rc7BYFRON-20240807T192913Z-001[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

rc7BYFRON-20240807T192913Z-001.zip
Size

4.4MB
MD5

03068efe6eb3a91f6dea04f7cb3a65ca
SHA1

940b50b1fa035c15e5f7f80c6b0b53e1998b1fb5
SHA256

c64ea4c1784bd5580e8a53668d13945af776f7a3f34a51157ec677ca1f399936
SHA512

7e746d3650cd656c06933578dd49f081ef6530597430d6a6b1faaa05c5a6f7c14a71fa8cb5c2c78d6a5f7306e0d861e35da4ae94ea9bdd4fe5b756d08f1125cb
SSDEEP

98304:WSbNnmWPIHEwuijX3Gxx9zUuNvVWiKukYtU127Uhq9UhMmjws6+Y:WQcWP/zijXidUINhkYtqhBB61

Score

3^/10

Malware Config

Signatures

Unsigned PE 13 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/rc7BYFRON/0xAzul (2).dll
unpack001/rc7BYFRON/AlphaBlendTextBox.dll
unpack001/rc7BYFRON/Bunifu_UI_v1.5.3.dll
unpack001/rc7BYFRON/CeleryIn.bin
unpack001/rc7BYFRON/CustomizedTitleBar.dll
unpack001/rc7BYFRON/FastColoredTextBox.dll
unpack001/rc7BYFRON/WindowTitleControl.Sample.exe
unpack001/rc7BYFRON/WindowTitleControl.dll
unpack001/rc7BYFRON/lua5.1.dll
unpack001/rc7BYFRON/memcheck(1).dll
unpack001/rc7BYFRON/rc7.exe
unpack001/rc7BYFRON/rc7.exe (32 bit) second
unpack001/rc7BYFRON/rc7.exe (32 bit).dll

Files

rc7BYFRON-20240807T192913Z-001.zip
.zip
rc7BYFRON/0xAzul (2).dll
.dll windows:6 windows x86 arch:x86

1e0a2f651d87e423ffab4bddbb3945d7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\ga\Documents\Visual Studio 2013\Projects\ConsoleApplication4 - Copy\Debug\ConsoleApplication4.pdb

Imports

kernel32

VirtualQuery
DisableThreadLibraryCalls
GetModuleHandleA
SetConsoleTitleA
AllocConsole
GetConsoleWindow
FreeLibrary
GetProcessHeap
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
VirtualProtect
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryExW
GetProcAddress
GetLastError
RaiseException
IsDebuggerPresent
DecodePointer
EncodePointer
GetModuleFileNameW
GetSystemInfo
ExitThread
CreateThread
GetCurrentThreadId
Sleep

user32

LoadIconA
LoadCursorA
MessageBoxA
GetWindowTextLengthA
UpdateWindow
AppendMenuA
CreatePopupMenu
CreateMenu
SetWindowPos
ShowWindow
CreateWindowExA
RegisterClassExA
UnregisterClassA
DefWindowProcA
SendMessageA
DispatchMessageA
TranslateMessage
GetMessageA

gdi32

SetBkColor
GetStockObject
CreateFontA
SetTextColor

msvcp120d

??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?uncaught_exception@std@@YA_NXZ
?_Debug_message@std@@YAXPB_W0I@Z
??0_Container_base12@std@@QAE@XZ
??1_Container_base12@std@@QAE@XZ
?_Getpfirst@_Container_base12@std@@QBEPAPAU_Iterator_base12@2@XZ
?_Orphan_all@_Container_base12@std@@QAEXXZ
?_Swap_all@_Container_base12@std@@QAEXAAU12@@Z
?_Xbad_alloc@std@@YAXXZ
?_Xinvalid_argument@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
??0_Locinfo@std@@QAE@PBD@Z
??1_Locinfo@std@@QAE@XZ
?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ
?_Getlconv@_Locinfo@std@@QBEPBUlconv@@XZ
?_Getfalse@_Locinfo@std@@QBEPBDXZ
?_Gettrue@_Locinfo@std@@QBEPBDXZ
?c_str@?$_Yarn@D@std@@QBEPBDXZ
??_U@YAPAXIABU_DebugHeapTag_t@std@@PADH@Z
?_DebugHeapTag_func@std@@YAABU_DebugHeapTag_t@1@XZ
??0id@locale@std@@QAE@I@Z
??Bid@locale@std@@QAEIXZ
??2facet@locale@std@@SAPAXIABU_DebugHeapTag_t@2@PADH@Z
??3facet@locale@std@@SAXPAXABU_DebugHeapTag_t@2@PADH@Z
??3facet@locale@std@@SAXPAX@Z
??0facet@locale@std@@IAE@I@Z
??1facet@locale@std@@MAE@XZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?is@?$ctype@D@std@@QBE_NFD@Z
?widen@?$ctype@D@std@@QBEDD@Z
?widen@?$ctype@D@std@@QBEPBDPBD0PAD@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAPBDH@Z
??7ios_base@std@@QBE_NXZ
?good@ios_base@std@@QBE_NXZ
?flags@ios_base@std@@QBEHXZ
?setf@ios_base@std@@QAEHH@Z
?setf@ios_base@std@@QAEHHH@Z
?precision@ios_base@std@@QBE_JXZ
?width@ios_base@std@@QBE_JXZ
?width@ios_base@std@@QAE_J_J@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?_BADOFF@std@@3_JB
?id@?$ctype@D@std@@2V0locale@2@A
?id@?$numpunct@D@std@@2V0locale@2@A
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??2@YAPAXIABU_DebugHeapTag_t@std@@PADH@Z
??3@YAXPAXABU_DebugHeapTag_t@std@@PADH@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ

msvcr120

_purecall
??2@YAPAXI@Z
??3@YAXPAX@Z
_invalid_parameter
memcmp
memcpy
memset
strcmp
strlen
memmove
strcspn
strstr
_hypot
__iob_func
freopen
sprintf_s
_vsnprintf_s
_errno
atoi
strtod
free
??0bad_cast@std@@QAE@PBD@Z
localeconv
??0bad_cast@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABV01@@Z
??1bad_cast@std@@UAE@XZ
_CxxThrowException
__CxxFrameHandler3
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
_CRT_RTC_INITW
_except_handler4_common
??1type_info@@UAE@XZ
__CppXcptFilter
_amsg_exit
_malloc_crt
_initterm
_initterm_e
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
?terminate@@YAXXZ
__clean_type_info_names_internal

msvcr120d

_CrtDbgReportW

Sections

.textbss
Size: - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rc7BYFRON/AlphaBlendTextBox.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rc7BYFRON/Bunifu_UI_v1.5.3.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 234KB - Virtual size: 233KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rc7BYFRON/CeleryIn.bin
.dll windows:6 windows x64 arch:x64

57127fa98e84d836ff1e07fcec0c9958

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetProcessHeaps
HeapWalk
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead
RtlCaptureContext
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
QueryPerformanceCounter

vcruntime140

__std_type_info_destroy_list
__C_specific_handler
memset
memcpy

api-ms-win-crt-string-l1-1-0

strlen
tolower

api-ms-win-crt-convert-l1-1-0

_ui64toa_s
_itoa
_gcvt_s
_itoa_s

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
_cexit
_initialize_onexit_table

Exports

Exports

celerycmd
icallback
init
test

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rc7BYFRON/CustomizedTitleBar.dll
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\System\Documents\GitHub\CustomizedTitleBar\CustomizedTitleBar\CustomizedTitleBar\obj\Debug\net6.0-windows\CustomizedTitleBar.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rc7BYFRON/FastColoredTextBox.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Projects\Others\FastColoredTextBox\FastColoredTextBox\obj\Debug\net5.0-windows\FastColoredTextBox.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 325KB - Virtual size: 324KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rc7BYFRON/Microsoft.Win32.SystemEvents.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:03:7c:c9:f6:bc:ed:07:59:ae:08:00:00:00:00:03:7c
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11-05-2023 19:03

Not After

08-05-2024 19:03

Subject

CN=.NET,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

34:10:60:27:84:2f:c9:aa:4e:0d:62:34:a0:df:fc:bb:4b:5c:c1:bd:79:2c:13:08:cc:07:a8:ce:41:04:63:a4
Signer

Actual PE Digest

34:10:60:27:84:2f:c9:aa:4e:0d:62:34:a0:df:fc:bb:4b:5c:c1:bd:79:2c:13:08:cc:07:a8:ce:41:04:63:a4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

/_/artifacts/obj/Microsoft.Win32.SystemEvents/Release/net6.0/Microsoft.Win32.SystemEvents.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rc7BYFRON/System.Drawing.Common.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:03:7c:c9:f6:bc:ed:07:59:ae:08:00:00:00:00:03:7c
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11-05-2023 19:03

Not After

08-05-2024 19:03

Subject

CN=.NET,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3b:c8:3d:51:ba:05:8e:97:b0:63:c4:65:c9:b7:16:85:07:c3:80:da:27:d0:b3:7e:6a:2c:5e:ad:31:fb:f9:31
Signer

Actual PE Digest

3b:c8:3d:51:ba:05:8e:97:b0:63:c4:65:c9:b7:16:85:07:c3:80:da:27:d0:b3:7e:6a:2c:5e:ad:31:fb:f9:31

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

/_/artifacts/obj/System.Drawing.Common/Release/net6.0/System.Drawing.Common.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 418KB - Virtual size: 417KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rc7BYFRON/WindowTitleControl.Sample.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\Mathias\OneDrive\Environments\Development\NuGet\Repositories\windowtitlebar-wpf\content\windowtitlebar-wpf\WindowTitleControl\WindowTitleControl.Sample\obj\Debug\WindowTitleControl.Sample.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rc7BYFRON/WindowTitleControl.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Users\Mathias\OneDrive\Environments\Development\NuGet\Repositories\windowtitlebar-wpf\content\windowtitlebar-wpf\WindowTitleControl\WindowTitleControl\obj\Debug\WindowTitleControl.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rc7BYFRON/execution.txt
rc7BYFRON/lua5.1.dll
.dll windows:4 windows x86 arch:x86

df5ee731556844566bd09eb9e0c19cfb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FreeLibrary
FormatMessageA
GetLastError
GetProcAddress
LoadLibraryA
GetModuleFileNameA
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GetSystemTimeAsFileTime

msvcr80

strtoul
strcoll
strerror
ungetc
strstr
__iob_func
_errno
fopen
fread
fprintf
ferror
freopen
realloc
fclose
getc
feof
free
fputs
fgets
setvbuf
fwrite
ftell
fseek
clearerr
fscanf
tmpfile
_pclose
fflush
_popen
ceil
modf
ldexp
rand
srand
strcspn
_HUGE
_mktime64
_gmtime64
tmpnam
system
remove
clock
strftime
setlocale
_localtime64
getenv
_difftime64
_time64
rename
memchr
ispunct
tolower
isupper
toupper
islower
strpbrk
isxdigit
strrchr
_encode_pointer
_malloc_crt
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
strncpy
strncat
sprintf
strtod
localeconv
isspace
iscntrl
isdigit
isalpha
isalnum
exit
longjmp
strchr
frexp
_setjmp3
_CIpow
floor
memcpy
_CIexp
_CIlog10
_CIlog
_CIsqrt
_CIfmod
_CIatan2
_CIatan
_CIacos
_CIasin
_CItanh
_CItan
_CIcosh
_CIcos
_CIsinh
_CIsin

Exports

Exports

luaD_growstack
luaF_newproto
luaL_addlstring
luaL_addstring
luaL_addvalue
luaL_argerror
luaL_buffinit
luaL_callmeta
luaL_checkany
luaL_checkinteger
luaL_checklstring
luaL_checknumber
luaL_checkoption
luaL_checkstack
luaL_checktype
luaL_checkudata
luaL_error
luaL_findtable
luaL_getmetafield
luaL_gsub
luaL_loadbuffer
luaL_loadfile
luaL_loadstring
luaL_newmetatable
luaL_newstate
luaL_openlib
luaL_openlibs
luaL_optinteger
luaL_optlstring
luaL_optnumber
luaL_prepbuffer
luaL_pushresult
luaL_ref
luaL_register
luaL_typerror
luaL_unref
luaL_where
luaM_realloc_
luaM_toobig
luaS_newlstr
luaU_dump
lua_atpanic
lua_call
lua_checkstack
lua_close
lua_concat
lua_cpcall
lua_createtable
lua_dump
lua_equal
lua_error
lua_gc
lua_getallocf
lua_getfenv
lua_getfield
lua_gethook
lua_gethookcount
lua_gethookmask
lua_getinfo
lua_getlocal
lua_getmetatable
lua_getstack
lua_gettable
lua_gettop
lua_getupvalue
lua_insert
lua_iscfunction
lua_isnumber
lua_isstring
lua_isuserdata
lua_lessthan
lua_load
lua_newstate
lua_newthread
lua_newuserdata
lua_next
lua_objlen
lua_pcall
lua_pushboolean
lua_pushcclosure
lua_pushfstring
lua_pushinteger
lua_pushlightuserdata
lua_pushlstring
lua_pushnil
lua_pushnumber
lua_pushstring
lua_pushthread
lua_pushvalue
lua_pushvfstring
lua_rawequal
lua_rawget
lua_rawgeti
lua_rawset
lua_rawseti
lua_remove
lua_replace
lua_resume
lua_setallocf
lua_setfenv
lua_setfield
lua_sethook
lua_setlocal
lua_setmetatable
lua_settable
lua_settop
lua_setupvalue
lua_status
lua_toboolean
lua_tocfunction
lua_tointeger
lua_tolstring
lua_tonumber
lua_topointer
lua_tothread
lua_touserdata
lua_type
lua_typename
lua_xmove
lua_yield
luaopen_base
luaopen_debug
luaopen_io
luaopen_math
luaopen_os
luaopen_package
luaopen_string
luaopen_table

Sections

.text
Size: 128KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 868B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rc7BYFRON/memcheck(1).dll
.dll windows:6 windows x86 arch:x86

3b72631172d339536ffabdc8547985e0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Maheen_2.MY-PC\Desktop\Programming\C++\rc7\memcheck vs2015\memcheck\Release\memcheck.pdb

Imports

kernel32

Sleep
DisableThreadLibraryCalls
CreateThread
GetModuleHandleA
VirtualAlloc
CreateFileW
DecodePointer
WriteConsoleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
GetLastError
GetModuleFileNameW
RaiseException
InterlockedFlushSList
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RtlUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
HeapFree
HeapAlloc
LCMapStringW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStdHandle
GetFileType
GetCommandLineA
GetCommandLineW
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
WriteFile
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CloseHandle
VirtualProtect

user32

GetAsyncKeyState
MessageBoxA

dbghelp

ImageNtHeader

advapi32

SystemFunction036

Sections

.text
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rc7BYFRON/rc7.exe
.exe windows:6 windows x64 arch:x64

a8308de57fce070f4cb88c7f43bf4b27

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\_work\1\s\artifacts\obj\win-x64.Release\corehost\apphost\standalone\apphost.pdb

Imports

kernel32

FindNextFileW
GetCurrentProcess
GetModuleHandleExW
GetModuleFileNameW
LeaveCriticalSection
GetEnvironmentVariableW
FindClose
MultiByteToWideChar
GetLastError
GetFileAttributesExW
GetFullPathNameW
GetProcAddress
DeleteCriticalSection
WideCharToMultiByte
IsWow64Process
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EnterCriticalSection
FindFirstFileExW
OutputDebugStringW
LoadLibraryA
GetModuleHandleW
InitializeCriticalSectionAndSpinCount
SetLastError
RaiseException
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
GetCurrentProcessId
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetStringTypeW
SwitchToThread
GetCurrentThreadId
InitializeCriticalSectionEx
EncodePointer
DecodePointer
LCMapStringEx
QueryPerformanceCounter
GetSystemTimeAsFileTime

user32

MessageBoxW

shell32

ShellExecuteW

advapi32

RegOpenKeyExW
RegGetValueW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
RegCloseKey

api-ms-win-crt-runtime-l1-1-0

__p___argc
__p___wargv
_initterm
_get_initial_wide_environment
_initialize_wide_environment
_errno
_configure_wide_argv
_invalid_parameter_noinfo_noreturn
_set_app_type
_seh_filter_exe
_c_exit
exit
_cexit
_register_thread_local_exe_atexit_callback
_crt_atexit
_exit
_initterm_e
abort
_register_onexit_function
_initialize_onexit_table
terminate

api-ms-win-crt-stdio-l1-1-0

__p__commode
__stdio_common_vsprintf_s
setvbuf
_wfopen
_set_fmode
__stdio_common_vswprintf
__acrt_iob_func
fputwc
fputws
__stdio_common_vfwprintf
fflush

api-ms-win-crt-heap-l1-1-0

_callnewh
_set_new_mode
free
malloc
calloc

api-ms-win-crt-string-l1-1-0

wcsnlen
strcpy_s
_wcsdup
strcspn
wcsncmp
toupper

api-ms-win-crt-convert-l1-1-0

_wtoi
wcstoul

api-ms-win-crt-locale-l1-1-0

__pctype_func
_unlock_locales
localeconv
_lock_locales
___lc_codepage_func
___mb_cur_max_func
_configthreadlocale
setlocale
___lc_locale_name_func

api-ms-win-crt-math-l1-1-0

__setusermatherr
frexp

api-ms-win-crt-time-l1-1-0

_gmtime64_s
wcsftime
_time64

Sections

.text
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
rc7BYFRON/rc7.exe (32 bit) second
.exe windows:6 windows x64 arch:x64

a8308de57fce070f4cb88c7f43bf4b27

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\_work\1\s\artifacts\obj\win-x64.Release\corehost\apphost\standalone\apphost.pdb

Imports

kernel32

FindNextFileW
GetCurrentProcess
GetModuleHandleExW
GetModuleFileNameW
LeaveCriticalSection
GetEnvironmentVariableW
FindClose
MultiByteToWideChar
GetLastError
GetFileAttributesExW
GetFullPathNameW
GetProcAddress
DeleteCriticalSection
WideCharToMultiByte
IsWow64Process
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EnterCriticalSection
FindFirstFileExW
OutputDebugStringW
LoadLibraryA
GetModuleHandleW
InitializeCriticalSectionAndSpinCount
SetLastError
RaiseException
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
GetCurrentProcessId
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetStringTypeW
SwitchToThread
GetCurrentThreadId
InitializeCriticalSectionEx
EncodePointer
DecodePointer
LCMapStringEx
QueryPerformanceCounter
GetSystemTimeAsFileTime

user32

MessageBoxW

shell32

ShellExecuteW

advapi32

RegOpenKeyExW
RegGetValueW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
RegCloseKey

api-ms-win-crt-runtime-l1-1-0

__p___argc
__p___wargv
_initterm
_get_initial_wide_environment
_initialize_wide_environment
_errno
_configure_wide_argv
_invalid_parameter_noinfo_noreturn
_set_app_type
_seh_filter_exe
_c_exit
exit
_cexit
_register_thread_local_exe_atexit_callback
_crt_atexit
_exit
_initterm_e
abort
_register_onexit_function
_initialize_onexit_table
terminate

api-ms-win-crt-stdio-l1-1-0

__p__commode
__stdio_common_vsprintf_s
setvbuf
_wfopen
_set_fmode
__stdio_common_vswprintf
__acrt_iob_func
fputwc
fputws
__stdio_common_vfwprintf
fflush

api-ms-win-crt-heap-l1-1-0

_callnewh
_set_new_mode
free
malloc
calloc

api-ms-win-crt-string-l1-1-0

wcsnlen
strcpy_s
_wcsdup
strcspn
wcsncmp
toupper

api-ms-win-crt-convert-l1-1-0

_wtoi
wcstoul

api-ms-win-crt-locale-l1-1-0

__pctype_func
_unlock_locales
localeconv
_lock_locales
___lc_codepage_func
___mb_cur_max_func
_configthreadlocale
setlocale
___lc_locale_name_func

api-ms-win-crt-math-l1-1-0

__setusermatherr
frexp

api-ms-win-crt-time-l1-1-0

_gmtime64_s
wcsftime
_time64

Sections

.text
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
rc7BYFRON/rc7.exe (32 bit).deps.json
rc7BYFRON/rc7.exe (32 bit).dll
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\harkinian\Music\rc218888\Ecstasy INTERNAL\obj\Debug\net6.0-windows\rc7.exe (32 bit).pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 9.1MB - Virtual size: 9.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rc7BYFRON/rc7.exe (32 bit).dll.config
rc7BYFRON/rc7.exe (32 bit).pdb
rc7BYFRON/rc7.exe (32 bit).runtimeconfig.json
rc7BYFRON/runtimes/win/lib/net6.0/Microsoft.Win32.SystemEvents.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:03:7c:c9:f6:bc:ed:07:59:ae:08:00:00:00:00:03:7c
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11-05-2023 19:03

Not After

08-05-2024 19:03

Subject

CN=.NET,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

eb:95:68:29:c9:1b:58:f2:be:ae:62:ed:8a:e9:2d:4b:80:19:db:0c:45:ba:b2:11:db:0a:46:82:c4:6a:37:55
Signer

Actual PE Digest

eb:95:68:29:c9:1b:58:f2:be:ae:62:ed:8a:e9:2d:4b:80:19:db:0c:45:ba:b2:11:db:0a:46:82:c4:6a:37:55

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

/_/artifacts/obj/Microsoft.Win32.SystemEvents/Release/net6.0-windows/Microsoft.Win32.SystemEvents.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rc7BYFRON/scripts/Armatae.txt
rc7BYFRON/scripts/Arrowface.txt
rc7BYFRON/scripts/Artillery Beacon.txt
rc7BYFRON/scripts/Assassin Staff.txt
rc7BYFRON/scripts/Assassin Suit.txt
rc7BYFRON/scripts/Assassin.txt
rc7BYFRON/scripts/Atlas Sword.txt
.js
rc7BYFRON/scripts/Balloons.txt
rc7BYFRON/scripts/Banana.txt
.js
rc7BYFRON/scripts/Bird Script.txt
rc7BYFRON/scripts/Bird Wings.txt
rc7BYFRON/scripts/Black Dragon.txt
rc7BYFRON/scripts/Blackcell.txt
rc7BYFRON/scripts/Block-O-Fire.txt
rc7BYFRON/scripts/Book Of Wisdom.txt
rc7BYFRON/scripts/Bridge Tool.txt
rc7BYFRON/scripts/Brock.txt
.js
rc7BYFRON/scripts/Cannoneer Noob.txt
.js
rc7BYFRON/scripts/ChainSaw.txt
rc7BYFRON/scripts/Chocobo.txt
rc7BYFRON/scripts/CombatKnife.txt
.js
rc7BYFRON/scripts/Cross Bow.txt
.js
rc7BYFRON/scripts/DSword.txt
rc7BYFRON/scripts/Dagunjet.txt
.js
rc7BYFRON/scripts/DevUzi.txt
.js
rc7BYFRON/scripts/Doge.txt
rc7BYFRON/scripts/Dominus King.txt
.js
rc7BYFRON/scripts/Draw Tool.txt
rc7BYFRON/scripts/Dresmor Alakazard - Local Admin.txt
.js
rc7BYFRON/scripts/Dual Knives.txt
.js
rc7BYFRON/scripts/Dual Pistols.txt
rc7BYFRON/scripts/DubStep Gun.txt
rc7BYFRON/scripts/Emotion Cube.txt
rc7BYFRON/scripts/Enable inventory.txt
rc7BYFRON/scripts/Eye Ball.txt
rc7BYFRON/scripts/FE God.txt
rc7BYFRON/scripts/FE R6.txt
rc7BYFRON/scripts/FE SPAZ PLAYER.txt
rc7BYFRON/scripts/FE Tester.txt
rc7BYFRON/scripts/FE_GUI.txt
rc7BYFRON/scripts/FE_GodMode.txt
rc7BYFRON/scripts/FE_Op_GUI_has_dab.txt
rc7BYFRON/scripts/FE_RAPE (deleted 076cc9755ae09122e92883).txt
rc7BYFRON/scripts/Fairy.txt
.vbs
rc7BYFRON/scripts/FireWorks.txt
.js
rc7BYFRON/scripts/Flame Thrower.txt
rc7BYFRON/scripts/Flash.txt
.js
rc7BYFRON/scripts/Fly (Press _E_).txt
rc7BYFRON/scripts/Fly Tool.txt
rc7BYFRON/scripts/Flying Duck.txt
rc7BYFRON/scripts/Flying Fist.txt
.js
rc7BYFRON/scripts/FreddyFazBear.txt
.js
rc7BYFRON/scripts/Fus Ro Dah.txt
rc7BYFRON/scripts/GRAB KNIFE R15.txt
rc7BYFRON/scripts/Gaara Sand.txt
rc7BYFRON/scripts/Gas Can.txt
.js
rc7BYFRON/scripts/Generate Tower.txt
rc7BYFRON/scripts/Giga Drill Breaker.txt
rc7BYFRON/scripts/Glider.txt
rc7BYFRON/scripts/Grab Knife.txt
rc7BYFRON/scripts/GrabNthrow.txt
rc7BYFRON/scripts/Green Tank.txt
.js
rc7BYFRON/scripts/Guitar.txt
.js
rc7BYFRON/scripts/Hand Cannon.txt
.js
rc7BYFRON/scripts/Hand Drills.txt
rc7BYFRON/scripts/Hax.lua
.js
rc7BYFRON/scripts/Hidden Blade.txt
.js
rc7BYFRON/scripts/Jet Pack.txt
rc7BYFRON/scripts/KingSuit.txt
.js
rc7BYFRON/scripts/Kohl Admin.txt
.js
rc7BYFRON/scripts/KrystalDance.txt
rc7BYFRON/scripts/KungFu.txt
.js
rc7BYFRON/scripts/LOL.txt
.js
rc7BYFRON/scripts/Land Mines.txt
rc7BYFRON/scripts/Laser Arm.txt
rc7BYFRON/scripts/Laser Eyes.txt
rc7BYFRON/scripts/Leaf Blower.txt
rc7BYFRON/scripts/Lemonade.txt
rc7BYFRON/scripts/Light Saber.txt
.js
rc7BYFRON/scripts/Limb Launcher.txt
.js
rc7BYFRON/scripts/Lollipop.txt
rc7BYFRON/scripts/Lua Hammer.txt
rc7BYFRON/scripts/Madara.txt
rc7BYFRON/scripts/Magnus.txt
rc7BYFRON/scripts/Mantis.txt
.js
rc7BYFRON/scripts/MasterHand.txt
rc7BYFRON/scripts/Military Sword.txt
rc7BYFRON/scripts/Mini Peeps.txt
rc7BYFRON/scripts/MlgBall.txt
rc7BYFRON/scripts/NameHider_for_soros.txt
rc7BYFRON/scripts/Nuevo documento de texto.txt
rc7BYFRON/scripts/Operation.txt
rc7BYFRON/scripts/Orange Blades.txt
.js
rc7BYFRON/scripts/Parkour Script.txt
rc7BYFRON/scripts/PipeBomb Launcher.txt
.js
rc7BYFRON/scripts/Pistol.txt
.js
rc7BYFRON/scripts/Plasma Shotgun.txt
rc7BYFRON/scripts/Portal.txt
rc7BYFRON/scripts/RC7 Cloud.txt
rc7BYFRON/scripts/Rapier.txt
rc7BYFRON/scripts/RedCliff Knight.txt
rc7BYFRON/scripts/Rocky.txt
rc7BYFRON/scripts/SB Shotgun.txt
.js
rc7BYFRON/scripts/Santoryu.txt
rc7BYFRON/scripts/Sarshun.txt
rc7BYFRON/scripts/Scythe.txt
.js
rc7BYFRON/scripts/Scython_s Blades.txt
rc7BYFRON/scripts/Seokinji.txt
rc7BYFRON/scripts/ShoopDahWhoop.txt
rc7BYFRON/scripts/Shuriken.txt
rc7BYFRON/scripts/Silver Spear.txt
rc7BYFRON/scripts/TF2 Heavy.txt
.js
rc7BYFRON/scripts/TF2 Spy.txt
.js
rc7BYFRON/scripts/Tail.txt
rc7BYFRON/scripts/Taterazay.txt
rc7BYFRON/scripts/Techno Gauntlet.txt
.js
rc7BYFRON/scripts/Telekinesis.txt
rc7BYFRON/scripts/Teleport Tool.txt
rc7BYFRON/scripts/Time Blast.txt
rc7BYFRON/scripts/TopK3K_3.0.txt
.js
rc7BYFRON/scripts/Touch Me For Boom.txt
rc7BYFRON/scripts/Zeus Blade.txt
.js
rc7BYFRON/scripts/aimbot.lua
.js
rc7BYFRON/scripts/airstrike.txt
rc7BYFRON/scripts/angel_shotgun.txt
.js
rc7BYFRON/scripts/animations.txt
rc7BYFRON/scripts/archangel.txt
.js
rc7BYFRON/scripts/bladed dark titan.txt
.js
rc7BYFRON/scripts/c00lkid.txt
.js
rc7BYFRON/scripts/click tp tool.txt
rc7BYFRON/scripts/clvm_simplekatana.txt
rc7BYFRON/scripts/crimson_sonata.txt
.js
rc7BYFRON/scripts/cursed_hand.txt
.js
rc7BYFRON/scripts/esp.lua
rc7BYFRON/scripts/fap.txt
rc7BYFRON/scripts/fe freeze.txt
rc7BYFRON/scripts/gooby.txt
.js
rc7BYFRON/scripts/iorb.txt
.js
rc7BYFRON/scripts/jared_mech.txt
.js
rc7BYFRON/scripts/jeomom33_s dance.txt
rc7BYFRON/scripts/john.txt
.js
rc7BYFRON/scripts/kanagiken_armor.txt
rc7BYFRON/scripts/lagswitch.txt
.js
rc7BYFRON/scripts/magnet fe.txt
rc7BYFRON/scripts/mansion.txt
rc7BYFRON/scripts/map.txt
rc7BYFRON/scripts/my academia hero.txt
rc7BYFRON/scripts/natural disaster.txt
rc7BYFRON/scripts/noclip keybind.txt
rc7BYFRON/scripts/paperplane.txt
rc7BYFRON/scripts/permabandeath.txt
rc7BYFRON/scripts/plane.txt
rc7BYFRON/scripts/poison_lighting.txt
rc7BYFRON/scripts/portal_arm.txt
.js
rc7BYFRON/scripts/preload.txt
rc7BYFRON/scripts/purple_eletric_scythe.txt
.js
rc7BYFRON/scripts/rainbow_pad.txt
rc7BYFRON/scripts/ravager.txt
.js
rc7BYFRON/scripts/ride_spider.txt
.js
rc7BYFRON/scripts/seveninject.txt
.js
rc7BYFRON/scripts/shadow_katana.txt
.js
rc7BYFRON/scripts/shadow_lighting_fast.txt
.js
rc7BYFRON/scripts/tank.txt
rc7BYFRON/scripts/zeep299admin.lua
rc7BYFRON/scripts/zenatic_sword.txt
.js
rc7BYFRON/theme/Auto_In.bmp
rc7BYFRON/theme/Button_Clicked.bmp
rc7BYFRON/theme/Button_Hover.bmp
rc7BYFRON/theme/Button_Idle.bmp
rc7BYFRON/theme/Capture.png
.png
rc7BYFRON/theme/CaptureClick.png
.png
rc7BYFRON/theme/Config.txt
rc7BYFRON/theme/Execute.png
.png
rc7BYFRON/theme/ExecuteClick.png
.png
rc7BYFRON/theme/Google_Drive_In.bmp
rc7BYFRON/theme/Hide_Side.bmp
rc7BYFRON/theme/Krystal.PNG
.png
rc7BYFRON/theme/Krystal.bmp
rc7BYFRON/theme/Krystal_In.bmp
rc7BYFRON/theme/MainUi.bmp
rc7BYFRON/theme/Open.png
.png
rc7BYFRON/theme/OpenClick.png
.png
rc7BYFRON/theme/RC7 Startup.wav
rc7BYFRON/theme/README.txt
rc7BYFRON/theme/S_Button_Clicked.bmp
rc7BYFRON/theme/S_Button_Hover.bmp
rc7BYFRON/theme/S_Button_Idle.bmp
rc7BYFRON/theme/Save_In.bmp
rc7BYFRON/theme/Submit.bmp
rc7BYFRON/theme/SubmitClick.bmp
rc7BYFRON/theme/TextBox.bmp
rc7BYFRON/theme/Wofly_In.bmp
rc7BYFRON/theme/WordWrap_In.bmp

Sharing

General

Malware Config

Signatures

Files

1e0a2f651d87e423ffab4bddbb3945d7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msvcp120d

msvcr120

msvcr120d

Sections

.textbss Size: - Virtual size: 70KB

.text Size: 162KB - Virtual size: 162KB

.rdata Size: 23KB - Virtual size: 22KB

.data Size: 2KB - Virtual size: 3KB

.idata Size: 10KB - Virtual size: 10KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 7KB - Virtual size: 7KB

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 12KB - Virtual size: 9KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 234KB - Virtual size: 233KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

57127fa98e84d836ff1e07fcec0c9958

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 32KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 1KB - Virtual size: 8KB

.pdata Size: 2KB - Virtual size: 2KB

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 512B - Virtual size: 40B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 20KB - Virtual size: 20KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

.textbss
Size: - Virtual size: 70KB

.text
Size: 162KB - Virtual size: 162KB

.rdata
Size: 23KB - Virtual size: 22KB

.data
Size: 2KB - Virtual size: 3KB

.idata
Size: 10KB - Virtual size: 10KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 7KB

.text
Size: 12KB - Virtual size: 9KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 234KB - Virtual size: 233KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 32KB - Virtual size: 32KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 1KB - Virtual size: 8KB

.pdata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 512B - Virtual size: 40B

.text
Size: 20KB - Virtual size: 20KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 325KB - Virtual size: 324KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

33:00:00:03:7c:c9:f6:bc:ed:07:59:ae:08:00:00:00:00:03:7c
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

34:10:60:27:84:2f:c9:aa:4e:0d:62:34:a0:df:fc:bb:4b:5c:c1:bd:79:2c:13:08:cc:07:a8:ce:41:04:63:a4
Signer

.text
Size: 14KB - Virtual size: 14KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

33:00:00:03:7c:c9:f6:bc:ed:07:59:ae:08:00:00:00:00:03:7c
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

3b:c8:3d:51:ba:05:8e:97:b0:63:c4:65:c9:b7:16:85:07:c3:80:da:27:d0:b3:7e:6a:2c:5e:ad:31:fb:f9:31
Signer

.text
Size: 418KB - Virtual size: 417KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 19KB - Virtual size: 19KB

.rsrc
Size: 1024B - Virtual size: 856B

.reloc
Size: 512B - Virtual size: 12B