re-Link-2[.]0[.]4-installer[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

re-Link-2.0.4-installer.exe
Size

10.0MB
MD5

c603ffc8e9a6aea6dc43d6a3eadeb7af
SHA1

46349cd6fee7fc12367c76cc3ff6f91373798d8c
SHA256

f02ca691e284510040b8bdbf10ede82085128f2c75a57c3e55a1dfe53fd788bb
SHA512

7859e337e456ff8fb10f0c02c237123758ec1488d1330ea23c6295fc596ca4dbd2bf47ba61ec6e5e89758e05f177859a9b552a4a111289ea3b350ed6dd1057e1
SSDEEP

196608:P0OOZjGPc1hDXwfQMrITEK0gcs6yVOY8DKLV9E2KVBojihAUc75upBLVmKUU:PtORGIAfjr+VcIV3kKL7E2aBCihAUcdO

Score

3^/10

Malware Config

Signatures

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/deps/Inf2Cat.exe
unpack001/deps/Microsoft.MarketplaceServices.Ingestion.HardwareDomainData.dll
unpack001/deps/Microsoft.UniversalStore.HardwareWorkflow.Cabinets.dll
unpack001/deps/Microsoft.UniversalStore.HardwareWorkflow.Catalogs.dll
unpack001/deps/Microsoft.UniversalStore.HardwareWorkflow.InfReader.dll
unpack001/deps/Microsoft.UniversalStore.HardwareWorkflow.SubmissionBuilder.dll
unpack001/libusb-1.0.dll

Files

re-Link-2.0.4-installer.exe
.exe windows:4 windows x86 arch:x86

56a78d55f3f7af51443e58e0ce2fb5f6

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8e:9b:9b:e2:72:66:ee:4e:c6:45:88:93:fb:59:0f:a2
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

01/08/2023, 00:00

Not After

31/07/2024, 23:59

Subject

SERIALNUMBER=851 823 120 00015,CN=Curious Company,O=Curious Company,ST=Ile-de-France,C=FR,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024652

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a1:6f:51:24:ac:95:ff:4d:e4:77:8d:d6:e0:6d:e8:77:f9:c3:d3:ea:68:45:c9:81:e7:07:04:bd:11:81:c9:e4
Signer

Actual PE Digest

a1:6f:51:24:ac:95:ff:4d:e4:77:8d:d6:e0:6d:e8:77:f9:c3:d3:ea:68:45:c9:81:e7:07:04:bd:11:81:c9:e4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW

shell32

SHGetSpecialFolderLocation
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

GetClientRect
EndPaint
DrawTextW
IsWindowEnabled
DispatchMessageW
wsprintfA
CharNextA
CharPrevW
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
GetSystemMetrics
FillRect
AppendMenuW
TrackPopupMenu
OpenClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetSysColor
SetWindowPos
GetWindowLongW
PeekMessageW
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
EmptyClipboard
CreatePopupMenu

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
lstrcatW
Sleep
lstrcpyA
WriteFile
GetTempFileNameW
CreateFileW
lstrcmpiA
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
CopyFileW
ExitProcess
GetCurrentProcess
GetModuleFileNameW
GetFileSize
GetTickCount
MulDiv
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
MoveFileExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
cert/CuriousCompany.cer
cert/CuriousCompany.pfx
deps/Inf2Cat.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Git\ICH.HardwareIngestion.Devops\source\ICH.Ingestion.HardwareWorkflow\Src\Tools\Inf2Cat\Source\obj\Debug\Inf2Cat.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
deps/Microsoft.MarketplaceServices.Ingestion.HardwareDomainData.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Git\ICH.HardwareIngestion.Devops\source\ICH.Ingestion.HardwareWorkflow\Src\Common\HardwareDomainData\Source\obj\Debug\Microsoft.MarketplaceServices.Ingestion.HardwareDomainData.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
deps/Microsoft.UniversalStore.HardwareWorkflow.Cabinets.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Git\ICH.HardwareIngestion.Devops\source\ICH.Ingestion.HardwareWorkflow\Src\Common\Cabinets\Source\obj\Debug\Microsoft.UniversalStore.HardwareWorkflow.Cabinets.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
deps/Microsoft.UniversalStore.HardwareWorkflow.Catalogs.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Git\ICH.HardwareIngestion.Devops\source\ICH.Ingestion.HardwareWorkflow\Src\Common\Shared.IO.Catalogs\Source\obj\Debug\Microsoft.UniversalStore.HardwareWorkflow.Catalogs.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
deps/Microsoft.UniversalStore.HardwareWorkflow.InfReader.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Git\ICH.HardwareIngestion.Devops\source\ICH.Ingestion.HardwareWorkflow\Src\Common\Shared.Xml.InfReader\Source\obj\Debug\Microsoft.UniversalStore.HardwareWorkflow.InfReader.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
deps/Microsoft.UniversalStore.HardwareWorkflow.SubmissionBuilder.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Git\ICH.HardwareIngestion.Devops\source\ICH.Ingestion.HardwareWorkflow\Src\Common\Shared.SubmissionBuilder\Source\obj\Debug\Microsoft.UniversalStore.HardwareWorkflow.SubmissionBuilder.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
deps/WindowsProtectedFiles.xml
deps/certmgr.exe
.exe windows:10 windows x64 arch:x64

288c77221ee9a27f869b542320d273ef

Code Sign

33:00:00:03:26:ae:ce:ed:f9:bc:e4:7b:92:00:00:00:00:03:26
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/03/2020, 18:29

Not After

03/03/2021, 18:29

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:ef:7c:db:aa:67:44:b8:5e:24:5f:9d:5d:c2:0c:a3:e8:ce:4e:9f:3f:93:61:4a:15:6c:76:f8:68:8c:e0:74
Signer

Actual PE Digest

03:ef:7c:db:aa:67:44:b8:5e:24:5f:9d:5d:c2:0c:a3:e8:ce:4e:9f:3f:93:61:4a:15:6c:76:f8:68:8c:e0:74

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

CertMgr.pdb

Imports

msvcrt

_exit
_cexit
__setusermatherr
_initterm
_XcptFilter
__C_specific_handler
_fmode
_commode
?terminate@@YAXXZ
__set_app_type
wprintf
strtok
_vsnwprintf
realloc
printf
_wasctime
free
scanf
_wtol
towupper
memset
__wgetmainargs
exit
_amsg_exit
_wcsicmp
vwprintf
malloc
memcmp
memcpy
strcmp

user32

LoadStringW
LoadStringA

crypt32

CertGetCRLFromStore
CertDuplicateCTLContext
CryptFreeOIDFunctionAddress
CertGetCertificateContextProperty
CertGetCRLContextProperty
CryptStringToBinaryW
CertAddEncodedCTLToStore
CertOpenStore
CryptInstallOIDFunctionAddress
CertGetCTLContextProperty
CertFindCertificateInStore
CertSetCertificateContextProperty
CertEnumCTLsInStore
CertRDNValueToStrW
CryptEncodeObject
CryptMsgGetParam
CertCloseStore
CryptSIPLoad
CertEnumCertificateContextProperties
CertDeleteCRLFromStore
CertDeleteCertificateFromStore
CertDuplicateCRLContext
CryptHashPublicKeyInfo
CryptDecodeObject
CertFreeCTLContext
CertAddEncodedCertificateToStore
CertGetPublicKeyLength
CryptSIPRetrieveSubjectGuid
CryptMsgClose
CryptMsgUpdate
CryptGetOIDFunctionAddress
CryptInitOIDFunctionSet
CertRDNValueToStrA
CertFreeCRLContext
CertDeleteCTLFromStore
CertFreeCertificateContext
CryptStringToBinaryA
CryptFindOIDInfo
CertAddCRLContextToStore
CertAddCertificateContextToStore
CryptMsgGetAndVerifySigner
CryptMsgOpenToDecode
CertSaveStore
CertFindCTLInStore
CertEnumCertificatesInStore
CertAddEncodedCRLToStore
CertAddCTLContextToStore
CertDuplicateCertificateContext

cryptui

CryptUIDlgCertMgr

advapi32

CryptAcquireContextA
CryptReleaseContext

kernel32

CreateFileMappingA
CreateFileW
WriteFile
GetSystemTime
SystemTimeToFileTime
MultiByteToWideChar
CompareFileTime
GetFileSize
HeapSetInformation
CloseHandle
FileTimeToSystemTime
GetLastError
GetModuleHandleA
UnmapViewOfFile
SetLastError
WideCharToMultiByte
FileTimeToLocalFileTime
RtlLookupFunctionEntry
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
Sleep
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
RtlCaptureContext
MapViewOfFile
RtlVirtualUnwind

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
deps/inf2cat.exe.manifest
.xml
deps/signtool.exe
.exe windows:10 windows x86 arch:x86

722acdcc06c6a4f2a074080e129eda23

Code Sign

33:00:00:00:70:f4:18:bf:23:21:fc:50:9d:00:00:00:00:00:70
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/03/2015, 17:32

Not After

20/06/2016, 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:7b:a2:81:0b:87:11:ab:e7:fc:00:00:00:00:00:7b
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/10/2014, 18:06

Not After

01/01/2016, 18:06

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

67:45:6d:a9:c0:b7:9d:47:ef:0c:ac:d8:16:ce:9c:d7:8f:b8:08:7d:af:f1:99:53:24:bd:5b:2f:ce:ad:1d:9c
Signer

Actual PE Digest

67:45:6d:a9:c0:b7:9d:47:ef:0c:ac:d8:16:ce:9c:d7:8f:b8:08:7d:af:f1:99:53:24:bd:5b:2f:ce:ad:1d:9c

Digest Algorithm

sha256

PE Digest Matches

true

25:41:02:2d:bf:24:71:11:5e:2e:12:f7:97:83:fa:ec:e4:68:a4:8f
Signer

Actual PE Digest

25:41:02:2d:bf:24:71:11:5e:2e:12:f7:97:83:fa:ec:e4:68:a4:8f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

signtool.pdb

Imports

advapi32

CryptDestroyKey
CryptReleaseContext
CryptGetUserKey
CryptEnumProvidersW
CryptAcquireContextW
CryptDestroyHash
CryptCreateHash
CryptSetHashParam
CryptSignHashA

kernel32

GetLastError
GetProcessHeap
HeapFree
FileTimeToSystemTime
FileTimeToLocalFileTime
FindNextFileW
GetFullPathNameW
FindClose
GetDateFormatEx
GetTimeFormatEx
GetModuleHandleW
LocalAlloc
MultiByteToWideChar
WideCharToMultiByte
GetStringTypeW
EncodePointer
DecodePointer
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
GetVersionExA
ExpandEnvironmentStringsW
GetFileType
WriteFile
EnumResourceNamesW
EnumResourceLanguagesW
LockResource
LoadResource
SizeofResource
FindResourceExW
HeapSetInformation
HeapAlloc
GetEnvironmentVariableW
MapViewOfFile
CreateFileMappingA
GetFileSize
GetSystemInfo
UnmapViewOfFile
LocalFree
FormatMessageW
CloseHandle
SetLastError
CreateFileW
GetCurrentProcess
GetProcAddress
GetModuleHandleA
FreeLibrary
FindFirstFileW
LoadLibraryA
LoadLibraryW

mfc42

ord823
ord825

msvcrt

__crtLCMapStringA
isupper
setlocale
malloc
___lc_codepage_func
___lc_handle_func
__pctype_func
_errno
___mb_cur_max_func
fputc
__uncaught_exception
strerror
__mb_cur_max
memset
memcpy
__CxxFrameHandler3
memcpy_s
ungetwc
ungetc
setvbuf
fwrite
_fseeki64
fsetpos
_XcptFilter
calloc
fflush
__iob_func
_CxxThrowException
_purecall
puts
_wsetlocale
_time64
realloc
??4exception@@QAEAAV0@ABV0@@Z
_exit
swscanf
_wtoi
towlower
_except_handler4_common
_controlfp
?terminate@@YAXXZ
__p__commode
_amsg_exit
__wgetmainargs
__set_app_type
_mktime64
_onexit
__dllonexit
_unlock
__crtLCMapStringW
??0exception@@QAE@XZ
___lc_collate_cp_func
__crtCompareStringW
memcmp
islower
fgetc
abort
fclose
fseek
fgetpos
wcsncmp
_lock
??1type_info@@UAE@XZ
_initterm
exit
_wfopen
_wcsnicmp
_wcsicmp
towupper
iswdigit
iswalpha
fgetwc
fwprintf
wcsstr
wprintf
free
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@ABV0@@Z
??_V@YAXPAX@Z
memmove_s
strcspn
memchr
localeconv
sprintf_s
putchar
_wctime64
mktime
fputwc
memmove
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
__p__fmode
_cexit
strchr
__setusermatherr
qsort_s

ntdll

RtlAllocateHeap
RtlFreeHeap

crypt32

CertDuplicateCertificateContext
CertFreeCertificateChain
CryptMsgGetParam
CryptDecodeObject
CryptFindOIDInfo
CertFindAttribute
CertGetEnhancedKeyUsage
CertCreateCertificateContext
CertCompareCertificate
CryptMsgControl
CryptMsgClose
CertDuplicateStore
CertCloseStore
CertDuplicateCertificateChain
CertGetCertificateContextProperty
CryptQueryObject
CertAddCertificateContextToStore
CertOpenStore
CertEnumCertificatesInStore
CryptMemFree
CryptVerifyMessageSignature
CryptMsgOpenToDecode
CryptMsgUpdate
CryptExportPublicKeyInfoEx
CryptAcquireCertificatePrivateKey
CertGetNameStringW
CertFindExtension
CertGetValidUsages
CertGetCertificateChain
CryptHashCertificate2
CertSetCertificateContextProperty
CryptBinaryToStringA
CryptStringToBinaryA
CryptBinaryToStringW
CertAddStoreToCollection
CertControlStore
PFXImportCertStore
CertFindCertificateInStore
CryptEncodeObjectEx
CryptMsgOpenToEncode
CertComparePublicKeyInfo
CryptSIPLoad
CryptDecodeObjectEx
CryptSIPRetrieveSubjectGuid
CertFreeCertificateContext

user32

LoadStringW

ole32

CoTaskMemAlloc
CoTaskMemFree

oleaut32

SysFreeString
GetErrorInfo

wintrust

WinVerifyTrust
WTHelperGetProvCertFromChain
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData

shlwapi

PathCanonicalizeW
SHCreateStreamOnFileW

bcrypt

BCryptCreateHash
BCryptFinishHash
BCryptHashData
BCryptDestroyHash
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider
BCryptGetProperty

ncrypt

NCryptSignHash

xmllite

CreateXmlWriter

mssign32

SignerTimeStamp
SignerFreeSignerContext
SignerSign

Sections

.text
Size: 216KB - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
device-installer.bat
.bat .vbs
device-installer.ico
driverinstaller.exe
.exe windows:6 windows x64 arch:x64

bc84c5f320f42807caf03bac7a026c2d

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8e:9b:9b:e2:72:66:ee:4e:c6:45:88:93:fb:59:0f:a2
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

01/08/2023, 00:00

Not After

31/07/2024, 23:59

Subject

SERIALNUMBER=851 823 120 00015,CN=Curious Company,O=Curious Company,ST=Ile-de-France,C=FR,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024652

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

82:2e:50:44:5e:ea:9f:b9:ad:ac:b5:89:7e:83:71:6e:8a:63:c1:fe:79:e3:03:87:db:c4:3e:89:fb:d1:2f:24
Signer

Actual PE Digest

82:2e:50:44:5e:ea:9f:b9:ad:ac:b5:89:7e:83:71:6e:8a:63:c1:fe:79:e3:03:87:db:c4:3e:89:fb:d1:2f:24

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateFileA
CreateIoCompletionPort
CreateThread
CreateWaitableTimerExW
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
ExitProcess
FreeEnvironmentStringsW
GetConsoleMode
GetCurrentThreadId
GetEnvironmentStringsW
GetErrorMode
GetLastError
GetProcAddress
GetProcessAffinityMask
GetQueuedCompletionStatusEx
GetStdHandle
GetSystemDirectoryA
GetSystemInfo
GetThreadContext
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryExW
LoadLibraryW
PostQueuedCompletionStatus
RaiseFailFastException
ResumeThread
SetConsoleCtrlHandler
SetErrorMode
SetEvent
SetProcessPriorityBoost
SetThreadContext
SetUnhandledExceptionFilter
SetWaitableTimer
Sleep
SuspendThread
SwitchToThread
TlsAlloc
TlsGetValue
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WerGetFlags
WerSetFlags
WriteConsoleW
WriteFile
__C_specific_handler

api-ms-win-crt-environment-l1-1-0

__p__environ
__p__wenviron

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
free
malloc

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-private-l1-1-0

memcpy
memmove

api-ms-win-crt-runtime-l1-1-0

__p___argc
__p___argv
__p___wargv
_beginthread
_cexit
_configure_narrow_argv
_configure_wide_argv
_crt_at_quick_exit
_crt_atexit
_errno
_initialize_narrow_environment
_initialize_wide_environment
_initterm
_set_app_type
_set_invalid_parameter_handler
abort
exit
signal

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__p__commode
__p__fmode
__stdio_common_vfprintf
__stdio_common_vfwprintf
fwrite
puts

api-ms-win-crt-string-l1-1-0

strlen
strncmp

api-ms-win-crt-time-l1-1-0

__daylight
__timezone
__tzname
_tzset

libusb-1.0

libusb_alloc_transfer
libusb_cancel_transfer
libusb_claim_interface
libusb_close
libusb_control_transfer
libusb_detach_kernel_driver
libusb_exit
libusb_free_config_descriptor
libusb_free_device_list
libusb_free_transfer
libusb_get_bus_number
libusb_get_config_descriptor
libusb_get_configuration
libusb_get_device_address
libusb_get_device_descriptor
libusb_get_device_list
libusb_get_device_speed
libusb_get_port_numbers
libusb_get_string_descriptor_ascii
libusb_handle_events_timeout_completed
libusb_init
libusb_open
libusb_release_interface
libusb_reset_device
libusb_set_auto_detach_kernel_driver
libusb_set_configuration
libusb_set_interface_alt_setting
libusb_set_option
libusb_submit_transfer
libusb_unref_device

Exports

Exports

_cgo_dummy_export
xferCallback

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 202KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 355KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 101B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 467KB - Virtual size: 466KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 158KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 1024B - Virtual size: 555B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/92
Size: 470KB - Virtual size: 470KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/106
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/125
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/141
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/157
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libusb-1.0.dll
.dll windows:4 windows x64 arch:x64

c9e34e46941cd2ef79e9b16deea89de3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

CancelIoEx
CancelWaitableTimer
CloseHandle
CreateEventA
CreateFileA
CreateIoCompletionPort
CreateMutexA
CreateWaitableTimerA
DeleteCriticalSection
DeviceIoControl
EnterCriticalSection
FormatMessageA
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetOverlappedResult
GetProcAddress
GetQueuedCompletionStatus
GetSystemDirectoryA
GetSystemTimeAsFileTime
GetTickCount
GetVersionExA
InitializeConditionVariable
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
PostQueuedCompletionStatus
QueryPerformanceCounter
QueryPerformanceFrequency
ReadFile
ReleaseMutex
ResetEvent
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetEvent
SetUnhandledExceptionFilter
SetWaitableTimer
Sleep
SleepConditionVariableCS
SleepEx
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
VerSetConditionMask
VerifyVersionInfoA
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WakeAllConditionVariable
WriteFile

msvcrt

__dllonexit
__iob_func
_amsg_exit
_beginthreadex
_exit
_initterm
_lock
_onexit
_snwprintf
_strdup
_stricmp
_unlock
_vsnprintf
abort
atoi
calloc
fputs
free
fwprintf
fwrite
getenv
malloc
memcmp
memcpy
memmove
raise
realloc
signal
sprintf
sscanf
strchr
strcmp
strlen
strncmp
strstr
strtok
tolower
toupper
vfprintf
wcscpy

user32

MessageBoxW

Exports

Exports

GUID_DEVINTERFACE_LIBUSB0_FILTER
GUID_DEVINTERFACE_USB_DEVICE
GUID_DEVINTERFACE_USB_HOST_CONTROLLER
GUID_DEVINTERFACE_USB_HUB
active_contexts_list
active_contexts_lock
discovered_devs_append
htab_hash
libusb_alloc_streams
libusb_alloc_transfer
libusb_attach_kernel_driver
libusb_bulk_transfer
libusb_cancel_transfer
libusb_claim_interface
libusb_clear_halt
libusb_close
libusb_control_transfer
libusb_detach_kernel_driver
libusb_dev_mem_alloc
libusb_dev_mem_free
libusb_error_name
libusb_event_handler_active
libusb_event_handling_ok
libusb_exit
libusb_free_bos_descriptor
libusb_free_config_descriptor
libusb_free_container_id_descriptor
libusb_free_device_list
libusb_free_pollfds
libusb_free_ss_endpoint_companion_descriptor
libusb_free_ss_usb_device_capability_descriptor
libusb_free_streams
libusb_free_transfer
libusb_free_usb_2_0_extension_descriptor
libusb_get_active_config_descriptor
libusb_get_bos_descriptor
libusb_get_bus_number
libusb_get_config_descriptor
libusb_get_config_descriptor_by_value
libusb_get_configuration
libusb_get_container_id_descriptor
libusb_get_device
libusb_get_device_address
libusb_get_device_descriptor
libusb_get_device_list
libusb_get_device_speed
libusb_get_max_iso_packet_size
libusb_get_max_packet_size
libusb_get_next_timeout
libusb_get_parent
libusb_get_pollfds
libusb_get_port_number
libusb_get_port_numbers
libusb_get_port_path
libusb_get_ss_endpoint_companion_descriptor
libusb_get_ss_usb_device_capability_descriptor
libusb_get_string_descriptor_ascii
libusb_get_usb_2_0_extension_descriptor
libusb_get_version
libusb_handle_events
libusb_handle_events_completed
libusb_handle_events_locked
libusb_handle_events_timeout
libusb_handle_events_timeout_completed
libusb_has_capability
libusb_hotplug_deregister_callback
libusb_hotplug_get_user_data
libusb_hotplug_register_callback
libusb_init
libusb_interrupt_event_handler
libusb_interrupt_transfer
libusb_kernel_driver_active
libusb_lock_event_waiters
libusb_lock_events
libusb_open
libusb_open_device_with_vid_pid
libusb_pollfds_handle_timeouts
libusb_ref_device
libusb_release_interface
libusb_reset_device
libusb_set_auto_detach_kernel_driver
libusb_set_configuration
libusb_set_debug
libusb_set_interface_alt_setting
libusb_set_log_cb
libusb_set_option
libusb_set_pollfd_notifiers
libusb_setlocale
libusb_strerror
libusb_submit_transfer
libusb_transfer_get_stream_id
libusb_transfer_set_stream_id
libusb_try_lock_events
libusb_unlock_event_waiters
libusb_unlock_events
libusb_unref_device
libusb_wait_for_event
libusb_wrap_sys_device
load_system_library
usb_api_backend
usbd_status_to_libusb_transfer_status
usbdk_backend
usbi_add_event_source
usbi_alloc_device
usbi_alloc_event_data
usbi_arm_timer
usbi_backend
usbi_clear_event
usbi_cond_timedwait
usbi_connect_device
usbi_create_event
usbi_create_timer
usbi_default_context
usbi_destroy_event
usbi_destroy_timer
usbi_disarm_timer
usbi_disconnect_device
usbi_get_device_by_session_id
usbi_get_monotonic_time
usbi_handle_disconnect
usbi_handle_transfer_cancellation
usbi_handle_transfer_completion
usbi_hotplug_deregister
usbi_hotplug_match
usbi_hotplug_notification
usbi_io_exit
usbi_io_init
usbi_log
usbi_remove_event_source
usbi_sanitize_device
usbi_signal_event
usbi_signal_transfer_completion
usbi_wait_for_events
windows_error_str
windows_force_sync_completion
windows_version
winusb_backend

Sections

.text
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 580B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 512B - Virtual size: 311B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/92
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
re-link.bat
.bat .vbs
re-link.exe
.exe windows:6 windows x64 arch:x64

1c6cd6fd33ffe4a17346e9956918372c

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8e:9b:9b:e2:72:66:ee:4e:c6:45:88:93:fb:59:0f:a2
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

01/08/2023, 00:00

Not After

31/07/2024, 23:59

Subject

SERIALNUMBER=851 823 120 00015,CN=Curious Company,O=Curious Company,ST=Ile-de-France,C=FR,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024652

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

32:8e:15:0f:e4:e3:c8:84:dd:80:63:76:62:9e:4f:51:06:86:e5:79:2d:1c:31:cc:b7:d8:ec:8b:a9:97:2a:a4
Signer

Actual PE Digest

32:8e:15:0f:e4:e3:c8:84:dd:80:63:76:62:9e:4f:51:06:86:e5:79:2d:1c:31:cc:b7:d8:ec:8b:a9:97:2a:a4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateFileA
CreateIoCompletionPort
CreateThread
CreateWaitableTimerExW
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
ExitProcess
FreeEnvironmentStringsW
GetConsoleMode
GetCurrentThreadId
GetEnvironmentStringsW
GetErrorMode
GetLastError
GetProcAddress
GetProcessAffinityMask
GetQueuedCompletionStatusEx
GetStdHandle
GetSystemDirectoryA
GetSystemInfo
GetThreadContext
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryExW
LoadLibraryW
PostQueuedCompletionStatus
RaiseFailFastException
ResumeThread
SetConsoleCtrlHandler
SetErrorMode
SetEvent
SetProcessPriorityBoost
SetThreadContext
SetUnhandledExceptionFilter
SetWaitableTimer
Sleep
SuspendThread
SwitchToThread
TlsAlloc
TlsGetValue
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WerGetFlags
WerSetFlags
WriteConsoleW
WriteFile
__C_specific_handler

api-ms-win-crt-environment-l1-1-0

__p__environ
__p__wenviron

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
free
malloc

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-private-l1-1-0

memcpy
memmove

api-ms-win-crt-runtime-l1-1-0

__p___argc
__p___argv
__p___wargv
_beginthread
_cexit
_configure_narrow_argv
_configure_wide_argv
_crt_at_quick_exit
_crt_atexit
_errno
_initialize_narrow_environment
_initialize_wide_environment
_initterm
_set_app_type
_set_invalid_parameter_handler
abort
exit
signal

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__p__commode
__p__fmode
__stdio_common_vfprintf
__stdio_common_vfwprintf
fwrite
puts

api-ms-win-crt-string-l1-1-0

strlen
strncmp

api-ms-win-crt-time-l1-1-0

__daylight
__timezone
__tzname
_tzset

libusb-1.0

libusb_alloc_transfer
libusb_cancel_transfer
libusb_claim_interface
libusb_close
libusb_control_transfer
libusb_detach_kernel_driver
libusb_exit
libusb_free_config_descriptor
libusb_free_device_list
libusb_free_transfer
libusb_get_bus_number
libusb_get_config_descriptor
libusb_get_configuration
libusb_get_device_address
libusb_get_device_descriptor
libusb_get_device_list
libusb_get_device_speed
libusb_get_port_number
libusb_get_string_descriptor_ascii
libusb_handle_events_timeout_completed
libusb_init
libusb_open
libusb_release_interface
libusb_reset_device
libusb_set_auto_detach_kernel_driver
libusb_set_configuration
libusb_set_interface_alt_setting
libusb_set_option
libusb_submit_transfer
libusb_unref_device

Exports

Exports

_cgo_dummy_export
xferCallback

Sections

.text
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 349KB - Virtual size: 348KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 7.4MB - Virtual size: 7.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 403KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 101B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 421KB - Virtual size: 421KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 1024B - Virtual size: 555B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/92
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/106
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/125
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/141
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/157
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
relink.ico
run-in-background.vbs
.vbs
usb_driver/generic_android_driver.template
wintun.dll
.dll windows:6 windows x64 arch:x64

01ce5951b7d0dcca222159a28511a055

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:63:d5:fc:a7:28:88:2f:36:ff:1b:df:5d:85:f0:ba
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/12/2018, 00:00

Not After

14/12/2021, 12:00

Subject

SERIALNUMBER=4227913,CN=WireGuard LLC,O=WireGuard LLC,L=Boulder,ST=Colorado,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13044f68696f,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d8:b2:c9:fd:88:91:f9:1c:30:2d:36:f9:b1:b3:95:7d:da:2e:ea:b0:e7:6f:7a:16:e7:90:01:98:4b:e8:2f:39
Signer

Actual PE Digest

d8:b2:c9:fd:88:91:f9:1c:30:2d:36:f9:b1:b3:95:7d:da:2e:ea:b0:e7:6f:7a:16:e7:90:01:98:4b:e8:2f:39

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Jason A. Donenfeld\Projects\wintun\Release\amd64\wintun.pdb

Imports

kernel32

HeapCreate
GetCurrentProcess
LoadLibraryExA
CloseHandle
HeapDestroy
GetProcAddress
LocalFree
GetModuleHandleW
IsWow64Process
HeapFree
SetLastError
WaitForSingleObject
CreateFileW
OpenProcess
QueueUserWorkItem
CreateEventW
Sleep
GetLastError
SetEvent
HeapAlloc
GetCurrentProcessId
GetProcessTimes
RemoveDirectoryW
DeleteFileW
FormatMessageW
EnterCriticalSection
CreatePrivateNamespaceW
OpenPrivateNamespaceW
LeaveCriticalSection
InitializeCriticalSection
CreateBoundaryDescriptorW
CreateMutexW
ReleaseMutex
ClosePrivateNamespace
AddSIDToBoundaryDescriptor
DeleteCriticalSection
DeleteBoundaryDescriptor
ExpandEnvironmentStringsW
HeapReAlloc
CreateDirectoryW
SizeofResource
WriteFile
LockResource
LoadResource
FindResourceW
GetWindowsDirectoryW
VirtualFree
DeviceIoControl
VirtualAlloc
InitializeCriticalSectionAndSpinCount
ReadFile
SetHandleInformation
CreatePipe
GetExitCodeThread
CreateThread
CreateProcessW
WriteConsoleW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
HeapSize
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
FreeLibrary
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwindEx
InterlockedFlushSList
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
EncodePointer
RtlPcToFileHeader
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
GetProcessHeap
GetStringTypeW
SetFilePointerEx
SetStdHandle

ntdll

NtQuerySystemInformation
RtlNtStatusToDosError
RtlGetNtVersionNumbers
NtQueryKey
NtQuerySystemTime

Exports

Exports

WintunAllocateSendPacket
WintunCloseAdapter
WintunCreateAdapter
WintunDeleteDriver
WintunEndSession
WintunGetAdapterLUID
WintunGetReadWaitEvent
WintunGetRunningDriverVersion
WintunOpenAdapter
WintunReceivePacket
WintunReleaseReceivePacket
WintunSendPacket
WintunSetLogger
WintunStartSession

Sections

.text
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 191KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

56a78d55f3f7af51443e58e0ce2fb5f6

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6eCertificate

Extended Key Usages

Key Usages

8e:9b:9b:e2:72:66:ee:4e:c6:45:88:93:fb:59:0f:a2Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

a1:6f:51:24:ac:95:ff:4d:e4:77:8d:d6:e0:6d:e8:77:f9:c3:d3:ea:68:45:c9:81:e7:07:04:bd:11:81:c9:e4Signer

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shell32

ole32

comctl32

user32

gdi32

kernel32

Sections

.text Size: 26KB - Virtual size: 26KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 1KB - Virtual size: 172KB

.ndata Size: - Virtual size: 64KB

.rsrc Size: 3KB - Virtual size: 2KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 21KB - Virtual size: 20KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rsrc Size: 1024B - Virtual size: 880B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 65KB - Virtual size: 64KB

.rsrc Size: 1024B - Virtual size: 864B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

8e:9b:9b:e2:72:66:ee:4e:c6:45:88:93:fb:59:0f:a2
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

a1:6f:51:24:ac:95:ff:4d:e4:77:8d:d6:e0:6d:e8:77:f9:c3:d3:ea:68:45:c9:81:e7:07:04:bd:11:81:c9:e4
Signer

.text
Size: 26KB - Virtual size: 26KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 1KB - Virtual size: 172KB

.ndata
Size: - Virtual size: 64KB

.rsrc
Size: 3KB - Virtual size: 2KB

.text
Size: 21KB - Virtual size: 20KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 1.3MB - Virtual size: 1.3MB

.rsrc
Size: 1024B - Virtual size: 880B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 65KB - Virtual size: 64KB

.rsrc
Size: 1024B - Virtual size: 864B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 19KB - Virtual size: 18KB

.rsrc
Size: 1024B - Virtual size: 864B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 49KB - Virtual size: 49KB

.rsrc
Size: 1024B - Virtual size: 848B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 126KB - Virtual size: 125KB

.rsrc
Size: 1024B - Virtual size: 896B

.reloc
Size: 512B - Virtual size: 12B

33:00:00:03:26:ae:ce:ed:f9:bc:e4:7b:92:00:00:00:00:03:26
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

03:ef:7c:db:aa:67:44:b8:5e:24:5f:9d:5d:c2:0c:a3:e8:ce:4e:9f:3f:93:61:4a:15:6c:76:f8:68:8c:e0:74
Signer

.text
Size: 38KB - Virtual size: 37KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 10KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 23KB - Virtual size: 22KB

.reloc
Size: 512B - Virtual size: 36B

33:00:00:00:70:f4:18:bf:23:21:fc:50:9d:00:00:00:00:00:70
Certificate

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:00:7b:a2:81:0b:87:11:ab:e7:fc:00:00:00:00:00:7b
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

67:45:6d:a9:c0:b7:9d:47:ef:0c:ac:d8:16:ce:9c:d7:8f:b8:08:7d:af:f1:99:53:24:bd:5b:2f:ce:ad:1d:9c
Signer

25:41:02:2d:bf:24:71:11:5e:2e:12:f7:97:83:fa:ec:e4:68:a4:8f
Signer