GeekbenchML-0[.]6[.]0-WindowsSetup[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

GeekbenchML-0.6.0-WindowsSetup.exe
Size

377.3MB
MD5

686e6fd97044aad97c024dda5d25d81f
SHA1

9c5d50d5f10193cc4b4186bfec6c4ff9482db38a
SHA256

82ab636615daae4594e7e0c5381f5fd7bb7caf56a9a1c0ad505989d38430584e
SHA512

fe646efd25fd7a2ade7381e03737cfecb1864a72a8384cf20fcdbfe081cb14bea52b24503898523a7ed9d7387d86e9603a6a4442cc17c6699c942f24389de5b0
SSDEEP

6291456:SJkCUCB8X5W6LeC0930lPMbHJSIVDoSCZV991pHk7veQY9C/z+dS8+JcVMA2n5GZ:SJkCUCWP0x6EbHJjVDoSgX8jCdS8VMAZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/StartMenu.dll
unpack001/$PLUGINSDIR/System.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

GeekbenchML-0.6.0-WindowsSetup.exe
.exe windows:4 windows x86 arch:x86

ced282d9b261d1462772017fe2f6972b

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:b1:12:1c:e7:3e:58:ad:41:b3:59:46:fe:75:4a:e4
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

14/03/2023, 00:00

Not After

16/03/2025, 23:59

Subject

CN=Primate Labs Inc.,O=Primate Labs Inc.,L=Toronto,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

96:59:73:d8:b6:26:c9:5d:5d:58:5a:9b:68:96:6e:92:6a:6f:09:82
Signer

Actual PE Digest

96:59:73:d8:b6:26:c9:5d:5d:58:5a:9b:68:96:6e:92:6a:6f:09:82

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExA
RegEnumKeyA
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
SetFileSecurityA
RegOpenKeyExA
RegEnumValueA

shell32

SHGetFileInfoA
SHFileOperationA
SHGetPathFromIDListA
ShellExecuteExA
SHGetSpecialFolderLocation
SHBrowseForFolderA

ole32

IIDFromString
OleInitialize
OleUninitialize
CoCreateInstance
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

SetClipboardData
CharPrevA
CallWindowProcA
PeekMessageA
DispatchMessageA
MessageBoxIndirectA
GetDlgItemTextA
SetDlgItemTextA
GetSystemMetrics
CreatePopupMenu
AppendMenuA
TrackPopupMenu
FillRect
EmptyClipboard
LoadCursorA
GetMessagePos
CheckDlgButton
GetSysColor
SetCursor
GetWindowLongA
SetClassLongA
SetWindowPos
IsWindowEnabled
GetWindowRect
GetSystemMenu
EnableMenuItem
RegisterClassA
ScreenToClient
EndDialog
GetClassInfoA
SystemParametersInfoA
CreateWindowExA
ExitWindowsEx
DialogBoxParamA
CharNextA
SetTimer
DestroyWindow
CreateDialogParamA
SetForegroundWindow
SetWindowTextA
PostQuitMessage
SendMessageTimeoutA
ShowWindow
wsprintfA
GetDlgItem
FindWindowExA
IsWindow
GetDC
SetWindowLongA
LoadImageA
InvalidateRect
ReleaseDC
EnableWindow
BeginPaint
SendMessageA
DefWindowProcA
DrawTextA
GetClientRect
EndPaint
IsWindowVisible
CloseClipboard
OpenClipboard

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectA
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetProcAddress
GetSystemDirectoryA
WideCharToMultiByte
MoveFileExA
ReadFile
GetTempFileNameA
WriteFile
RemoveDirectoryA
CreateProcessA
CreateFileA
GetLastError
CreateThread
CreateDirectoryA
GlobalUnlock
GetDiskFreeSpaceA
GlobalLock
SetErrorMode
GetVersion
lstrcpynA
GetCommandLineA
GetTempPathA
lstrlenA
SetEnvironmentVariableA
ExitProcess
GetWindowsDirectoryA
GetCurrentProcess
GetModuleFileNameA
CopyFileA
GetTickCount
Sleep
GetFileSize
GetFileAttributesA
SetCurrentDirectoryA
SetFileAttributesA
GetFullPathNameA
GetShortPathNameA
MoveFileA
CompareFileTime
SetFileTime
SearchPathA
lstrcmpiA
lstrcmpA
CloseHandle
GlobalFree
GlobalAlloc
ExpandEnvironmentStringsA
LoadLibraryExA
FreeLibrary
lstrcpyA
lstrcatA
FindClose
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
SetFilePointer
GetModuleHandleA
FindNextFileA
FindFirstFileA
DeleteFileA
MulDiv

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

610235b90207a63ccf481f0d4375d329

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetPrivateProfileIntA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileStringA
SetCurrentDirectoryA
GetModuleHandleA
lstrcmpiA
WritePrivateProfileStringA
lstrcatA
lstrcpynA
GlobalFree
lstrlenA
lstrcpyA
GlobalUnlock
GlobalAlloc
GlobalLock

user32

MapWindowPoints
PtInRect
CloseClipboard
LoadCursorA
GetDlgCtrlID
OpenClipboard
GetClientRect
SetWindowRgn
DrawFocusRect
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
DrawTextA
SetCursor
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
CallWindowProcA
PostMessageA
MessageBoxA
GetSysColor
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetWindowLongA
EnableMenuItem
GetSystemMenu
GetClipboardData
LoadIconA

gdi32

DeleteObject
CombineRgn
SetTextColor
GetDIBits
SelectObject
CreateRectRgn
GetObjectA
CreateCompatibleDC

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA
SHGetDesktopFolder

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/StartMenu.dll
.dll windows:4 windows x86 arch:x86

17fb6a8708b9c0bb2d5d8687870eb415

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcatA
FindClose
FindNextFileA
lstrcmpA
GetModuleHandleA
lstrcmpiA
MulDiv
lstrcpynA
GlobalAlloc
lstrcpyA
FindFirstFileA
GlobalFree

user32

GetMessageA
TranslateMessage
PostMessageA
DispatchMessageA
GetDlgItem
GetWindowLongA
CheckDlgButton
ShowWindow
LoadIconA
GetClientRect
MoveWindow
DestroyWindow
GetWindowRect
ReleaseDC
GetDC
EnableWindow
SetWindowTextA
SendMessageA
IsDlgButtonChecked
GetWindowTextA
CreateDialogParamA
SetWindowLongA
wsprintfA
ScreenToClient
IsDialogMessageA
CallWindowProcA

gdi32

GetTextMetricsA
SelectObject

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA

ole32

CoTaskMemFree

Exports

Exports

Init
Select
Show

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

8c8a576201f68de1a3f26fc723b9f30f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GlobalFree
GlobalSize
lstrcpynA
lstrcpyA
GetProcAddress
VirtualFree
FreeLibrary
lstrlenA
LoadLibraryA
GetModuleHandleA
GlobalAlloc
WideCharToMultiByte
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
DirectML.dll
.dll windows:6 windows x64 arch:x64

de90869f37e914fc01b99c913f65b5b5

Code Sign

33:00:00:03:4e:b5:3c:7a:c1:84:6f:eb:2b:00:00:00:00:03:4e
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/03/2023, 18:43

Not After

14/03/2024, 18:43

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8e:c2:0e:91:b0:b2:da:ff:23:0b:b8:11:5c:25:bc:77:30:e0:86:67:88:a5:b0:2e:23:e6:b7:eb:ef:67:54:a6
Signer

Actual PE Digest

8e:c2:0e:91:b0:b2:da:ff:23:0b:b8:11:5c:25:bc:77:30:e0:86:67:88:a5:b0:2e:23:e6:b7:eb:ef:67:54:a6

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\__w\1\s\build\x64-win-redist-release\bin\DirectML.pdb

Imports

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap
HeapSize
HeapReAlloc

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
DeleteCriticalSection
ReleaseMutex
ReleaseSemaphore
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
CreateSemaphoreExW
OpenSemaphoreW
CreateMutexExW

api-ms-win-core-processthreads-l1-1-0

TlsSetValue
TlsFree
TlsGetValue
TlsAlloc
ExitProcess
GetCurrentThreadId
TerminateProcess
GetCurrentProcessId
GetStartupInfoW
GetCurrentProcess

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleExW
GetModuleFileNameW
LoadLibraryExW
DisableThreadLibraryCalls
LoadResource
GetModuleHandleW
LockResource
GetProcAddress
FreeLibrary

api-ms-win-core-localization-l1-2-0

GetOEMCP
FormatMessageW
GetLocaleInfoEx
GetLocaleInfoW
EnumSystemLocalesW
GetUserDefaultLCID
GetACP
IsValidLocale
LCMapStringW
GetCPInfo
LCMapStringEx
IsValidCodePage

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventSetInformation
EventUnregister
EventRegister

api-ms-win-core-libraryloader-l1-2-1

FindResourceW
LoadLibraryW

api-ms-win-core-memory-l1-1-0

VirtualFree
VirtualAlloc

d3d12

D3D12SerializeVersionedRootSignature

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringEx
MultiByteToWideChar
CompareStringW
GetStringTypeW

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-file-l1-1-0

FindClose
FindNextFileW
CreateFileW
SetFilePointerEx
WriteFile
FlushFileBuffers
FindFirstFileExW
GetFileType

api-ms-win-core-fibers-l1-1-0

FlsFree
FlsSetValue
FlsAlloc
FlsGetValue

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
RtlPcToFileHeader
RtlUnwind

api-ms-win-core-interlocked-l1-1-0

InterlockedFlushSList
InitializeSListHead

api-ms-win-core-processenvironment-l1-1-0

SetEnvironmentVariableW
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
GetStdHandle
SetStdHandle
FreeEnvironmentStringsW

api-ms-win-core-datetime-l1-1-0

GetDateFormatW
GetTimeFormatW

api-ms-win-core-console-l1-1-0

GetConsoleMode
GetConsoleOutputCP
WriteConsoleW

api-ms-win-core-timezone-l1-1-0

GetTimeZoneInformation

api-ms-win-appmodel-runtime-l1-1-0

GetCurrentPackageFullName

Exports

Exports

DMLCreateDevice
DMLCreateDevice1

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 82KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6.3MB - Virtual size: 6.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Geekbench ML.exe
.exe windows:6 windows x64 arch:x64

a8a8d9e71d6c9618ad53d22146c4b512

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:b1:12:1c:e7:3e:58:ad:41:b3:59:46:fe:75:4a:e4
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

14/03/2023, 00:00

Not After

16/03/2025, 23:59

Subject

CN=Primate Labs Inc.,O=Primate Labs Inc.,L=Toronto,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f4:5a:9e:ca:bc:82:f7:bc:ba:b1:19:db:5f:25:02:5e:5b:5b:ff:7c
Signer

Actual PE Digest

f4:5a:9e:ca:bc:82:f7:bc:ba:b1:19:db:5f:25:02:5e:5b:5b:ff:7c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\build\.pulse2-agent\data\agents\852448\recipes\130333594\base\build.x86_64\src\banff\windows\Geekbench ML.pdb

Imports

advapi32

RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegQueryValueExW
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
GetSecurityInfo
SetEntriesInAclA
SetSecurityInfo
FreeSid
OpenProcessToken
GetUserNameW
RegGetValueW
SystemFunction036
AllocateAndInitializeSid

comctl32

ord344

comdlg32

CommDlgExtendedError
GetOpenFileNameW
GetSaveFileNameW

gdi32

CreateFontIndirectW
GetStockObject
CreateCompatibleDC
GetDeviceCaps
CreateSolidBrush
GetObjectW
BitBlt
DeleteDC
SelectObject
DeleteObject
CreateCompatibleBitmap

kernel32

MultiByteToWideChar
GlobalAlloc
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
LoadLibraryW
FreeLibrary
FindResourceW
LoadResource
LockResource
SizeofResource
FindResourceExW
GlobalLock
GlobalUnlock
lstrcmpW
MulDiv
SetLastError
GetModuleFileNameW
VerSetConditionMask
VerifyVersionInfoW
GetProcAddress
GetModuleHandleW
LoadLibraryExW
lstrcmpiW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
CompareStringW
GetTimeFormatW
GetDateFormatW
SetFileAttributesW
GetConsoleOutputCP
SetStdHandle
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
RtlUnwind
RtlPcToFileHeader
RtlUnwindEx
FlsFree
GetCPInfo
CompareStringEx
LCMapStringEx
GlobalFree
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
EncodePointer
RaiseException
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateEventW
InitializeCriticalSectionAndSpinCount
RemoveDirectoryW
CopyFileW
GetFinalPathNameByHandleW
CreateSymbolicLinkW
CreateHardLinkW
MoveFileExW
ReOpenFile
FindClose
FindNextFileW
FindFirstFileW
CreateDirectoryW
GetFileInformationByHandle
SetFileTime
SetFilePointerEx
CreateFileMappingA
GetFileSizeEx
GetFileInformationByHandleEx
LoadLibraryExA
GetVersionExW
SetPriorityClass
GetPriorityClass
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetProcessIoCounters
FileTimeToSystemTime
GetProcessTimes
VerifyVersionInfoA
GetTickCount64
K32GetProcessMemoryInfo
GetConsoleTitleW
SetConsoleTitleW
Process32Next
Process32First
CreateToolhelp32Snapshot
SetEnvironmentVariableW
SetCurrentDirectoryW
TlsFree
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
ReleaseSemaphore
CreateSemaphoreA
ReleaseSRWLockExclusive
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockShared
TryAcquireSRWLockShared
AcquireSRWLockShared
InitializeSRWLock
TlsAlloc
TlsGetValue
TlsSetValue
ResumeThread
GetStartupInfoW
DebugBreak
SetConsoleCtrlHandler
SetEvent
ResetEvent
ReadConsoleW
SetConsoleCursorInfo
FillConsoleOutputAttribute
FillConsoleOutputCharacterW
SetConsoleCursorPosition
SetConsoleTextAttribute
ReadConsoleInputW
WriteConsoleInputW
GetConsoleCursorInfo
GetNumberOfConsoleInputEvents
GetConsoleScreenBufferInfo
CancelIo
SetFileCompletionNotificationModes
SetHandleInformation
ReadDirectoryChangesW
GetLongPathNameW
GetShortPathNameW
GetQueuedCompletionStatus
SetErrorMode
GetCurrentThread
DuplicateHandle
PeekNamedPipe
CreateEventA
CancelSynchronousIo
CancelIoEx
SetNamedPipeHandleState
WaitNamedPipeW
CreateNamedPipeW
QueueUserWorkItem
CreateIoCompletionPort
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetProcessHeap
DeleteCriticalSection
DecodePointer
GetLastError
ConnectNamedPipe
GetNamedPipeHandleStateA
InitializeCriticalSectionEx
GetStringTypeW
QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentProcessId
GetTickCount
CreateProcessA
WaitForSingleObject
GetExitCodeProcess
GlobalMemoryStatusEx
GetNativeSystemInfo
GetTempPathA
GetModuleFileNameA
GetCurrentProcess
GetSystemCpuSetInformation
GetVersionExA
GetNumaHighestNodeNumber
GetNumaNodeProcessorMask
GetModuleHandleA
GetSystemPowerStatus
Sleep
SetThreadExecutionState
GetSystemInfo
DeviceIoControl
CloseHandle
LocalFree
LocalAlloc
CreateFileA
WriteConsoleW
SwitchToThread
ExitProcess
FlsAlloc
FlsGetValue
FlsSetValue
InitializeCriticalSection
TryEnterCriticalSection
AreFileApisANSI
CreateFileW
CreateFileMappingW
CreateMutexW
DeleteFileA
DeleteFileW
FlushFileBuffers
FormatMessageA
FormatMessageW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetFileAttributesA
GetFileAttributesW
GetFileAttributesExW
GetFileSize
GetFullPathNameA
GetFullPathNameW
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathW
HeapCreate
HeapValidate
HeapCompact
LockFile
LockFileEx
MapViewOfFile
ReadFile
SetEndOfFile
SetFilePointer
SystemTimeToFileTime
UnlockFile
UnlockFileEx
UnmapViewOfFile
WideCharToMultiByte
WriteFile
WaitForSingleObjectEx
OutputDebugStringA
OutputDebugStringW
FlushViewOfFile
InitOnceExecuteOnce
CreateMutexA
ReleaseMutex
TerminateProcess
VirtualAlloc
VirtualFree
MoveFileExA
GetStdHandle
GetFileType
GetConsoleMode
SetConsoleMode
LCMapStringW
GetEnvironmentVariableW
UnregisterWait
UnregisterWaitEx
GetCurrentDirectoryW
CreateProcessW
AssignProcessToJobObject
RegisterWaitForSingleObject
CreateJobObjectW
SetInformationJobObject
PostQueuedCompletionStatus
OpenProcess
CreateNamedPipeA

shlwapi

PathFindFileNameW

ole32

CoSetProxyBlanket
CoTaskMemRealloc
CoUninitialize
CoTaskMemAlloc
CoCreateInstance
CoInitialize
OleInitialize
OleUninitialize
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
CoTaskMemFree
CoInitializeSecurity
GetHGlobalFromStream

oleaut32

VarUI4FromStr
LoadRegTypeLi
LoadTypeLi
OleCreateFontIndirect
SysStringLen
VariantClear
VariantInit
SysFreeString
SafeArrayCreate
SafeArrayAccessData
SysAllocString
SysAllocStringLen

shell32

ShellExecuteW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteA
SHGetFolderPathA

user32

LoadMenuW
UpdateWindow
ShowWindow
LoadIconW
LoadStringA
PtInRect
PeekMessageW
RemoveMenu
TrackPopupMenuEx
MonitorFromPoint
MessageBeep
DestroyMenu
LoadStringW
GetMenuItemCount
AppendMenuW
CreatePopupMenu
PostQuitMessage
SetMenuItemInfoW
GetMenuItemInfoW
SetMenuDefaultItem
CheckMenuRadioItem
AdjustWindowRectEx
GetMenu
DestroyAcceleratorTable
SetFocus
IsChild
GetFocus
LoadAcceleratorsW
BeginPaint
GetDesktopWindow
InvalidateRgn
InvalidateRect
FillRect
ReleaseCapture
SetCapture
ScreenToClient
ClientToScreen
CreateAcceleratorTableW
CharNextW
GetClassNameW
IsWindow
RedrawWindow
CallWindowProcW
GetSysColor
SetWindowLongPtrW
GetWindowTextW
SetWindowLongW
GetWindowLongPtrW
GetWindowTextLengthW
RegisterClassExW
LoadCursorW
GetClassInfoExW
RegisterWindowMessageW
LoadImageW
PostMessageW
MessageBoxW
DestroyWindow
SendMessageW
SetWindowTextW
CreateWindowExW
MoveWindow
AdjustWindowRect
ReleaseDC
GetDC
TranslateAcceleratorW
DefWindowProcW
EndDialog
SetWindowPos
MapWindowPoints
GetClientRect
GetParent
GetMessageW
MonitorFromWindow
GetWindow
GetWindowRect
GetWindowLongW
SetWindowTextA
GetDlgItem
UnregisterClassW
TranslateMessage
DispatchMessageW
GetSystemMetrics
GetActiveWindow
DialogBoxParamW
SystemParametersInfoW
GetWindowDC
DrawTextW
SendMessageA
EnableWindow
KillTimer
UpdateLayeredWindow
GetMessageA
DispatchMessageA
MapVirtualKeyW
EndPaint
GetMonitorInfoW

onnxruntime

ord5
ord1

gdiplus

GdipDrawImageI
GdipCreateFromHDC
GdipGetImageWidth
GdipGetImageHeight
GdipDisposeImage
GdipCreateBitmapFromScan0
GdipAlloc
GdiplusShutdown
GdiplusStartup
GdipFree
GdipDeleteGraphics
GdipCloneImage
GdipBitmapSetPixel

dwmapi

DwmExtendFrameIntoClientArea
DwmIsCompositionEnabled

propsys

PropVariantToBoolean

dxgi

CreateDXGIFactory1

bcrypt

BCryptGenRandom

iphlpapi

GetAdaptersAddresses

powrprof

PowerReadFriendlyName
CallNtPowerInformation
PowerGetActiveScheme

rpcrt4

RpcStringFreeA
UuidCreate
UuidToStringA

winhttp

WinHttpSendRequest
WinHttpOpenRequest
WinHttpConnect
WinHttpSetOption
WinHttpCloseHandle
WinHttpGetProxyForUrl
WinHttpOpen
WinHttpGetIEProxyConfigForCurrentUser
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpQueryHeaders
WinHttpReceiveResponse

ws2_32

WSARecv
bind
listen
shutdown
socket
select
WSAIoctl
ioctlsocket
WSASocketW
getpeername
inet_pton
setsockopt
getsockopt
send
recv
closesocket
WSAGetLastError
connect
getsockname
WSASend
WSADuplicateSocketW
htonl
WSAGetOverlappedResult
WSARecvFrom
WSASendTo
WSAStartup
WSASetLastError
htons

setupapi

SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailA

userenv

GetUserProfileDirectoryW

Sections

.text
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 74KB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 469KB - Virtual size: 468KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
banff.exe
.exe windows:6 windows x64 arch:x64

3c06e5b1f4fc3d55fad6d14b5c6d3552

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:b1:12:1c:e7:3e:58:ad:41:b3:59:46:fe:75:4a:e4
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

14/03/2023, 00:00

Not After

16/03/2025, 23:59

Subject

CN=Primate Labs Inc.,O=Primate Labs Inc.,L=Toronto,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:06:a3:fd:7e:ae:d3:37:b9:f2:57:54:03:92:4b:83:1c:3c:a6:6f
Signer

Actual PE Digest

09:06:a3:fd:7e:ae:d3:37:b9:f2:57:54:03:92:4b:83:1c:3c:a6:6f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\build\.pulse2-agent\data\agents\852448\recipes\130333594\base\build.x86_64\src\banff\console\banff.pdb

Imports

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

iphlpapi

GetAdaptersAddresses

kernel32

GetCurrentProcessId
GetCurrentThreadId
GetTickCount
GetLastError
SetLastError
CreateProcessA
WaitForSingleObject
GetExitCodeProcess
GetTempPathA
GetModuleFileNameA
GlobalMemoryStatusEx
GetNativeSystemInfo
GetCurrentProcess
GetSystemCpuSetInformation
GetVersionExA
GetNumaHighestNodeNumber
GetNumaNodeProcessorMask
GetModuleHandleA
GetProcAddress
GetSystemPowerStatus
Sleep
SetThreadExecutionState
GetSystemInfo
DeviceIoControl
CloseHandle
LocalFree
LocalAlloc
CreateFileA
QueryPerformanceCounter
QueryPerformanceFrequency
WriteConsoleW
SwitchToThread
ExitProcess
FlsAlloc
FlsGetValue
FlsSetValue
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
AreFileApisANSI
CreateFileW
CreateFileMappingW
CreateMutexW
DeleteFileA
DeleteFileW
FlushFileBuffers
FormatMessageA
FormatMessageW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetFileAttributesA
GetFileAttributesW
GetFileAttributesExW
GetFileSize
GetFullPathNameA
GetFullPathNameW
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathW
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
HeapValidate
HeapCompact
LockFile
LockFileEx
MapViewOfFile
MultiByteToWideChar
ReadFile
SetEndOfFile
SetFilePointer
SystemTimeToFileTime
UnlockFile
UnlockFileEx
UnmapViewOfFile
WideCharToMultiByte
WriteFile
WaitForSingleObjectEx
OutputDebugStringA
OutputDebugStringW
GetProcessHeap
FlushViewOfFile
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
InitializeSListHead
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
GetStringTypeW
FreeLibrary
LoadLibraryExW
EncodePointer
DecodePointer
InitializeCriticalSectionEx
LCMapStringEx
CompareStringEx
GetCPInfo
FlsFree
RtlUnwindEx
RtlPcToFileHeader
RaiseException
RtlUnwind
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
TerminateProcess
GetModuleHandleExW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetStdHandle
GetModuleFileNameW
CreateThread
ExitThread
FreeLibraryAndExitThread
SetStdHandle
GetCommandLineA
GetCommandLineW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleOutputCP
GetConsoleMode
GetTimeZoneInformation
GetCurrentDirectoryW
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW

ole32

CoInitializeSecurity
CoCreateInstance
CoSetProxyBlanket
CoUninitialize
CoInitialize

oleaut32

SysAllocString
VariantClear
SysFreeString
VariantInit

powrprof

PowerGetActiveScheme
CallNtPowerInformation
PowerReadFriendlyName

shell32

SHGetFolderPathA

setupapi

SetupDiGetDeviceInterfaceDetailA
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA
SetupDiEnumDeviceInterfaces

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 511KB - Virtual size: 510KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
banff_avx2.exe
.exe windows:6 windows x64 arch:x64

0f79cf7d06057e6b2745dea4c1315f89

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:b1:12:1c:e7:3e:58:ad:41:b3:59:46:fe:75:4a:e4
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

14/03/2023, 00:00

Not After

16/03/2025, 23:59

Subject

CN=Primate Labs Inc.,O=Primate Labs Inc.,L=Toronto,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bb:3d:68:ce:de:49:76:30:8a:d3:61:74:d1:11:7c:d7:e0:b7:25:07
Signer

Actual PE Digest

bb:3d:68:ce:de:49:76:30:8a:d3:61:74:d1:11:7c:d7:e0:b7:25:07

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\build\.pulse2-agent\data\agents\852448\recipes\130333594\base\build.avx2\src\banff\console\banff_avx2.pdb

Imports

onnxruntime

ord5
ord1

dxgi

CreateDXGIFactory1

advapi32

SetSecurityInfo
OpenProcessToken
RegQueryValueExW
SystemFunction036
RegGetValueW
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
AllocateAndInitializeSid
GetSecurityInfo
SetEntriesInAclA
RegOpenKeyExW
FreeSid
GetUserNameW

bcrypt

BCryptGenRandom

iphlpapi

GetAdaptersAddresses

kernel32

IsValidCodePage
GetACP
GetTimeZoneInformation
EnumSystemLocalesW
GetOEMCP
ReadDirectoryChangesW
FindFirstFileExW
Sleep
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
GetLastError
SetLastError
QueryPerformanceCounter
QueryPerformanceFrequency
GlobalMemoryStatusEx
GetNativeSystemInfo
GlobalFree
GetTempPathA
GetModuleFileNameA
GetCurrentProcess
GetSystemCpuSetInformation
GetVersionExA
GetNumaHighestNodeNumber
GetNumaNodeProcessorMask
GetModuleHandleA
GetProcAddress
GetSystemPowerStatus
SetThreadExecutionState
GetSystemInfo
DeviceIoControl
CloseHandle
LocalFree
LocalAlloc
CreateFileA
WriteConsoleW
SwitchToThread
ExitProcess
FlsAlloc
FlsGetValue
FlsSetValue
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
AreFileApisANSI
CreateFileW
CreateFileMappingW
CreateMutexW
DeleteFileA
DeleteFileW
FlushFileBuffers
FormatMessageA
FormatMessageW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetFileAttributesA
GetFileAttributesW
GetFileAttributesExW
GetFileSize
GetFullPathNameA
GetFullPathNameW
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathW
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
HeapValidate
HeapCompact
LockFile
LockFileEx
MapViewOfFile
MultiByteToWideChar
ReadFile
SetEndOfFile
SetFilePointer
SystemTimeToFileTime
UnlockFile
UnlockFileEx
UnmapViewOfFile
WideCharToMultiByte
WriteFile
WaitForSingleObject
WaitForSingleObjectEx
OutputDebugStringA
OutputDebugStringW
GetProcessHeap
FlushViewOfFile
InitOnceExecuteOnce
CreateMutexA
ReleaseMutex
TerminateProcess
VirtualAlloc
VirtualFree
MoveFileExA
GetStdHandle
GetFileType
GetConsoleMode
SetConsoleMode
CreateNamedPipeA
GetNamedPipeHandleStateA
ConnectNamedPipe
CreateIoCompletionPort
UnregisterWait
QueueUserWorkItem
PostQueuedCompletionStatus
CreateNamedPipeW
WaitNamedPipeW
SetNamedPipeHandleState
CancelIoEx
CancelSynchronousIo
CreateEventA
RegisterWaitForSingleObject
PeekNamedPipe
DuplicateHandle
GetCurrentThread
SetErrorMode
GetQueuedCompletionStatus
SetEvent
ResumeThread
TlsSetValue
TlsGetValue
TlsAlloc
InitializeSRWLock
AcquireSRWLockShared
TryAcquireSRWLockShared
ReleaseSRWLockShared
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
ReleaseSRWLockExclusive
CreateSemaphoreA
ReleaseSemaphore
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
TlsFree
SetHandleInformation
SetFileCompletionNotificationModes
CancelIo
GetModuleFileNameW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetEnvironmentVariableW
CreateToolhelp32Snapshot
Process32First
Process32Next
SetConsoleTitleW
GetConsoleTitleW
K32GetProcessMemoryInfo
GetTickCount64
VerSetConditionMask
VerifyVersionInfoA
GetProcessTimes
FileTimeToSystemTime
GetProcessIoCounters
GetEnvironmentVariableW
GetEnvironmentStringsW
FreeEnvironmentStringsW
OpenProcess
GetPriorityClass
SetPriorityClass
GetVersionExW
SetConsoleCtrlHandler
GetShortPathNameW
GetLongPathNameW
GetUserDefaultLCID
LCMapStringW
GetExitCodeProcess
UnregisterWaitEx
CreateProcessW
AssignProcessToJobObject
CreateJobObjectW
SetInformationJobObject
GetConsoleScreenBufferInfo
GetNumberOfConsoleInputEvents
GetConsoleCursorInfo
WriteConsoleInputW
ReadConsoleInputW
SetConsoleTextAttribute
SetConsoleCursorPosition
FillConsoleOutputCharacterW
FillConsoleOutputAttribute
SetConsoleCursorInfo
ReadConsoleW
ResetEvent
LoadLibraryExA
DebugBreak
GetFileInformationByHandleEx
GetFileSizeEx
CreateFileMappingA
SetFilePointerEx
SetFileTime
GetFileInformationByHandle
CreateDirectoryW
FindFirstFileW
FindNextFileW
FindClose
ReOpenFile
MoveFileExW
CreateHardLinkW
CreateSymbolicLinkW
GetFinalPathNameByHandleW
CopyFileW
RemoveDirectoryW
GetStartupInfoW
InitializeCriticalSectionAndSpinCount
CreateEventW
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
GetStringTypeW
FreeLibrary
LoadLibraryExW
EncodePointer
DecodePointer
InitializeCriticalSectionEx
LCMapStringEx
CompareStringEx
GetCPInfo
FlsFree
RtlUnwindEx
RtlPcToFileHeader
RaiseException
RtlUnwind
GetModuleHandleExW
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
CreateThread
ExitThread
FreeLibraryAndExitThread
SetStdHandle
GetConsoleOutputCP
SetFileAttributesW
GetCommandLineA
GetCommandLineW
GetDateFormatW
GetTimeFormatW
CompareStringW
GetLocaleInfoW
IsValidLocale

ole32

CoCreateInstance
CoInitializeSecurity
CoInitialize
CoUninitialize
CoSetProxyBlanket

oleaut32

SysAllocString
VariantInit
VariantClear
SysFreeString

powrprof

PowerGetActiveScheme
CallNtPowerInformation
PowerReadFriendlyName

rpcrt4

UuidToStringA
RpcStringFreeA
UuidCreate

shell32

SHGetFolderPathA

user32

TranslateMessage
DispatchMessageA
MapVirtualKeyW
GetSystemMetrics
GetMessageA

winhttp

WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpGetIEProxyConfigForCurrentUser
WinHttpOpen
WinHttpGetProxyForUrl
WinHttpConnect
WinHttpSetOption
WinHttpOpenRequest

ws2_32

WSASendTo
select
WSAStartup
WSASetLastError
htons
WSARecvFrom
connect
WSAGetLastError
closesocket
recv
send
getsockopt
setsockopt
inet_pton
WSAGetOverlappedResult
WSASocketW
socket
ioctlsocket
shutdown
listen
bind
WSARecv
getsockname
getpeername
WSASend
WSADuplicateSocketW
WSAIoctl
htonl

setupapi

SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailA
SetupDiGetClassDevsA

userenv

GetUserProfileDirectoryW

Sections

.text
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 966KB - Virtual size: 965KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 66KB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
banff_x86_64.exe
.exe windows:6 windows x64 arch:x64

0f79cf7d06057e6b2745dea4c1315f89

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:b1:12:1c:e7:3e:58:ad:41:b3:59:46:fe:75:4a:e4
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

14/03/2023, 00:00

Not After

16/03/2025, 23:59

Subject

CN=Primate Labs Inc.,O=Primate Labs Inc.,L=Toronto,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3a:63:1d:07:70:d5:3e:5b:ba:68:ee:b1:00:9f:4c:f6:32:d1:1f:c6
Signer

Actual PE Digest

3a:63:1d:07:70:d5:3e:5b:ba:68:ee:b1:00:9f:4c:f6:32:d1:1f:c6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\build\.pulse2-agent\data\agents\852448\recipes\130333594\base\build.x86_64\src\banff\console\banff_x86_64.pdb

Imports

onnxruntime

ord5
ord1

dxgi

CreateDXGIFactory1

advapi32

SetSecurityInfo
OpenProcessToken
RegQueryValueExW
SystemFunction036
RegGetValueW
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
AllocateAndInitializeSid
GetSecurityInfo
SetEntriesInAclA
RegOpenKeyExW
FreeSid
GetUserNameW

bcrypt

BCryptGenRandom

iphlpapi

GetAdaptersAddresses

kernel32

IsValidCodePage
GetACP
GetTimeZoneInformation
EnumSystemLocalesW
GetOEMCP
ReadDirectoryChangesW
FindFirstFileExW
Sleep
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
GetLastError
SetLastError
QueryPerformanceCounter
QueryPerformanceFrequency
GlobalMemoryStatusEx
GetNativeSystemInfo
GlobalFree
GetTempPathA
GetModuleFileNameA
GetCurrentProcess
GetSystemCpuSetInformation
GetVersionExA
GetNumaHighestNodeNumber
GetNumaNodeProcessorMask
GetModuleHandleA
GetProcAddress
GetSystemPowerStatus
SetThreadExecutionState
GetSystemInfo
DeviceIoControl
CloseHandle
LocalFree
LocalAlloc
CreateFileA
WriteConsoleW
SwitchToThread
ExitProcess
FlsAlloc
FlsGetValue
FlsSetValue
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
AreFileApisANSI
CreateFileW
CreateFileMappingW
CreateMutexW
DeleteFileA
DeleteFileW
FlushFileBuffers
FormatMessageA
FormatMessageW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetFileAttributesA
GetFileAttributesW
GetFileAttributesExW
GetFileSize
GetFullPathNameA
GetFullPathNameW
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathW
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
HeapValidate
HeapCompact
LockFile
LockFileEx
MapViewOfFile
MultiByteToWideChar
ReadFile
SetEndOfFile
SetFilePointer
SystemTimeToFileTime
UnlockFile
UnlockFileEx
UnmapViewOfFile
WideCharToMultiByte
WriteFile
WaitForSingleObject
WaitForSingleObjectEx
OutputDebugStringA
OutputDebugStringW
GetProcessHeap
FlushViewOfFile
InitOnceExecuteOnce
CreateMutexA
ReleaseMutex
TerminateProcess
VirtualAlloc
VirtualFree
MoveFileExA
GetStdHandle
GetFileType
GetConsoleMode
SetConsoleMode
CreateNamedPipeA
GetNamedPipeHandleStateA
ConnectNamedPipe
CreateIoCompletionPort
UnregisterWait
QueueUserWorkItem
PostQueuedCompletionStatus
CreateNamedPipeW
WaitNamedPipeW
SetNamedPipeHandleState
CancelIoEx
CancelSynchronousIo
CreateEventA
RegisterWaitForSingleObject
PeekNamedPipe
DuplicateHandle
GetCurrentThread
SetErrorMode
GetQueuedCompletionStatus
SetEvent
ResumeThread
TlsSetValue
TlsGetValue
TlsAlloc
InitializeSRWLock
AcquireSRWLockShared
TryAcquireSRWLockShared
ReleaseSRWLockShared
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
ReleaseSRWLockExclusive
CreateSemaphoreA
ReleaseSemaphore
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
TlsFree
SetHandleInformation
SetFileCompletionNotificationModes
CancelIo
GetModuleFileNameW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetEnvironmentVariableW
CreateToolhelp32Snapshot
Process32First
Process32Next
SetConsoleTitleW
GetConsoleTitleW
K32GetProcessMemoryInfo
GetTickCount64
VerSetConditionMask
VerifyVersionInfoA
GetProcessTimes
FileTimeToSystemTime
GetProcessIoCounters
GetEnvironmentVariableW
GetEnvironmentStringsW
FreeEnvironmentStringsW
OpenProcess
GetPriorityClass
SetPriorityClass
GetVersionExW
SetConsoleCtrlHandler
GetShortPathNameW
GetLongPathNameW
GetUserDefaultLCID
LCMapStringW
GetExitCodeProcess
UnregisterWaitEx
CreateProcessW
AssignProcessToJobObject
CreateJobObjectW
SetInformationJobObject
GetConsoleScreenBufferInfo
GetNumberOfConsoleInputEvents
GetConsoleCursorInfo
WriteConsoleInputW
ReadConsoleInputW
SetConsoleTextAttribute
SetConsoleCursorPosition
FillConsoleOutputCharacterW
FillConsoleOutputAttribute
SetConsoleCursorInfo
ReadConsoleW
ResetEvent
LoadLibraryExA
DebugBreak
GetFileInformationByHandleEx
GetFileSizeEx
CreateFileMappingA
SetFilePointerEx
SetFileTime
GetFileInformationByHandle
CreateDirectoryW
FindFirstFileW
FindNextFileW
FindClose
ReOpenFile
MoveFileExW
CreateHardLinkW
CreateSymbolicLinkW
GetFinalPathNameByHandleW
CopyFileW
RemoveDirectoryW
GetStartupInfoW
InitializeCriticalSectionAndSpinCount
CreateEventW
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
GetStringTypeW
FreeLibrary
LoadLibraryExW
EncodePointer
DecodePointer
InitializeCriticalSectionEx
LCMapStringEx
CompareStringEx
GetCPInfo
FlsFree
RtlUnwindEx
RtlPcToFileHeader
RaiseException
RtlUnwind
GetModuleHandleExW
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
CreateThread
ExitThread
FreeLibraryAndExitThread
SetStdHandle
GetConsoleOutputCP
SetFileAttributesW
GetCommandLineA
GetCommandLineW
GetDateFormatW
GetTimeFormatW
CompareStringW
GetLocaleInfoW
IsValidLocale

ole32

CoCreateInstance
CoInitializeSecurity
CoInitialize
CoUninitialize
CoSetProxyBlanket

oleaut32

SysAllocString
VariantInit
VariantClear
SysFreeString

powrprof

PowerGetActiveScheme
CallNtPowerInformation
PowerReadFriendlyName

rpcrt4

UuidToStringA
RpcStringFreeA
UuidCreate

shell32

SHGetFolderPathA

user32

TranslateMessage
DispatchMessageA
MapVirtualKeyW
GetSystemMetrics
GetMessageA

winhttp

WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpGetIEProxyConfigForCurrentUser
WinHttpOpen
WinHttpGetProxyForUrl
WinHttpConnect
WinHttpSetOption
WinHttpOpenRequest

ws2_32

WSASendTo
select
WSAStartup
WSASetLastError
htons
WSARecvFrom
connect
WSAGetLastError
closesocket
recv
send
getsockopt
setsockopt
inet_pton
WSAGetOverlappedResult
WSASocketW
socket
ioctlsocket
shutdown
listen
bind
WSARecv
getsockname
getpeername
WSASend
WSADuplicateSocketW
WSAIoctl
htonl

setupapi

SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailA
SetupDiGetClassDevsA

userenv

GetUserProfileDirectoryW

Sections

.text
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 66KB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
onnxruntime.dll
.dll windows:6 windows x64 arch:x64

1e5146302928e03e19e1ac45ff95baa2

Code Sign

33:00:00:03:4d:4e:91:a6:1a:28:b0:78:8f:00:00:00:00:03:4d
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/03/2023, 18:43

Not After

14/03/2024, 18:43

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

38:fb:2b:40:2b:0b:63:b1:0f:93:75:cb:25:e4:c8:4b:d1:9d:01:49:2b:26:18:bc:f0:e5:32:a8:55:4c:7c:9e
Signer

Actual PE Digest

38:fb:2b:40:2b:0b:63:b1:0f:93:75:cb:25:e4:c8:4b:d1:9d:01:49:2b:26:18:bc:f0:e5:32:a8:55:4c:7c:9e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\_work\1\b\RelWithDebInfo\RelWithDebInfo\onnxruntime.pdb

Imports

api-ms-win-core-file-l1-1-0

GetFullPathNameW
FindNextFileW
FindFirstFileW
FindClose
CreateDirectoryW
ReadFile
GetFileSizeEx
RemoveDirectoryW
GetFinalPathNameByHandleW
CreateDirectoryA
GetFileAttributesW
SetFilePointerEx
DeleteFileW
GetFileAttributesA

api-ms-win-core-errorhandling-l1-1-0

GetLastError
RaiseException
UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableA

msvcp140

??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAF@Z
_Query_perf_frequency
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Throw_C_error@std@@YAXH@Z
?_Xlength_error@std@@YAXPEBD@Z
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_init_in_situ
_Mtx_unlock
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?uncaught_exception@std@@YA_NXZ
?_Xbad_function_call@std@@YAXXZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Xbad_alloc@std@@YAXXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
_Query_perf_counter
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?classic@locale@std@@SAAEBV12@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?id@?$ctype@_W@std@@2V0locale@2@A
?_Xinvalid_argument@std@@YAXPEBD@Z
?id@?$ctype@D@std@@2V0locale@2@A
??0_Locinfo@std@@QEAA@PEBD@Z
??1_Locinfo@std@@QEAA@XZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
??0facet@locale@std@@IEAA@_K@Z
??1facet@locale@std@@MEAA@XZ
?imbue@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_J@Z
?id@?$numpunct@D@std@@2V0locale@2@A
_Thrd_id
?wclog@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@G@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
_Thrd_hardware_concurrency
?_Incref@facet@locale@std@@UEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??Bid@locale@std@@QEAA_KXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?widen@?$ctype@_W@std@@QEBA_WD@Z
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@I@Z
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
_Xtime_get_ticks

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memset
__current_exception_context
__current_exception
__std_type_info_destroy_list
_CxxThrowException
strchr
__std_terminate
_purecall
__std_exception_destroy
__std_exception_copy
__C_specific_handler
__std_type_info_name
__RTtypeid
memchr
memcmp
memcpy
memmove
__std_type_info_compare

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table
_register_onexit_function
_get_errno
_initialize_onexit_table
_set_errno
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
strerror
_errno
_set_doserrno
_invalid_parameter_noinfo_noreturn
abort
_invalid_parameter_noinfo
strerror_s
_crt_atexit
_beginthreadex
__doserrno
_cexit
terminate

api-ms-win-crt-stdio-l1-1-0

fclose
_wsopen_s
__stdio_common_vswprintf
fputc
__stdio_common_vsnprintf_s
_get_stream_buffer_pointers
fgetc
fwrite
_sopen_s
__stdio_common_vsprintf_s
fgetpos
setvbuf
_write
ungetc
fsetpos
fread
_fseeki64
__acrt_iob_func
fflush
__stdio_common_vfprintf
__stdio_common_vsprintf
_read
_close

api-ms-win-crt-string-l1-1-0

isalnum
towlower
strcmp
strncmp
_towlower_l
_towupper_l
strnlen
isalpha
isdigit
isspace
_strnicmp
iswspace
tolower

api-ms-win-crt-convert-l1-1-0

strtof
atoi
strtol
strtoull
strtod
strtoll
_strtoi64

api-ms-win-crt-filesystem-l1-1-0

_fstat64i32
_lock_file
_unlock_file
_wstat64i32

api-ms-win-crt-heap-l1-1-0

malloc
_aligned_free
free
_callnewh
_aligned_malloc
calloc

api-ms-win-core-synch-l1-2-0

InitOnceComplete
Sleep
SleepConditionVariableSRW
WakeAllConditionVariable
WakeConditionVariable
InitOnceBeginInitialize

api-ms-win-core-synch-l1-1-0

CreateMutexExW
CreateSemaphoreExW
CreateEventW
ReleaseSRWLockShared
OpenSemaphoreW
ReleaseSemaphore
AcquireSRWLockExclusive
WaitForSingleObjectEx
AcquireSRWLockShared
WaitForSingleObject
ReleaseMutex
ReleaseSRWLockExclusive

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
TerminateProcess
GetCurrentProcess

api-ms-win-core-processthreads-l1-1-1

GetCurrentProcessorNumber
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemInfo
GetLogicalProcessorInformationEx

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetModuleFileNameW
GetModuleHandleW
GetModuleFileNameA
GetProcAddress
GetModuleHandleExW
GetModuleHandleA
FreeLibrary
LoadLibraryExA

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-localization-l1-2-0

FormatMessageW
FormatMessageA

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
VirtualProtect
VirtualQuery
VirtualFree
MapViewOfFile
CreateFileMappingW
VirtualAlloc

api-ms-win-core-file-l1-2-0

CreateFile2

api-ms-win-core-processtopology-l1-1-0

SetThreadGroupAffinity

api-ms-win-core-path-l1-1-0

PathCchRemoveFileSpec
PathCchRemoveBackslash

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventSetInformation
EventUnregister
EventRegister

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime

api-ms-win-crt-time-l1-1-0

_difftime64
_localtime64_s
_gmtime64_s
wcsftime
_mktime64

api-ms-win-crt-locale-l1-1-0

_free_locale
_create_locale
localeconv

api-ms-win-crt-math-l1-1-0

fmodf
log
atanf
log10
logf
pow
tanhf
sinhf
ceil
sqrt
sqrtf
tanf
tanh
asinf
llroundl
fmod
sin
ceilf
ldexp
sinf
_dsign
cos
cosf
coshf
exp
expf
roundf
fmax
floor
scalbnf
ilogb
scalbn
ilogbf
_dclass
_fdclass
powf
acosf
floorf
rint
rintf
log2
remainderf
log2f
nearbyintf
log1pf
acoshf
atanhf
_fdsign
asinhf

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

Exports

Exports

OrtGetApiBase
OrtGetWinMLAdapter
OrtSessionOptionsAppendExecutionProviderEx_DML
OrtSessionOptionsAppendExecutionProvider_CPU
OrtSessionOptionsAppendExecutionProvider_DML

Sections

.text
Size: 8.7MB - Virtual size: 8.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 360KB - Virtual size: 375KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 286KB - Virtual size: 286KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vc_redist.x64.exe
.exe windows:5 windows x86 arch:x86

1a5cdbf711fee14b077e599d13fddab2

Code Sign

33:00:00:03:3e:63:3a:86:bf:41:73:d7:e0:00:00:00:00:03:3e
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/02/2023, 20:10

Not After

31/01/2024, 20:10

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ad:6a:d1:8f:ba:07:71:a5:ec:f5:69:52:a1:7d:d5:39:3f:75:0e:a0:5f:29:5c:1e:e7:1e:d4:4b:3b:68:53:fe
Signer

Actual PE Digest

ad:6a:d1:8f:ba:07:71:a5:ec:f5:69:52:a1:7d:d5:39:3f:75:0e:a0:5f:29:5c:1e:e7:1e:d4:4b:3b:68:53:fe

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

C:\agent\_work\8\s\build\ship\x86\burn.pdb

Imports

advapi32

RegCloseKey
RegOpenKeyExW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
InitiateSystemShutdownExW
GetUserNameW
RegQueryValueExW
RegDeleteValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW
DecryptFileW
CreateWellKnownSid
InitializeAcl
SetEntriesInAclW
ChangeServiceConfigW
CloseServiceHandle
ControlService
OpenSCManagerW
OpenServiceW
QueryServiceStatus
SetNamedSecurityInfoW
CheckTokenMembership
AllocateAndInitializeSid
SetEntriesInAclA
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyExW
GetTokenInformation
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
QueryServiceConfigW

user32

GetMessageW
PostMessageW
IsWindow
WaitForInputIdle
PostQuitMessage
PeekMessageW
MsgWaitForMultipleObjects
PostThreadMessageW
GetMonitorInfoW
MonitorFromPoint
IsDialogMessageW
LoadCursorW
LoadBitmapW
SetWindowLongW
GetWindowLongW
GetCursorPos
MessageBoxW
CreateWindowExW
UnregisterClassW
RegisterClassW
DefWindowProcW
DispatchMessageW
TranslateMessage

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

gdi32

CreateCompatibleDC
DeleteObject
SelectObject
StretchBlt
GetObjectW
DeleteDC

shell32

SHGetFolderPathW
CommandLineToArgvW
ShellExecuteExW

ole32

CoUninitialize
CoInitializeEx
CoInitialize
StringFromGUID2
CoCreateInstance
CoTaskMemFree
CoInitializeSecurity
CLSIDFromProgID

kernel32

GetCommandLineA
GetCPInfo
GetOEMCP
CloseHandle
CreateFileW
GetProcAddress
LocalFree
HeapSetInformation
GetLastError
GetModuleHandleW
FormatMessageW
lstrlenA
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringW
Sleep
GetLocalTime
GetModuleFileNameW
ExpandEnvironmentStringsW
GetTempPathW
GetTempFileNameW
CreateDirectoryW
GetFullPathNameW
CompareStringW
GetCurrentProcessId
WriteFile
SetFilePointer
LoadLibraryW
GetSystemDirectoryW
CreateFileA
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
FindClose
GetCommandLineW
GetCurrentDirectoryW
RemoveDirectoryW
SetFileAttributesW
GetFileAttributesW
DeleteFileW
FindFirstFileW
FindNextFileW
MoveFileExW
GetCurrentProcess
GetCurrentThreadId
InitializeCriticalSection
DeleteCriticalSection
ReleaseMutex
GetEnvironmentStringsW
TlsGetValue
TlsSetValue
TlsFree
CreateProcessW
GetVersionExW
VerSetConditionMask
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
GetSystemTime
GetNativeSystemInfo
GetModuleHandleExW
GetWindowsDirectoryW
GetSystemWow64DirectoryW
GetComputerNameW
VerifyVersionInfoW
GetVolumePathNameW
GetDateFormatW
GetSystemDefaultLangID
GetUserDefaultLangID
GetStringTypeW
ReadFile
SetFilePointerEx
DuplicateHandle
InterlockedExchange
InterlockedCompareExchange
CreateEventW
ProcessIdToSessionId
OpenProcess
GetProcessId
WaitForSingleObject
ConnectNamedPipe
SetNamedPipeHandleState
CreateNamedPipeW
CreateThread
GetExitCodeThread
SetEvent
WaitForMultipleObjects
InterlockedIncrement
InterlockedDecrement
ResetEvent
SetEndOfFile
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
CompareStringA
GetExitCodeProcess
SetThreadExecutionState
CopyFileExW
MapViewOfFile
UnmapViewOfFile
CreateMutexW
CreateFileMappingW
GetThreadLocale
IsValidCodePage
FreeEnvironmentStringsW
TlsAlloc
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
DecodePointer
WriteConsoleW
GetModuleHandleA
GlobalAlloc
GlobalFree
GetFileSizeEx
CopyFileW
VirtualAlloc
VirtualFree
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
SystemTimeToFileTime
GetSystemInfo
VirtualProtect
VirtualQuery
SetCurrentDirectoryW
FindFirstFileExW
GetFileType
GetACP
ExitProcess
GetStdHandle
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RaiseException
RtlUnwind
SetLastError
LoadLibraryExA

rpcrt4

UuidCreate

Sections

.text
Size: 294KB - Virtual size: 293KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wixburn
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ced282d9b261d1462772017fe2f6972b

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:b1:12:1c:e7:3e:58:ad:41:b3:59:46:fe:75:4a:e4Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

96:59:73:d8:b6:26:c9:5d:5d:58:5a:9b:68:96:6e:92:6a:6f:09:82Signer

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shell32

ole32

comctl32

user32

gdi32

kernel32

Sections

.text Size: 25KB - Virtual size: 25KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 149KB

.ndata Size: - Virtual size: 44KB

.rsrc Size: 104KB - Virtual size: 104KB

610235b90207a63ccf481f0d4375d329

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

17fb6a8708b9c0bb2d5d8687870eb415

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 296B

.reloc Size: 1024B - Virtual size: 568B

8c8a576201f68de1a3f26fc723b9f30f

Headers

DLL Characteristics

File Characteristics

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:b1:12:1c:e7:3e:58:ad:41:b3:59:46:fe:75:4a:e4
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

96:59:73:d8:b6:26:c9:5d:5d:58:5a:9b:68:96:6e:92:6a:6f:09:82
Signer

.text
Size: 25KB - Virtual size: 25KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 149KB

.ndata
Size: - Virtual size: 44KB

.rsrc
Size: 104KB - Virtual size: 104KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 296B

.reloc
Size: 1024B - Virtual size: 568B

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 867B

.data
Size: 512B - Virtual size: 104B

.reloc
Size: 1024B - Virtual size: 636B

33:00:00:03:4e:b5:3c:7a:c1:84:6f:eb:2b:00:00:00:00:03:4e
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

8e:c2:0e:91:b0:b2:da:ff:23:0b:b8:11:5c:25:bc:77:30:e0:86:67:88:a5:b0:2e:23:e6:b7:eb:ef:67:54:a6
Signer

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 2.7MB - Virtual size: 2.7MB

.data
Size: 82KB - Virtual size: 97KB

.pdata
Size: 114KB - Virtual size: 114KB

_RDATA
Size: 512B - Virtual size: 512B

.rsrc
Size: 6.3MB - Virtual size: 6.3MB

.reloc
Size: 35KB - Virtual size: 35KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:b1:12:1c:e7:3e:58:ad:41:b3:59:46:fe:75:4a:e4
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate