nanocore | 12345[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

12345.rar
Size

21.7MB
MD5

3dadce0de1686c632d20b96a511b3072
SHA1

9e5c707766d8696a6d1729df3670881690ee3e54
SHA256

c89df9ced3834fcfabe20b4e657da09f6cc62f3e974086401f79e282d983e59c
SHA512

dd0a6fc96102ca2a0df0d8715b3d0e3dda6afdafd835f0977e74b2229aa5435113a2b72d361dcf955f42b76252629e95afd9f4b88593d7408eaff8529eb4c375
SSDEEP

393216:b4YtFef8QTrX+pgeXECZtWgfP/3OP3MCyloDhytEqkS6E4zGpQ61X8Cp3swXrjr6:b4YIXBwEaHnGP32oDhSBp9SCp8wXrJsr

Score

10^/10

upx nanocore

Malware Config

Signatures

Nanocore family
nanocore

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack008/Proxy Finder Enterprise v3.0 Full/VisionSoft/EnterpriseE.exe	upx

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
static1/unpack006/HQScraper/Data/sysGQ.exe	autoit_exe

Unsigned PE 27 IoCs

Checks for missing Authenticode signature.

resource
unpack002/ALL IN ONE CHECKER(KAM3El)/All-In-One Checker_v24721.exe
unpack004/Gorillas Scraper/Extreme.Net.dll
unpack004/Gorillas Scraper/ExtremeSoft/Extreme.Net.dll
unpack004/Gorillas Scraper/ExtremeSoft/Extreme.exe
unpack004/Gorillas Scraper/ExtremeSoft/Ionic.Zip.dll
unpack004/Gorillas Scraper/ExtremeSoft/Jint.dll
unpack004/Gorillas Scraper/ExtremeSoft/Launcher.exe
unpack004/Gorillas Scraper/Gorillas Scraper.exe
unpack004/Gorillas Scraper/Jint.dll
unpack006/HQScraper/AngleSharp.dll
unpack006/HQScraper/Data/DiscordRPC.dll
unpack006/HQScraper/Data/Ionic.Zip.dll
unpack006/HQScraper/Data/Launcher.exe
unpack006/HQScraper/Data/secproc.dll
unpack006/HQScraper/Data/sysGQ.exe
unpack006/HQScraper/HQScraper.exe
unpack006/HQScraper/eappcfg.dll
unpack006/HQScraper/osbaseln.dll
unpack008/Proxy Finder Enterprise v3.0 Full/Proxy Finder Enterprise Edition.exe
unpack008/Proxy Finder Enterprise v3.0 Full/SkinSoft.VisualStyler.dll
unpack008/Proxy Finder Enterprise v3.0 Full/VisionSoft/EnterpriseE.exe
unpack009/out.upx
unpack008/Proxy Finder Enterprise v3.0 Full/VisionSoft/Ionic.Zip.dll
unpack008/Proxy Finder Enterprise v3.0 Full/VisionSoft/Launcher.exe
unpack008/Proxy Finder Enterprise v3.0 Full/VisionSoft/SkinSoft.VisualStyler.dll
unpack008/Proxy Finder Enterprise v3.0 Full/VisionSoft/xNet.dll
unpack008/Proxy Finder Enterprise v3.0 Full/xNet.dll

Files

12345.rar
.rar
50k+MAIL.COM+@Silverbullet_combo.txt
ALL IN ONE CHECKER(KAM3El).zip
.zip
ALL IN ONE CHECKER(KAM3El)/All-In-One Checker_v24721.exe
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 111KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.enigma1
Size: 6.8MB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.enigma2
Size: 264KB - Virtual size: 264KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ALL IN ONE CHECKER(KAM3El)/CriticalError.txt
ALL IN ONE CHECKER(KAM3El)/settings.xml
.xml
Socks5_Proxys__ULTRAVALIDCLOUD.txt
official_proxies.rar
.rar
Gorillas Scraper.rar
.rar
Gorillas Scraper/Extreme.Net.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\scarf\source\repos\Extreme.Net\obj\Debug\Extreme.Net.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Gorillas Scraper/ExtremeSoft/Extreme.Net.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\scarf\source\repos\Extreme.Net\obj\Debug\Extreme.Net.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Gorillas Scraper/ExtremeSoft/Extreme.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Josh\documents\visual studio 2010\Projects\Gorillas Scraper\Gorillas Scraper\obj\x86\Debug\Gorillas Scraper.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 173B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Gorillas Scraper/ExtremeSoft/Ionic.Zip.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\DotNetZip\Zip\obj\Debug\Ionic.Zip.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 478KB - Virtual size: 477KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Gorillas Scraper/ExtremeSoft/Jint.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\projects\jint\Jint\obj\Release\net451\Jint.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 242KB - Virtual size: 241KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 668B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Gorillas Scraper/ExtremeSoft/LICENCE.dat
.zip
Gorillas Scraper/ExtremeSoft/Launcher.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Gorillas Scraper/ExtremeSoft/mfc120chs.dll
.dll windows:6 windows x86 arch:x86

Code Sign

33:00:00:00:c5:96:40:60:4b:f4:de:ae:2e:00:00:00:00:00:c5
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-09-2016 17:58

Not After

07-09-2018 17:58

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:40:96:a9:ee:70:56:fe:cc:07:00:01:00:00:01:40
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18-08-2016 20:17

Not After

02-11-2017 20:17

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:8e:87:91:a4:57:1a:5f:ca:3e:00:00:00:00:00:8e
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

17-11-2016 22:09

Not After

17-02-2018 22:09

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b9:51:4e:6b:8b:95:85:05:b8:84:05:b0:a8:78:f7:1c:9a:b0:d6:3d:e6:ec:8c:3f:74:46:e2:b4:fb:33:2c:dc
Signer

Actual PE Digest

b9:51:4e:6b:8b:95:85:05:b8:84:05:b0:a8:78:f7:1c:9a:b0:d6:3d:e6:ec:8c:3f:74:46:e2:b4:fb:33:2c:dc

Digest Algorithm

sha256

PE Digest Matches

true

bb:09:4d:24:cb:20:7d:a5:4f:8e:81:54:49:65:7f:c3:0b:4a:38:91
Signer

Actual PE Digest

bb:09:4d:24:cb:20:7d:a5:4f:8e:81:54:49:65:7f:c3:0b:4a:38:91

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Gorillas Scraper/Gorillas Scraper.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\thorson\Desktop\Launcher1\Launcher\Launcher\obj\Debug\LUNCHER CRACKING.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 403KB - Virtual size: 402KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Gorillas Scraper/Jint.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\projects\jint\Jint\obj\Release\net451\Jint.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 242KB - Virtual size: 241KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 668B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Gorillas Scraper/Virus Total/desktop.ini
Gorillas Scraper/Virus Total/scan.txt
Gorillas Scraper/mfc120chs.dll
.dll windows:6 windows x86 arch:x86

Code Sign

33:00:00:00:c5:96:40:60:4b:f4:de:ae:2e:00:00:00:00:00:c5
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-09-2016 17:58

Not After

07-09-2018 17:58

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:40:96:a9:ee:70:56:fe:cc:07:00:01:00:00:01:40
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18-08-2016 20:17

Not After

02-11-2017 20:17

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:8e:87:91:a4:57:1a:5f:ca:3e:00:00:00:00:00:8e
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

17-11-2016 22:09

Not After

17-02-2018 22:09

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b9:51:4e:6b:8b:95:85:05:b8:84:05:b0:a8:78:f7:1c:9a:b0:d6:3d:e6:ec:8c:3f:74:46:e2:b4:fb:33:2c:dc
Signer

Actual PE Digest

b9:51:4e:6b:8b:95:85:05:b8:84:05:b0:a8:78:f7:1c:9a:b0:d6:3d:e6:ec:8c:3f:74:46:e2:b4:fb:33:2c:dc

Digest Algorithm

sha256

PE Digest Matches

true

bb:09:4d:24:cb:20:7d:a5:4f:8e:81:54:49:65:7f:c3:0b:4a:38:91
Signer

Actual PE Digest

bb:09:4d:24:cb:20:7d:a5:4f:8e:81:54:49:65:7f:c3:0b:4a:38:91

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
HQScraper.rar
.rar
HQScraper/AngleSharp.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\Code\AngleSharp\AngleSharp.Core\src\AngleSharp\bin\Release\net45\AngleSharp.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HQScraper/Data/AudioSes.dll
.dll regsvr32 windows:10 windows x86 arch:x86

3914a82d5955b5043566f9cffe3b46f7

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03-07-2018 20:45

Not After

26-07-2019 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:c6:68:ee:6e:70:8d:7c:98:98:0c:a5:2a:e3:72:0a:1b:12:84:9e:75:07:b9:9d:19:81:aa:22:51:3c:34:ed
Signer

Actual PE Digest

52:c6:68:ee:6e:70:8d:7c:98:98:0c:a5:2a:e3:72:0a:1b:12:84:9e:75:07:b9:9d:19:81:aa:22:51:3c:34:ed

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

audioses.pdb

Imports

msvcp_win

_Mtx_unlock
_Mtx_lock
_Mtx_init_in_situ
?_Xbad_function_call@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Throw_C_error@std@@YAXH@Z
_Mtx_destroy_in_situ

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__localtime64_s
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_dll
_o__wcsicmp
_o__wcsnicmp
memmove
_o__wsplitpath_s
_o__wtof
_o__wtoi
_o_calloc
_o_ceil
_o_floor
_o_free
_o_log2
_o_malloc
_o_realloc
_o_terminate
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wmemcpy_s
wcschr
_except_handler4_common
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__CIsqrt
_o__CIsin
_o__CIpow
_o__CIlog10
_o__cexit
_o__aligned_malloc
_o__aligned_free
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler3
_CxxThrowException
memcmp
memcpy

rpcrt4

NdrDllUnregisterProxy
CStdStubBuffer_Connect
NdrClientCall4
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
IUnknown_QueryInterface_Proxy
NdrCStdStubBuffer_Release
CStdStubBuffer_Disconnect
CStdStubBuffer_DebugServerRelease
NdrOleAllocate
I_RpcExceptionFilter
RpcSmDestroyClientContext
CStdStubBuffer_QueryInterface
CStdStubBuffer_CountRefs
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcStringFreeW
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
CStdStubBuffer_AddRef
NdrOleFree
CStdStubBuffer_DebugServerQueryInterface
I_RpcMapWin32Status
NdrDllCanUnloadNow
RpcBindingFree
NdrDllGetClassObject
NdrDllRegisterProxy

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient19
ObjectStublessClient7
ObjectStublessClient6
ObjectStublessClient8
ObjectStublessClient9
ObjectStublessClient5
ObjectStublessClient20
ObjectStublessClient18
ObjectStublessClient17
ObjectStublessClient3
ObjectStublessClient10
ObjectStublessClient22
ObjectStublessClient15
ObjectStublessClient11
ObjectStublessClient14
ObjectStublessClient12
ObjectStublessClient16
ObjectStublessClient4
ObjectStublessClient21
ObjectStublessClient13

oleaut32

VariantTimeToSystemTime
SystemTimeToVariantTime
BSTR_UserSize
BSTR_UserFree
LPSAFEARRAY_UserSize
LPSAFEARRAY_UserFree
LPSAFEARRAY_UserUnmarshal
BSTR_UserUnmarshal
VarUI4FromStr
BSTR_UserMarshal
LPSAFEARRAY_UserMarshal

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
FindResourceExW
GetModuleHandleExW
GetModuleHandleW
FreeLibrary
LockResource
LoadLibraryExW
SizeofResource
GetModuleFileNameA
DisableThreadLibraryCalls
LoadResource
GetProcAddress

api-ms-win-core-localization-l1-2-0

GetThreadLocale
FormatMessageW
SetThreadLocale

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceExecuteOnce
Sleep
InitOnceInitialize
InitOnceComplete

api-ms-win-core-synch-l1-1-0

CreateEventExW
DeleteCriticalSection
SetEvent
AcquireSRWLockShared
CreateMutexExW
ReleaseSemaphore
InitializeSRWLock
WaitForSingleObject
InitializeCriticalSection
InitializeCriticalSectionEx
CreateSemaphoreExW
CancelWaitableTimer
ReleaseSRWLockShared
TryEnterCriticalSection
LeaveCriticalSection
ReleaseMutex
WaitForMultipleObjectsEx
ReleaseSRWLockExclusive
ResetEvent
OpenSemaphoreW
CreateWaitableTimerExW
EnterCriticalSection
SetWaitableTimer
AcquireSRWLockExclusive
CreateEventW
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx

api-ms-win-core-heap-l1-1-0

HeapSize
HeapReAlloc
HeapAlloc
HeapFree
HeapDestroy
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsDeleteString
WindowsCreateStringReference
WindowsGetStringLen
WindowsGetStringRawBuffer
WindowsCompareStringOrdinal
WindowsDuplicateString
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull

api-ms-win-core-com-l1-1-0

CLSIDFromString
CoUninitialize
CoCreateGuid
StringFromGUID2
CoCreateInstance
CoTaskMemRealloc
CoCreateFreeThreadedMarshaler
PropVariantCopy
CoTaskMemAlloc
CoWaitForMultipleHandles
CoTaskMemFree
CoInitializeEx
CoGetApartmentType
PropVariantClear

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegOpenKeyExW
RegGetValueW
RegQueryInfoKeyW
RegCloseKey
RegQueryValueExW
RegCreateKeyExW
RegEnumKeyExW
RegDeleteValueW

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventUnregister
EventActivityIdControl
EventWriteTransfer
EventRegister

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
RegisterTraceGuidsW
TraceEvent
GetTraceEnableLevel
GetTraceEnableFlags
TraceMessage
GetTraceLoggerHandle

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId
TerminateProcess
CreateThread
GetCurrentThread
SetThreadPriority

api-ms-win-core-string-l2-1-0

IsCharAlphaW
CharNextW

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
RoOriginateErrorW
SetRestrictedErrorInfo
RoOriginateError

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolThreadMinimum
SetThreadpoolThreadMaximum
CloseThreadpoolWork
CreateThreadpool
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer
SubmitThreadpoolWork
TrySubmitThreadpoolCallback
CreateThreadpoolTimer
CloseThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
CreateThreadpoolCleanupGroup
CreateThreadpoolWork
CloseThreadpool

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrcmpW

mmdevapi

ord29
ord11
ord30
ord5
ord10

api-ms-win-power-base-l1-1-0

PowerRegisterSuspendResumeNotification
PowerUnregisterSuspendResumeNotification

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-memory-l1-1-0

MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
MapViewOfFileEx

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-file-l1-1-0

GetFileSize
CreateFileW

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

api-ms-win-core-winrt-robuffer-l1-1-0

RoGetBufferMarshaler

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-memory-l1-1-1

GetProcessWorkingSetSizeEx
VirtualLock
VirtualUnlock
SetProcessWorkingSetSizeEx
PrefetchVirtualMemory

api-ms-win-devices-config-l1-1-1

CM_Get_Device_Interface_ListW
CM_Get_Device_Interface_List_SizeW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-winrt-error-l1-1-1

RoReportFailedDelegate
IsErrorPropagationEnabled
RoGetMatchingRestrictedErrorInfo

api-ms-win-service-management-l1-1-0

CloseServiceHandle
OpenServiceW
OpenSCManagerW

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus

api-ms-win-core-windowserrorreporting-l1-1-0

WerRegisterMemoryBlock

api-ms-win-mm-time-l1-1-0

timeBeginPeriod

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy
IsProcessorFeaturePresent

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-featurestaging-l1-1-0

GetFeatureEnabledState
SubscribeFeatureStateChangeNotification
UnsubscribeFeatureStateChangeNotification
RecordFeatureUsage

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

ntdll

RtlLockMemoryZone
RtlFreeMemoryBlockLookaside
RtlCreateMemoryZone
RtlDestroyMemoryBlockLookaside
RtlExtendMemoryBlockLookaside
EtwRegisterTraceGuidsW
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwGetTraceEnableFlags
EtwUnregisterTraceGuids
RtlQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlEqualWnfChangeStamps
ShipAssert
RtlQueryPackageClaims
RtlCreateMemoryBlockLookaside
RtlDestroyMemoryZone
RtlAllocateMemoryBlockLookaside
RtlAllocateMemoryZone
RtlUnlockMemoryZone
NtQueryInformationThread
NtAlpcConnectPort
RtlInitUnicodeStringEx
RtlSetLastWin32ErrorAndNtStatusFromNtStatus
AlpcInitializeMessageAttribute
AlpcGetMessageAttribute
NtAlpcSendWaitReceivePort
NtSetInformationThread
NtQueryInformationProcess
RtlNtStatusToDosError

api-ms-win-service-private-l1-1-0

SubscribeServiceChangeNotifications
UnsubscribeServiceChangeNotifications

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 969KB - Virtual size: 969KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 512B - Virtual size: 327B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_BSS
Size: - Virtual size: 40B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_CONST
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

RT_DATA
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HQScraper/Data/DiscordRPC.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\projects\discord-rpc-csharp\DiscordRPC\obj\Release\DiscordRPC.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 916B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HQScraper/Data/Ionic.Zip.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\DotNetZip\Zip\obj\Debug\Ionic.Zip.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 478KB - Virtual size: 477KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HQScraper/Data/LICENCE.dat
.zip
HQScraper/Data/Launcher.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HQScraper/Data/netstandard.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:00:c1:09:f8:02:41:bb:4d:aa:dc:00:00:00:00:00:c1
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-09-2016 17:58

Not After

07-09-2018 17:58

Subject

CN=Microsoft Time-Stamp Service,OU=AOC+OU=nCipher DSE ESN:12E7-3064-6112,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:79:7c:2e:57:4e:52:e1:ca:d6:00:01:00:00:01:79
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11-08-2017 20:11

Not After

11-08-2018 20:11

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:c4:e9:89:f8:7a:81:50:e9:ff:00:00:00:00:00:c4
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11-08-2017 20:20

Not After

11-08-2018 20:20

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8e:56:4d:05:69:0c:fa:09:46:27:ef:0b:e8:36:5f:b0:7b:27:1c:55:01:fc:39:d0:19:d8:78:be:b9:ce:56:66
Signer

Actual PE Digest

8e:56:4d:05:69:0c:fa:09:46:27:ef:0b:e8:36:5f:b0:7b:27:1c:55:01:fc:39:d0:19:d8:78:be:b9:ce:56:66

Digest Algorithm

sha256

PE Digest Matches

true

8d:e0:1e:69:c8:d1:ea:17:33:ff:e8:81:e3:03:2e:80:ff:4c:05:f6
Signer

Actual PE Digest

8d:e0:1e:69:c8:d1:ea:17:33:ff:e8:81:e3:03:2e:80:ff:4c:05:f6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HQScraper/Data/proxies.txt
HQScraper/Data/secproc.dll
.dll windows:10 windows x86 arch:x86

1b3ad66a3bd78a19068f0e837f379b1e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

secproc.pdb

Imports

msvcrt

??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
_CxxThrowException
_XcptFilter
_amsg_exit
wcsncmp
_wcstoi64
??0exception@@QAE@ABQBD@Z
memcpy
wcsrchr
_wcsnicmp
wcsstr
wcstol
wcscpy_s
_wcsicmp
??0exception@@QAE@ABV0@@Z
_initterm
_lock
_unlock
__dllonexit
wcstombs
_onexit
??1type_info@@UAE@XZ
_callnewh
malloc
free
memmove
__CxxFrameHandler3
_purecall
_except_handler4_common
memcmp
memset

api-ms-win-core-memory-l1-1-0

VirtualProtect
VirtualAlloc
VirtualFree

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
DeleteCriticalSection
CreateMutexA
ReleaseMutex
WaitForSingleObject

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
GetCurrentProcess

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
LoadLibraryExW
GetModuleHandleW
GetModuleFileNameW
GetProcAddress
DisableThreadLibraryCalls

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
GetTraceEnableLevel
TraceMessage
UnregisterTraceGuids
GetTraceEnableFlags

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemTime
GetSystemWindowsDirectoryW
GetSystemDirectoryW
GetTickCount
GetVersionExA

api-ms-win-core-file-l1-1-0

GetLogicalDriveStringsW
GetFileAttributesExW
GetDriveTypeW
GetVolumeInformationW
CreateFileA
CreateFileW
SetFilePointer
SetFileTime
GetFileTime
CompareFileTime
ReadFile
WriteFile

api-ms-win-core-com-l1-1-0

CoTaskMemFree

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-heap-l2-1-0

LocalFree

crypt32

CertVerifyCertificateChainPolicy
CryptUnprotectData

api-ms-win-core-version-l1-1-0

GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

cryptsp

CryptDestroyHash
CryptSetKeyParam
CryptSetHashParam
CryptExportKey
CryptHashData
CryptAcquireContextW
CryptGenKey
CryptDeriveKey
CryptCreateHash
CryptDecrypt
CryptGenRandom
CryptEncrypt
CryptContextAddRef
CryptReleaseContext
CryptSignHashA
CryptDestroyKey
CryptImportKey
CryptDuplicateKey
CryptGetKeyParam
CryptGetHashParam
CryptVerifySignatureA
CryptGetDefaultProviderW

api-ms-win-eventing-obsolete-l1-1-0

RegisterTraceGuidsA

api-ms-win-core-toolhelp-l1-1-0

CreateToolhelp32Snapshot
Module32FirstW
Module32NextW

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WinVerifyTrust

msdrm

DRMGetUnboundLicenseAttributeCount
DRMGetUnboundLicenseObject
DRMGetUnboundLicenseAttribute
DRMGetUnboundLicenseObjectCount
DRMCloseQueryHandle
DRMParseUnboundLicense

api-ms-win-core-registry-l1-1-0

RegCreateKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA
RegOpenKeyExA

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

SPAttest
SPBindLicense
SPCheckEnvironmentSecurity
SPCloseHandle
SPCommit
SPCreateDecryptor
SPCreateEnablingPrincipal
SPCreateEncryptor
SPCreatePCE
SPCreateSecurityProcessor
SPDecrypt
SPDecryptFinal
SPDecryptUpdate
SPEnableAndEncrypt
SPEnablePublishingLicense
SPEncrypt
SPEncryptFinal
SPEncryptUpdate
SPGetBoundRightKey
SPGetCurrentTime
SPGetInfo
SPGetLicenseAttribute
SPGetLicenseAttributeCount
SPGetLicenseObject
SPGetLicenseObjectCount
SPGetProcAddress
SPIsActivated
SPLoadLibrary
SPRegisterRevocationList
SPSign

Sections

.text
Size: 321KB - Virtual size: 321KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HQScraper/Data/sysGQ.exe
.exe windows:5 windows x86 arch:x86

eb97e4fc5518ac300a92a11673825e0b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSACleanup
socket
inet_ntoa
setsockopt
ntohs
recvfrom
ioctlsocket
htons
WSAStartup
__WSAFDIsSet
select
accept
listen
bind
closesocket
WSAGetLastError
recv
sendto
send
inet_addr
gethostbyname
gethostname
connect

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

winmm

timeGetTime
waveOutSetVolume
mciSendStringW

comctl32

ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Remove
ImageList_SetDragCursorImage
ImageList_BeginDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_EndDrag
ImageList_DragMove
InitCommonControlsEx
ImageList_Create

mpr

WNetUseConnectionW
WNetCancelConnection2W
WNetGetConnectionW
WNetAddConnection2W

wininet

InternetQueryDataAvailable
InternetCloseHandle
InternetOpenW
InternetSetOptionW
InternetCrackUrlW
HttpQueryInfoW
InternetQueryOptionW
HttpOpenRequestW
HttpSendRequestW
FtpOpenFileW
FtpGetFileSize
InternetOpenUrlW
InternetReadFile
InternetConnectW

psapi

GetProcessMemoryInfo

iphlpapi

IcmpCreateFile
IcmpCloseHandle
IcmpSendEcho

userenv

DestroyEnvironmentBlock
UnloadUserProfile
CreateEnvironmentBlock
LoadUserProfileW

uxtheme

IsThemeActive

kernel32

DuplicateHandle
CreateThread
WaitForSingleObject
HeapAlloc
GetProcessHeap
HeapFree
Sleep
GetCurrentThreadId
MultiByteToWideChar
MulDiv
GetVersionExW
IsWow64Process
GetSystemInfo
FreeLibrary
LoadLibraryA
GetProcAddress
SetErrorMode
GetModuleFileNameW
WideCharToMultiByte
lstrcpyW
lstrlenW
GetModuleHandleW
QueryPerformanceCounter
VirtualFreeEx
OpenProcess
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
CreateFileW
SetFilePointerEx
SetEndOfFile
ReadFile
WriteFile
FlushFileBuffers
TerminateProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SetFileTime
GetFileAttributesW
FindFirstFileW
SetCurrentDirectoryW
GetLongPathNameW
GetShortPathNameW
DeleteFileW
FindNextFileW
CopyFileExW
MoveFileW
CreateDirectoryW
RemoveDirectoryW
SetSystemPowerState
QueryPerformanceFrequency
FindResourceW
LoadResource
LockResource
SizeofResource
EnumResourceNamesW
OutputDebugStringW
GetTempPathW
GetTempFileNameW
DeviceIoControl
GetLocalTime
CompareStringW
GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection
GetStdHandle
CreatePipe
InterlockedExchange
TerminateThread
LoadLibraryExW
FindResourceExW
CopyFileW
VirtualFree
FormatMessageW
GetExitCodeProcess
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileSectionW
WritePrivateProfileSectionW
GetPrivateProfileSectionNamesW
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetDriveTypeW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetVolumeInformationW
SetVolumeLabelW
CreateHardLinkW
SetFileAttributesW
CreateEventW
SetEvent
GetEnvironmentVariableW
SetEnvironmentVariableW
GlobalLock
GlobalUnlock
GlobalAlloc
GetFileSize
GlobalFree
GlobalMemoryStatusEx
Beep
GetSystemDirectoryW
HeapReAlloc
HeapSize
GetComputerNameW
GetWindowsDirectoryW
GetCurrentProcessId
GetProcessIoCounters
CreateProcessW
GetProcessId
SetPriorityClass
LoadLibraryW
VirtualAlloc
IsDebuggerPresent
GetCurrentDirectoryW
lstrcmpiW
DecodePointer
GetLastError
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
GetCurrentThread
CloseHandle
GetFullPathNameW
EncodePointer
ExitProcess
GetModuleHandleExW
ExitThread
GetSystemTimeAsFileTime
ResumeThread
GetCommandLineW
IsProcessorFeaturePresent
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetStringTypeW
SetStdHandle
GetFileType
GetConsoleCP
GetConsoleMode
RtlUnwind
ReadConsoleW
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
LCMapStringW
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
FindClose
SetEnvironmentVariableA

user32

AdjustWindowRectEx
CopyImage
SetWindowPos
GetCursorInfo
RegisterHotKey
ClientToScreen
GetKeyboardLayoutNameW
IsCharAlphaW
IsCharAlphaNumericW
IsCharLowerW
IsCharUpperW
GetMenuStringW
GetSubMenu
GetCaretPos
IsZoomed
MonitorFromPoint
GetMonitorInfoW
SetWindowLongW
SetLayeredWindowAttributes
FlashWindow
GetClassLongW
TranslateAcceleratorW
IsDialogMessageW
GetSysColor
InflateRect
DrawFocusRect
DrawTextW
FrameRect
DrawFrameControl
FillRect
PtInRect
DestroyAcceleratorTable
CreateAcceleratorTableW
SetCursor
GetWindowDC
GetSystemMetrics
GetActiveWindow
CharNextW
wsprintfW
RedrawWindow
DrawMenuBar
DestroyMenu
SetMenu
GetWindowTextLengthW
CreateMenu
IsDlgButtonChecked
DefDlgProcW
CallWindowProcW
ReleaseCapture
SetCapture
CreateIconFromResourceEx
mouse_event
ExitWindowsEx
SetActiveWindow
FindWindowExW
EnumThreadWindows
SetMenuDefaultItem
InsertMenuItemW
IsMenu
TrackPopupMenuEx
GetCursorPos
DeleteMenu
SetRect
GetMenuItemID
GetMenuItemCount
SetMenuItemInfoW
GetMenuItemInfoW
SetForegroundWindow
IsIconic
FindWindowW
MonitorFromRect
keybd_event
SendInput
GetAsyncKeyState
SetKeyboardState
GetKeyboardState
GetKeyState
VkKeyScanW
LoadStringW
DialogBoxParamW
MessageBeep
EndDialog
SendDlgItemMessageW
GetDlgItem
SetWindowTextW
CopyRect
ReleaseDC
GetDC
EndPaint
BeginPaint
GetClientRect
GetMenu
DestroyWindow
EnumWindows
GetDesktopWindow
IsWindow
IsWindowEnabled
IsWindowVisible
EnableWindow
InvalidateRect
GetWindowLongW
GetWindowThreadProcessId
AttachThreadInput
GetFocus
GetWindowTextW
ScreenToClient
SendMessageTimeoutW
EnumChildWindows
CharUpperBuffW
GetParent
GetDlgCtrlID
SendMessageW
MapVirtualKeyW
PostMessageW
GetWindowRect
SetUserObjectSecurity
CloseDesktop
CloseWindowStation
OpenDesktopW
SetProcessWindowStation
GetProcessWindowStation
OpenWindowStationW
GetUserObjectSecurity
MessageBoxW
DefWindowProcW
SetClipboardData
EmptyClipboard
CountClipboardFormats
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
BlockInput
GetMessageW
LockWindowUpdate
DispatchMessageW
TranslateMessage
PeekMessageW
UnregisterHotKey
CheckMenuRadioItem
CharLowerBuffW
MoveWindow
SetFocus
PostQuitMessage
KillTimer
CreatePopupMenu
RegisterWindowMessageW
SetTimer
ShowWindow
CreateWindowExW
RegisterClassExW
LoadIconW
LoadCursorW
GetSysColorBrush
GetForegroundWindow
MessageBoxA
DestroyIcon
SystemParametersInfoW
LoadImageW
GetClassNameW

gdi32

StrokePath
DeleteObject
GetTextExtentPoint32W
ExtCreatePen
GetDeviceCaps
EndPath
SetPixel
CloseFigure
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
StretchBlt
GetDIBits
LineTo
AngleArc
MoveToEx
Ellipse
DeleteDC
GetPixel
CreateDCW
GetStockObject
GetTextFaceW
CreateFontW
SetTextColor
PolyDraw
BeginPath
Rectangle
SetViewportOrgEx
GetObjectW
SetBkMode
RoundRect
SetBkColor
CreatePen
CreateSolidBrush
StrokeAndFillPath

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

GetAce
RegEnumValueW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegConnectRegistryW
InitializeSecurityDescriptor
InitializeAcl
AdjustTokenPrivileges
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueW
DuplicateTokenEx
CreateProcessAsUserW
CreateProcessWithLogonW
GetLengthSid
CopySid
LogonUserW
AllocateAndInitializeSid
CheckTokenMembership
RegCreateKeyExW
FreeSid
GetTokenInformation
GetSecurityDescriptorDacl
GetAclInformation
AddAce
SetSecurityDescriptorDacl
GetUserNameW
InitiateSystemShutdownExW

shell32

DragQueryPoint
ShellExecuteExW
DragQueryFileW
SHEmptyRecycleBinW
SHGetPathFromIDListW
SHBrowseForFolderW
SHCreateShellItem
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetFolderPathW
SHFileOperationW
ExtractIconExW
Shell_NotifyIconW
ShellExecuteW
DragFinish

ole32

CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
ProgIDFromCLSID
CLSIDFromProgID
OleSetMenuDescriptor
MkParseDisplayName
OleSetContainedObject
CoCreateInstance
IIDFromString
StringFromGUID2
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoInitialize
CoUninitialize
GetRunningObjectTable
CoGetInstanceFromFile
CoGetObject
CoSetProxyBlanket
CoCreateInstanceEx
CoInitializeSecurity

oleaut32

LoadTypeLibEx
VariantCopyInd
SysReAllocString
SysFreeString
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayAllocData
SafeArrayAllocDescriptorEx
SafeArrayCreateVector
RegisterTypeLi
CreateStdDispatch
DispCallFunc
VariantChangeType
SysStringLen
VariantTimeToSystemTime
VarR8FromDec
SafeArrayGetVartype
VariantCopy
VariantClear
OleLoadPicture
QueryPathOfRegTypeLi
RegisterTypeLibForUser
UnRegisterTypeLibForUser
UnRegisterTypeLi
CreateDispTypeInfo
SysAllocString
VariantInit

Sections

.text
Size: 567KB - Virtual size: 567KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 467KB - Virtual size: 467KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HQScraper/HQScraper.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\thorson\Desktop\Launcher1\Launcher\Launcher\obj\Debug\LUNCHER CRACKING.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 214KB - Virtual size: 213KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HQScraper/Virus Total/desktop.ini
HQScraper/Virus Total/scan.txt
HQScraper/eappcfg.dll
.dll windows:10 windows x86 arch:x86

5a0044836b791222e0b3b32cdc02e151

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

eappcfg.pdb

Imports

msvcrt

_unlock
_lock
_initterm
malloc
__dllonexit
free
wcsrchr
_vsnwprintf
_vsnprintf
memcpy_s
_onexit
swprintf_s
_wtol
_beginthreadex
wcscat_s
_endthreadex
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__CxxFrameHandler3
_amsg_exit
_XcptFilter
memmove
_except_handler4_common
memcpy
_CxxThrowException
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABQBD@Z
memcmp
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
_purecall
_snwprintf_s
memset

ntdll

DbgPrint
EtwEventEnabled
EtwEventWriteTransfer
EtwTraceMessage
EtwEventRegister
EtwEventUnregister
EtwUnregisterTraceGuids
EtwGetTraceEnableFlags
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwRegisterTraceGuidsW

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleFileNameW
GetProcAddress
FreeLibrary
GetModuleHandleExW
GetModuleHandleW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-synch-l1-1-0

WaitForMultipleObjectsEx
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemInfo
GetSystemTimeAsFileTime
GetVersionExW
GetSystemDirectoryW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc
HeapSize

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-memory-l1-1-0

MapViewOfFile
UnmapViewOfFile
CreateFileMappingW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegOpenKeyExW
RegLoadMUIStringW
RegEnumKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegCloseKey

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

EapHostPeerConfigBlob2Xml
EapHostPeerConfigXml2Blob
EapHostPeerCreateMethodConfiguration
EapHostPeerCredentialsXml2Blob
EapHostPeerFreeErrorMemory
EapHostPeerFreeMemory
EapHostPeerGetMethodProperties
EapHostPeerGetMethods
EapHostPeerInvokeConfigUI
EapHostPeerInvokeIdentityUI
EapHostPeerInvokeInteractiveUI
EapHostPeerQueryCredentialInputFields
EapHostPeerQueryInteractiveUIInputFields
EapHostPeerQueryUIBlobFromInteractiveUIInputFields
EapHostPeerQueryUserBlobFromCredentialInputFields

Sections

.text
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HQScraper/msstdfmt.dll
.dll regsvr32 windows:4 windows x86 arch:x86

05d82c1b35d3ca52ca25a3997ff97720

Code Sign

33:00:00:00:2b:39:32:48:c1:b2:c9:48:f3:00:00:00:00:00:2b
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-09-2012 21:12

Not After

04-12-2013 21:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24-01-2013 22:33

Not After

24-04-2014 22:33

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

18:00:49:7b:95:e1:fa:ac:d8:2c:46:92:c6:d8:45:3a:c2:dd:56:b1
Signer

Actual PE Digest

18:00:49:7b:95:e1:fa:ac:d8:2c:46:92:c6:d8:45:3a:c2:dd:56:b1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
DisableThreadLibraryCalls
InitializeCriticalSection
GetVersion
GetProcAddress
GetFileAttributesA
GetModuleFileNameA
InterlockedIncrement
InterlockedDecrement
FreeLibrary
LoadLibraryA
GetLastError
LockResource
LoadResource
FindResourceA
GetModuleHandleA
lstrcmpW
CompareStringW
MultiByteToWideChar
GetLocaleInfoW
IsDBCSLeadByte
EnterCriticalSection
EnumSystemLocalesA
LeaveCriticalSection
EnumDateFormatsA
CompareStringA
EnumTimeFormatsA
lstrlenA
lstrcmpA
lstrlenW
WideCharToMultiByte
lstrcmpiA
GetSystemTime
GetLocaleInfoA
HeapReAlloc
HeapFree
GetThreadLocale
GetProcessHeap
GetWindowsDirectoryA
HeapAlloc

user32

CallWindowProcA
PtInRect
GetFocus
ReleaseCapture
SetCapture
GetCapture
InvalidateRect
ScrollWindowEx
EnableWindow
GetDlgItem
SetWindowRgn
SendMessageA
SetDlgItemTextA
ShowWindow
SetParent
SetWindowLongA
CharNextA
GetDC
ReleaseDC
wsprintfA
UnregisterClassA
DestroyWindow
GetSystemMetrics
IntersectRect
EqualRect
OffsetRect
ClientToScreen
IsWindow
GetActiveWindow
MoveWindow
SetFocus
BeginPaint
GetClientRect
EndPaint
GetWindowRect
DefWindowProcA
RegisterClassA
CreateWindowExA
wsprintfW
CreateDialogIndirectParamA
GetParent
GetWindowLongA
GetKeyState
IsChild
IsWindowEnabled
GetNextDlgTabItem
GetWindow
IsDialogMessageA
WinHelpA
SendDlgItemMessageA
SetWindowPos
GetDlgItemTextA
IsDlgButtonChecked
GetDlgItemInt
MessageBoxA
LoadStringA
SetDlgItemInt
IsWindowVisible

ole32

CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemAlloc
CreateOleAdviseHolder

advapi32

RegDeleteValueA
RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyExA
RegQueryValueExA

oleaut32

CreateErrorInfo
SetErrorInfo
LoadRegTypeLi
LoadTypeLibEx
UnRegisterTypeLi
LoadTypeLi
RegisterTypeLi
SystemTimeToVariantTime
OleLoadPicture
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
VariantChangeType
VariantChangeTypeEx
SysReAllocStringLen
SysAllocStringLen
VariantInit
VariantCopy
SysAllocString
SysStringLen
SysFreeString
VariantClear
OleCreatePropertyFrame

gdi32

GetDeviceCaps
CreateRectRgnIndirect
GetViewportExtEx
GetWindowExtEx
LPtoDP
DeleteDC
SetMapMode
SetViewportExtEx
SetWindowExtEx
SetViewportOrgEx
SetWindowOrgEx
CreateDCA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HQScraper/osbaseln.dll
.dll windows:10 windows x86 arch:x86

39ad0e3d05f6338dfde6be312e77833e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

osbaseln.pdb

Imports

msvcrt

_except_handler4_common
_initterm
malloc
free
_amsg_exit
_XcptFilter
wcsncmp
wcstoul
iswctype
_vsnwprintf
strtoul
isdigit
memcpy

kernel32

GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
DisableThreadLibraryCalls
HeapAlloc
GetProcessHeap
HeapFree
Sleep
TerminateProcess
SetUnhandledExceptionFilter
GetCurrentProcess
UnhandledExceptionFilter

advapi32

RegSetValueExW
RegDeleteValueW
RegQueryMultipleValuesW
RegEnumKeyExW
RegQueryValueExW
RegOpenKeyExW
RegQueryMultipleValuesA
RegCloseKey
RegEnumKeyExA
RegQueryValueExA
RegOpenKeyExA

Exports

Exports

CloseOsBaseline
EnumOsBaselineComponentsA
EnumOsBaselineComponentsW
EnumOsOutOfDateComponentsA
EnumOsOutOfDateComponentsW
GetOsBaselineComponentInfoA
GetOsBaselineComponentInfoW
GetOsInstalledComponentInfoA
GetOsInstalledComponentInfoW
GetOsLatestBaselineServicePack
OpenOsBaseline
pGetOsBaselineCurrentVersion
pGetOsCurrentBaselineServicePack
pOpenOsBaselineByVersion

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 652B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Proxy Finder Enterprise v3.0 Full.rar
.rar
Proxy Finder Enterprise v3.0 Full/Proxy Finder Enterprise Edition.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\thorson\Desktop\Launcher1\Launcher\Launcher\obj\Debug\LUNCHER CRACKING.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Proxy Finder Enterprise v3.0 Full/SkinSoft.VisualStyler.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 961KB - Virtual size: 961KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Proxy Finder Enterprise v3.0 Full/Virus Total/desktop.ini
Proxy Finder Enterprise v3.0 Full/Virus Total/scan.txt
Proxy Finder Enterprise v3.0 Full/VisionSoft/EnterpriseE.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 444KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 232KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 382KB - Virtual size: 384KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 25KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 142KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Proxy Finder Enterprise v3.0 Full/VisionSoft/Ionic.Zip.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\DotNetZip\Zip\obj\Debug\Ionic.Zip.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 478KB - Virtual size: 477KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Proxy Finder Enterprise v3.0 Full/VisionSoft/LICENCE.dat
.zip
Proxy Finder Enterprise v3.0 Full/VisionSoft/Launcher.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Proxy Finder Enterprise v3.0 Full/VisionSoft/SkinSoft.VisualStyler.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 961KB - Virtual size: 961KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Proxy Finder Enterprise v3.0 Full/VisionSoft/xNet.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Users\Илья\Documents\Visual Studio 2013\Projects\BTC\UPD\LITB MITB — копия — копия — копия\WindowsFormsApplication13\bin\Debug\Работа с прокси\xNet-master\obj\Debug\xNet.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Proxy Finder Enterprise v3.0 Full/xNet.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Users\Илья\Documents\Visual Studio 2013\Projects\BTC\UPD\LITB MITB — копия — копия — копия\WindowsFormsApplication13\bin\Debug\Работа с прокси\xNet-master\obj\Debug\xNet.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Proxy Scraper V1 by Scorpio.rar
.rar
ProxyFire Master Suite Professional 1.25.rar
.rar
Xutility - Combo & Proxy AIO Tool.rar
.rar
proxies.txt

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rsrc Size: 111KB - Virtual size: 112KB

.reloc Size: 512B - Virtual size: 12B

.enigma1 Size: 6.8MB - Virtual size: 8KB

.enigma2 Size: 264KB - Virtual size: 264KB

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 117KB - Virtual size: 117KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 117KB - Virtual size: 117KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 59KB - Virtual size: 59KB

.sdata Size: 512B - Virtual size: 173B

.rsrc Size: 103KB - Virtual size: 103KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 478KB - Virtual size: 477KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 242KB - Virtual size: 241KB

.rsrc Size: 1024B - Virtual size: 668B

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 50KB - Virtual size: 50KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 1.1MB - Virtual size: 1.1MB

.rsrc
Size: 111KB - Virtual size: 112KB

.reloc
Size: 512B - Virtual size: 12B

.enigma1
Size: 6.8MB - Virtual size: 8KB

.enigma2
Size: 264KB - Virtual size: 264KB

.text
Size: 117KB - Virtual size: 117KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 117KB - Virtual size: 117KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 59KB - Virtual size: 59KB

.sdata
Size: 512B - Virtual size: 173B

.rsrc
Size: 103KB - Virtual size: 103KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 478KB - Virtual size: 477KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 242KB - Virtual size: 241KB

.rsrc
Size: 1024B - Virtual size: 668B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 50KB - Virtual size: 50KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

33:00:00:00:c5:96:40:60:4b:f4:de:ae:2e:00:00:00:00:00:c5
Certificate

33:00:00:01:40:96:a9:ee:70:56:fe:cc:07:00:01:00:00:01:40
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:00:8e:87:91:a4:57:1a:5f:ca:3e:00:00:00:00:00:8e
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

b9:51:4e:6b:8b:95:85:05:b8:84:05:b0:a8:78:f7:1c:9a:b0:d6:3d:e6:ec:8c:3f:74:46:e2:b4:fb:33:2c:dc
Signer

bb:09:4d:24:cb:20:7d:a5:4f:8e:81:54:49:65:7f:c3:0b:4a:38:91
Signer

.rsrc
Size: 29KB - Virtual size: 28KB

.text
Size: 11KB - Virtual size: 10KB

.rsrc
Size: 403KB - Virtual size: 402KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 242KB - Virtual size: 241KB

.rsrc
Size: 1024B - Virtual size: 668B

.reloc
Size: 512B - Virtual size: 12B

33:00:00:00:c5:96:40:60:4b:f4:de:ae:2e:00:00:00:00:00:c5
Certificate

33:00:00:01:40:96:a9:ee:70:56:fe:cc:07:00:01:00:00:01:40
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:00:8e:87:91:a4:57:1a:5f:ca:3e:00:00:00:00:00:8e
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

b9:51:4e:6b:8b:95:85:05:b8:84:05:b0:a8:78:f7:1c:9a:b0:d6:3d:e6:ec:8c:3f:74:46:e2:b4:fb:33:2c:dc
Signer

bb:09:4d:24:cb:20:7d:a5:4f:8e:81:54:49:65:7f:c3:0b:4a:38:91
Signer

.rsrc
Size: 29KB - Virtual size: 28KB