blas_mc3_xcgemm_bdz
mkl_blas_mc3_xcgemm_compact
mkl_blas_mc3_xcgemm_internal
mkl_blas_mc3_xcgemm_internal_team
mkl_blas_mc3_xcgemm_par
mkl_blas_mc3_xcgemmger
mkl_blas_mc3_xcgemmt
mkl_blas_mc3_xcgemv
mkl_blas_mc3_xcgepack_compact
mkl_blas_mc3_xcgerc
mkl_blas_mc3_xcgeru
mkl_blas_mc3_xcgeunpack_compact
mkl_blas_mc3_xchemm
mkl_blas_mc3_xcher2k
mkl_blas_mc3_xcherk
mkl_blas_mc3_xcrot
mkl_blas_mc3_xcscal
mkl_blas_mc3_xcsrot
mkl_blas_mc3_xcsscal
mkl_blas_mc3_xcswap
mkl_blas_mc3_xcsymm
mkl_blas_mc3_xcsyr2k
mkl_blas_mc3_xcsyrk
mkl_blas_mc3_xctrmm
mkl_blas_mc3_xctrmv
mkl_blas_mc3_xctrmv_in_thread
mkl_blas_mc3_xctrsm
mkl_blas_mc3_xctrsm_compact
mkl_blas_mc3_xctrsv
mkl_blas_mc3_xdasum
mkl_blas_mc3_xdaxpby
mkl_blas_mc3_xdaxpy
mkl_blas_mc3_xdcopy
mkl_blas_mc3_xddot
mkl_blas_mc3_xdgemm
mkl_blas_mc3_xdgemm0_brc
mkl_blas_mc3_xdgemm1_1_brc
mkl_blas_mc3_xdgemm_bdz
mkl_blas_mc3_xdgemm_compact
mkl_blas_mc3_xdgemm_hi_thr_bdz
mkl_blas_mc3_xdgemm_internal
mkl_blas_mc3_xdgemm_internal_team
mkl_blas_mc3_xdgemm_pack
mkl_blas_mc3_xdgemm_par
mkl_blas_mc3_xdgemmger
mkl_blas_mc3_xdgemmt
mkl_blas_mc3_xdgemv
mkl_blas_mc3_xdgepack_compact
mkl_blas_mc3_xdger
mkl_blas_mc3_xdgeunpack_compact
mkl_blas_mc3_xdnrm2
mkl_blas_mc3_xdptrmm
mkl_blas_mc3_xdrot
mkl_blas_mc3_xdrotm
mkl_blas_mc3_xdscal
mkl_blas_mc3_xdsdot
mkl_blas_mc3_xdswap
mkl_blas_mc3_xdsymm
mkl_blas_mc3_xdsymv
mkl_blas_mc3_xdsymv_kernel
mkl_blas_mc3_xdsyr
mkl_blas_mc3_xdsyr2
mkl_blas_mc3_xdsyr2_in_thread
mkl_blas_mc3_xdsyr2k
mkl_blas_mc3_xdsyr_in_thread
mkl_blas_mc3_xdsyrk
mkl_blas_mc3_xdtrmm
mkl_blas_mc3_xdtrmv
mkl_blas_mc3_xdtrmv_in_thread
mkl_blas_mc3_xdtrsm
mkl_blas_mc3_xdtrsm_compact
mkl_blas_mc3_xdtrsv
mkl_blas_mc3_xdzasum
mkl_blas_mc3_xdzgemm
mkl_blas_mc3_xdznrm2
mkl_blas_mc3_xgemm_bf16bf16f32
mkl_blas_mc3_xgemm_bf16bf16f32_pack
mkl_blas_mc3_xgemm_s16s16s32
mkl_blas_mc3_xgemm_s16s16s32_pack
mkl_blas_mc3_xgemm_s8u8s32
mkl_blas_mc3_xgemm_s8u8s32_pack
mkl_blas_mc3_xgemv_bf16bf16f32
mkl_blas_mc3_xgemv_s8u8s32
mkl_blas_mc3_xicamax
mkl_blas_mc3_xicamin
mkl_blas_mc3_xidamax
mkl_blas_mc3_xidamin
mkl_blas_mc3_xisamax
mkl_blas_mc3_xisamin
mkl_blas_mc3_xizamax
mkl_blas_mc3_xizamin
mkl_blas_mc3_xsasum
mkl_blas_mc3_xsaxpby
mkl_blas_mc3_xsaxpy
mkl_blas_mc3_xscasum
mkl_blas_mc3_xscgemm
mkl_blas_mc3_xscnrm2
mkl_blas_mc3_xscopy
mkl_blas_mc3_xsdot
mkl_blas_mc3_xsdsdot
mkl_blas_mc3_xsgemm
mkl_blas_mc3_xsgemm0_brc
mkl_blas_mc3_xsgemm_bdz
mkl_blas_mc3_xsgemm_compact
mkl_blas_mc3_xsgemm_internal
mkl_blas_mc3_xsgemm_internal_team
mkl_blas_mc3_xsgemm_pack
mkl_blas_mc3_xsgemm_par
mkl_blas_mc3_xsgemmger
mkl_blas_mc3_xsgemmt
mkl_blas_mc3_xsgemv
mkl_blas_mc3_xsgepack_compact
mkl_blas_mc3_xsger
mkl_blas_mc3_xsgeunpack_compact
mkl_blas_mc3_xsnrm2
mkl_blas_mc3_xsptrmm
mkl_blas_mc3_xsrot
mkl_blas_mc3_xsrotm
mkl_blas_mc3_xsscal
mkl_blas_mc3_xsswap
mkl_blas_mc3_xssymm
mkl_blas_mc3_xssymv
mkl_blas_mc3_xssymv_kernel
mkl_blas_mc3_xssyr
mkl_blas_mc3_xssyr2
mkl_blas_mc3_xssyr2_in_thread
mkl_blas_mc3_xssyr2k
mkl_blas_mc3_xssyr_in_thread
mkl_blas_mc3_xssyrk
mkl_blas_mc3_xstrmm
mkl_blas_mc3_xstrmv
mkl_blas_mc3_xstrmv_in_thread
mkl_blas_mc3_xstrsm
mkl_blas_mc3_xstrsm_compact
mkl_blas_mc3_xstrsv
mkl_blas_mc3_xzaxpby
mkl_blas_mc3_xzaxpy
mkl_blas_mc3_xzcopy
mkl_blas_mc3_xzdotc
mkl_blas_mc3_xzdotu
mkl_blas_mc3_xzdrot
mkl_blas_mc3_xzdscal
mkl_blas_mc3_xzgemm
mkl_blas_mc3_xzgemm3m
mkl_blas_mc3_xzgemm_bdz
mkl_blas_mc3_xzgemm_compact
mkl_blas_mc3_xzgemm_internal
mkl_blas_mc3_xzgemm_internal_team
mkl_blas_mc3_xzgemm_par
mkl_blas_mc3_xzgemmger
mkl_blas_mc3_xzgemmt
mkl_blas_mc3_xzgemv
mkl_blas_mc3_xzgepack_compact
mkl_blas_mc3_xzgerc
mkl_blas_mc3_xzgeru
mkl_blas_mc3_xzgeunpack_compact
mkl_blas_mc3_xzhemm
mkl_blas_mc3_xzher2k
mkl_blas_mc3_xzherk
mkl_blas_mc3_xzrot
mkl_blas_mc3_xzscal
mkl_blas_mc3_xzswap
mkl_blas_mc3_xzsymm
mkl_blas_mc3_xzsyr2k
mkl_blas_mc3_xzsyrk
mkl_blas_mc3_xztrmm
mkl_blas_mc3_xztrmv
mkl_blas_mc3_xztrmv_in_thread
mkl_blas_mc3_xztrsm
mkl_blas_mc3_xztrsm_compact
mkl_blas_mc3_xztrsv
mkl_blas_mc3_zaxpyi
mkl_blas_mc3_zdotci
mkl_blas_mc3_zdotui
mkl_blas_mc3_zgbmv
mkl_blas_mc3_zgem2vc
mkl_blas_mc3_zgemm3m_copyac
mkl_blas_mc3_zgemm3m_copyan
mkl_blas_mc3_zgemm3m_copyat
mkl_blas_mc3_zgemm3m_copybc
mkl_blas_mc3_zgemm3m_copybn
mkl_blas_mc3_zgemm3m_copybt
mkl_blas_mc3_zgemm_api_support
mkl_blas_mc3_zgemm_blk_info_bdz
mkl_blas_mc3_zgemm_copyac
mkl_blas_mc3_zgemm_copyan
mkl_blas_mc3_zgemm_copyat
mkl_blas_mc3_zgemm_copybc
mkl_blas_mc3_zgemm_copybn
mkl_blas_mc3_zgemm_copybt
mkl_blas_mc3_zgemm_free_bufs
mkl_blas_mc3_zgemm_get_blks_size
mkl_blas_mc3_zgemm_get_bufs
mkl_blas_mc3_zgemm_get_bufs_size
mkl_blas_mc3_zgemm_get_kernel
mkl_blas_mc3_zgemm_get_optimal_kernel
mkl_blas_mc3_zgemm_initialize_buffers
mkl_blas_mc3_zgemm_initialize_kernel_info
mkl_blas_mc3_zgemm_map_thread_to_kernel
mkl_blas_mc3_zgemm_mscale
mkl_blas_mc3_zgemm_num_kernels
mkl_blas_mc3_zgemm_set_blks_size
mkl_blas_mc3_zgemm_zero_desc
mkl_blas_mc3_zgthr
mkl_blas_mc3_zgthrz
mkl_blas_mc3_zhbmv
mkl_blas_mc3_zhemv
mkl_blas_mc3_zher
mkl_blas_mc3_zher2
mkl_blas_mc3_zherk_pst
mkl_blas_mc3_zhpmv
mkl_blas_mc3_zhpr
mkl_blas_mc3_zhpr2
mkl_blas_mc3_zrotg
mkl_blas_mc3_zsctr
mkl_blas_mc3_zsyrk_pst
mkl_blas_mc3_ztbmv
mkl_blas_mc3_ztbsv
mkl_blas_mc3_ztpmv
mkl_blas_mc3_ztpsv
mkl_conv_mc3_CopyTask
mkl_conv_mc3_DeleteTask
mkl_conv_mc3_EditTask
mkl_conv_mc3_Exec
mkl_conv_mc3_ExecX
mkl_conv_mc3_NewTask
mkl_conv_mc3_NewTaskX
mkl_conv_mc3_copytask
mkl_conv_mc3_deletetask
mkl_conv_mc3_edittask
mkl_conv_mc3_exec
mkl_conv_mc3_execx
mkl_conv_mc3_newtask
mkl_conv_mc3_newtaskx
mkl_dft_mc3_c1_nd_out_par
mkl_dft_mc3_c1_nd_par
mkl_dft_mc3_c2_c_dft
mkl_dft_mc3_c2_c_out_dft
mkl_dft_mc3_c2_nd_out_par
mkl_dft_mc3_c2_nd_par
mkl_dft_mc3_c2_r_dft
mkl_dft_mc3_ccs1_nd_out_par
mkl_dft_mc3_ccs2_c_dft
mkl_dft_mc3_ccs2_nd_out_par
mkl_dft_mc3_ccs2_r_out_dft
mkl_dft_mc3_commit_descriptor_core_d_c2c_1d
mkl_dft_mc3_commit_descriptor_core_d_c2c_md
mkl_dft_mc3_commit_descriptor_core_d_r2c_1d
mkl_dft_mc3_commit_descriptor_core_d_r2c_md
mkl_dft_mc3_commit_descriptor_core_s_c2c_1d
mkl_dft_mc3_commit_descriptor_core_s_c2c_md
mkl_dft_mc3_commit_descriptor_core_s_r2c_1d
mkl_dft_mc3_commit_descriptor_core_s_r2c_md
mkl_dft_mc3_cs2_c_dft
mkl_dft_mc3_cs2_r_dft
mkl_dft_mc3_cs2_r_out_dft
mkl_dft_mc3_ddz1_nd_out_par
mkl_dft_mc3_ddz2_c_out_dft
mkl_dft_mc3_ddz2_nd_out_par
mkl_dft_mc3_dft_ccopy
mkl_dft_mc3_dft_csscal
mkl_dft_mc3_dft_dcopy
mkl_dft_mc3_dft_scopy
mkl_dft_mc3_dft_zcopy
mkl_dft_mc3_dft_zdscal
mkl_dft_mc3_dfti_create_dc1d
mkl_dft_mc3_dfti_create_dcmd
mkl_dft_mc3_dfti_create_dr1d
mkl_dft_mc3_dfti_create_drmd
mkl_dft_mc3_dfti_create_node
mkl_dft_mc3_dfti_create_sc1d
mkl_dft_mc3_dfti_create_scmd
mkl_dft_mc3_dfti_create_sr1d
mkl_dft_mc3_dfti_create_srmd
mkl_dft_mc3_dfti_get_version_string
mkl_dft_mc3_dfti_set_bkdlist_dc1d
mkl_dft_mc3_dfti_set_bkdlist_dcmd
mkl_dft_mc3_dfti_set_bkdlist_dr1d
mkl_dft_mc3_dfti_set_bkdlist_drmd
mkl_dft_mc3_dfti_set_bkdlist_sc1d
mkl_dft_mc3_dfti_set_bkdlist_scmd
mkl_dft_mc3_dfti_set_bkdlist_sr1d
mkl_dft_mc3_dfti_set_bkdlist_srmd
mkl_dft_mc3_dfti_verbose
mkl_dft_mc3_dz2_c_dft
mkl_dft_mc3_dz2_r_dft
mkl_dft_mc3_sc2_c_dft
mkl_dft_mc3_sc2_r_dft
mkl_dft_mc3_scatter_c_c
mkl_dft_mc3_scatter_z_z
mkl_dft_mc3_ssc1_nd_out_par
mkl_dft_mc3_ssc2_c_out_dft
mkl_dft_mc3_ssc2_nd_out_par
mkl_dft_mc3_xc_4step_1_2
mkl_dft_mc3_xc_4step_3
mkl_dft_mc3_xc_init_data_1d_via_2d
mkl_dft_mc3_xcbackward
mkl_dft_mc3_xcbackward_out
mkl_dft_mc3_xccsdft2d
mkl_dft_mc3_xcdft2d
mkl_dft_mc3_xcforward
mkl_dft_mc3_xcforward_out
mkl_dft_mc3_xcsbackward
mkl_dft_mc3_xcsbackward_out
mkl_dft_mc3_xcsdft2d
mkl_dft_mc3_xdbackward
mkl_dft_mc3_xdbackward_out

Sections

.text
Size: 39.1MB - Virtual size: 39.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

IPPCODE
Size: 354KB - Virtual size: 353KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 554KB - Virtual size: 554KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.trace
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.itt_not
Size: 512B - Virtual size: 119B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

IPPDATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
README.txt

Sharing

General

Malware Config

Signatures

Files

Password: electron2024

Password: electron2024

Password: electron2024

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 641KB - Virtual size: 641KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

Password: electron2024

0242ceb286e744ddd6dd8e963da637ee

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Exports

Exports

Sections

.text Size: 64KB - Virtual size: 64KB

.rdata Size: 41KB - Virtual size: 41KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 5KB - Virtual size: 4KB

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 2KB - Virtual size: 1KB

Password: electron2024

2a1b9a0a23b390c22659b30f7660d0da

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

dwrite

Exports

Exports

Sections

.text Size: 69KB - Virtual size: 69KB

.rdata Size: 43KB - Virtual size: 42KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 5KB - Virtual size: 4KB

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 2KB - Virtual size: 1KB

Password: electron2024

56e83fb6e818a708f7895cf9d6058c3a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Exports

Exports

Sections

.text Size: 64KB - Virtual size: 63KB

.rdata Size: 41KB - Virtual size: 41KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 5KB - Virtual size: 4KB

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 2KB - Virtual size: 1KB

Password: electron2024

14338d2168d869b1b53d66354179e8c5

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

.text
Size: 641KB - Virtual size: 641KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 64KB - Virtual size: 64KB

.rdata
Size: 41KB - Virtual size: 41KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 5KB - Virtual size: 4KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 69KB - Virtual size: 69KB

.rdata
Size: 43KB - Virtual size: 42KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 5KB - Virtual size: 4KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 64KB - Virtual size: 63KB

.rdata
Size: 41KB - Virtual size: 41KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 5KB - Virtual size: 4KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 2KB - Virtual size: 1KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

9c:90:57:dc:1e:df:33:b0:32:69:ff:6e:54:dc:f1:57
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

9c:90:57:dc:1e:df:33:b0:32:69:ff:6e:54:dc:f1:57
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

93:ff:ec:ac:52:29:4a:93:b7:ec:c5:f8:9b:5f:2e:c7:01:cc:e8:fd:76:d1:9c:39:b3:9c:a6:4b:a5:a4:1d:1e
Signer

d7:f3:d1:71:d3:a4:7e:1d:40:93:13:69:a4:d4:9d:5f:be:4a:bd:5c
Signer

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 459KB - Virtual size: 459KB

.data
Size: 8KB - Virtual size: 1.4MB

.pdata
Size: 43KB - Virtual size: 42KB

.00cfg
Size: 512B - Virtual size: 40B

.gxfg
Size: 11KB - Virtual size: 10KB

.retplne
Size: 512B - Virtual size: 92B

.tls
Size: 512B - Virtual size: 9B

.voltbl
Size: 512B - Virtual size: 56B

_RDATA
Size: 512B - Virtual size: 244B

.reloc
Size: 12KB - Virtual size: 11KB

56:00:00:0c:87:de:d2:d0:b4:fd:c0:8f:fc:00:00:00:00:0c:87
Certificate

06:9b:5e:99:27:72:84:c8:76:7f:13:68:a7:de:b0:f3
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

81:a4:4a:61:f1:79:fa:95:a6:49:12:a4:7f:70:f1:96:76:95:0f:02:80:5a:4c:0d:3d:86:b1:c5:f6:87:36:64
Signer