Scanner[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Scanner.zip
Size

5.9MB
MD5

8880a6da46085f7c903570b3d15cf150
SHA1

9a3c20cfeba6a2c18593ced5c0cb3c43d5a7ddb9
SHA256

f7e2b735be202b9360b4b9f3d7515494f05a5adc5d83f7c3a21553b1c19ae47a
SHA512

1152983a594e76642bdbe24a93248927d0784d09ee3ac98c2314b48e96c8daa6fd2aa4d75d47542e145a352967a1717464299106b4d692212de38ea4bdcc993a
SSDEEP

98304:HebatTjDRQdz90MIdT5YLZsSiJpNbKXeslKZ11SW8XEO0iwS2t4JyInVfXA:qcfDsi3Si7NbHOKT1NAEmn2t4JyInVfQ

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/Scanner/Files For Scan/Synapse Z/EXE/4b31upigu3nekdj7.exe	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Scanner/Files For Scan/Synapse Z/EXE/4b31upigu3nekdj7.exe

Files

Scanner.zip
.zip
Scanner/Files For Scan/Synapse Z/DLL/1dvylwrx.dll
.dll windows:6 windows x64 arch:x64

9139525101eee2c05d7fca362cd11df0

Code Sign

33:00:00:04:5c:3d:56:72:66:6c:b7:54:17:00:00:00:00:04:5c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

14/09/2023, 18:20

Not After

04/09/2024, 18:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8d:d8:1a:05:cd:5e:d2:7c:3b:a2:9e:61:30:f0:eb:81:90:f0:fc:5e:c1:3e:da:de:7d:92:70:47:ce:5b:01:17
Signer

Actual PE Digest

8d:d8:1a:05:cd:5e:d2:7c:3b:a2:9e:61:30:f0:eb:81:90:f0:fc:5e:c1:3e:da:de:7d:92:70:47:ce:5b:01:17

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

d3d11

D3D11CreateDeviceAndSwapChain

ntdll

RtlCaptureContext
RtlVirtualUnwind
VerSetConditionMask
RtlAdjustPrivilege
NtRaiseHardError
RtlLookupFunctionEntry
RtlCaptureStackBackTrace

kernel32

RaiseException
WideCharToMultiByte
QueryPerformanceCounter
FreeLibrary
GetProcAddress
QueryPerformanceFrequency
LoadLibraryA
MultiByteToWideChar
GetLocaleInfoA
SetUnhandledExceptionFilter
GlobalUnlock
GetCurrentProcessId
ExitProcess
GetFileSize
GlobalLock
CreateThread
CloseHandle
GlobalFree
FormatMessageW
MoveFileExW
GetStdHandle
GetFileType
PeekNamedPipe
WaitForMultipleObjects
WaitForSingleObjectEx
SleepEx
VerifyVersionInfoW
CreateFileW
GetFileSizeEx
InitializeCriticalSection
GlobalAlloc
FindClose
SetEvent
ResetEvent
CreateEventA
FormatMessageA
ReleaseSRWLockExclusive
TerminateThread
CreateFileA
Sleep
GetModuleHandleA
GetCurrentThreadId
GetVolumeInformationA
AcquireSRWLockExclusive
TerminateProcess
WriteFile
GetCurrentProcess
GetModuleFileNameA
ReadFile
HeapFree
GetProcessHeap
DeleteCriticalSection
GetSystemDirectoryW
OpenEventA
GetModuleHandleW
TlsAlloc
LoadLibraryW
TlsGetValue
TlsSetValue
TlsFree
GetEnvironmentVariableA
InitializeSListHead
GetSystemTimeAsFileTime
IsDebuggerPresent
IsProcessorFeaturePresent
UnhandledExceptionFilter
SleepConditionVariableSRW
LoadLibraryExW
GetLocaleInfoEx
LocalFree
GetFileInformationByHandleEx
AreFileApisANSI
SetFileInformationByHandle
GetFileAttributesExW
GetLastError
GetTickCount
EnterCriticalSection
LeaveCriticalSection
IsBadStringPtrA
FindFirstFileExW
CreateDirectoryW
GetCurrentDirectoryW
InitializeCriticalSectionEx
WaitForSingleObject
WakeAllConditionVariable
FindNextFileW
FindFirstFileW
SetLastError

user32

LoadIconA
SetClipboardData
GetClipboardData
TranslateMessage
SetLayeredWindowAttributes
CreateWindowExA
EnumWindows
MoveWindow
GetForegroundWindow
MessageBoxA
GetClientRect
GetWindowLongA
EmptyClipboard
CloseClipboard
ClientToScreen
SetWindowLongA
OpenClipboard
GetAsyncKeyState
PeekMessageA
GetKeyState
PostQuitMessage
ShowWindow
RegisterClassExA
UpdateWindow
GetCursorPos
SendInput
SetWindowTextA
ReleaseCapture
SetCursorPos
ScreenToClient
GetCapture
TrackMouseEvent
GetKeyboardLayout
SetCapture
GetSystemMetrics
LoadCursorA
GetWindowRect
DispatchMessageA
GetMessageExtraInfo
DefWindowProcW
SetCursor
GetWindowThreadProcessId
IsWindowUnicode

gdi32

CreateSolidBrush

advapi32

CryptImportKey
CryptAcquireContextW
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptGenRandom
CryptAcquireContextA
CryptDestroyHash
SystemFunction036
CryptEncrypt
CryptDestroyKey
RegCloseKey
ConvertSidToStringSidA
RegQueryValueExA
OpenProcessToken
RegOpenKeyExA
GetTokenInformation

msvcp140

?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?good@ios_base@std@@QEBA_NXZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
_Strxfrm
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?id@?$collate@D@std@@2V0locale@2@A
_Strcoll
_Xtime_get_ticks
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?tolower@?$ctype@D@std@@QEBADD@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?_Xbad_function_call@std@@YAXXZ
_Mtx_destroy_in_situ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
_Mtx_init_in_situ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
_Mtx_lock
_Mtx_unlock
_Cnd_init_in_situ
_Cnd_destroy_in_situ
_Cnd_signal
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??Bios_base@std@@QEBA_NXZ
_Query_perf_counter
_Query_perf_frequency
_Thrd_join
_Thrd_id
_Cnd_timedwait
_Tolower
_Toupper
?_Getctype@_Locinfo@std@@QEBA?AU_Ctypevec@@XZ
??0ctype_base@std@@QEAA@_K@Z
??1ctype_base@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
?_Random_device@std@@YAIXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
_Thrd_detach
_Cnd_do_broadcast_at_thread_exit
?_Syserror_map@std@@YAPEBDH@Z
?_Xlength_error@std@@YAXPEBD@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Winerror_map@std@@YAHH@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?uncaught_exceptions@std@@YAHXZ
?_Throw_Cpp_error@std@@YAXH@Z
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ

d3dcompiler_47

D3DCompile

dwmapi

DwmExtendFrameIntoClientArea

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext
ImmSetCandidateWindow

bcrypt

BCryptGenRandom

vcruntime140_1

__CxxFrameHandler4

vcruntime140

strrchr
__std_exception_destroy
__std_exception_copy
_purecall
__std_terminate
strstr
strchr
_CxxThrowException
memcmp
memcpy
memmove
memset
__C_specific_handler
__std_type_info_compare
wcschr
__current_exception
__current_exception_context
__std_type_info_destroy_list
memchr

api-ms-win-crt-runtime-l1-1-0

_beginthreadex
_errno
abort
strerror
terminate
__sys_errlist
__sys_nerr
_initterm_e
_initterm
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-stdio-l1-1-0

fopen
fgets
fseek
_read
fgetc
_lseeki64
_write
fputs
_wopen
fwrite
_fileno
_close
__stdio_common_vfprintf
__stdio_common_vsprintf
fgetpos
setvbuf
_wfopen
ungetc
feof
fsetpos
ftell
fread
fputc
__acrt_iob_func
fflush
_fseeki64
__stdio_common_vsprintf_s
fclose
_get_stream_buffer_pointers
__stdio_common_vsscanf

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
calloc
realloc
free

api-ms-win-crt-time-l1-1-0

_localtime64_s
clock
strftime
_gmtime64_s
_difftime64
_gmtime64
_time64

api-ms-win-crt-utility-l1-1-0

qsort
srand
rand

api-ms-win-crt-string-l1-1-0

toupper
strspn
strnlen
strncpy
isspace
strcspn
strncat
strpbrk
isupper
isalpha
isxdigit
iscntrl
ispunct
isdigit
islower
isblank
_wcsdup
strncmp
strcmp
wcspbrk
wcsncmp
wcsncpy
tolower
_strdup
isalnum
isgraph

api-ms-win-crt-filesystem-l1-1-0

_wstat64
_fstat64
_waccess
_unlink
_unlock_file
_lock_file

api-ms-win-crt-convert-l1-1-0

strtol
strtoul
atoi
strtoll
strtoull
strtod
wcstombs
atof

api-ms-win-crt-math-l1-1-0

tanh
cosh
exp
frexp
modf
pow
_dsign
round
atan
asin
fmodf
_fdopen
log
cosf
ceilf
ceil
atan2f
acosf
log10
acos
fmod
floor
log2
floorf
powf
sin
ldexp
sinf
sinh
sqrt
sqrtf
tan
cos
atan2

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func

ws2_32

listen
getsockname
accept
sendto
recvfrom
bind
WSAIoctl
WSAResetEvent
getsockopt
freeaddrinfo
getaddrinfo
socket
htonl
setsockopt
ntohs
htons
ioctlsocket
connect
WSAGetLastError
send
gethostname
__WSAFDIsSet
select
WSAStartup
WSACleanup
WSASetLastError
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAWaitForMultipleEvents
inet_pton
inet_ntop
closesocket
recv
getpeername

crypt32

CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFreeCertificateContext
CertFindCertificateInStore
CryptStringToBinaryW
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringW
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 706KB - Virtual size: 706KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 457KB - Virtual size: 456KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 233B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Scanner/Files For Scan/Synapse Z/EXE/4b31upigu3nekdj7.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 306KB - Virtual size: 613KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 184KB - Virtual size: 547KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 15KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 6KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9139525101eee2c05d7fca362cd11df0

Code Sign

33:00:00:04:5c:3d:56:72:66:6c:b7:54:17:00:00:00:00:04:5cCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

8d:d8:1a:05:cd:5e:d2:7c:3b:a2:9e:61:30:f0:eb:81:90:f0:fc:5e:c1:3e:da:de:7d:92:70:47:ce:5b:01:17Signer

Headers

DLL Characteristics

File Characteristics

Imports

d3d11

ntdll

kernel32

user32

gdi32

advapi32

msvcp140

d3dcompiler_47

dwmapi

imm32

bcrypt

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

ws2_32

crypt32

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 706KB - Virtual size: 706KB

.data Size: 27KB - Virtual size: 55KB

.pdata Size: 94KB - Virtual size: 94KB

.vmp0 Size: 457KB - Virtual size: 456KB

.reloc Size: 10KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 233B

Headers

DLL Characteristics

File Characteristics

Sections

Size: 306KB - Virtual size: 613KB

Size: 184KB - Virtual size: 547KB

Size: 1KB - Virtual size: 8KB

Size: 15KB - Virtual size: 26KB

Size: 512B - Virtual size: 480B

Size: 6KB - Virtual size: 7KB

.idata Size: 2KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 4KB

.themida Size: - Virtual size: 6.1MB

.boot Size: 3.5MB - Virtual size: 3.5MB

.reloc Size: 16B - Virtual size: 4KB

33:00:00:04:5c:3d:56:72:66:6c:b7:54:17:00:00:00:00:04:5c
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

8d:d8:1a:05:cd:5e:d2:7c:3b:a2:9e:61:30:f0:eb:81:90:f0:fc:5e:c1:3e:da:de:7d:92:70:47:ce:5b:01:17
Signer

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 706KB - Virtual size: 706KB

.data
Size: 27KB - Virtual size: 55KB

.pdata
Size: 94KB - Virtual size: 94KB

.vmp0
Size: 457KB - Virtual size: 456KB

.reloc
Size: 10KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 233B

.idata
Size: 2KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

.themida
Size: - Virtual size: 6.1MB

.boot
Size: 3.5MB - Virtual size: 3.5MB

.reloc
Size: 16B - Virtual size: 4KB