/var/tmp/build/firefox-7913966da16e/obj-x86_64-w64-mingw32/accessible/interfaces/ia2/IA2Marshal.pdb
Overview
overview
10Static
static
3virus/Abou...al.dll
windows10-1703-x64
1virus/Abou...al.dll
windows11-21h2-x64
1virus/Abou...3u.dll
windows10-1703-x64
3virus/Abou...3u.dll
windows11-21h2-x64
3virus/File...3u.dll
windows10-1703-x64
3virus/File...3u.dll
windows11-21h2-x64
3virus/Setup.exe
windows10-1703-x64
10virus/Setup.exe
windows11-21h2-x64
10Static task
static1
Behavioral task
behavioral1
Sample
virus/About/IA2Marshal.dll
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
virus/About/IA2Marshal.dll
Resource
win11-20240802-en
Behavioral task
behavioral3
Sample
virus/About/qtmultimedia_m3u.dll
Resource
win10-20240611-en
Behavioral task
behavioral4
Sample
virus/About/qtmultimedia_m3u.dll
Resource
win11-20240802-en
Behavioral task
behavioral5
Sample
virus/Files/Sourse2/qtmultimedia_m3u.dll
Resource
win10-20240404-en
Behavioral task
behavioral6
Sample
virus/Files/Sourse2/qtmultimedia_m3u.dll
Resource
win11-20240802-en
Behavioral task
behavioral7
Sample
virus/Setup.exe
Resource
win10-20240404-en
Behavioral task
behavioral8
Sample
virus/Setup.exe
Resource
win11-20240802-en
General
-
Target
virus.zip
-
Size
68.2MB
-
MD5
3dccdaa76d7b98b7311d282df2a365f7
-
SHA1
15c32ef66eea8b26e34bb1aae291e84a9bb91170
-
SHA256
056e9d3c6051fac9a3312728d260c7cb73c63c87da475baeb8453cbcc7c69b5b
-
SHA512
d221ff8cbcf586b49aaec9475a397036f932770dc629c0645b2a30c3d3a72463bcbb7b0205aa4f57d2c20feb5eaee86511d2b2a5cb8580a23393797b0da626b1
-
SSDEEP
1572864:tbmO384gMWCJpwHA8EO2wLNZJ+V/wnMBxCvi38Cwk3f6Y6:sO3HZvwCO2wLNZm/wnHiMa3l6
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/virus/About/IA2Marshal.dll
Files
-
virus.zip.zip
-
virus/About/ChineseS/Cancel.png.png
-
virus/About/ChineseS/Next.png.png
-
virus/About/ChineseS/Previous.png.png
-
virus/About/IA2Marshal.dll.dll regsvr32 windows:6 windows x64 arch:x64
647a85e36e41699e332c1c106f975a6f
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
Imports
kernel32
DeleteCriticalSection
DisableThreadLibraryCalls
EnterCriticalSection
GetLastError
InitializeCriticalSection
LeaveCriticalSection
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
rpcrt4
CStdStubBuffer_AddRef
CStdStubBuffer_Connect
CStdStubBuffer_CountRefs
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_QueryInterface
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
IUnknown_Release_Proxy
NdrCStdStubBuffer2_Release
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrDllRegisterProxy
NdrDllUnregisterProxy
NdrOleAllocate
NdrOleFree
NdrStubCall2
NdrStubForwardingFunction
ole32
HWND_UserFree
HWND_UserMarshal
HWND_UserSize
HWND_UserUnmarshal
oleaut32
BSTR_UserFree
BSTR_UserMarshal
BSTR_UserSize
BSTR_UserUnmarshal
VARIANT_UserFree
VARIANT_UserMarshal
VARIANT_UserSize
VARIANT_UserUnmarshal
api-ms-win-crt-runtime-l1-1-0
__p___argc
__p___argv
__p___wargv
_configure_narrow_argv
_configure_wide_argv
_crt_at_quick_exit
_crt_atexit
_execute_onexit_table
_initialize_narrow_environment
_initialize_onexit_table
_initialize_wide_environment
_initterm
_register_onexit_function
abort
api-ms-win-crt-private-l1-1-0
memcpy
api-ms-win-crt-stdio-l1-1-0
__acrt_iob_func
__stdio_common_vfprintf
__stdio_common_vfwprintf
fwrite
api-ms-win-crt-environment-l1-1-0
__p__environ
__p__wenviron
api-ms-win-crt-heap-l1-1-0
_set_new_mode
api-ms-win-crt-time-l1-1-0
__daylight
__timezone
__tzname
_tzset
mozglue
calloc
free
api-ms-win-crt-string-l1-1-0
strlen
strncmp
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetProxyDllInfo
Sections
.text Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.buildid Size: 512B - Virtual size: 152B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 512B - Virtual size: 312B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.tls Size: 512B - Virtual size: 16B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 30KB - Virtual size: 30KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
virus/About/UI.txt
-
virus/About/qtmultimedia_m3u.dll.dll windows:6 windows x86 arch:x86
d35460b9a3baf35d1aaeb2c0ade3acc2
Code Sign
4a:53:8c:28Certificate
IssuerCN=Entrust Root Certification Authority - G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=USNot Before07-07-2009 17:25Not After07-12-2030 17:55SubjectCN=Entrust Root Certification Authority - G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=USKey Usages
KeyUsageCertSign
KeyUsageCRLSign
4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7fCertificate
IssuerCN=Entrust Root Certification Authority - G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=USNot Before07-05-2021 15:43Not After07-11-2030 16:13SubjectCN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=USExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
5a:34:61:50:30:94:33:f3:02:f6:ec:f2:31:43:1a:6dCertificate
IssuerCN=Entrust Extended Validation Code Signing CA - EVCS2,O=Entrust\, Inc.,C=USNot Before23-11-2021 07:32Not After01-12-2022 07:32SubjectSERIALNUMBER=2637805-2,CN=The Qt Company Oy,O=The Qt Company Oy,L=Espoo,C=FI,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024649Extended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
35:af:b7:7b:9d:34:1f:6a:fc:8f:84:46:ab:31:35:2bCertificate
IssuerCN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=USNot Before07-05-2021 19:19Not After29-12-2040 23:59SubjectCN=Entrust Extended Validation Code Signing CA - EVCS2,O=Entrust\, Inc.,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
38:63:de:f8Certificate
IssuerCN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.netNot Before24-12-1999 17:50Not After24-07-2029 14:15SubjectCN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.netKey Usages
KeyUsageCertSign
KeyUsageCRLSign
58:da:13:ff:00:00:00:00:51:ce:0d:f7Certificate
IssuerCN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.netNot Before22-07-2015 19:02Not After22-06-2029 19:32SubjectCN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
8d:ce:15:f3:a7:94:c5:87:00:00:00:00:55:92:33:f4Certificate
IssuerCN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=USNot Before22-07-2020 15:33Not After29-12-2030 16:29SubjectCN=Entrust Timestamp Authority - TSA1,O=Entrust\, Inc.,L=Ottawa,ST=Ontario,C=CAExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
45:86:f7:f1:c5:65:6b:35:be:e3:c6:3c:61:d0:64:72:d1:3b:59:ab:19:38:a2:2d:0c:37:15:8c:d7:ea:b9:09Signer
Actual PE Digest45:86:f7:f1:c5:65:6b:35:be:e3:c6:3c:61:d0:64:72:d1:3b:59:ab:19:38:a2:2d:0c:37:15:8c:d7:ea:b9:09Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
C:\Users\qt\work\qt\qtmultimedia\plugins\playlistformats\qtmultimedia_m3u.pdb
Imports
qt5multimedia
?qt_metacall@QMediaPlaylistIOPlugin@@UAEHW4Call@QMetaObject@@HPAPAX@Z
?qt_metacast@QMediaPlaylistIOPlugin@@UAEPAXPBD@Z
?staticMetaObject@QMediaPlaylistIOPlugin@@2UQMetaObject@@B
??1QMediaPlaylistIOPlugin@@UAE@XZ
??0QMediaPlaylistIOPlugin@@QAE@PAVQObject@@@Z
??0QMediaPlaylistWriter@@QAE@XZ
??1QMediaPlaylistWriter@@UAE@XZ
??0QMediaContent@@QAE@XZ
??1QMediaPlaylistReader@@UAE@XZ
?request@QMediaContent@@QBE?AVQNetworkRequest@@XZ
?isNull@QMediaContent@@QBE_NXZ
??4QMediaContent@@QAEAAV0@ABV0@@Z
??1QMediaContent@@QAE@XZ
??0QMediaContent@@QAE@ABV0@@Z
??0QMediaContent@@QAE@ABVQUrl@@@Z
??0QMediaPlaylistReader@@QAE@XZ
qt5network
??1QNetworkRequest@@QAE@XZ
?url@QNetworkRequest@@QBE?AVQUrl@@XZ
qt5core
?trimmed@QString@@QHAE?AV1@XZ
??8QString@@QBE_NVQLatin1String@@@Z
??BQCharRef@@QBE?AVQChar@@XZ
?detach_grow@QListData@@QAEPAUData@1@PAHH@Z
?dispose@QListData@@SAXPAUData@1@@Z
?append@QListData@@QAEPAPAXXZ
?isOpen@QIODevice@@QBE_NXZ
?isReadable@QIODevice@@QBE_NXZ
?isWritable@QIODevice@@QBE_NXZ
??0QTextStream@@QAE@PAVQIODevice@@@Z
??1QTextStream@@UAE@XZ
?atEnd@QTextStream@@QBE_NXZ
?readLine@QTextStream@@QAE?AVQString@@_J@Z
??6QTextStream@@QAEAAV0@ABVQString@@@Z
?endl@Qt@@YAAAVQTextStream@@AAV2@@Z
??0QUrl@@QAE@XZ
??0QUrl@@QAE@ABV0@@Z
??0QUrl@@QAE@ABVQString@@W4ParsingMode@0@@Z
??1QUrl@@QAE@XZ
?toString@QUrl@@QBE?AVQString@@V?$QUrlTwoFlags@W4UrlFormattingOption@QUrl@@W4ComponentFormattingOption@2@@@@Z
?fromUserInput@QUrl@@SA?AV1@ABVQString@@@Z
?isEmpty@QUrl@@QBE_NXZ
?endsWith@QString@@QBE_NVQLatin1String@@W4CaseSensitivity@Qt@@@Z
?resolved@QUrl@@QBE?AV1@ABV1@@Z
?isRelative@QUrl@@QBE_NXZ
?fromLocalFile@QUrl@@SA?AV1@ABVQString@@@Z
?toLocalFile@QUrl@@QBE?AVQString@@XZ
??0QFile@@QAE@ABVQString@@@Z
??1QFile@@UAE@XZ
?exists@QFile@@SA_NABVQString@@@Z
??0QFileInfo@@QAE@ABVQString@@@Z
??1QFileInfo@@QAE@XZ
?isReadable@QFileInfo@@QBE_NXZ
?atEnd@QFileDevice@@UBE_NXZ
?bytesAvailable@QIODevice@@UBE_JXZ
?bytesToWrite@QIODevice@@UBE_JXZ
?canReadLine@QIODevice@@UBE_NXZ
?childEvent@QObject@@MAEXPAVQChildEvent@@@Z
?close@QFileDevice@@UAEXXZ
?connectNotify@QObject@@MAEXABVQMetaMethod@@@Z
?customEvent@QObject@@MAEXPAVQEvent@@@Z
?disconnectNotify@QObject@@MAEXABVQMetaMethod@@@Z
?event@QObject@@UAE_NPAVQEvent@@@Z
?eventFilter@QObject@@UAE_NPAV1@PAVQEvent@@@Z
?fileName@QFile@@UBE?AVQString@@XZ
?isSequential@QFileDevice@@UBE_NXZ
??AQString@@QAE?AVQCharRef@@H@Z
?open@QFile@@UAE_NV?$QFlags@W4OpenModeFlag@QIODevice@@@@@Z
?permissions@QFile@@UBE?AV?$QFlags@W4Permission@QFileDevice@@@@XZ
?pos@QFileDevice@@UBE_JXZ
?qt_metacall@QFile@@UAEHW4Call@QMetaObject@@HPAPAX@Z
?qt_metacast@QFile@@UAEPAXPBD@Z
?readData@QFileDevice@@MAE_JPAD_J@Z
?readLineData@QFileDevice@@MAE_JPAD_J@Z
?reset@QIODevice@@UAE_NXZ
?resize@QFile@@UAE_N_J@Z
?seek@QFileDevice@@UAE_N_J@Z
?setPermissions@QFile@@UAE_NV?$QFlags@W4Permission@QFileDevice@@@@@Z
?size@QFile@@UBE_JXZ
?timerEvent@QObject@@MAEXPAVQTimerEvent@@@Z
?waitForBytesWritten@QIODevice@@UAE_NH@Z
?waitForReadyRead@QIODevice@@UAE_NH@Z
?writeData@QFileDevice@@MAE_JPBD_J@Z
?shared_null@QListData@@2UData@1@B
?dynamicMetaObject@QObjectData@@QBEPAUQMetaObject@@XZ
?getAndRef@ExternalRefCountData@QtSharedPointer@@SAPAU12@PBVQObject@@@Z
??1QString@@QAE@XZ
?qstrcmp@@YAHABVQByteArray@@PBD@Z
?toLower@QString@@QHAE?AV1@XZ
?scheme@QUrl@@QBE?AVQString@@XZ
?metaObject@QFile@@UBEPBUQMetaObject@@XZ
kernel32
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetProcAddress
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
EnterCriticalSection
TerminateProcess
GetCurrentProcess
InitializeSListHead
CloseHandle
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
vcruntime140
__std_exception_copy
__std_exception_destroy
_CxxThrowException
memset
_except_handler4_common
__std_type_info_destroy_list
api-ms-win-crt-heap-l1-1-0
_callnewh
malloc
free
api-ms-win-crt-runtime-l1-1-0
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_initterm
_initterm_e
_seh_filter_dll
Exports
Exports
qt_plugin_instance
qt_plugin_query_metadata
Sections
.text Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.qtmetad Size: 512B - Virtual size: 90B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 856B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
virus/Files/Sourse2/language/ar.qm
-
virus/Files/Sourse2/language/chs.qm
-
virus/Files/Sourse2/language/cht.qm
-
virus/Files/Sourse2/language/de.qm
-
virus/Files/Sourse2/language/en.qm
-
virus/Files/Sourse2/language/es.qm
-
virus/Files/Sourse2/language/fr.qm
-
virus/Files/Sourse2/language/id.qm
-
virus/Files/Sourse2/language/it.qm
-
virus/Files/Sourse2/language/ja.qm
-
virus/Files/Sourse2/language/ko.qm
-
virus/Files/Sourse2/language/pl.qm
-
virus/Files/Sourse2/language/pt.qm
-
virus/Files/Sourse2/language/ru.qm
-
virus/Files/Sourse2/language/th.qm
-
virus/Files/Sourse2/language/tr.qm
-
virus/Files/Sourse2/language/vi.qm
-
virus/Files/Sourse2/qtmultimedia_m3u.dll.dll windows:6 windows x86 arch:x86
d35460b9a3baf35d1aaeb2c0ade3acc2
Code Sign
4a:53:8c:28Certificate
IssuerCN=Entrust Root Certification Authority - G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=USNot Before07-07-2009 17:25Not After07-12-2030 17:55SubjectCN=Entrust Root Certification Authority - G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=USKey Usages
KeyUsageCertSign
KeyUsageCRLSign
4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7fCertificate
IssuerCN=Entrust Root Certification Authority - G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=USNot Before07-05-2021 15:43Not After07-11-2030 16:13SubjectCN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=USExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
5a:34:61:50:30:94:33:f3:02:f6:ec:f2:31:43:1a:6dCertificate
IssuerCN=Entrust Extended Validation Code Signing CA - EVCS2,O=Entrust\, Inc.,C=USNot Before23-11-2021 07:32Not After01-12-2022 07:32SubjectSERIALNUMBER=2637805-2,CN=The Qt Company Oy,O=The Qt Company Oy,L=Espoo,C=FI,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024649Extended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
35:af:b7:7b:9d:34:1f:6a:fc:8f:84:46:ab:31:35:2bCertificate
IssuerCN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=USNot Before07-05-2021 19:19Not After29-12-2040 23:59SubjectCN=Entrust Extended Validation Code Signing CA - EVCS2,O=Entrust\, Inc.,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
38:63:de:f8Certificate
IssuerCN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.netNot Before24-12-1999 17:50Not After24-07-2029 14:15SubjectCN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.netKey Usages
KeyUsageCertSign
KeyUsageCRLSign
58:da:13:ff:00:00:00:00:51:ce:0d:f7Certificate
IssuerCN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.netNot Before22-07-2015 19:02Not After22-06-2029 19:32SubjectCN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
8d:ce:15:f3:a7:94:c5:87:00:00:00:00:55:92:33:f4Certificate
IssuerCN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=USNot Before22-07-2020 15:33Not After29-12-2030 16:29SubjectCN=Entrust Timestamp Authority - TSA1,O=Entrust\, Inc.,L=Ottawa,ST=Ontario,C=CAExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
45:86:f7:f1:c5:65:6b:35:be:e3:c6:3c:61:d0:64:72:d1:3b:59:ab:19:38:a2:2d:0c:37:15:8c:d7:ea:b9:09Signer
Actual PE Digest45:86:f7:f1:c5:65:6b:35:be:e3:c6:3c:61:d0:64:72:d1:3b:59:ab:19:38:a2:2d:0c:37:15:8c:d7:ea:b9:09Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
C:\Users\qt\work\qt\qtmultimedia\plugins\playlistformats\qtmultimedia_m3u.pdb
Imports
qt5multimedia
?qt_metacall@QMediaPlaylistIOPlugin@@UAEHW4Call@QMetaObject@@HPAPAX@Z
?qt_metacast@QMediaPlaylistIOPlugin@@UAEPAXPBD@Z
?staticMetaObject@QMediaPlaylistIOPlugin@@2UQMetaObject@@B
??1QMediaPlaylistIOPlugin@@UAE@XZ
??0QMediaPlaylistIOPlugin@@QAE@PAVQObject@@@Z
??0QMediaPlaylistWriter@@QAE@XZ
??1QMediaPlaylistWriter@@UAE@XZ
??0QMediaContent@@QAE@XZ
??1QMediaPlaylistReader@@UAE@XZ
?request@QMediaContent@@QBE?AVQNetworkRequest@@XZ
?isNull@QMediaContent@@QBE_NXZ
??4QMediaContent@@QAEAAV0@ABV0@@Z
??1QMediaContent@@QAE@XZ
??0QMediaContent@@QAE@ABV0@@Z
??0QMediaContent@@QAE@ABVQUrl@@@Z
??0QMediaPlaylistReader@@QAE@XZ
qt5network
??1QNetworkRequest@@QAE@XZ
?url@QNetworkRequest@@QBE?AVQUrl@@XZ
qt5core
?trimmed@QString@@QHAE?AV1@XZ
??8QString@@QBE_NVQLatin1String@@@Z
??BQCharRef@@QBE?AVQChar@@XZ
?detach_grow@QListData@@QAEPAUData@1@PAHH@Z
?dispose@QListData@@SAXPAUData@1@@Z
?append@QListData@@QAEPAPAXXZ
?isOpen@QIODevice@@QBE_NXZ
?isReadable@QIODevice@@QBE_NXZ
?isWritable@QIODevice@@QBE_NXZ
??0QTextStream@@QAE@PAVQIODevice@@@Z
??1QTextStream@@UAE@XZ
?atEnd@QTextStream@@QBE_NXZ
?readLine@QTextStream@@QAE?AVQString@@_J@Z
??6QTextStream@@QAEAAV0@ABVQString@@@Z
?endl@Qt@@YAAAVQTextStream@@AAV2@@Z
??0QUrl@@QAE@XZ
??0QUrl@@QAE@ABV0@@Z
??0QUrl@@QAE@ABVQString@@W4ParsingMode@0@@Z
??1QUrl@@QAE@XZ
?toString@QUrl@@QBE?AVQString@@V?$QUrlTwoFlags@W4UrlFormattingOption@QUrl@@W4ComponentFormattingOption@2@@@@Z
?fromUserInput@QUrl@@SA?AV1@ABVQString@@@Z
?isEmpty@QUrl@@QBE_NXZ
?endsWith@QString@@QBE_NVQLatin1String@@W4CaseSensitivity@Qt@@@Z
?resolved@QUrl@@QBE?AV1@ABV1@@Z
?isRelative@QUrl@@QBE_NXZ
?fromLocalFile@QUrl@@SA?AV1@ABVQString@@@Z
?toLocalFile@QUrl@@QBE?AVQString@@XZ
??0QFile@@QAE@ABVQString@@@Z
??1QFile@@UAE@XZ
?exists@QFile@@SA_NABVQString@@@Z
??0QFileInfo@@QAE@ABVQString@@@Z
??1QFileInfo@@QAE@XZ
?isReadable@QFileInfo@@QBE_NXZ
?atEnd@QFileDevice@@UBE_NXZ
?bytesAvailable@QIODevice@@UBE_JXZ
?bytesToWrite@QIODevice@@UBE_JXZ
?canReadLine@QIODevice@@UBE_NXZ
?childEvent@QObject@@MAEXPAVQChildEvent@@@Z
?close@QFileDevice@@UAEXXZ
?connectNotify@QObject@@MAEXABVQMetaMethod@@@Z
?customEvent@QObject@@MAEXPAVQEvent@@@Z
?disconnectNotify@QObject@@MAEXABVQMetaMethod@@@Z
?event@QObject@@UAE_NPAVQEvent@@@Z
?eventFilter@QObject@@UAE_NPAV1@PAVQEvent@@@Z
?fileName@QFile@@UBE?AVQString@@XZ
?isSequential@QFileDevice@@UBE_NXZ
??AQString@@QAE?AVQCharRef@@H@Z
?open@QFile@@UAE_NV?$QFlags@W4OpenModeFlag@QIODevice@@@@@Z
?permissions@QFile@@UBE?AV?$QFlags@W4Permission@QFileDevice@@@@XZ
?pos@QFileDevice@@UBE_JXZ
?qt_metacall@QFile@@UAEHW4Call@QMetaObject@@HPAPAX@Z
?qt_metacast@QFile@@UAEPAXPBD@Z
?readData@QFileDevice@@MAE_JPAD_J@Z
?readLineData@QFileDevice@@MAE_JPAD_J@Z
?reset@QIODevice@@UAE_NXZ
?resize@QFile@@UAE_N_J@Z
?seek@QFileDevice@@UAE_N_J@Z
?setPermissions@QFile@@UAE_NV?$QFlags@W4Permission@QFileDevice@@@@@Z
?size@QFile@@UBE_JXZ
?timerEvent@QObject@@MAEXPAVQTimerEvent@@@Z
?waitForBytesWritten@QIODevice@@UAE_NH@Z
?waitForReadyRead@QIODevice@@UAE_NH@Z
?writeData@QFileDevice@@MAE_JPBD_J@Z
?shared_null@QListData@@2UData@1@B
?dynamicMetaObject@QObjectData@@QBEPAUQMetaObject@@XZ
?getAndRef@ExternalRefCountData@QtSharedPointer@@SAPAU12@PBVQObject@@@Z
??1QString@@QAE@XZ
?qstrcmp@@YAHABVQByteArray@@PBD@Z
?toLower@QString@@QHAE?AV1@XZ
?scheme@QUrl@@QBE?AVQString@@XZ
?metaObject@QFile@@UBEPBUQMetaObject@@XZ
kernel32
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetProcAddress
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
EnterCriticalSection
TerminateProcess
GetCurrentProcess
InitializeSListHead
CloseHandle
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
vcruntime140
__std_exception_copy
__std_exception_destroy
_CxxThrowException
memset
_except_handler4_common
__std_type_info_destroy_list
api-ms-win-crt-heap-l1-1-0
_callnewh
malloc
free
api-ms-win-crt-runtime-l1-1-0
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_initterm
_initterm_e
_seh_filter_dll
Exports
Exports
qt_plugin_instance
qt_plugin_query_metadata
Sections
.text Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.qtmetad Size: 512B - Virtual size: 90B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 856B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
virus/LICENSE.txt
-
virus/Lame.txt
-
virus/Setup-x86/Setup-x86.rar.rar
-
virus/Setup.exe.exe windows:5 windows x86 arch:x86
be41bf7b8cc010b614bd36bbca606973
Code Sign
98:0c:39:aa:67:9a:d3:37:fb:40:cf:70:6d:b7:69:c8Certificate
IssuerCN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before18-09-2020 00:00Not After18-09-2023 23:59SubjectCN=Nextcloud GmbH,O=Nextcloud GmbH,POSTALCODE=70192,STREET=Hauptmannsreute 44A,L=Stuttgart,ST=Baden-Württemberg,C=DEExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate
IssuerCN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GBNot Before12-03-2019 00:00Not After31-12-2028 23:59SubjectCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02-11-2018 00:00Not After31-12-2030 23:59SubjectCN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
4e:b2:00:67:0c:03:5d:4fCertificate
IssuerCN=SwissSign Platinum CA - G2,O=SwissSign AG,C=CHNot Before25-10-2006 08:36Not After25-10-2036 08:36SubjectCN=SwissSign Platinum CA - G2,O=SwissSign AG,C=CHKey Usages
KeyUsageCertSign
KeyUsageCRLSign
31:0b:78:32:0a:1f:8e:d2:2c:f1:67:e9:99:fa:8a:71:4f:a9:ef:fbCertificate
IssuerCN=SwissSign TSA Platinum CA 2017 - G22,O=SwissSign AG,C=CH,2.5.4.97=#13154e545243482d4348452d3130392e3335372e303132Not Before18-12-2018 15:48Not After18-12-2021 15:48SubjectCN=SwissSign ZertES TSA UNIT CH-2018,O=SwissSign AG,C=CH,2.5.4.97=#13154e545243482d4348452d3130392e3335372e303132Extended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
64:4f:be:61:79:2d:d4:67:bb:20:79:76:70:10:96Certificate
IssuerCN=SwissSign Platinum CA - G2,O=SwissSign AG,C=CHNot Before14-02-2017 08:29Not After15-02-2032 08:29SubjectCN=SwissSign TSA Platinum CA 2017 - G22,O=SwissSign AG,C=CH,2.5.4.97=#13154e545243482d4348452d3130392e3335372e303132Extended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
ce:52:3d:57:42:21:bb:3c:44:f3:1c:ca:b6:29:55:08:d6:5d:6c:be:92:67:bd:a3:5d:2e:47:48:10:b1:16:15Signer
Actual PE Digestce:52:3d:57:42:21:bb:3c:44:f3:1c:ca:b6:29:55:08:d6:5d:6c:be:92:67:bd:a3:5d:2e:47:48:10:b1:16:15Digest Algorithmsha256PE Digest MatchesfalseHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
CloseHandle
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
CreateFileW
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrlenW
user32
GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW
gdi32
SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject
shell32
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation
advapi32
RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW
comctl32
ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create
ole32
CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance
version
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
Sections
.text Size: 27KB - Virtual size: 27KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 415KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ndata Size: - Virtual size: 516KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$TEMP/Antenna
-
$TEMP/Downloading
-
$TEMP/Gold
-
$TEMP/Lee
-
$TEMP/Listed
-
$TEMP/Necessity
-
$TEMP/Vaccine
-
ArnoldJulie/Arctic
-
ArnoldJulie/Aviation
-
ArnoldJulie/Cad
-
ArnoldJulie/Cambridge
-
ArnoldJulie/Decisions
-
ArnoldJulie/Disks
-
ArnoldJulie/Endorsement
-
ArnoldJulie/Eva
-
ArnoldJulie/Extend
-
ArnoldJulie/Hawaiian
-
ArnoldJulie/Honduras
-
ArnoldJulie/Ibm
-
ArnoldJulie/Inns
-
ArnoldJulie/Instrumentation
-
ArnoldJulie/Interest
-
ArnoldJulie/Its
-
ArnoldJulie/Loc
-
ArnoldJulie/Multi
-
ArnoldJulie/Nokia
-
ArnoldJulie/Norwegian
-
ArnoldJulie/Prospects
-
ArnoldJulie/Rage
-
ArnoldJulie/Spa
-
ArnoldJulie/Supporters
-
ArnoldJulie/Tm
-
ArnoldJulie/Transmission
-
ArnoldJulie/Tsunami
-
ArnoldJulie/Wood
-
ArnoldJulie/Worm
-
ArrestedPlugins/Hawk