pppwn GUI 1[.]9[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

pppwn GUI 1.9.zip
Size

41.6MB
MD5

ffb2284b145852d622344ab3df0c390d
SHA1

54c999d8eff43511fa4986aac5fd950e4b89f6ab
SHA256

0762bbb4303cbd82451b3243b3dbf05e60960251001da24659b2cbad22bb90ea
SHA512

ee56b9fc93fa74a739966ef43e990595a020abe151c3bb79fbf68e5a4a4986233fa8235845edbb9a6009ef4f75abff2068bc595b79b44a6ad33e07624a2bfa83
SSDEEP

786432:fwJYp4scFQmHAXTf6dUXCT/TjqLKNjm150yH8VIQ1EFOUXC:YJYp46Xi9Ua

Score

7^/10

pyinstaller upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack004/Unpacked Version/pppwn/exploit/pppwn_.exe	upx
static1/unpack004/Unpacked Version/pppwn/exploit/pppwn_64.exe	upx

Detects Pyinstaller 3 IoCs

pyinstaller

resource	yara_rule
static1/unpack001/pppwn GUI/PPPwn GUI 1.9.exe	pyinstaller
static1/unpack004/Unpacked Version/pppwn/PPPwn GUI 1.9.exe	pyinstaller
static1/unpack004/Unpacked Version/pppwn/exploit/pppwn_p.exe	pyinstaller

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/pppwn GUI/PPPwn GUI 1.9.exe
unpack004/Unpacked Version/pppwn/DevComponents.DotNetBar2.dll
unpack004/Unpacked Version/pppwn/PPPwn GUI 1.9.exe
unpack004/Unpacked Version/pppwn/exploit/pppwn_.exe
unpack004/Unpacked Version/pppwn/exploit/pppwn_64.exe
unpack004/Unpacked Version/pppwn/exploit/pppwn_p.exe

Files

pppwn GUI 1.9.zip
.zip
pppwn GUI/Install First.exe
.exe windows:4 windows x86 arch:x86

dfb595641ed97366338a474595c7be08

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:3a:58:33:80:c4:d7:6a:bf:d3:33:5a:9f:ae:34:2c
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

06/07/2023, 00:00

Not After

10/06/2024, 23:59

Subject

SERIALNUMBER=6397588,CN=Nmap Software LLC,O=Nmap Software LLC,L=Beaverton,ST=Oregon,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a9:51:4a:df:8f:8f:41:39:e1:48:37:42:20:0a:f6:d8:56:30:d2:da:ca:24:31:cb:de:19:1c:9d:2f:db:f3:f9
Signer

Actual PE Digest

a9:51:4a:df:8f:8f:41:39:e1:48:37:42:20:0a:f6:d8:56:30:d2:da:ca:24:31:cb:de:19:1c:9d:2f:db:f3:f9

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW

shell32

SHGetFileInfoW
SHBrowseForFolderW
SHFileOperationW
ShellExecuteExW
SHGetSpecialFolderLocation
SHGetPathFromIDListW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

DispatchMessageW
wsprintfA
IsWindowVisible
PeekMessageW
wvsprintfW
MessageBoxIndirectW
CharNextA
CharPrevW
GetSystemMetrics
GetDlgItemTextW
SetDlgItemTextW
TrackPopupMenu
CreatePopupMenu
FillRect
CloseClipboard
OpenClipboard
EndPaint
IsDlgButtonChecked
CallWindowProcW
GetMessagePos
LoadCursorW
GetAsyncKeyState
CheckDlgButton
GetSysColor
SetCursor
GetWindowLongW
SetClassLongW
SetWindowPos
IsWindowEnabled
GetWindowRect
GetSystemMenu
EnableMenuItem
RegisterClassW
ScreenToClient
EndDialog
GetClassInfoW
SystemParametersInfoW
CreateWindowExW
ExitWindowsEx
DialogBoxParamW
CharNextW
SetTimer
DestroyWindow
CreateDialogParamW
SetForegroundWindow
SetWindowTextW
PostQuitMessage
SendMessageTimeoutW
ShowWindow
wsprintfW
GetDlgItem
FindWindowExW
IsWindow
GetDC
SetWindowLongW
LoadImageW
InvalidateRect
ReleaseDC
EnableWindow
BeginPaint
SendMessageW
DefWindowProcW
GetClientRect
DrawTextW
SetClipboardData
EmptyClipboard
AppendMenuW

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
MoveFileExW
GetTempFileNameW
lstrcmpiA
WriteFile
CreateProcessW
CreateDirectoryW
RemoveDirectoryW
GlobalLock
GlobalUnlock
CreateThread
WideCharToMultiByte
lstrcpynW
GetDiskFreeSpaceW
SetErrorMode
GetVersion
lstrlenW
GetTempPathW
GetWindowsDirectoryW
GetCommandLineW
ExitProcess
CopyFileW
SetEnvironmentVariableW
GetModuleFileNameW
GetFileSize
GetCurrentProcess
GetTickCount
Sleep
CreateFileW
GetFileAttributesW
SetCurrentDirectoryW
SetFileAttributesW
MoveFileW
GetFullPathNameW
GetLastError
SearchPathW
CompareFileTime
GetShortPathNameW
CloseHandle
lstrcmpiW
SetFileTime
ExpandEnvironmentStringsW
GlobalFree
lstrcmpW
GetModuleHandleW
LoadLibraryExW
GlobalAlloc
WritePrivateProfileStringW
GetPrivateProfileStringW
FreeLibrary
lstrcpyA
lstrcatW
ReadFile
MultiByteToWideChar
lstrlenA
FindClose
FindNextFileW
SetFilePointer
DeleteFileW
MulDiv
FindFirstFileW

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 132KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

4b45b7e00344a87332fbd12653854d1a

Code Sign

0a:a6:07:83:eb:b5:07:6e:bc:2d:12:da:9b:04:c2:90
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

05/05/2021, 00:00

Not After

10/06/2024, 23:59

Subject

SERIALNUMBER=200010310013,CN=Insecure.Com LLC,O=Insecure.Com LLC,L=Seattle,ST=Washington,C=US,1.3.6.1.4.1.311.60.2.1.2=#130a43616c69666f726e6961,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d0:1b:f0:e5:14:3e:b4:e1:37:1d:88:91:47:0a:5f:71:5b:ad:cc:55:7d:59:14:42:5a:c1:5e:ec:18:3c:12:c4
Signer

Actual PE Digest

d0:1b:f0:e5:14:3e:b4:e1:37:1d:88:91:47:0a:5f:71:5b:ad:cc:55:7d:59:14:42:5a:c1:5e:ec:18:3c:12:c4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentDirectoryW
GlobalUnlock
GlobalLock
GetModuleHandleW
CloseHandle
SetEndOfFile
SetCurrentDirectoryW
GetPrivateProfileStringW
GetPrivateProfileIntW
MultiByteToWideChar
ReadFile
GetFileSize
CreateFileW
lstrcmpiW
lstrcatW
lstrcpynW
WritePrivateProfileStringW
lstrlenW
lstrcpyW
GlobalFree
GlobalAlloc
WriteFile
SetFilePointer

user32

LoadCursorW
SetWindowRgn
GetDlgCtrlID
CloseClipboard
DrawFocusRect
OpenClipboard
DrawTextW
SetCursor
LoadIconW
LoadImageW
SetWindowLongW
CreateWindowExW
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamW
GetClientRect
ShowWindow
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
CallWindowProcW
PostMessageW
MessageBoxW
GetSysColor
CharNextW
wsprintfW
GetWindowTextW
SetWindowTextW
SendMessageW
GetWindowLongW
EnableMenuItem
PtInRect
MapWindowPoints
GetClipboardData

gdi32

SetTextColor
DeleteObject
CombineRgn
CreateRectRgn
GetDIBits
SelectObject
CreateCompatibleDC
GetObjectW

shell32

SHGetDesktopFolder
SHGetPathFromIDListW
ShellExecuteW
SHBrowseForFolderW

comdlg32

GetOpenFileNameW
GetSaveFileNameW
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
make_unicode
show

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NPFInstall.exe
.exe windows:6 windows x86 arch:x86

ac3a9df0056b7346a52a9ca99eaf3ecf

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:3a:58:33:80:c4:d7:6a:bf:d3:33:5a:9f:ae:34:2c
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

06/07/2023, 00:00

Not After

10/06/2024, 23:59

Subject

SERIALNUMBER=6397588,CN=Nmap Software LLC,O=Nmap Software LLC,L=Beaverton,ST=Oregon,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

98:0d:cf:52:40:b5:0f:6f:4d:5c:ce:93:b6:57:36:2b:de:6b:a7:b4:fb:ee:98:e0:bb:f9:13:c1:ed:ea:b5:77
Signer

Actual PE Digest

98:0d:cf:52:40:b5:0f:6f:4d:5c:ce:93:b6:57:36:2b:de:6b:a7:b4:fb:ee:98:e0:bb:f9:13:c1:ed:ea:b5:77

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Nmap\Documents\Repos\npcap\packetWin7\vs14\Release\NPFInstall.pdb

Imports

setupapi

CM_Get_Device_ID_ExW
SetupDiGetDeviceInstallParamsW
SetupDiGetClassDevsExW
SetupDiClassGuidsFromNameExW
SetupDiGetDeviceInfoListDetailW
SetupDiCallClassInstaller
SetupDiCreateDeviceInfoListExW
SetupDiGetDeviceInstanceIdW
SetupDiGetINFClassW
SetupDiCreateDeviceInfoList
SetupDiCreateDevRegKeyW
SetupDiSetDeviceRegistryPropertyW
SetupDiCreateDeviceInfoW
SetupDiSetClassInstallParamsW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyW
SetupDiOpenDeviceInfoW
SetupCopyOEMInfW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

psapi

EnumProcessModulesEx
GetModuleFileNameExW

kernel32

SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindFirstFileW
SetLastError
FindClose
GetCurrentThreadId
Sleep
GetLastError
GetLocalTime
GetFullPathNameW
lstrlenW
GetModuleFileNameW
GetFileAttributesW
FormatMessageW
DeleteFileW
LoadLibraryW
GetProcAddress
LocalFree
VerSetConditionMask
FreeLibrary
VerifyVersionInfoW
InitializeCriticalSectionEx
RaiseException
DecodePointer
DeleteCriticalSection
ReadFile
GetStringTypeW
GetStdHandle
CreatePipe
MultiByteToWideChar
CloseHandle
CreateProcessW
GetConsoleWindow
SetConsoleTitleW
HeapFree
GetCurrentProcess
DeviceIoControl
TerminateProcess
WaitForSingleObject
CreateFileW
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
HeapAlloc
GetCurrentProcessId
GetProcessHeap
GetTickCount
LCMapStringW
CompareStringW
GetFileType
HeapSize
HeapReAlloc
WriteConsoleW
GetFileSizeEx
SetFilePointerEx
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
SetEndOfFile
GetCommandLineW
GetCommandLineA
WriteFile
GetModuleHandleExW
ExitProcess
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
ReadConsoleW
SetHandleInformation
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
EncodePointer

user32

CharNextW
CharPrevW
ShowWindow

advapi32

OpenProcessToken
RegCloseKey
AdjustTokenPrivileges
RegOpenKeyExW
RegGetValueW
RegDeleteValueW
LookupPrivilegeValueW
RegSetValueExW

shell32

SHGetSpecialFolderPathW

ole32

CoTaskMemFree
CoUninitialize
CoInitializeSecurity
CoInitialize
CoInitializeEx
CoCreateInstance

oleaut32

VariantClear
VariantInit

advpack

LaunchINFSectionExW

Sections

.text
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/SysRestore.dll
.dll windows:6 windows x86 arch:x86

aa88191a9382bec9c5b80dd5eeb8e542

Code Sign

0a:a6:07:83:eb:b5:07:6e:bc:2d:12:da:9b:04:c2:90
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

05/05/2021, 00:00

Not After

10/06/2024, 23:59

Subject

SERIALNUMBER=200010310013,CN=Insecure.Com LLC,O=Insecure.Com LLC,L=Seattle,ST=Washington,C=US,1.3.6.1.4.1.311.60.2.1.2=#130a43616c69666f726e6961,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b6:13:60:9a:53:5f:40:23:63:fb:14:8e:ae:fb:91:c4:57:43:d9:f1:48:e0:65:ea:31:2e:d3:7a:a8:49:3e:d5
Signer

Actual PE Digest

b6:13:60:9a:53:5f:40:23:63:fb:14:8e:ae:fb:91:c4:57:43:d9:f1:48:e0:65:ea:31:2e:d3:7a:a8:49:3e:d5

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
lstrcpyW
lstrcpynW
LoadLibraryExW
FreeLibrary
LocalFree
GetProcAddress
GetLastError
GetSystemDirectoryW
LocalAlloc
SetLastError

user32

wsprintfW

Exports

Exports

FinishRestorePoint
RemoveRestorePoint
StartRestorePoint
StartUnRestorePoint

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

fc0224e99e736751432961db63a41b76

Code Sign

0a:a6:07:83:eb:b5:07:6e:bc:2d:12:da:9b:04:c2:90
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

05/05/2021, 00:00

Not After

10/06/2024, 23:59

Subject

SERIALNUMBER=200010310013,CN=Insecure.Com LLC,O=Insecure.Com LLC,L=Seattle,ST=Washington,C=US,1.3.6.1.4.1.311.60.2.1.2=#130a43616c69666f726e6961,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e2:d3:cc:e4:f6:37:f5:3f:02:67:d0:49:e3:b3:24:6a:f5:3b:04:3b:1f:95:17:b2:dd:53:f8:b8:5f:f0:69:3f
Signer

Actual PE Digest

e2:d3:cc:e4:f6:37:f5:3f:02:67:d0:49:e3:b3:24:6a:f5:3b:04:3b:1f:95:17:b2:dd:53:f8:b8:5f:f0:69:3f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GlobalAlloc
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/final.ini
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

c1c7505e1e6e929ebb6b9100e55b050a

Code Sign

0a:a6:07:83:eb:b5:07:6e:bc:2d:12:da:9b:04:c2:90
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

05/05/2021, 00:00

Not After

10/06/2024, 23:59

Subject

SERIALNUMBER=200010310013,CN=Insecure.Com LLC,O=Insecure.Com LLC,L=Seattle,ST=Washington,C=US,1.3.6.1.4.1.311.60.2.1.2=#130a43616c69666f726e6961,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

35:cd:42:7b:58:e1:42:27:43:49:30:d1:0c:7b:b3:59:fd:99:8b:90:ee:4b:34:fe:be:29:11:e7:d6:75:90:f4
Signer

Actual PE Digest

35:cd:42:7b:58:e1:42:27:43:49:30:d1:0c:7b:b3:59:fd:99:8b:90:ee:4b:34:fe:be:29:11:e7:d6:75:90:f4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
IsTextUnicode

user32

wsprintfW
CharNextExA
SendMessageW
FindWindowExW
CharNextW
CharPrevW

kernel32

CreatePipe
DeleteFileW
lstrcmpiW
GetCommandLineW
ExitProcess
Sleep
TerminateProcess
GlobalReAlloc
MultiByteToWideChar
IsDBCSLeadByteEx
ReadFile
PeekNamedPipe
GetExitCodeProcess
WaitForSingleObject
GetTickCount
lstrcpyW
CreateProcessW
GetStartupInfoW
CreateFileMappingW
GetVersion
GetCurrentProcess
lstrcpynW
lstrlenW
lstrcatW
CloseHandle
UnmapViewOfFile
MapViewOfFile
GlobalFree
CreateFileW
CopyFileW
GetTempFileNameW
GlobalAlloc
GetModuleFileNameW
GetProcAddress
GetModuleHandleA

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/options.ini
NPFInstall.exe
.exe windows:6 windows x86 arch:x86

ac3a9df0056b7346a52a9ca99eaf3ecf

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:3a:58:33:80:c4:d7:6a:bf:d3:33:5a:9f:ae:34:2c
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

06/07/2023, 00:00

Not After

10/06/2024, 23:59

Subject

SERIALNUMBER=6397588,CN=Nmap Software LLC,O=Nmap Software LLC,L=Beaverton,ST=Oregon,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

98:0d:cf:52:40:b5:0f:6f:4d:5c:ce:93:b6:57:36:2b:de:6b:a7:b4:fb:ee:98:e0:bb:f9:13:c1:ed:ea:b5:77
Signer

Actual PE Digest

98:0d:cf:52:40:b5:0f:6f:4d:5c:ce:93:b6:57:36:2b:de:6b:a7:b4:fb:ee:98:e0:bb:f9:13:c1:ed:ea:b5:77

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Nmap\Documents\Repos\npcap\packetWin7\vs14\Release\NPFInstall.pdb

Imports

setupapi

CM_Get_Device_ID_ExW
SetupDiGetDeviceInstallParamsW
SetupDiGetClassDevsExW
SetupDiClassGuidsFromNameExW
SetupDiGetDeviceInfoListDetailW
SetupDiCallClassInstaller
SetupDiCreateDeviceInfoListExW
SetupDiGetDeviceInstanceIdW
SetupDiGetINFClassW
SetupDiCreateDeviceInfoList
SetupDiCreateDevRegKeyW
SetupDiSetDeviceRegistryPropertyW
SetupDiCreateDeviceInfoW
SetupDiSetClassInstallParamsW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyW
SetupDiOpenDeviceInfoW
SetupCopyOEMInfW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

psapi

EnumProcessModulesEx
GetModuleFileNameExW

kernel32

SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindFirstFileW
SetLastError
FindClose
GetCurrentThreadId
Sleep
GetLastError
GetLocalTime
GetFullPathNameW
lstrlenW
GetModuleFileNameW
GetFileAttributesW
FormatMessageW
DeleteFileW
LoadLibraryW
GetProcAddress
LocalFree
VerSetConditionMask
FreeLibrary
VerifyVersionInfoW
InitializeCriticalSectionEx
RaiseException
DecodePointer
DeleteCriticalSection
ReadFile
GetStringTypeW
GetStdHandle
CreatePipe
MultiByteToWideChar
CloseHandle
CreateProcessW
GetConsoleWindow
SetConsoleTitleW
HeapFree
GetCurrentProcess
DeviceIoControl
TerminateProcess
WaitForSingleObject
CreateFileW
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
HeapAlloc
GetCurrentProcessId
GetProcessHeap
GetTickCount
LCMapStringW
CompareStringW
GetFileType
HeapSize
HeapReAlloc
WriteConsoleW
GetFileSizeEx
SetFilePointerEx
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
SetEndOfFile
GetCommandLineW
GetCommandLineA
WriteFile
GetModuleHandleExW
ExitProcess
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
ReadConsoleW
SetHandleInformation
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
EncodePointer

user32

CharNextW
CharPrevW
ShowWindow

advapi32

OpenProcessToken
RegCloseKey
AdjustTokenPrivileges
RegOpenKeyExW
RegGetValueW
RegDeleteValueW
LookupPrivilegeValueW
RegSetValueExW

shell32

SHGetSpecialFolderPathW

ole32

CoTaskMemFree
CoUninitialize
CoInitializeSecurity
CoInitialize
CoInitializeEx
CoCreateInstance

oleaut32

VariantClear
VariantInit

advpack

LaunchINFSectionExW

Sections

.text
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/NPFInstall.exe
.exe windows:6 windows x64 arch:x64

7db86a11bab80778ea08e0ee092c4653

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:3a:58:33:80:c4:d7:6a:bf:d3:33:5a:9f:ae:34:2c
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

06/07/2023, 00:00

Not After

10/06/2024, 23:59

Subject

SERIALNUMBER=6397588,CN=Nmap Software LLC,O=Nmap Software LLC,L=Beaverton,ST=Oregon,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:d7:78:87:96:44:45:07:b5:e1:30:e6:41:b0:54:77:9d:cc:85:6c:53:57:e4:ae:13:c6:67:47:9d:91:99:85
Signer

Actual PE Digest

01:d7:78:87:96:44:45:07:b5:e1:30:e6:41:b0:54:77:9d:cc:85:6c:53:57:e4:ae:13:c6:67:47:9d:91:99:85

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Nmap\Documents\Repos\npcap\packetWin7\vs14\x64\Release\NPFInstall.pdb

Imports

setupapi

CM_Get_Device_ID_ExW
SetupDiGetDeviceInstallParamsW
SetupDiGetClassDevsExW
SetupDiClassGuidsFromNameExW
SetupDiGetDeviceInfoListDetailW
SetupDiCallClassInstaller
SetupDiCreateDeviceInfoListExW
SetupDiGetDeviceInstanceIdW
SetupDiGetINFClassW
SetupDiCreateDeviceInfoList
SetupDiCreateDevRegKeyW
SetupDiSetDeviceRegistryPropertyW
SetupDiCreateDeviceInfoW
SetupDiSetClassInstallParamsW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyW
SetupDiOpenDeviceInfoW
SetupCopyOEMInfW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

psapi

EnumProcessModulesEx
GetModuleFileNameExW

kernel32

GetStringTypeW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindFirstFileW
SetLastError
FindClose
GetCurrentThreadId
Sleep
GetLastError
GetLocalTime
GetFullPathNameW
lstrlenW
GetModuleFileNameW
GetFileAttributesW
FormatMessageW
DeleteFileW
LoadLibraryW
GetProcAddress
LocalFree
VerSetConditionMask
FreeLibrary
VerifyVersionInfoW
InitializeCriticalSectionEx
RaiseException
DeleteCriticalSection
ReadFile
HeapSize
GetStdHandle
CreatePipe
MultiByteToWideChar
CloseHandle
CreateProcessW
GetConsoleWindow
SetConsoleTitleW
HeapFree
GetCurrentProcess
DeviceIoControl
TerminateProcess
WaitForSingleObject
CreateFileW
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
HeapAlloc
GetCurrentProcessId
GetProcessHeap
GetTickCount
LCMapStringW
CompareStringW
FlsFree
HeapReAlloc
GetFileSizeEx
SetFilePointerEx
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
SetEndOfFile
ReadConsoleW
FlsSetValue
FlsGetValue
FlsAlloc
GetFileType
GetCommandLineW
GetCommandLineA
WriteFile
GetModuleHandleExW
ExitProcess
LoadLibraryExW
WriteConsoleW
SetHandleInformation
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
RtlUnwindEx
RtlPcToFileHeader
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree

user32

CharNextW
CharPrevW
ShowWindow

advapi32

RegOpenKeyExW
RegCloseKey
OpenProcessToken
RegGetValueW
RegDeleteValueW
LookupPrivilegeValueW
AdjustTokenPrivileges
RegSetValueExW

shell32

SHGetSpecialFolderPathW

ole32

CoTaskMemFree
CoUninitialize
CoInitializeSecurity
CoInitialize
CoInitializeEx
CoCreateInstance

oleaut32

VariantClear
VariantInit

advpack

LaunchINFSectionExW

Sections

.text
Size: 187KB - Virtual size: 187KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pppwn GUI/PPPwn GUI 1.9.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\Lee\Documents\Visual Studio 2013\Projects\PPPwn - Copy - Copy\PPPwn\obj\Debug\PPPwn.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: - Virtual size: 9.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.hoH
Size: - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

."F3
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.O#K
Size: 22.0MB - Virtual size: 22.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pppwn.pyc
pppwn GUI/ReadMe.txt
pppwn GUI/Unpacked Version.zip
.zip
Unpacked Version/pppwn/DevComponents.DotNetBar2.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.textxc
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.datax
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 86B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Unpacked Version/pppwn/PPPwn GUI 1.9.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\Lee\Documents\Visual Studio 2013\Projects\PPPwn - Unpacked\PPPwn\obj\Debug\PPPwn.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 8.4MB - Virtual size: 8.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pppwn.pyc
Unpacked Version/pppwn/exploit/pppwn_.exe
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 528KB - Virtual size: 528KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Unpacked Version/pppwn/exploit/pppwn_64.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

UPX0
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 466KB - Virtual size: 468KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Unpacked Version/pppwn/exploit/pppwn_p.exe
.exe windows:5 windows x86 arch:x86

fe6104a35ed9c6aed25f1fd987f73098

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetWindowThreadProcessId
ShowWindow

kernel32

CreateFileW
GetFinalPathNameByHandleW
CloseHandle
GetModuleFileNameW
CreateSymbolicLinkW
GetProcAddress
GetCommandLineW
GetEnvironmentVariableW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
CreateDirectoryW
GetTempPathW
WaitForSingleObject
Sleep
SetDllDirectoryW
CreateProcessW
GetStartupInfoW
FreeLibrary
LoadLibraryExW
SetConsoleCtrlHandler
FindClose
FindFirstFileExW
GetCurrentProcess
GetCurrentProcessId
LocalFree
FormatMessageW
MultiByteToWideChar
WideCharToMultiByte
GetConsoleWindow
HeapSize
GetLastError
WriteConsoleW
SetEndOfFile
GetExitCodeProcess
TlsAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetModuleHandleW
RtlUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
DecodePointer
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
RaiseException
GetCommandLineA
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFullPathNameW
RemoveDirectoryW
FindNextFileW
SetStdHandle
DeleteFileW
ReadFile
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
HeapFree
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleOutputCP
GetFileSizeEx
HeapAlloc
CompareStringW
LCMapStringW
GetCurrentDirectoryW
FlushFileBuffers
HeapReAlloc
GetFileAttributesExW
GetStringTypeW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetTimeZoneInformation

advapi32

ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken
ConvertStringSecurityDescriptorToSecurityDescriptorW

Sections

.text
Size: 154KB - Virtual size: 153KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pppwn.pyc
Unpacked Version/pppwn/exploit/stage1/stage1_1000.bin
Unpacked Version/pppwn/exploit/stage1/stage1_1001.bin
Unpacked Version/pppwn/exploit/stage1/stage1_1050.bin
Unpacked Version/pppwn/exploit/stage1/stage1_1070.bin
Unpacked Version/pppwn/exploit/stage1/stage1_1071.bin
Unpacked Version/pppwn/exploit/stage1/stage1_1100.bin
Unpacked Version/pppwn/exploit/stage1/stage1_750.bin
Unpacked Version/pppwn/exploit/stage1/stage1_751.bin
Unpacked Version/pppwn/exploit/stage1/stage1_755.bin
Unpacked Version/pppwn/exploit/stage1/stage1_800.bin
Unpacked Version/pppwn/exploit/stage1/stage1_801.bin
Unpacked Version/pppwn/exploit/stage1/stage1_803.bin
Unpacked Version/pppwn/exploit/stage1/stage1_850.bin
Unpacked Version/pppwn/exploit/stage1/stage1_852.bin
Unpacked Version/pppwn/exploit/stage1/stage1_900.bin
Unpacked Version/pppwn/exploit/stage1/stage1_903.bin
Unpacked Version/pppwn/exploit/stage1/stage1_904.bin
Unpacked Version/pppwn/exploit/stage1/stage1_950.bin
Unpacked Version/pppwn/exploit/stage1/stage1_951.bin
Unpacked Version/pppwn/exploit/stage1/stage1_960.bin
Unpacked Version/pppwn/exploit/stage2/stage2_1000.bin
Unpacked Version/pppwn/exploit/stage2/stage2_1001.bin
Unpacked Version/pppwn/exploit/stage2/stage2_1050.bin
Unpacked Version/pppwn/exploit/stage2/stage2_1070.bin
Unpacked Version/pppwn/exploit/stage2/stage2_1071.bin
Unpacked Version/pppwn/exploit/stage2/stage2_1100.bin
Unpacked Version/pppwn/exploit/stage2/stage2_750.bin
Unpacked Version/pppwn/exploit/stage2/stage2_751.bin
Unpacked Version/pppwn/exploit/stage2/stage2_755.bin
Unpacked Version/pppwn/exploit/stage2/stage2_800.bin
Unpacked Version/pppwn/exploit/stage2/stage2_801.bin
Unpacked Version/pppwn/exploit/stage2/stage2_803.bin
Unpacked Version/pppwn/exploit/stage2/stage2_850.bin
Unpacked Version/pppwn/exploit/stage2/stage2_852.bin
Unpacked Version/pppwn/exploit/stage2/stage2_900.bin
Unpacked Version/pppwn/exploit/stage2/stage2_903.bin
Unpacked Version/pppwn/exploit/stage2/stage2_904.bin
Unpacked Version/pppwn/exploit/stage2/stage2_950.bin
Unpacked Version/pppwn/exploit/stage2/stage2_951.bin
Unpacked Version/pppwn/exploit/stage2/stage2_960.bin

Sharing

General

Malware Config

Signatures

Files

dfb595641ed97366338a474595c7be08

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

02:3a:58:33:80:c4:d7:6a:bf:d3:33:5a:9f:ae:34:2cCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

a9:51:4a:df:8f:8f:41:39:e1:48:37:42:20:0a:f6:d8:56:30:d2:da:ca:24:31:cb:de:19:1c:9d:2f:db:f3:f9Signer

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shell32

ole32

comctl32

user32

gdi32

kernel32

Sections

.text Size: 27KB - Virtual size: 27KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 6KB - Virtual size: 139KB

.ndata Size: - Virtual size: 132KB

.rsrc Size: 17KB - Virtual size: 17KB

4b45b7e00344a87332fbd12653854d1a

Code Sign

0a:a6:07:83:eb:b5:07:6e:bc:2d:12:da:9b:04:c2:90Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

d0:1b:f0:e5:14:3e:b4:e1:37:1d:88:91:47:0a:5f:71:5b:ad:cc:55:7d:59:14:42:5a:c1:5e:ec:18:3c:12:c4Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 19KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

ac3a9df0056b7346a52a9ca99eaf3ecf

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

02:3a:58:33:80:c4:d7:6a:bf:d3:33:5a:9f:ae:34:2cCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

02:3a:58:33:80:c4:d7:6a:bf:d3:33:5a:9f:ae:34:2c
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

a9:51:4a:df:8f:8f:41:39:e1:48:37:42:20:0a:f6:d8:56:30:d2:da:ca:24:31:cb:de:19:1c:9d:2f:db:f3:f9
Signer

.text
Size: 27KB - Virtual size: 27KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 6KB - Virtual size: 139KB

.ndata
Size: - Virtual size: 132KB

.rsrc
Size: 17KB - Virtual size: 17KB

0a:a6:07:83:eb:b5:07:6e:bc:2d:12:da:9b:04:c2:90
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

d0:1b:f0:e5:14:3e:b4:e1:37:1d:88:91:47:0a:5f:71:5b:ad:cc:55:7d:59:14:42:5a:c1:5e:ec:18:3c:12:c4
Signer

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 19KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

02:3a:58:33:80:c4:d7:6a:bf:d3:33:5a:9f:ae:34:2c
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

98:0d:cf:52:40:b5:0f:6f:4d:5c:ce:93:b6:57:36:2b:de:6b:a7:b4:fb:ee:98:e0:bb:f9:13:c1:ed:ea:b5:77
Signer

.text
Size: 162KB - Virtual size: 162KB

.rdata
Size: 66KB - Virtual size: 65KB

.data
Size: 2KB - Virtual size: 5KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 7KB

0a:a6:07:83:eb:b5:07:6e:bc:2d:12:da:9b:04:c2:90
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

b6:13:60:9a:53:5f:40:23:63:fb:14:8e:ae:fb:91:c4:57:43:d9:f1:48:e0:65:ea:31:2e:d3:7a:a8:49:3e:d5
Signer

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 1012B

.data
Size: 512B - Virtual size: 64B

.reloc
Size: 512B - Virtual size: 208B

0a:a6:07:83:eb:b5:07:6e:bc:2d:12:da:9b:04:c2:90
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate