0d5a12221d474f58e42158839b54479af4231c3a781411bbd9e59046bca3c22b

Sharing

Copy URL Twitter E-mail

General

Target

0d5a12221d474f58e42158839b54479af4231c3a781411bbd9e59046bca3c22b
Size

13.8MB
MD5

36f02fa131411a4b06a6b07af643a3d8
SHA1

1ab1614cdbe2f885bb1b2752334900ada2307986
SHA256

0d5a12221d474f58e42158839b54479af4231c3a781411bbd9e59046bca3c22b
SHA512

f9ecc79fc463ad4577443ec2f2bd7c872126f814ff4404d9468f76c377bc31b6532ffbadd929ef3af9a5a2443f1ca904060c5b763af07faa41ec37cfe22a55f8
SSDEEP

393216:YITafB6rOrRvfuyKkH9Hw2H0Di18NDXxt2Rx9:nmfgrOrJf4kH9RHsi1Mnwx9

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/CAPEv2-master/analyzer/windows/bin/PPLinject.exe
unpack001/CAPEv2-master/analyzer/windows/bin/PPLinject64.exe
unpack001/CAPEv2-master/analyzer/windows/bin/loader.exe
unpack001/CAPEv2-master/analyzer/windows/bin/loader_x64.exe
unpack001/CAPEv2-master/analyzer/windows/dll/capemon.dll
unpack001/CAPEv2-master/analyzer/windows/dll/capemon_x64.dll

Files

0d5a12221d474f58e42158839b54479af4231c3a781411bbd9e59046bca3c22b
.zip
CAPEv2-master/.actrc
CAPEv2-master/.github/ISSUE_TEMPLATE/bug_report.md
CAPEv2-master/.github/actions/python-setup/action.yml
CAPEv2-master/.github/workflows/antitemplaters.yml_disabled
CAPEv2-master/.github/workflows/export-requirements.yml
CAPEv2-master/.github/workflows/pip-audit.yml
CAPEv2-master/.github/workflows/python-package-windows.yml
CAPEv2-master/.github/workflows/python-package.yml
CAPEv2-master/.github/workflows/todo.yml_disabled
CAPEv2-master/.github/workflows/yara-audit.yml
CAPEv2-master/.gitignore
CAPEv2-master/.gitmodules
CAPEv2-master/.pre-commit-config.yaml
CAPEv2-master/.readthedocs.yaml
CAPEv2-master/.yara-ci.yml
CAPEv2-master/CITATION.cff
CAPEv2-master/LICENSE
CAPEv2-master/README.md
CAPEv2-master/SECURITY.md
CAPEv2-master/acknowledgment.md
CAPEv2-master/admin/admin.py
.py .sh linux
CAPEv2-master/admin/admin_conf.py_example
.sh linux
CAPEv2-master/agent/agent.py
CAPEv2-master/agent/pytest.ini
CAPEv2-master/agent/test_agent.py
CAPEv2-master/agent/test_python_architecture.py
CAPEv2-master/analyzer/linux/analyzer.py
CAPEv2-master/analyzer/linux/dbus_next/__init__.py
CAPEv2-master/analyzer/linux/dbus_next/__version__.py
CAPEv2-master/analyzer/linux/dbus_next/_private/address.py
CAPEv2-master/analyzer/linux/dbus_next/_private/constants.py
CAPEv2-master/analyzer/linux/dbus_next/_private/marshaller.py
CAPEv2-master/analyzer/linux/dbus_next/_private/unmarshaller.py
CAPEv2-master/analyzer/linux/dbus_next/_private/util.py
CAPEv2-master/analyzer/linux/dbus_next/aio/__init__.py
CAPEv2-master/analyzer/linux/dbus_next/aio/message_bus.py
CAPEv2-master/analyzer/linux/dbus_next/aio/proxy_object.py
CAPEv2-master/analyzer/linux/dbus_next/auth.py
CAPEv2-master/analyzer/linux/dbus_next/constants.py
CAPEv2-master/analyzer/linux/dbus_next/errors.py
CAPEv2-master/analyzer/linux/dbus_next/introspection.py
CAPEv2-master/analyzer/linux/dbus_next/message.py
CAPEv2-master/analyzer/linux/dbus_next/message_bus.py
CAPEv2-master/analyzer/linux/dbus_next/proxy_object.py
CAPEv2-master/analyzer/linux/dbus_next/service.py
CAPEv2-master/analyzer/linux/dbus_next/signature.py
CAPEv2-master/analyzer/linux/dbus_next/validators.py
CAPEv2-master/analyzer/linux/lib/api/process.py
CAPEv2-master/analyzer/linux/lib/api/screenshot.py
CAPEv2-master/analyzer/linux/lib/common/abstracts.py
CAPEv2-master/analyzer/linux/lib/common/common.py
.py .sh linux
CAPEv2-master/analyzer/linux/lib/common/constants.py
CAPEv2-master/analyzer/linux/lib/common/exceptions.py
CAPEv2-master/analyzer/linux/lib/common/hashing.py
CAPEv2-master/analyzer/linux/lib/common/rand.py
CAPEv2-master/analyzer/linux/lib/common/results.py
.py .js
CAPEv2-master/analyzer/linux/lib/core/config.py
CAPEv2-master/analyzer/linux/lib/core/packages.py
.py .sh linux
CAPEv2-master/analyzer/linux/lib/core/startup.py
CAPEv2-master/analyzer/linux/modules/auxiliary/filecollector.py
CAPEv2-master/analyzer/linux/modules/auxiliary/human.py
CAPEv2-master/analyzer/linux/modules/auxiliary/screenshots.py
CAPEv2-master/analyzer/linux/modules/packages/bash.py
.py .sh linux
CAPEv2-master/analyzer/linux/modules/packages/deb.py
.py .sh linux
CAPEv2-master/analyzer/linux/modules/packages/doc.py
.py .sh linux
CAPEv2-master/analyzer/linux/modules/packages/firefox.py
.py .sh linux
CAPEv2-master/analyzer/linux/modules/packages/generic.py
.py .sh linux
CAPEv2-master/analyzer/linux/modules/packages/jar.py
.py .sh linux
CAPEv2-master/analyzer/linux/modules/packages/js.py
.py .sh linux
CAPEv2-master/analyzer/linux/modules/packages/pdf.py
.py .sh linux
CAPEv2-master/analyzer/linux/modules/packages/perl.py
.py .sh linux
CAPEv2-master/analyzer/linux/modules/packages/python.py
.py .sh linux
CAPEv2-master/analyzer/linux/modules/packages/python_whl.py
.py .sh linux
CAPEv2-master/analyzer/linux/modules/packages/wget.py
.py .sh linux
CAPEv2-master/analyzer/linux/modules/packages/zip.py
.py .sh linux
CAPEv2-master/analyzer/windows/analyzer.py
CAPEv2-master/analyzer/windows/bin/PPLinject.exe
.exe windows:6 windows x86 arch:x86

7e7ea33c6082e61a8f170d6466f1d863

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindResourceW
LocalFree
GetFileSize
VerSetConditionMask
GetCurrentProcessId
VerifyVersionInfoW
GetExitCodeProcess
LoadResource
FormatMessageW
GetNativeSystemInfo
GetProcessInformation
CloseHandle
LockResource
DefineDosDeviceW
GetCurrentThread
CreateFileTransactedW
GetLastError
CreateEventW
OpenProcess
GetSystemDirectoryW
CreateFileW
LocalAlloc
WaitForSingleObject
FindClose
WriteFile
GetCurrentProcess
FindNextFileW
SetLastError
FindFirstFileW
SizeofResource
CallNamedPipeW
ReadFile
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleW

advapi32

AdjustTokenPrivileges
GetSidSubAuthorityCount
GetSidSubAuthority
LookupPrivilegeNameW
CopySid
ConvertSidToStringSidW
GetUserNameW
LookupAccountSidW
GetTokenInformation
SetSecurityDescriptorDacl
RevertToSelf
ConvertStringSidToSidW
OpenProcessToken
SetThreadToken
InitializeSecurityDescriptor
CreateProcessAsUserW
SetKernelObjectSecurity
DuplicateTokenEx
OpenThreadToken
GetSecurityInfo

ntdll

NtCreateDirectoryObjectEx
RtlNtStatusToDosError
NtClose
RtlInitUnicodeString
NtQuerySymbolicLinkObject
NtQuerySystemInformation
NtCreateTransaction
NtCreateSection
NtOpenSymbolicLinkObject
NtCreateSymbolicLinkObject

rpcrt4

RpcStringFreeW
UuidCreate
UuidToStringW

vcruntime140

_except_handler4_common
memset

api-ms-win-crt-string-l1-1-0

_wcsicmp

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsnprintf_s
__stdio_common_vfwprintf
__stdio_common_vswprintf_s
__stdio_common_vswprintf
__acrt_iob_func
_set_fmode
__p__commode

api-ms-win-crt-convert-l1-1-0

wcstoul

api-ms-win-crt-runtime-l1-1-0

_set_app_type
_configure_wide_argv
_initialize_wide_environment
_get_initial_wide_environment
_initterm
_controlfp_s
exit
_exit
__p___argc
__p___wargv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
terminate
_crt_atexit
_seh_filter_exe
_initialize_onexit_table
_register_onexit_function

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CAPEv2-master/analyzer/windows/bin/PPLinject64.exe
.exe windows:6 windows x64 arch:x64

ac2e4658e6df04971588aaf3817df9dd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

FindResourceW
LocalFree
GetFileSize
VerSetConditionMask
GetCurrentProcessId
VerifyVersionInfoW
GetExitCodeProcess
LoadResource
FormatMessageW
GetProcessInformation
CloseHandle
LockResource
DefineDosDeviceW
GetCurrentThread
CreateFileTransactedW
GetLastError
CreateEventW
OpenProcess
GetSystemDirectoryW
CreateFileW
LocalAlloc
WaitForSingleObject
FindClose
WriteFile
GetCurrentProcess
FindNextFileW
SetLastError
FindFirstFileW
SizeofResource
CallNamedPipeW
ReadFile
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
GetModuleHandleW
RtlCaptureContext

advapi32

AdjustTokenPrivileges
GetSidSubAuthorityCount
GetSidSubAuthority
LookupPrivilegeNameW
CopySid
ConvertSidToStringSidW
GetUserNameW
LookupAccountSidW
GetTokenInformation
SetSecurityDescriptorDacl
RevertToSelf
ConvertStringSidToSidW
OpenProcessToken
SetThreadToken
InitializeSecurityDescriptor
CreateProcessAsUserW
SetKernelObjectSecurity
DuplicateTokenEx
OpenThreadToken
GetSecurityInfo

ntdll

NtCreateSymbolicLinkObject
RtlNtStatusToDosError
NtClose
RtlInitUnicodeString
NtQuerySymbolicLinkObject
NtQuerySystemInformation
NtCreateTransaction
NtCreateSection
NtOpenSymbolicLinkObject
NtCreateDirectoryObjectEx

rpcrt4

UuidCreate
RpcStringFreeW
UuidToStringW

vcruntime140

__C_specific_handler
memset

api-ms-win-crt-string-l1-1-0

_wcsicmp

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf
__stdio_common_vswprintf_s
__stdio_common_vsnprintf_s
__acrt_iob_func
__p__commode
__stdio_common_vfwprintf
_set_fmode

api-ms-win-crt-convert-l1-1-0

wcstoul

api-ms-win-crt-runtime-l1-1-0

_get_initial_wide_environment
_initterm
_initterm_e
exit
_initialize_wide_environment
_configure_wide_argv
__p___argc
__p___wargv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_set_app_type
_seh_filter_exe
_exit
terminate
_initialize_onexit_table
_register_onexit_function
_crt_atexit

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CAPEv2-master/analyzer/windows/bin/autoit3.exe
.exe windows:5 windows x86 arch:x86

6ae531f3439aee07e850dbb1ac7115a4

Code Sign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:f7:ce:c0:08:6a:c8:87:bb:81:ba:16
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

24/01/2018, 09:39

Not After

04/07/2020, 06:50

Subject

CN=AutoIt Consulting Ltd,O=AutoIt Consulting Ltd,L=Birmingham,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

13:b7:74:ee:59:e3:5e:c6:06:26:16:89
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

28/02/2018, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign TSA for Advanced - G3 - 002-02,O=GMO GlobalSign K.K.,C=JP

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ef:6a:b2:a0:69:2a:c4:4c:10:3d:fd:54:f2:65:c9:56:36:40:84:e1:a9:e6:56:a1:6d:7f:5d:d8:5d:7b:03:94
Signer

Actual PE Digest

ef:6a:b2:a0:69:2a:c4:4c:10:3d:fd:54:f2:65:c9:56:36:40:84:e1:a9:e6:56:a1:6d:7f:5d:d8:5d:7b:03:94

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSACleanup
socket
inet_ntoa
setsockopt
ntohs
recvfrom
ioctlsocket
htons
WSAStartup
__WSAFDIsSet
select
accept
listen
bind
closesocket
WSAGetLastError
recv
sendto
send
inet_addr
gethostbyname
gethostname
connect

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

winmm

timeGetTime
waveOutSetVolume
mciSendStringW

comctl32

ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Remove
ImageList_SetDragCursorImage
ImageList_BeginDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_EndDrag
ImageList_DragMove
InitCommonControlsEx
ImageList_Create

mpr

WNetUseConnectionW
WNetCancelConnection2W
WNetGetConnectionW
WNetAddConnection2W

wininet

InternetQueryDataAvailable
InternetCloseHandle
InternetOpenW
InternetSetOptionW
InternetCrackUrlW
HttpQueryInfoW
InternetQueryOptionW
HttpOpenRequestW
HttpSendRequestW
FtpOpenFileW
FtpGetFileSize
InternetOpenUrlW
InternetReadFile
InternetConnectW

psapi

GetProcessMemoryInfo

iphlpapi

IcmpCreateFile
IcmpCloseHandle
IcmpSendEcho

userenv

DestroyEnvironmentBlock
UnloadUserProfile
CreateEnvironmentBlock
LoadUserProfileW

uxtheme

IsThemeActive

kernel32

DuplicateHandle
CreateThread
WaitForSingleObject
HeapAlloc
GetProcessHeap
HeapFree
Sleep
GetCurrentThreadId
MultiByteToWideChar
MulDiv
GetVersionExW
IsWow64Process
GetSystemInfo
FreeLibrary
LoadLibraryA
GetProcAddress
WideCharToMultiByte
lstrcpyW
lstrlenW
GetModuleHandleW
QueryPerformanceCounter
VirtualFreeEx
OpenProcess
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
CreateFileW
SetFilePointerEx
SetEndOfFile
ReadFile
WriteFile
FlushFileBuffers
TerminateProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SetFileTime
GetFileAttributesW
FindFirstFileW
FindClose
GetModuleFileNameW
SetCurrentDirectoryW
GetShortPathNameW
DeleteFileW
FindNextFileW
CopyFileExW
MoveFileW
CreateDirectoryW
RemoveDirectoryW
SetSystemPowerState
QueryPerformanceFrequency
FindResourceW
LoadResource
LockResource
SizeofResource
EnumResourceNamesW
OutputDebugStringW
GetTempPathW
GetTempFileNameW
DeviceIoControl
GetLocalTime
CompareStringW
GetCurrentProcess
LeaveCriticalSection
GetStdHandle
CreatePipe
InterlockedExchange
TerminateThread
LoadLibraryExW
FindResourceExW
CopyFileW
VirtualFree
FormatMessageW
GetExitCodeProcess
SetErrorMode
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileSectionW
WritePrivateProfileSectionW
GetPrivateProfileSectionNamesW
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetDriveTypeW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetVolumeInformationW
SetVolumeLabelW
CreateHardLinkW
SetFileAttributesW
CreateEventW
SetEvent
GetEnvironmentVariableW
SetEnvironmentVariableW
GlobalLock
GlobalUnlock
GlobalAlloc
GetFileSize
GlobalFree
GlobalMemoryStatusEx
Beep
GetSystemDirectoryW
HeapReAlloc
HeapSize
GetComputerNameW
GetWindowsDirectoryW
GetCurrentProcessId
GetProcessIoCounters
CreateProcessW
GetProcessId
SetPriorityClass
LoadLibraryW
VirtualAlloc
IsDebuggerPresent
GetCurrentDirectoryW
lstrcmpiW
DecodePointer
GetLastError
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
GetCurrentThread
CloseHandle
EnterCriticalSection
GetFullPathNameW
EncodePointer
ExitProcess
GetModuleHandleExW
ExitThread
GetSystemTimeAsFileTime
ResumeThread
GetCommandLineW
IsProcessorFeaturePresent
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetStringTypeW
SetStdHandle
GetFileType
GetConsoleCP
GetConsoleMode
RtlUnwind
ReadConsoleW
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
LCMapStringW
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
GetLongPathNameW
SetEnvironmentVariableA

user32

AdjustWindowRectEx
CopyImage
SetWindowPos
GetCursorInfo
RegisterHotKey
ClientToScreen
GetKeyboardLayoutNameW
IsCharAlphaW
IsCharAlphaNumericW
IsCharLowerW
IsCharUpperW
GetMenuStringW
GetSubMenu
GetCaretPos
IsZoomed
MonitorFromPoint
GetMonitorInfoW
SetWindowLongW
SetLayeredWindowAttributes
FlashWindow
GetClassLongW
TranslateAcceleratorW
IsDialogMessageW
GetSysColor
InflateRect
DrawFocusRect
DrawTextW
FrameRect
DrawFrameControl
FillRect
PtInRect
DestroyAcceleratorTable
CreateAcceleratorTableW
SetCursor
GetWindowDC
GetSystemMetrics
GetActiveWindow
CharNextW
wsprintfW
RedrawWindow
DrawMenuBar
DestroyMenu
SetMenu
GetWindowTextLengthW
CreateMenu
IsDlgButtonChecked
DefDlgProcW
CallWindowProcW
ReleaseCapture
SetCapture
CreateIconFromResourceEx
mouse_event
ExitWindowsEx
SetActiveWindow
FindWindowExW
EnumThreadWindows
SetMenuDefaultItem
InsertMenuItemW
IsMenu
TrackPopupMenuEx
GetCursorPos
DeleteMenu
SetRect
GetMenuItemID
GetMenuItemCount
SetMenuItemInfoW
GetMenuItemInfoW
SetForegroundWindow
IsIconic
FindWindowW
MonitorFromRect
keybd_event
SendInput
GetAsyncKeyState
SetKeyboardState
GetKeyboardState
GetKeyState
VkKeyScanW
LoadStringW
DialogBoxParamW
MessageBeep
EndDialog
SendDlgItemMessageW
GetDlgItem
SetWindowTextW
CopyRect
ReleaseDC
GetDC
EndPaint
BeginPaint
GetClientRect
GetMenu
DestroyWindow
EnumWindows
GetDesktopWindow
IsWindow
IsWindowEnabled
IsWindowVisible
EnableWindow
InvalidateRect
GetWindowLongW
GetWindowThreadProcessId
AttachThreadInput
GetFocus
GetWindowTextW
ScreenToClient
SendMessageTimeoutW
EnumChildWindows
CharUpperBuffW
GetParent
GetDlgCtrlID
SendMessageW
MapVirtualKeyW
PostMessageW
GetWindowRect
SetUserObjectSecurity
CloseDesktop
CloseWindowStation
OpenDesktopW
SetProcessWindowStation
GetProcessWindowStation
OpenWindowStationW
GetUserObjectSecurity
MessageBoxW
DefWindowProcW
SetClipboardData
EmptyClipboard
CountClipboardFormats
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
BlockInput
GetMessageW
LockWindowUpdate
DispatchMessageW
TranslateMessage
PeekMessageW
UnregisterHotKey
CheckMenuRadioItem
CharLowerBuffW
MoveWindow
SetFocus
PostQuitMessage
KillTimer
CreatePopupMenu
RegisterWindowMessageW
SetTimer
ShowWindow
CreateWindowExW
RegisterClassExW
LoadIconW
LoadCursorW
GetSysColorBrush
GetForegroundWindow
MessageBoxA
DestroyIcon
SystemParametersInfoW
LoadImageW
GetClassNameW

gdi32

StrokePath
DeleteObject
GetTextExtentPoint32W
ExtCreatePen
GetDeviceCaps
EndPath
SetPixel
CloseFigure
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
StretchBlt
GetDIBits
LineTo
AngleArc
MoveToEx
Ellipse
DeleteDC
GetPixel
CreateDCW
GetStockObject
GetTextFaceW
CreateFontW
SetTextColor
PolyDraw
BeginPath
Rectangle
SetViewportOrgEx
GetObjectW
SetBkMode
RoundRect
SetBkColor
CreatePen
CreateSolidBrush
StrokeAndFillPath

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

GetAce
RegEnumValueW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegConnectRegistryW
InitializeSecurityDescriptor
InitializeAcl
AdjustTokenPrivileges
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueW
DuplicateTokenEx
CreateProcessAsUserW
CreateProcessWithLogonW
GetLengthSid
CopySid
LogonUserW
AllocateAndInitializeSid
CheckTokenMembership
RegCreateKeyExW
FreeSid
GetTokenInformation
GetSecurityDescriptorDacl
GetAclInformation
AddAce
SetSecurityDescriptorDacl
GetUserNameW
InitiateSystemShutdownExW

shell32

DragQueryPoint
ShellExecuteExW
DragQueryFileW
SHEmptyRecycleBinW
SHGetPathFromIDListW
SHBrowseForFolderW
SHCreateShellItem
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetFolderPathW
SHFileOperationW
ExtractIconExW
Shell_NotifyIconW
ShellExecuteW
DragFinish

ole32

CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
ProgIDFromCLSID
CLSIDFromProgID
OleSetMenuDescriptor
MkParseDisplayName
OleSetContainedObject
StringFromGUID2
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoInitialize
CoCreateInstance
CoUninitialize
GetRunningObjectTable
CoGetInstanceFromFile
CoGetObject
CoInitializeSecurity
IIDFromString
CoSetProxyBlanket
CoCreateInstanceEx

oleaut32

CreateDispTypeInfo
VariantCopyInd
SysReAllocString
SysFreeString
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayAllocData
SafeArrayAllocDescriptorEx
SafeArrayCreateVector
CreateStdDispatch
VarR8FromDec
SafeArrayGetVartype
OleLoadPicture
QueryPathOfRegTypeLi
LoadTypeLibEx
RegisterTypeLi
RegisterTypeLibForUser
VariantCopy
VariantClear
UnRegisterTypeLibForUser
UnRegisterTypeLi
DispCallFunc
VariantChangeType
SysStringLen
VariantTimeToSystemTime
SysAllocString
VariantInit

Sections

.text
Size: 570KB - Virtual size: 569KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 191KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CAPEv2-master/analyzer/windows/bin/loader.exe
.exe windows:6 windows x86 arch:x86

10990ba15abcf045de8d83f860e1a0dc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetLastError
GetCurrentProcess
WriteFile
OutputDebugStringA
VirtualAlloc
InitializeProcThreadAttributeList
WaitForSingleObject
ResumeThread
GetModuleHandleA
OpenProcess
GetExitCodeThread
CopyFileA
CallNamedPipeA
GetLastError
UpdateProcThreadAttribute
CreateFileA
LoadLibraryA
GetVersionExA
CloseHandle
CreateNamedPipeA
DeleteProcThreadAttributeList
HeapAlloc
QueueUserAPC
VirtualProtectEx
GetThreadContext
GetProcAddress
VirtualAllocEx
GetFileSize
ReadProcessMemory
GetProcessHeap
CreateRemoteThread
CreateProcessA
FormatMessageA
VirtualFreeEx
OpenThread
ConnectNamedPipe
VirtualQueryEx
WriteConsoleW
ReadConsoleW
SetEndOfFile
HeapReAlloc
WriteProcessMemory
GetFileSizeEx
GetSystemInfo
ReadFile
HeapSize
SetFilePointerEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
EncodePointer
RaiseException
GetCommandLineA
GetCommandLineW
GetStdHandle
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
HeapFree
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetStringTypeW
LCMapStringW
CreateFileW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
DecodePointer

user32

GetShellWindow
GetWindowThreadProcessId

advapi32

LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges

shlwapi

PathRemoveFileSpecA

Sections

.text
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CAPEv2-master/analyzer/windows/bin/loader_x64.exe
.exe windows:6 windows x64 arch:x64

b89ec4ec052d962cb133d3c55f3e1076

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\work\CAPE\capemon\capemon9\x64\Release\loader_x64.pdb

Imports

kernel32

SetLastError
GetCurrentProcess
WriteFile
OutputDebugStringA
VirtualAlloc
InitializeProcThreadAttributeList
WaitForSingleObject
ResumeThread
GetModuleHandleA
OpenProcess
GetExitCodeThread
CopyFileA
CallNamedPipeA
GetLastError
UpdateProcThreadAttribute
CreateFileA
LoadLibraryA
GetVersionExA
CloseHandle
CreateNamedPipeA
DeleteProcThreadAttributeList
HeapAlloc
QueueUserAPC
VirtualProtectEx
GetThreadContext
GetProcAddress
VirtualAllocEx
GetFileSize
ReadProcessMemory
GetProcessHeap
CreateRemoteThread
CreateProcessA
FormatMessageA
VirtualFreeEx
OpenThread
ConnectNamedPipe
VirtualQueryEx
WriteConsoleW
ReadConsoleW
SetEndOfFile
HeapReAlloc
WriteProcessMemory
GetFileSizeEx
GetSystemInfo
ReadFile
HeapSize
SetFilePointerEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
EncodePointer
RaiseException
RtlPcToFileHeader
GetCommandLineA
GetCommandLineW
GetStdHandle
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
HeapFree
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetStringTypeW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
CreateFileW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode

user32

GetShellWindow
GetWindowThreadProcessId

advapi32

LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges

shlwapi

PathRemoveFileSpecA

Sections

.text
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gxfg
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gehcont
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CAPEv2-master/analyzer/windows/bin/psexec.exe
.exe windows:5 windows x86 arch:x86

c1e59519b5e5d84af07afa6f5a8625f1

Code Sign

33:00:00:00:98:04:58:cb:7f:23:09:b0:9e:00:00:00:00:00:98
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

30/03/2016, 19:21

Not After

30/06/2017, 19:21

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7AFA-E41C-E142,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4f:c5:97:fa:40:70:59:c9:4b:35:34:f4:9b:c0:90:a1:1c:cb:4e:4e:6d:96:9a:f2:67:e1:4d:69:35:9f:71
Signer

Actual PE Digest

0c:4f:c5:97:fa:40:70:59:c9:4b:35:34:f4:9b:c0:90:a1:1c:cb:4e:4e:6d:96:9a:f2:67:e1:4d:69:35:9f:71

Digest Algorithm

sha256

PE Digest Matches

true

b4:77:bc:a0:7b:c3:2e:88:63:11:99:73:bc:91:f6:a5:5f:10:40:5f
Signer

Actual PE Digest

b4:77:bc:a0:7b:c3:2e:88:63:11:99:73:bc:91:f6:a5:5f:10:40:5f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

netapi32

NetServerEnum
NetApiBufferFree

ws2_32

gethostname
WSAStartup
inet_ntoa
gethostbyname

mpr

WNetCancelConnection2W
WNetAddConnection2W

kernel32

GetExitCodeProcess
ResumeThread
WaitForMultipleObjects
GetFileTime
DuplicateHandle
DisconnectNamedPipe
SetNamedPipeHandleState
TransactNamedPipe
CreateEventW
GetCurrentProcessId
GetFullPathNameW
SetFileAttributesW
GetFileAttributesW
CopyFileW
WaitNamedPipeW
SetConsoleCtrlHandler
SetConsoleTitleW
ReadConsoleW
GetVersion
SetProcessAffinityMask
ReadFile
GetConsoleScreenBufferInfo
MultiByteToWideChar
GetComputerNameW
DeleteFileW
CreateFileW
GetSystemDirectoryW
FindResourceW
LoadLibraryExW
FormatMessageA
GetTickCount
CloseHandle
WriteFile
SizeofResource
LoadResource
Sleep
WaitForSingleObject
SetEndOfFile
SetEvent
SetLastError
GetLastError
GetCurrentProcess
FreeLibrary
LockResource
SetPriorityClass
GetModuleFileNameW
GetCommandLineW
GetModuleHandleW
LoadLibraryW
GetStdHandle
GetFileType
LocalFree
LocalAlloc
GetProcAddress
FreeEnvironmentStringsW
LCMapStringW
OutputDebugStringW
HeapSize
HeapReAlloc
SetFilePointerEx
WriteConsoleW
GetEnvironmentVariableW
RaiseException
LoadLibraryExA
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
WideCharToMultiByte
HeapFree
HeapAlloc
GetConsoleMode
ReadConsoleInputA
SetConsoleMode
EnterCriticalSection
LeaveCriticalSection
SetStdHandle
CreateThread
GetCurrentThreadId
ExitThread
IsDebuggerPresent
IsProcessorFeaturePresent
GetStringTypeW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
DeleteCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetProcessHeap
FlushFileBuffers
GetConsoleCP
RtlUnwind
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW

comdlg32

PrintDlgW

advapi32

LsaClose
CreateProcessAsUserW
CryptHashData
CryptCreateHash
CryptDecrypt
CryptEncrypt
CryptImportKey
CryptExportKey
CryptDestroyKey
CryptDeriveKey
CryptGenKey
CryptReleaseContext
CryptAcquireContextW
StartServiceW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
OpenProcessToken
LsaEnumerateAccountRights
LsaOpenPolicy
LsaFreeMemory
SetSecurityInfo
GetSecurityInfo
LookupPrivilegeValueW
AddAccessAllowedAce
GetAce
AddAce
InitializeAcl
GetLengthSid
FreeSid
AllocateAndInitializeSid
SetTokenInformation
GetTokenInformation
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyW
RegCreateKeyW
RegCloseKey

Sections

.text
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CAPEv2-master/analyzer/windows/bin/signtool.exe
.exe windows:6 windows x86 arch:x86

018cef17108f0a49c10d12a42436c93f

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:a2:30:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:01

Not After

25/07/2013, 19:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

65:e1:61:f4:91:c1:f8:7c:14:fe:86:a6:f5:a6:67:c0:49:42:96:94
Signer

Actual PE Digest

65:e1:61:f4:91:c1:f8:7c:14:fe:86:a6:f5:a6:67:c0:49:42:96:94

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

signtool.pdb

Imports

advapi32

CryptDestroyKey
CryptEnumProvidersW
CryptAcquireContextW
CryptReleaseContext
CryptGetUserKey

kernel32

GetLastError
GetModuleHandleA
HeapSetInformation
FindClose
GetFullPathNameW
EnumResourceNamesW
EnumResourceLanguagesW
FindResourceExW
SizeofResource
LoadResource
LockResource
SetLastError
FindFirstFileW
FindNextFileW
FormatMessageW
GetFileType
ExpandEnvironmentStringsW
GetVersionExA
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
OutputDebugStringA
InterlockedCompareExchange
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedExchange
Sleep
MultiByteToWideChar
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
LocalFree
FileTimeToLocalFileTime
FileTimeToSystemTime
GetProcAddress
GetCurrentProcess
LoadLibraryA
FreeLibrary
GetEnvironmentVariableW
GetSystemInfo
CreateFileW
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
CloseHandle

mfc42

ord823
ord825

msvcrt

__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_initterm
_amsg_exit
fgetpos
__p__commode
__p__fmode
__set_app_type
??1type_info@@UAE@XZ
__uncaught_exception
memmove
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
_controlfp
isleadbyte
isupper
_itoa
islower
__badioinfo
__pioinfo
_fileno
_lseeki64
_write
_isatty
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
fwrite
setvbuf
fflush
ungetc
fputc
fgetc
malloc
_callnewh
setlocale
___lc_handle_func
___lc_codepage_func
___mb_cur_max_func
abort
ungetwc
__pctype_func
__crtLCMapStringA
__iob_func
__mb_cur_max
__crtLCMapStringW
wctomb
__crtGetStringTypeW
_snprintf
fsetpos
_errno
__CxxFrameHandler
fwprintf
_wctime64
putchar
free
mktime
wcsstr
swscanf
_wcsnicmp
_wfopen
fseek
fclose
fgetwc
_wcsicmp
towupper
iswdigit
iswalpha
memcpy
_iob
fputwc
_time64
towlower
_mktime64
wcsncmp
??0exception@@QAE@ABV0@@Z
_purecall
wprintf
_wsetlocale
puts
strcspn
??0exception@@QAE@XZ
memchr
localeconv
memset
??1bad_cast@@UAE@XZ
_CxxThrowException
??0bad_cast@@QAE@ABV0@@Z
__setusermatherr

ntdll

RtlFreeHeap
RtlUnwind
RtlAllocateHeap

crypt32

CryptDecodeObject
CryptMsgGetParam
CryptFindOIDInfo
CryptQueryObject
CertOpenStore
CertEnumCertificatesInStore
CertDuplicateCertificateChain
CertFreeCertificateChain
CertCloseStore
CertDuplicateStore
CertFreeCertificateContext
CertAddCertificateContextToStore
CryptAcquireCertificatePrivateKey
CertGetCertificateChain
CertFindExtension
CertGetNameStringW
CertGetCertificateContextProperty
CertSetCertificateContextProperty
CertGetValidUsages
CertAddStoreToCollection
CertControlStore
CertFindCertificateInStore
PFXImportCertStore
CryptExportPublicKeyInfoEx
CertComparePublicKeyInfo
CertDuplicateCertificateContext

user32

LoadStringW

oleaut32

GetErrorInfo
SysFreeString

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain

shlwapi

PathCanonicalizeW

ole32

CoTaskMemAlloc
CoTaskMemFree

mssign32

SignerTimeStamp
SignerSign

Sections

.text
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CAPEv2-master/analyzer/windows/data/msix.ps1
.ps1
CAPEv2-master/analyzer/windows/data/yara/AgentTesla.yar
CAPEv2-master/analyzer/windows/data/yara/Al-khaser.yar
CAPEv2-master/analyzer/windows/data/yara/AntiCuckoo.yar
CAPEv2-master/analyzer/windows/data/yara/Blister.yar
CAPEv2-master/analyzer/windows/data/yara/BruteRatel.yar
CAPEv2-master/analyzer/windows/data/yara/BuerLoader.yar
CAPEv2-master/analyzer/windows/data/yara/BumbleBee.yar
CAPEv2-master/analyzer/windows/data/yara/CargoBayLoader.yar
CAPEv2-master/analyzer/windows/data/yara/DarkGate.yar
CAPEv2-master/analyzer/windows/data/yara/DarkGateLoader.yar
CAPEv2-master/analyzer/windows/data/yara/DoomedLoader.yar
CAPEv2-master/analyzer/windows/data/yara/DridexLoader.yar
CAPEv2-master/analyzer/windows/data/yara/EmotetPacker.yar
CAPEv2-master/analyzer/windows/data/yara/Formbook.yar
CAPEv2-master/analyzer/windows/data/yara/GetTickCountAntiVM.yar
CAPEv2-master/analyzer/windows/data/yara/Guloader.yar
CAPEv2-master/analyzer/windows/data/yara/HeavensSyscall.yar
CAPEv2-master/analyzer/windows/data/yara/IcedID.yar
CAPEv2-master/analyzer/windows/data/yara/Latrodectus.yar
CAPEv2-master/analyzer/windows/data/yara/Lumma.yar
CAPEv2-master/analyzer/windows/data/yara/ModiLoader.yar
CAPEv2-master/analyzer/windows/data/yara/MysterySnail.yar
CAPEv2-master/analyzer/windows/data/yara/NSIS.yar
CAPEv2-master/analyzer/windows/data/yara/Pafish.yar
CAPEv2-master/analyzer/windows/data/yara/Pikabot.yar
CAPEv2-master/analyzer/windows/data/yara/QakBot.yar
CAPEv2-master/analyzer/windows/data/yara/RdtscpAntiVM.yar
CAPEv2-master/analyzer/windows/data/yara/Rhadamanthys.yar
CAPEv2-master/analyzer/windows/data/yara/RisePro.yar
CAPEv2-master/analyzer/windows/data/yara/SingleStepAntiHook.yar
CAPEv2-master/analyzer/windows/data/yara/SmokeLoader.yar
CAPEv2-master/analyzer/windows/data/yara/Socks5Systemz.yar
CAPEv2-master/analyzer/windows/data/yara/Stealc.yar
CAPEv2-master/analyzer/windows/data/yara/Syscall.yar
.ps1
CAPEv2-master/analyzer/windows/data/yara/UPX.yar
CAPEv2-master/analyzer/windows/data/yara/UrsnifV3.yar
CAPEv2-master/analyzer/windows/data/yara/VBCrypter.yar
CAPEv2-master/analyzer/windows/data/yara/XWorm.yar
CAPEv2-master/analyzer/windows/data/yara/Zloader.yar
CAPEv2-master/analyzer/windows/dll/capemon.dll
.dll windows:6 windows x86 arch:x86

92b4a98d4ddc20acc173b26a8b1428d7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

crypt32

CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenStore

ws2_32

inet_ntoa
inet_ntop
closesocket
WSASetLastError
send
recv
WSAGetLastError
WSACleanup

kernel32

AcquireSRWLockShared
ReadFile
QueryDosDeviceW
GetFileSizeEx
VirtualProtect
VirtualFree
GetCurrentProcess
WriteFile
K32GetMappedFileNameA
SetFilePointer
QueryDosDeviceA
CreateFileW
GetCurrentThreadId
UnmapViewOfFile
GetModuleHandleA
GetCommandLineA
GetLogicalDriveStringsW
K32GetModuleFileNameExA
GetLastError
CreateFileA
GetVersionExA
CloseHandle
GetSystemInfo
GetLogicalDriveStringsA
CreateFileMappingA
GetFileSize
GetCurrentProcessId
WideCharToMultiByte
CreateDirectoryA
GetSystemTime
K32GetMappedFileNameW
MapViewOfFile
VirtualQuery
DuplicateHandle
GetCurrentThread
GetThreadContext
GetProcAddress
SetThreadContext
OpenThread
K32GetProcessImageFileNameA
OpenProcess
CreateProcessW
IsWow64Process
VirtualQueryEx
OutputDebugStringA
FormatMessageA
LoadLibraryA
MoveFileA
GetFullPathNameA
SetEndOfFile
DeleteFileA
CreateToolhelp32Snapshot
VirtualProtectEx
ReadProcessMemory
K32EnumProcessModules
InitializeCriticalSectionEx
MultiByteToWideChar
RaiseException
DeleteCriticalSection
GetModuleHandleW
FindFirstFileA
FindNextFileA
ReleaseSRWLockShared
HeapCreate
GetCommandLineW
InitializeCriticalSection
SetErrorMode
AddVectoredExceptionHandler
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
Thread32Next
Thread32First
SuspendThread
ResumeThread
EnterCriticalSection
FindNextFileW
lstrlenW
LeaveCriticalSection
GetFileAttributesW
GetFileAttributesA
ExitThread
FileTimeToSystemTime
SystemTimeToFileTime
GetProcessIdOfThread
TryEnterCriticalSection
GetVolumeInformationA
GetVolumeNameForVolumeMountPointA
GetTempPathA
GetWindowsDirectoryA
CreateEventA
GetComputerNameA
GetFullPathNameW
GetLongPathNameW
OpenMutexA
LocalFree
GetLongPathNameA
CallNamedPipeW
OpenEventA
WaitForSingleObject
Sleep
SetEvent
CreateThread
ExitProcess
HeapDestroy
TlsSetValue
TlsAlloc
TlsGetValue
TlsFree
QueryPerformanceFrequency
QueryPerformanceCounter
GetStdHandle
GetFileType
SwitchToThread
InitializeCriticalSectionAndSpinCount
GetModuleHandleExW
DeleteFiber
ConvertFiberToThread
FreeLibrary
LoadLibraryW
FindFirstFileW
GetEnvironmentVariableW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileInformationByHandle
GetDriveTypeW
SetConsoleCtrlHandler
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
EncodePointer
GetModuleFileNameW
SetLastError
InitOnceExecuteOnce
HeapAlloc
HeapReAlloc
HeapFree
CompareStringW
LCMapStringW
HeapSize
GetConsoleOutputCP
SetFilePointerEx
SetStdHandle
GetTimeZoneInformation
FlushFileBuffers
GetCurrentDirectoryW
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
DecodePointer
FindClose
WriteConsoleW
LoadLibraryExW
InterlockedFlushSList
RtlUnwind
OutputDebugStringW
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
GetStringTypeW

user32

GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW

advapi32

CryptReleaseContext
CryptDestroyHash
CryptCreateHash
CryptEnumProvidersW
CryptSignHashW
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegSetKeyValueW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
OpenProcessToken
ConvertSidToStringSidW
GetTokenInformation
RegQueryValueExA
GetUserNameA
RegOpenKeyExA
CloseServiceHandle
OpenSCManagerW
GetServiceKeyNameW
QueryServiceConfigW
RegCloseKey

ole32

CoCreateFreeThreadedMarshaler
StringFromGUID2

shlwapi

PathRemoveFileSpecA
PathRemoveFileSpecW
PathAppendA

bcrypt

BCryptGenRandom

Exports

Exports

DllGetClassObject

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 578KB - Virtual size: 577KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 109KB - Virtual size: 359KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CAPEv2-master/analyzer/windows/dll/capemon_x64.dll
.dll windows:6 windows x64 arch:x64

ddc2dd9008956807c63e219479ff19ec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

crypt32

CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenStore

ws2_32

inet_ntoa
inet_ntop
closesocket
WSASetLastError
send
recv
WSAGetLastError
WSACleanup

kernel32

AcquireSRWLockShared
ReadFile
QueryDosDeviceW
GetFileSizeEx
VirtualProtect
VirtualFree
GetCurrentProcess
WriteFile
K32GetMappedFileNameA
SetFilePointer
QueryDosDeviceA
CreateFileW
GetCurrentThreadId
UnmapViewOfFile
GetModuleHandleA
GetCommandLineA
GetLogicalDriveStringsW
K32GetModuleFileNameExA
GetLastError
CreateFileA
GetVersionExA
CloseHandle
GetSystemInfo
GetLogicalDriveStringsA
CreateFileMappingA
GetFileSize
GetCurrentProcessId
WideCharToMultiByte
CreateDirectoryA
GetSystemTime
K32GetMappedFileNameW
MapViewOfFile
VirtualQuery
RtlCaptureContext
DuplicateHandle
GetCurrentThread
GetThreadContext
GetProcAddress
SetThreadContext
OpenThread
K32GetProcessImageFileNameA
OpenProcess
CreateProcessW
IsWow64Process
VirtualQueryEx
RtlRestoreContext
OutputDebugStringA
FormatMessageA
LoadLibraryA
MoveFileA
GetFullPathNameA
SetEndOfFile
DeleteFileA
CreateToolhelp32Snapshot
VirtualProtectEx
ReadProcessMemory
K32EnumProcessModules
InitializeCriticalSectionEx
MultiByteToWideChar
RaiseException
DeleteCriticalSection
FindFirstFileA
FindNextFileA
FindClose
HeapCreate
ReleaseSRWLockShared
InitializeCriticalSection
SetErrorMode
AddVectoredExceptionHandler
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
RtlVirtualUnwind
RtlAddFunctionTable
RtlLookupFunctionEntry
GetModuleHandleW
Thread32Next
Thread32First
SuspendThread
ResumeThread
EnterCriticalSection
FindNextFileW
lstrlenW
LeaveCriticalSection
GetFileAttributesW
GetFileAttributesA
ExitThread
FileTimeToSystemTime
SystemTimeToFileTime
GetProcessIdOfThread
TryEnterCriticalSection
GetVolumeInformationA
GetVolumeNameForVolumeMountPointA
GetTempPathA
GetWindowsDirectoryA
CreateEventA
GetComputerNameA
GetFullPathNameW
GetLongPathNameW
OpenMutexA
LocalFree
GetLongPathNameA
CallNamedPipeW
OpenEventA
WaitForSingleObject
Sleep
SetEvent
CreateThread
ExitProcess
HeapDestroy
TlsSetValue
TlsAlloc
TlsGetValue
TlsFree
QueryPerformanceFrequency
QueryPerformanceCounter
GetStdHandle
GetEnvironmentVariableW
GetFileType
SwitchToThread
InitializeCriticalSectionAndSpinCount
GetModuleHandleExW
DeleteFiber
ConvertFiberToThread
FreeLibrary
LoadLibraryW
FindFirstFileW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
EncodePointer
GetModuleFileNameW
SetLastError
InitOnceExecuteOnce
HeapAlloc
HeapReAlloc
HeapFree
CompareStringW
LCMapStringW
HeapSize
GetConsoleOutputCP
SetFilePointerEx
SetStdHandle
GetTimeZoneInformation
FlushFileBuffers
GetCurrentDirectoryW
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
GetStringTypeW
DecodePointer
GetCommandLineW
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileInformationByHandle
GetDriveTypeW
SetConsoleCtrlHandler
WriteConsoleW
LoadLibraryExW
InterlockedFlushSList
RtlPcToFileHeader
RtlUnwindEx
OutputDebugStringW
InitializeSListHead
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
RtlUnwind

user32

GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW

advapi32

CryptReleaseContext
CryptDestroyHash
CryptCreateHash
CryptEnumProvidersW
CryptSignHashW
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegSetKeyValueW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
OpenProcessToken
ConvertSidToStringSidW
GetTokenInformation
RegQueryValueExA
GetUserNameA
RegOpenKeyExA
CloseServiceHandle
OpenSCManagerW
GetServiceKeyNameW
QueryServiceConfigW
RegCloseKey

ole32

CoCreateFreeThreadedMarshaler
StringFromGUID2

shlwapi

PathRemoveFileSpecA
PathRemoveFileSpecW
PathAppendA

bcrypt

BCryptGenRandom

Exports

Exports

DllGetClassObject

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 754KB - Virtual size: 754KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 154KB - Virtual size: 440KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gxfg
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gehcont
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CAPEv2-master/analyzer/windows/lib/__init__.py
CAPEv2-master/analyzer/windows/lib/api/__init__.py
CAPEv2-master/analyzer/windows/lib/api/process.py
CAPEv2-master/analyzer/windows/lib/api/screenshot.py
CAPEv2-master/analyzer/windows/lib/api/utils.py
CAPEv2-master/analyzer/windows/lib/common/__init__.py
CAPEv2-master/analyzer/windows/lib/common/abstracts.py
CAPEv2-master/analyzer/windows/lib/common/common.py
CAPEv2-master/analyzer/windows/lib/common/constants.py
CAPEv2-master/analyzer/windows/lib/common/defines.py
CAPEv2-master/analyzer/windows/lib/common/errors.py
CAPEv2-master/analyzer/windows/lib/common/exceptions.py
CAPEv2-master/analyzer/windows/lib/common/hashing.py
CAPEv2-master/analyzer/windows/lib/common/parse_pe.py
CAPEv2-master/analyzer/windows/lib/common/rand.py
CAPEv2-master/analyzer/windows/lib/common/registry.py
CAPEv2-master/analyzer/windows/lib/common/results.py
.py .js
CAPEv2-master/analyzer/windows/lib/common/zip_utils.py
CAPEv2-master/analyzer/windows/lib/core/__init__.py
CAPEv2-master/analyzer/windows/lib/core/compound.py
CAPEv2-master/analyzer/windows/lib/core/config.py
CAPEv2-master/analyzer/windows/lib/core/log.py
CAPEv2-master/analyzer/windows/lib/core/packages.py
CAPEv2-master/analyzer/windows/lib/core/pipe.py
CAPEv2-master/analyzer/windows/lib/core/privileges.py
CAPEv2-master/analyzer/windows/lib/core/startup.py
CAPEv2-master/analyzer/windows/modules/__init__.py
CAPEv2-master/analyzer/windows/modules/auxiliary/__init__.py
CAPEv2-master/analyzer/windows/modules/auxiliary/amsi.py
.py .sh linux
CAPEv2-master/analyzer/windows/modules/auxiliary/amsi_collector.py
.py .sh linux
CAPEv2-master/analyzer/windows/modules/auxiliary/browser.py
CAPEv2-master/analyzer/windows/modules/auxiliary/digisig.py
CAPEv2-master/analyzer/windows/modules/auxiliary/disguise.py
CAPEv2-master/analyzer/windows/modules/auxiliary/during_script.py
CAPEv2-master/analyzer/windows/modules/auxiliary/evtx.py
CAPEv2-master/analyzer/windows/modules/auxiliary/filepickup.py
CAPEv2-master/analyzer/windows/modules/auxiliary/human.py
.py .sh linux
CAPEv2-master/analyzer/windows/modules/auxiliary/permissions.py
CAPEv2-master/analyzer/windows/modules/auxiliary/pre_script.py
CAPEv2-master/analyzer/windows/modules/auxiliary/recentfiles.py
CAPEv2-master/analyzer/windows/modules/auxiliary/screenshots.py
CAPEv2-master/analyzer/windows/modules/auxiliary/tlsdump.py
CAPEv2-master/analyzer/windows/modules/auxiliary/usage.py
CAPEv2-master/analyzer/windows/modules/packages/Shellcode-Unpacker.py
CAPEv2-master/analyzer/windows/modules/packages/Shellcode.py
CAPEv2-master/analyzer/windows/modules/packages/Shellcode_x64.py
CAPEv2-master/analyzer/windows/modules/packages/Unpacker.py
CAPEv2-master/analyzer/windows/modules/packages/Unpacker_dll.py
CAPEv2-master/analyzer/windows/modules/packages/Unpacker_js.py
CAPEv2-master/analyzer/windows/modules/packages/Unpacker_ps1.py
CAPEv2-master/analyzer/windows/modules/packages/Unpacker_regsvr.py
CAPEv2-master/analyzer/windows/modules/packages/Unpacker_zip.py
CAPEv2-master/analyzer/windows/modules/packages/__init__.py
CAPEv2-master/analyzer/windows/modules/packages/access.py
CAPEv2-master/analyzer/windows/modules/packages/applet.py
CAPEv2-master/analyzer/windows/modules/packages/archive.py
CAPEv2-master/analyzer/windows/modules/packages/autoit.py
CAPEv2-master/analyzer/windows/modules/packages/chm.py
CAPEv2-master/analyzer/windows/modules/packages/chrome.py
CAPEv2-master/analyzer/windows/modules/packages/chromium.py
CAPEv2-master/analyzer/windows/modules/packages/cpl.py
CAPEv2-master/analyzer/windows/modules/packages/dll.py
CAPEv2-master/analyzer/windows/modules/packages/doc.py
CAPEv2-master/analyzer/windows/modules/packages/doc2016.py
CAPEv2-master/analyzer/windows/modules/packages/doc_antivm.py
CAPEv2-master/analyzer/windows/modules/packages/edge.py
CAPEv2-master/analyzer/windows/modules/packages/eml.py
CAPEv2-master/analyzer/windows/modules/packages/exe.py
CAPEv2-master/analyzer/windows/modules/packages/firefox.py
CAPEv2-master/analyzer/windows/modules/packages/generic.py
CAPEv2-master/analyzer/windows/modules/packages/hta.py
CAPEv2-master/analyzer/windows/modules/packages/hwp.py
CAPEv2-master/analyzer/windows/modules/packages/ichitaro.py
CAPEv2-master/analyzer/windows/modules/packages/ie.py
CAPEv2-master/analyzer/windows/modules/packages/inf.py
CAPEv2-master/analyzer/windows/modules/packages/inp.py
CAPEv2-master/analyzer/windows/modules/packages/jar.py
CAPEv2-master/analyzer/windows/modules/packages/js.py
CAPEv2-master/analyzer/windows/modules/packages/js_antivm.py
CAPEv2-master/analyzer/windows/modules/packages/lnk.py
.py .ps1
CAPEv2-master/analyzer/windows/modules/packages/mht.py
CAPEv2-master/analyzer/windows/modules/packages/msbuild.py
CAPEv2-master/analyzer/windows/modules/packages/msg.py
CAPEv2-master/analyzer/windows/modules/packages/msi.py
CAPEv2-master/analyzer/windows/modules/packages/msix.py
CAPEv2-master/analyzer/windows/modules/packages/nsis.py
CAPEv2-master/analyzer/windows/modules/packages/ollydbg.py
CAPEv2-master/analyzer/windows/modules/packages/one.py
CAPEv2-master/analyzer/windows/modules/packages/pdf.py
CAPEv2-master/analyzer/windows/modules/packages/ppt.py
CAPEv2-master/analyzer/windows/modules/packages/ppt2016.py
CAPEv2-master/analyzer/windows/modules/packages/ps1.py
CAPEv2-master/analyzer/windows/modules/packages/pub.py
CAPEv2-master/analyzer/windows/modules/packages/pub2016.py
CAPEv2-master/analyzer/windows/modules/packages/python.py
CAPEv2-master/analyzer/windows/modules/packages/rar.py
CAPEv2-master/analyzer/windows/modules/packages/reg.py
CAPEv2-master/analyzer/windows/modules/packages/regsvr.py
CAPEv2-master/analyzer/windows/modules/packages/sct.py
CAPEv2-master/analyzer/windows/modules/packages/service.py
CAPEv2-master/analyzer/windows/modules/packages/service_dll.py
CAPEv2-master/analyzer/windows/modules/packages/swf.py
CAPEv2-master/analyzer/windows/modules/packages/vawtrak.py
CAPEv2-master/analyzer/windows/modules/packages/vbejse.py
CAPEv2-master/analyzer/windows/modules/packages/vbs.py
CAPEv2-master/analyzer/windows/modules/packages/wsf.py
CAPEv2-master/analyzer/windows/modules/packages/xls.py
CAPEv2-master/analyzer/windows/modules/packages/xls2016.py
CAPEv2-master/analyzer/windows/modules/packages/xps.py
CAPEv2-master/analyzer/windows/modules/packages/xslt.py
CAPEv2-master/analyzer/windows/modules/packages/zip.py
CAPEv2-master/analyzer/windows/modules/packages/zip_compound.py
CAPEv2-master/analyzer/windows/pytest.ini
CAPEv2-master/analyzer/windows/tests/lib/api/test_process.py
CAPEv2-master/analyzer/windows/tests/lib/common/test_abstracts.py
CAPEv2-master/analyzer/windows/tests/modules/packages/test_ps1.py
CAPEv2-master/analyzer/windows/tests/test_analysis_packages.py
CAPEv2-master/analyzer/windows/tests/test_analyzer.py
CAPEv2-master/analyzer/windows/tests/test_analyzer_files.py
CAPEv2-master/analyzer/windows/tests/test_analyzer_process_list.py
CAPEv2-master/changelog.md
CAPEv2-master/conf/copy_configs.sh
.sh linux
CAPEv2-master/conf/default/api.conf.default
CAPEv2-master/conf/default/auxiliary.conf.default
CAPEv2-master/conf/default/aws.conf.default
CAPEv2-master/conf/default/az.conf.default
CAPEv2-master/conf/default/cuckoo.conf.default
CAPEv2-master/conf/default/cuckoomx.conf.default
CAPEv2-master/conf/default/distributed.conf.default
CAPEv2-master/conf/default/esx.conf.default
CAPEv2-master/conf/default/externalservices.conf.default
CAPEv2-master/conf/default/hosts.conf.default
CAPEv2-master/conf/default/kvm.conf.default
CAPEv2-master/conf/default/logging.conf.default
CAPEv2-master/conf/default/malheur.conf.default
CAPEv2-master/conf/default/memory.conf.default
CAPEv2-master/conf/default/multi.conf.default
CAPEv2-master/conf/default/physical.conf.default
CAPEv2-master/conf/default/processing.conf.default
CAPEv2-master/conf/default/proxmox.conf.default
CAPEv2-master/conf/default/qemu.conf.default
CAPEv2-master/conf/default/reporting.conf.default
CAPEv2-master/conf/default/routing.conf.default
CAPEv2-master/conf/default/selfextract.conf.default
CAPEv2-master/conf/default/smtp_sinkhole.conf.default
CAPEv2-master/conf/default/virtualbox.conf.default
CAPEv2-master/conf/default/vmware.conf.default
CAPEv2-master/conf/default/vmwarerest.conf.default
CAPEv2-master/conf/default/vmwareserver.conf.default
CAPEv2-master/conf/default/vpn.conf.default
CAPEv2-master/conf/default/vsphere.conf.default
CAPEv2-master/conf/default/web.conf.default
CAPEv2-master/conf/default/xenserver.conf.default
CAPEv2-master/conf/readme.md
CAPEv2-master/cuckoo.py
.py .sh linux
CAPEv2-master/custom/.gitignore
CAPEv2-master/data/family_detection_names.py
CAPEv2-master/data/google_creds.json
CAPEv2-master/data/html/base-report.html
CAPEv2-master/data/html/base-web.html
CAPEv2-master/data/html/browse.html
CAPEv2-master/data/html/css/bootstrap.min.css
CAPEv2-master/data/html/css/bootstrap.min.css.map
CAPEv2-master/data/html/css/style.css
CAPEv2-master/data/html/error.html
CAPEv2-master/data/html/generic/_dotnet.html
CAPEv2-master/data/html/generic/_file_info.html
CAPEv2-master/data/html/generic/_floss.html
CAPEv2-master/data/html/generic/_java.html
CAPEv2-master/data/html/generic/_lnk.html
CAPEv2-master/data/html/generic/_office.html
CAPEv2-master/data/html/generic/_pdf.html
CAPEv2-master/data/html/generic/_pe.html
CAPEv2-master/data/html/generic/_subfile_info.html
CAPEv2-master/data/html/generic/_virustotal.html
CAPEv2-master/data/html/generic/_xlmmacro.html
CAPEv2-master/data/html/graphic/logo.html
CAPEv2-master/data/html/img/glyphicons-halflings-white.png
.png
CAPEv2-master/data/html/img/glyphicons-halflings.png
.png
CAPEv2-master/data/html/js/bootstrap.min.js
.js
CAPEv2-master/data/html/js/functions.js
.js
CAPEv2-master/data/html/js/jquery.min.js
.js
CAPEv2-master/data/html/pagination-menu.html
CAPEv2-master/data/html/pagination-rpp.html
CAPEv2-master/data/html/report.html
CAPEv2-master/data/html/sections/behavior.html
CAPEv2-master/data/html/sections/dropped.html
CAPEv2-master/data/html/sections/errors.html
CAPEv2-master/data/html/sections/file.html
CAPEv2-master/data/html/sections/info.html
CAPEv2-master/data/html/sections/memory/_apihooks.html
CAPEv2-master/data/html/sections/memory/_callbacks.html
CAPEv2-master/data/html/sections/memory/_devicetree.html
CAPEv2-master/data/html/sections/memory/_gdt.html
CAPEv2-master/data/html/sections/memory/_idt.html
CAPEv2-master/data/html/sections/memory/_malfind.html
CAPEv2-master/data/html/sections/memory/_messagehooks.html
CAPEv2-master/data/html/sections/memory/_modscan.html
CAPEv2-master/data/html/sections/memory/_netscan.html
CAPEv2-master/data/html/sections/memory/_pslist.html
CAPEv2-master/data/html/sections/memory/_sockscan.html
CAPEv2-master/data/html/sections/memory/_ssdt.html
CAPEv2-master/data/html/sections/memory/_svcscan.html
CAPEv2-master/data/html/sections/memory/_timers.html
CAPEv2-master/data/html/sections/memory/_yarascan.html
CAPEv2-master/data/html/sections/network.html
CAPEv2-master/data/html/sections/payloads.html
CAPEv2-master/data/html/sections/screenshots.html
CAPEv2-master/data/html/sections/signatures.html
CAPEv2-master/data/html/sections/url.html
CAPEv2-master/data/html/sections/volatility.html
CAPEv2-master/data/html/statistics.html
CAPEv2-master/data/html/statistics/README
CAPEv2-master/data/html/submit.html
CAPEv2-master/data/html/success.html
CAPEv2-master/data/linux/linux-syscalls.json
CAPEv2-master/data/maec_api_call_mappings.json
CAPEv2-master/data/safelist/disposable_domain_list.txt
CAPEv2-master/data/safelist/domains.py
CAPEv2-master/data/safelist/replacepatterns.py
CAPEv2-master/data/signature_overlay.json
CAPEv2-master/data/src/binpackage/Makefile
CAPEv2-master/data/src/binpackage/execsc.c
CAPEv2-master/data/yara/CAPE/AgentTesla.yar
CAPEv2-master/data/yara/CAPE/Amadey.yar
CAPEv2-master/data/yara/CAPE/Arkei.yar
CAPEv2-master/data/yara/CAPE/AsyncRat.yar
CAPEv2-master/data/yara/CAPE/Atlas.yar
CAPEv2-master/data/yara/CAPE/AuroraStealer.yar
CAPEv2-master/data/yara/CAPE/Azer.yar
CAPEv2-master/data/yara/CAPE/Azorult.yar
CAPEv2-master/data/yara/CAPE/BadRabbit.yar
CAPEv2-master/data/yara/CAPE/Bazar.yar
CAPEv2-master/data/yara/CAPE/BitPaymer.yar
CAPEv2-master/data/yara/CAPE/Blister.yar
CAPEv2-master/data/yara/CAPE/BruteRatel.yar
CAPEv2-master/data/yara/CAPE/BuerLoader.yar
CAPEv2-master/data/yara/CAPE/BumbleBee.yar
CAPEv2-master/data/yara/CAPE/Carbanak.yar
CAPEv2-master/data/yara/CAPE/CargoBayLoader.yar
CAPEv2-master/data/yara/CAPE/Cerber.yar
CAPEv2-master/data/yara/CAPE/CobaltStrikeBeacon.yar
CAPEv2-master/data/yara/CAPE/CobaltStrikeStager.yar
CAPEv2-master/data/yara/CAPE/Codoso.yar
CAPEv2-master/data/yara/CAPE/Conti.yar
CAPEv2-master/data/yara/CAPE/Cryptoshield.yar
CAPEv2-master/data/yara/CAPE/DarkGate.yar
CAPEv2-master/data/yara/CAPE/DoomedLoader.yar
CAPEv2-master/data/yara/CAPE/DoppelPaymer.yar
CAPEv2-master/data/yara/CAPE/Dreambot.yar
CAPEv2-master/data/yara/CAPE/DridexLoader.yar
CAPEv2-master/data/yara/CAPE/DridexV4.yar
CAPEv2-master/data/yara/CAPE/Emotet.yar
CAPEv2-master/data/yara/CAPE/EmotetLoader.yar
CAPEv2-master/data/yara/CAPE/EternalRomance.yar
CAPEv2-master/data/yara/CAPE/Fareit.yar
CAPEv2-master/data/yara/CAPE/Formbook.yar
CAPEv2-master/data/yara/CAPE/Gandcrab.yar
CAPEv2-master/data/yara/CAPE/Gootkit.yar
CAPEv2-master/data/yara/CAPE/Guloader.yar
CAPEv2-master/data/yara/CAPE/Hancitor.yar
CAPEv2-master/data/yara/CAPE/Hermes.yar
CAPEv2-master/data/yara/CAPE/IcedID.yar
CAPEv2-master/data/yara/CAPE/IcedIDLoader.yar
CAPEv2-master/data/yara/CAPE/Jaff.yar
CAPEv2-master/data/yara/CAPE/Kovter.yar
CAPEv2-master/data/yara/CAPE/Kpot.yar
CAPEv2-master/data/yara/CAPE/Kronos.yar
CAPEv2-master/data/yara/CAPE/Latrodectus.yar
CAPEv2-master/data/yara/CAPE/Lockbit.yar
CAPEv2-master/data/yara/CAPE/Locky.yar
CAPEv2-master/data/yara/CAPE/LokiBot.yar
CAPEv2-master/data/yara/CAPE/Lumma.yar
CAPEv2-master/data/yara/CAPE/Magniber.yar
CAPEv2-master/data/yara/CAPE/MassLogger.yar
CAPEv2-master/data/yara/CAPE/MegaCortex.yar
CAPEv2-master/data/yara/CAPE/Mole.yar
CAPEv2-master/data/yara/CAPE/NanoLocker.yar
CAPEv2-master/data/yara/CAPE/Nemty.yar
CAPEv2-master/data/yara/CAPE/NetTraveler.yar
CAPEv2-master/data/yara/CAPE/Nighthawk.yar
CAPEv2-master/data/yara/CAPE/Origin.yar
CAPEv2-master/data/yara/CAPE/Oyster.yar
CAPEv2-master/data/yara/CAPE/Pafish.yar
CAPEv2-master/data/yara/CAPE/PetrWrap.yar
CAPEv2-master/data/yara/CAPE/Petya.yar
CAPEv2-master/data/yara/CAPE/PikaBot.yar
CAPEv2-master/data/yara/CAPE/QakBot.yar
CAPEv2-master/data/yara/CAPE/Quickbind.yar
CAPEv2-master/data/yara/CAPE/RCSession.yar
CAPEv2-master/data/yara/CAPE/Ramnit.yar
CAPEv2-master/data/yara/CAPE/Remcos.yar
CAPEv2-master/data/yara/CAPE/Rhadamanthys.yar
CAPEv2-master/data/yara/CAPE/RokRat.yar
CAPEv2-master/data/yara/CAPE/Rozena.yar
CAPEv2-master/data/yara/CAPE/Ryuk.yar
CAPEv2-master/data/yara/CAPE/Scarab.yar
CAPEv2-master/data/yara/CAPE/Sedreco.yar
CAPEv2-master/data/yara/CAPE/Seduploader.yar
CAPEv2-master/data/yara/CAPE/SmokeLoader.yar
CAPEv2-master/data/yara/CAPE/Socks5Systemz.yar
CAPEv2-master/data/yara/CAPE/SquirrelWaffle.yar
CAPEv2-master/data/yara/CAPE/Stealc.yar
CAPEv2-master/data/yara/CAPE/TClient.yar
CAPEv2-master/data/yara/CAPE/TSCookie.yar
CAPEv2-master/data/yara/CAPE/TrickBot.yar
CAPEv2-master/data/yara/CAPE/Ursnif.yar
CAPEv2-master/data/yara/CAPE/UrsnifV3.yar
CAPEv2-master/data/yara/CAPE/Varenyky.yar
CAPEv2-master/data/yara/CAPE/Vidar.yar
CAPEv2-master/data/yara/CAPE/WanaCry.yar
CAPEv2-master/data/yara/CAPE/ZeroT.yar
CAPEv2-master/data/yara/CAPE/ZeusPanda.yar
CAPEv2-master/data/yara/CAPE/Zloader.yar
CAPEv2-master/data/yara/binaries/HeavensGate.yar

Sharing

General

Malware Config

Signatures

Files

7e7ea33c6082e61a8f170d6466f1d863

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ntdll

rpcrt4

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 512B - Virtual size: 984B

.rsrc Size: 105KB - Virtual size: 104KB

.reloc Size: 1KB - Virtual size: 1KB

ac2e4658e6df04971588aaf3817df9dd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ntdll

rpcrt4

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 18KB - Virtual size: 17KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 123KB - Virtual size: 123KB

.reloc Size: 512B - Virtual size: 60B

6ae531f3439aee07e850dbb1ac7115a4

Code Sign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cdCertificate

Extended Key Usages

Key Usages

42:f7:ce:c0:08:6a:c8:87:bb:81:ba:16Certificate

Extended Key Usages

Key Usages

13:b7:74:ee:59:e3:5e:c6:06:26:16:89Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

ef:6a:b2:a0:69:2a:c4:4c:10:3d:fd:54:f2:65:c9:56:36:40:84:e1:a9:e6:56:a1:6d:7f:5d:d8:5d:7b:03:94Signer

Headers

DLL Characteristics

File Characteristics

Imports

wsock32

version

winmm

comctl32

mpr

wininet

psapi

iphlpapi

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 512B - Virtual size: 984B

.rsrc
Size: 105KB - Virtual size: 104KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 18KB - Virtual size: 17KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 123KB - Virtual size: 123KB

.reloc
Size: 512B - Virtual size: 60B

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

42:f7:ce:c0:08:6a:c8:87:bb:81:ba:16
Certificate

13:b7:74:ee:59:e3:5e:c6:06:26:16:89
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

ef:6a:b2:a0:69:2a:c4:4c:10:3d:fd:54:f2:65:c9:56:36:40:84:e1:a9:e6:56:a1:6d:7f:5d:d8:5d:7b:03:94
Signer

.text
Size: 570KB - Virtual size: 569KB

.rdata
Size: 191KB - Virtual size: 191KB

.data
Size: 20KB - Virtual size: 35KB

.rsrc
Size: 54KB - Virtual size: 53KB

.reloc
Size: 28KB - Virtual size: 28KB

.text
Size: 93KB - Virtual size: 93KB

.rdata
Size: 34KB - Virtual size: 33KB

.data
Size: 2KB - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 5KB - Virtual size: 4KB

.text
Size: 106KB - Virtual size: 105KB

.rdata
Size: 49KB - Virtual size: 48KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 5KB - Virtual size: 5KB

.gxfg
Size: 6KB - Virtual size: 5KB

.gehcont
Size: 512B - Virtual size: 16B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 2KB - Virtual size: 1KB

33:00:00:00:98:04:58:cb:7f:23:09:b0:9e:00:00:00:00:00:98
Certificate

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

0c:4f:c5:97:fa:40:70:59:c9:4b:35:34:f4:9b:c0:90:a1:1c:cb:4e:4e:6d:96:9a:f2:67:e1:4d:69:35:9f:71
Signer

b4:77:bc:a0:7b:c3:2e:88:63:11:99:73:bc:91:f6:a5:5f:10:40:5f
Signer