AcXtrnal.pdb
Static task
static1
Behavioral task
behavioral1
Sample
setup.zip
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
setup.zip
Resource
win10v2004-20240802-en
General
-
Target
setup.zip
-
Size
17.5MB
-
MD5
14f1142ba2a969fb79ee60886aa89eee
-
SHA1
7ccd15d2b1db1001c6c17550e7c3735494dd60a0
-
SHA256
6edabaa1a35a493910bfa9e21bbc0ebe851cb631a2ec49d22c006109834426ba
-
SHA512
73ef2830ea8e3ed332f4ec85833a8b497263fddd6bd1fce4d0885e37025ed89354543aa42406bb6e13bb6ed61cc05e429c7b09f19d8c7c79893467fa52f7c86b
-
SSDEEP
393216:ASzkcQy8bkGWaW2dNcv0z6HbQ0Cdw8llIKV2vB5s2esHzQGncrq+p9:ASzkD3IYW2jM0z67Q3llICcOsHzQGncJ
Malware Config
Signatures
-
Unsigned PE 6 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/loaderV6/AcXtrnal.dll unpack001/loaderV6/AdaptiveCards.dll unpack001/loaderV6/LoaderV6/AddressParser.dll unpack001/loaderV6/LoaderV6/Apphlpdm.dll unpack001/loaderV6/LoaderV6/afunix.Dll unpack001/loaderV6/acwow64.dll
Files
-
setup.zip.zip
-
loaderV6/AcXtrnal.dll.dll windows:10 windows x86 arch:x86
e8204b540abb5d3a06cec4d0159a6f64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
apphelp
SE_GetShimId
SE_ShimDPF
msvcrt
memmove
memcpy
memcmp
_ftol2_sse
_ftol2
_CxxThrowException
_CIsqrt
_CIsin
_CIcos
_CIacos
free
__CxxFrameHandler3
_wcsicmp
rand
wcsstr
atol
tolower
_vsnprintf
towlower
_vsnwprintf
wcschr
wcspbrk
_strlwr
_except_handler4_common
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_initterm
malloc
memset
_amsg_exit
_XcptFilter
strstr
ntdll
RtlAllocateHeap
RtlFreeHeap
RtlInitUnicodeString
NtOpenKey
RtlNtStatusToDosError
NtQueryValueKey
NtQueryKey
NtEnumerateValueKey
NtClose
NtQueryInformationThread
LdrLockLoaderLock
LdrFindEntryForAddress
LdrUnlockLoaderLock
RtlEnterCriticalSection
RtlLeaveCriticalSection
RtlInitializeCriticalSection
api-ms-win-core-registry-l1-1-0
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
api-ms-win-security-base-l1-1-0
IsValidSecurityDescriptor
GetSecurityDescriptorLength
kernel32
WaitForSingleObject
DelayLoadFailureHook
ResolveDelayLoadedAPI
GetLastError
LocalFree
GetModuleHandleW
GetTickCount
GetSystemTimeAsFileTime
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
CreateToolhelp32Snapshot
GetModuleFileNameW
WideCharToMultiByte
MultiByteToWideChar
HeapFree
GetProcessHeap
HeapAlloc
CreateEventW
Sleep
SetEvent
Thread32Next
CloseHandle
QueueUserAPC
OpenThread
GetCurrentThreadId
Thread32First
GetCurrentProcessId
LocalAlloc
api-ms-win-eventing-provider-l1-1-0
EventWriteTransfer
Exports
Exports
D3DRMColorGetAlpha
D3DRMColorGetBlue
D3DRMColorGetGreen
D3DRMColorGetRed
D3DRMCreateColorRGB
D3DRMCreateColorRGBA
D3DRMMatrixFromQuaternion
D3DRMQuaternionFromRotation
D3DRMQuaternionMultiply
D3DRMQuaternionSlerp
D3DRMVectorAdd
D3DRMVectorCrossProduct
D3DRMVectorDotProduct
D3DRMVectorModulus
D3DRMVectorNormalize
D3DRMVectorRandom
D3DRMVectorReflect
D3DRMVectorRotate
D3DRMVectorScale
D3DRMVectorSubtract
Direct3DRMCreate
GetHookAPIs
NotifyShims
glAccum
glAlphaFunc
glAreTexturesResident
glArrayElement
glBegin
glBindTexture
glBitmap
glBlendFunc
glCallList
glCallLists
glClear
glClearAccum
glClearColor
glClearDepth
glClearIndex
glClearStencil
glClipPlane
glColor3b
glColor3bv
glColor3d
glColor3dv
glColor3f
glColor3fv
glColor3i
glColor3iv
glColor3s
glColor3sv
glColor3ub
glColor3ubv
glColor3ui
glColor3uiv
glColor3us
glColor3usv
glColor4b
glColor4bv
glColor4d
glColor4dv
glColor4f
glColor4fv
glColor4i
glColor4iv
glColor4s
glColor4sv
glColor4ub
glColor4ubv
glColor4ui
glColor4uiv
glColor4us
glColor4usv
glColorMask
glColorMaterial
glColorPointer
glCopyPixels
glCopyTexImage1D
glCopyTexImage2D
glCopyTexSubImage1D
glCopyTexSubImage2D
glCullFace
glDeleteLists
glDeleteTextures
glDepthFunc
glDepthMask
glDepthRange
glDisable
glDisableClientState
glDrawArrays
glDrawBuffer
glDrawElements
glDrawPixels
glEdgeFlag
glEdgeFlagPointer
glEdgeFlagv
glEnable
glEnableClientState
glEnd
glEndList
glEvalCoord1d
glEvalCoord1dv
glEvalCoord1f
glEvalCoord1fv
glEvalCoord2d
glEvalCoord2dv
glEvalCoord2f
glEvalCoord2fv
glEvalMesh1
glEvalMesh2
glEvalPoint1
glEvalPoint2
glFeedbackBuffer
glFinish
glFlush
glFogf
glFogfv
glFogi
glFogiv
glFrontFace
glFrustum
glGenLists
glGenTextures
glGetBooleanv
glGetClipPlane
glGetDoublev
glGetError
glGetFloatv
glGetIntegerv
glGetLightfv
glGetLightiv
glGetMapdv
glGetMapfv
glGetMapiv
glGetMaterialfv
glGetMaterialiv
glGetPixelMapfv
glGetPixelMapuiv
glGetPixelMapusv
glGetPointerv
glGetPolygonStipple
glGetString
glGetTexEnvfv
glGetTexEnviv
glGetTexGendv
glGetTexGenfv
glGetTexGeniv
glGetTexImage
glGetTexLevelParameterfv
glGetTexLevelParameteriv
glGetTexParameterfv
glGetTexParameteriv
glHint
glIndexMask
glIndexPointer
glIndexd
glIndexdv
glIndexf
glIndexfv
glIndexi
glIndexiv
glIndexs
glIndexsv
glIndexub
glIndexubv
glInitNames
glInterleavedArrays
glIsEnabled
glIsList
glIsTexture
glLightModelf
glLightModelfv
glLightModeli
glLightModeliv
glLightf
glLightfv
glLighti
glLightiv
glLineStipple
glLineWidth
glListBase
glLoadIdentity
glLoadMatrixd
glLoadMatrixf
glLoadName
glLogicOp
glMap1d
glMap1f
glMap2d
glMap2f
glMapGrid1d
glMapGrid1f
glMapGrid2d
glMapGrid2f
glMaterialf
glMaterialfv
glMateriali
glMaterialiv
glMatrixMode
glMultMatrixd
glMultMatrixf
glNewList
glNormal3b
glNormal3bv
glNormal3d
glNormal3dv
glNormal3f
glNormal3fv
glNormal3i
glNormal3iv
glNormal3s
glNormal3sv
glNormalPointer
glOrtho
glPassThrough
glPixelMapfv
glPixelMapuiv
glPixelMapusv
glPixelStoref
glPixelStorei
glPixelTransferf
glPixelTransferi
glPixelZoom
glPointSize
glPolygonMode
glPolygonOffset
glPolygonStipple
glPopAttrib
glPopClientAttrib
glPopMatrix
glPopName
glPrioritizeTextures
glPushAttrib
glPushClientAttrib
glPushMatrix
glPushName
glRasterPos2d
glRasterPos2dv
glRasterPos2f
glRasterPos2fv
glRasterPos2i
glRasterPos2iv
glRasterPos2s
glRasterPos2sv
glRasterPos3d
glRasterPos3dv
glRasterPos3f
glRasterPos3fv
glRasterPos3i
glRasterPos3iv
glRasterPos3s
glRasterPos3sv
glRasterPos4d
glRasterPos4dv
glRasterPos4f
glRasterPos4fv
glRasterPos4i
glRasterPos4iv
glRasterPos4s
glRasterPos4sv
glReadBuffer
glReadPixels
glRectd
glRectdv
glRectf
glRectfv
glRecti
glRectiv
glRects
glRectsv
glRenderMode
glRotated
glRotatef
glScaled
glScalef
glScissor
glSelectBuffer
glShadeModel
glStencilFunc
glStencilMask
glStencilOp
glTexCoord1d
glTexCoord1dv
glTexCoord1f
glTexCoord1fv
glTexCoord1i
glTexCoord1iv
glTexCoord1s
glTexCoord1sv
glTexCoord2d
glTexCoord2dv
glTexCoord2f
glTexCoord2fv
glTexCoord2i
glTexCoord2iv
glTexCoord2s
glTexCoord2sv
glTexCoord3d
glTexCoord3dv
glTexCoord3f
glTexCoord3fv
glTexCoord3i
glTexCoord3iv
glTexCoord3s
glTexCoord3sv
glTexCoord4d
glTexCoord4dv
glTexCoord4f
glTexCoord4fv
glTexCoord4i
glTexCoord4iv
glTexCoord4s
glTexCoord4sv
glTexCoordPointer
glTexEnvf
glTexEnvfv
glTexEnvi
glTexEnviv
glTexGend
glTexGendv
glTexGenf
glTexGenfv
glTexGeni
glTexGeniv
glTexImage1D
glTexImage2D
glTexParameterf
glTexParameterfv
glTexParameteri
glTexParameteriv
glTexSubImage1D
glTexSubImage2D
glTranslated
glTranslatef
glVertex2d
glVertex2dv
glVertex2f
glVertex2fv
glVertex2i
glVertex2iv
glVertex2s
glVertex2sv
glVertex3d
glVertex3dv
glVertex3f
glVertex3fv
glVertex3i
glVertex3iv
glVertex3s
glVertex3sv
glVertex4d
glVertex4dv
glVertex4f
glVertex4fv
glVertex4i
glVertex4iv
glVertex4s
glVertex4sv
glVertexPointer
glViewport
wglChoosePixelFormat
wglCopyContext
wglCreateContext
wglCreateLayerContext
wglDeleteContext
wglDescribeLayerPlane
wglDescribePixelFormat
wglGetCurrentContext
wglGetCurrentDC
wglGetDefaultProcAddress
wglGetLayerPaletteEntries
wglGetPixelFormat
wglGetProcAddress
wglMakeCurrent
wglRealizeLayerPalette
wglSetLayerPaletteEntries
wglSetPixelFormat
wglShareLists
wglSwapBuffers
wglSwapLayerBuffers
wglUseFontBitmapsA
wglUseFontBitmapsW
wglUseFontOutlinesA
wglUseFontOutlinesW
Sections
.text Size: 73KB - Virtual size: 73KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 56B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
loaderV6/AdaptiveCards.dll.dll windows:10 windows x86 arch:x86
5d0200b3a4dff4031a060f67fc8ac685
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
AdaptiveCards.pdb
Imports
api-ms-win-crt-runtime-l1-1-0
_initterm_e
_initterm
api-ms-win-crt-private-l1-1-0
_o__callnewh
_o__cexit
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memcpy
_o_free
_o_malloc
_except_handler4_common
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
__CxxFrameHandler3
_CxxThrowException
api-ms-win-crt-string-l1-1-0
memset
rpcrt4
CStdStubBuffer_DebugServerQueryInterface
NdrDllCanUnloadNow
IUnknown_Release_Proxy
NdrDllGetClassObject
NdrCStdStubBuffer2_Release
NdrOleFree
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
IUnknown_QueryInterface_Proxy
NdrStubForwardingFunction
CStdStubBuffer_DebugServerRelease
NdrOleAllocate
NdrStubCall2
IUnknown_AddRef_Proxy
CStdStubBuffer_AddRef
api-ms-win-core-synch-l1-2-0
InitOnceExecuteOnce
api-ms-win-core-winrt-string-l1-1-0
HSTRING_UserSize
WindowsCreateStringReference
HSTRING_UserMarshal
HSTRING_UserFree
WindowsDeleteString
WindowsDuplicateString
WindowsCreateString
WindowsGetStringRawBuffer
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
HSTRING_UserUnmarshal
api-ms-win-core-util-l1-1-0
DecodePointer
EncodePointer
api-ms-win-core-winrt-error-l1-1-0
RoOriginateErrorW
RoOriginateError
api-ms-win-core-synch-l1-1-0
AcquireSRWLockExclusive
CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseSRWLockExclusive
WaitForSingleObject
ReleaseSemaphore
CreateSemaphoreExW
ReleaseSRWLockShared
ReleaseMutex
AcquireSRWLockShared
api-ms-win-core-libraryloader-l1-2-0
GetModuleHandleW
GetModuleFileNameA
GetProcAddress
DisableThreadLibraryCalls
GetModuleHandleExW
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-processthreads-l1-1-0
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
GetCurrentProcessId
api-ms-win-core-sysinfo-l1-1-0
GetSystemTimeAsFileTime
api-ms-win-core-interlocked-l1-1-0
InitializeSListHead
api-ms-win-core-debug-l1-1-0
DebugBreak
IsDebuggerPresent
OutputDebugStringW
api-ms-win-core-errorhandling-l1-1-0
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
RaiseException
api-ms-win-core-processthreads-l1-1-1
IsProcessorFeaturePresent
api-ms-win-core-localization-l1-2-0
FormatMessageW
api-ms-win-core-winrt-l1-1-0
RoGetActivationFactory
api-ms-win-core-com-l1-1-0
CoTaskMemAlloc
CoCreateFreeThreadedMarshaler
api-ms-win-core-heap-l1-1-0
GetProcessHeap
HeapAlloc
HeapFree
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-com-midlproxystub-l1-1-0
CStdStubBuffer2_Disconnect
NdrProxyForwardingFunction4
NdrProxyForwardingFunction5
CStdStubBuffer2_CountRefs
ObjectStublessClient6
NdrProxyForwardingFunction3
CStdStubBuffer2_Connect
CStdStubBuffer2_QueryInterface
Exports
Exports
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
Sections
.text Size: 31KB - Virtual size: 30KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
loaderV6/LoaderV6.exe.exe windows:6 windows x64 arch:x64
07361a3a7f515bf56ca93120b2aca73b
Code Sign
76:53:fe:ac:75:46:48:93:f5:e5:d7:4a:48:3a:4e:f8Certificate
IssuerCN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BENot Before18-03-2020 00:00Not After18-03-2045 00:00SubjectCN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BEKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate
IssuerCN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BENot Before28-07-2020 00:00Not After28-07-2030 00:00SubjectCN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BEExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0d:6b:55:f4:2e:ba:5f:b8:33:8d:e1:c8Certificate
IssuerCN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BENot Before09-09-2022 07:45Not After09-09-2025 07:45SubjectSERIALNUMBER=81967985,CN=Surfshark B.V.,O=Surfshark B.V.,STREET=Kabelweg 57,L=Amsterdam,ST=Noord-Holland,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6eExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate
IssuerCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USNot Before14-07-2023 00:00Not After13-10-2034 23:59SubjectCN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before23-03-2022 00:00Not After22-03-2037 23:59SubjectCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before01-08-2022 00:00Not After09-11-2031 23:59SubjectCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
fa:9c:88:c0:62:c2:dc:40:43:c9:f3:6f:16:38:14:e5:e7:f3:b2:f4:e2:6a:58:3b:22:c4:16:20:e1:e8:b5:4cSigner
Actual PE Digestfa:9c:88:c0:62:c2:dc:40:43:c9:f3:6f:16:38:14:e5:e7:f3:b2:f4:e2:6a:58:3b:22:c4:16:20:e1:e8:b5:4cDigest Algorithmsha256PE Digest MatchesfalseHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
WriteFile
WriteConsoleW
WerSetFlags
WerGetFlags
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
TlsAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetThreadPriority
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
RtlVirtualUnwind
RtlLookupFunctionEntry
ResumeThread
RaiseFailFastException
PostQueuedCompletionStatus
LoadLibraryW
LoadLibraryExW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetErrorMode
GetEnvironmentStringsW
GetCurrentThreadId
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerExW
CreateWaitableTimerA
CreateThread
CreateIoCompletionPort
CreateFileA
CreateEventA
CloseHandle
AddVectoredExceptionHandler
AddVectoredContinueHandler
Sections
.text Size: 25.0MB - Virtual size: 25.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 30.9MB - Virtual size: 30.9MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2.9MB - Virtual size: 3.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 720KB - Virtual size: 719KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.xdata Size: 512B - Virtual size: 180B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 422KB - Virtual size: 421KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.symtab Size: 512B - Virtual size: 4B
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
loaderV6/LoaderV6/AddressParser.dll.dll windows:10 windows x86 arch:x86
203344311d41178a475ba28669841c4a
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
AddressParser.pdb
Imports
msvcrt
__dllonexit
_unlock
_lock
_initterm
_amsg_exit
_XcptFilter
_callnewh
_onexit
__CxxFrameHandler3
_purecall
realloc
_except_handler4_common
memcpy
free
malloc
wcschr
towupper
memmove
api-ms-win-core-heap-l2-1-0
LocalAlloc
api-ms-win-core-localization-l1-2-0
LCMapStringW
GetSystemDefaultLangID
GetACP
GetUserDefaultLangID
GetLocaleInfoW
GetUserDefaultLCID
api-ms-win-core-registry-l1-1-0
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
api-ms-win-core-synch-l1-1-0
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
api-ms-win-core-libraryloader-l1-2-1
LoadLibraryW
api-ms-win-core-libraryloader-l1-2-0
LoadStringW
FreeLibrary
api-ms-win-core-string-l1-1-0
GetStringTypeExW
api-ms-win-core-synch-l1-2-0
Sleep
api-ms-win-core-errorhandling-l1-1-0
SetUnhandledExceptionFilter
UnhandledExceptionFilter
api-ms-win-core-processthreads-l1-1-0
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-sysinfo-l1-1-0
GetTickCount
GetSystemTimeAsFileTime
Exports
Exports
DestroyAddressParser
GetCity
GetCountryName
GetCountryStringFromIndex
GetFullAddress
GetNewAddressParser
GetPostalCode
GetState
GetStreet
ParseAddress
RebuildAddress
SetCity
SetCountryName
SetFullAddress
SetPostalCode
SetState
SetStreet
UpdateDefCountry
Sections
.text Size: 45KB - Virtual size: 44KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 864B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1016B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
loaderV6/LoaderV6/Apphlpdm.dll.dll windows:10 windows x86 arch:x86
a656008929f1036ae19b9fbbe356c3a4
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Apphlpdm.pdb
Imports
msvcrt
memcpy
_except_handler4_common
_initterm
malloc
free
_amsg_exit
_XcptFilter
_wcsnicmp
memset
ntdll
RtlFreeUnicodeString
RtlStringFromGUID
RtlCompareMemory
api-ms-win-security-base-l1-1-0
GetTokenInformation
api-ms-win-core-file-l1-1-0
CreateDirectoryW
api-ms-win-core-heap-l1-1-0
HeapAlloc
GetProcessHeap
HeapFree
api-ms-win-core-synch-l1-1-0
DeleteCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
api-ms-win-core-file-l1-2-0
GetTempPathW
api-ms-win-core-synch-l1-2-0
Sleep
api-ms-win-core-errorhandling-l1-1-0
SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-libraryloader-l1-2-0
LoadStringW
api-ms-win-core-processthreads-l1-1-0
GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-sysinfo-l1-1-0
GetTickCount
GetSystemTimeAsFileTime
wdi
WdiGetDiagnosticModuleId
WdiGetParameterData
WdiGetEvent
WdiGetParameterByName
WdiAddParameter
WdiSetProblemDetectionResult
WdiSetResolution
shell32
ShellExecuteW
Shell_NotifyIconW
user32
UnregisterClassW
SetWindowTextW
DispatchMessageW
DestroyIcon
SetDlgItemTextW
RegisterClassW
SendDlgItemMessageW
LoadIconW
DestroyWindow
SendMessageW
GetDlgItem
RegisterWindowMessageW
GetWindowLongW
DefWindowProcW
DialogBoxParamW
GetMessageW
SetForegroundWindow
EnableWindow
PostMessageW
EndDialog
SetWindowLongW
CreateWindowExW
mouse_event
gdi32
GetObjectW
CreateFontIndirectW
wtsapi32
WTSQueryUserToken
wer
WerReportCreate
WerReportSubmit
WerReportCloseHandle
WerReportSetParameter
WerReportSetUIOption
WerReportAddFile
apphelp
SdbGrabMatchingInfo
SdbGetEntryFlags
SdbIsNullGUID
Exports
Exports
WdiDiagnosticModuleMain
WdiGetDiagnosticModuleInterfaceVersion
WdiHandleInstance
Sections
.text Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 896B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 12KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 812B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
loaderV6/LoaderV6/afunix.Dll.sys windows:10 windows x86 arch:x86
188ec343e58aa2d61a3395d1c20e0ed0
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
afunix.pdb
Imports
ntoskrnl.exe
ObReferenceObjectByHandle
RtlRbRemoveNode
FsRtlAllocateExtraCreateParameterList
FsRtlFreeExtraCreateParameter
PsGetCurrentProcess
RtlRbReplaceNode
ExAllocatePoolWithTag
ExFreePoolWithTag
ZwClose
KeUnstackDetachProcess
KeEnterCriticalRegion
ExAcquirePushLockExclusiveEx
ExReleasePushLockExclusiveEx
KeLeaveCriticalRegion
ZwSetInformationFile
KeStackAttachProcess
PsGetProcessId
MmMapLockedPagesSpecifyCache
RtlRegisterFeatureConfigurationChangeNotification
RtlQueryFeatureConfiguration
RtlQueryFeatureConfigurationChangeStamp
RtlUnregisterFeatureConfigurationChangeNotification
ObIsKernelHandle
PsReturnPoolQuota
RtlInitUnicodeString
ObfReferenceObject
PsChargeProcessPoolQuota
IoConvertFileHandleToKernelHandle
DbgPrintEx
EtwWriteTransfer
_vsnprintf_s
memcpy
IoFileObjectType
IoCreateFileEx
ObfDereferenceObject
FsRtlAllocateExtraCreateParameter
RtlRbInsertNodeEx
FsRtlInsertExtraCreateParameter
KeBugCheckEx
FsRtlFreeExtraCreateParameterList
KeIsExecutingDpc
ExSetTimer
ExReleaseSpinLockExclusive
ExDeleteTimer
EtwSetInformation
ExAllocateTimer
ExTryAcquirePushLockExclusiveEx
ExReleaseSpinLockSharedFromDpcLevel
ExQueueWorkItem
ExReleaseSpinLockShared
ExAcquireSpinLockShared
KeSetEvent
ExAcquireSpinLockSharedAtDpcLevel
ExAcquireSpinLockExclusive
ExReleasePushLockSharedEx
ExAcquirePushLockSharedEx
EtwRegister
KeInitializeEvent
KeWaitForSingleObject
_allmul
memcmp
memset
hal
KeGetCurrentIrql
netio.sys
TlDefaultRequestResume
TlDefaultRequestQueryDispatchEndpoint
TlDefaultRequestMessage
TlDefaultRequestQueryDispatch
NmrRegisterProvider
Sections
.text Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 148B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 17KB - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.edata Size: 512B - Virtual size: 51B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1024B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
loaderV6/LoaderV6/appidapi.dll.dll windows:10 windows x86 arch:x86
4c5ffcf0cb839b744d0e9115e253a0ce
Code Sign
33:00:00:04:13:31:bc:19:88:07:a9:07:74:00:00:00:00:04:13Certificate
IssuerCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before03-02-2023 00:05Not After01-02-2024 00:05SubjectCN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:07:76:56:00:00:00:00:00:08Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before19-10-2011 18:41Not After19-10-2026 18:51SubjectCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
85:41:d9:c4:44:fe:b6:4e:ee:69:1f:ba:a1:23:1b:75:0c:fa:fa:58:e8:24:1c:30:7d:37:86:93:aa:10:71:53Signer
Actual PE Digest85:41:d9:c4:44:fe:b6:4e:ee:69:1f:ba:a1:23:1b:75:0c:fa:fa:58:e8:24:1c:30:7d:37:86:93:aa:10:71:53Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
appidapi.pdb
Imports
msvcrt
??0exception@@QAE@ABV0@@Z
memcpy_s
memmove_s
__CxxFrameHandler3
wcscat_s
?what@exception@@UBEPBDXZ
wcsstr
_wtol
_vsnwprintf
iswspace
memmove
_except_handler4_common
??1exception@@UAE@XZ
??1type_info@@UAE@XZ
_initterm
_amsg_exit
_XcptFilter
memcpy
memcmp
_CxxThrowException
_callnewh
??0exception@@QAE@XZ
malloc
_vsnprintf
??0exception@@QAE@ABQBD@Z
free
memset
api-ms-win-core-libraryloader-l1-2-0
DisableThreadLibraryCalls
api-ms-win-shcore-stream-l1-1-0
SHCreateStreamOnFileW
api-ms-win-core-heap-l2-1-0
LocalAlloc
LocalFree
api-ms-win-core-file-l2-1-0
CopyFileExW
api-ms-win-core-errorhandling-l1-1-0
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
api-ms-win-core-sysinfo-l1-1-0
GetSystemWindowsDirectoryW
GetSystemTimeAsFileTime
GetTickCount
api-ms-win-core-file-l1-1-0
DeleteFileW
ReadFile
GetFileSize
CreateFileW
WriteFile
GetFinalPathNameByHandleW
api-ms-win-core-heap-l1-1-0
HeapAlloc
HeapFree
GetProcessHeap
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-com-l1-1-0
CoTaskMemFree
CoCreateInstance
api-ms-win-core-wow64-l1-1-0
IsWow64Process
api-ms-win-core-processthreads-l1-1-0
GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId
TerminateProcess
crypt32
CryptSIPLoad
CertGetEnhancedKeyUsage
CertGetNameStringW
CryptSIPRetrieveSubjectGuidForCatalogFile
api-ms-win-core-synch-l1-2-0
Sleep
ntdll
RtlAllocateHeap
RtlFreeHeap
NtReadFile
NtWaitForSingleObject
NtQueryInformationFile
RtlUpcaseUnicodeString
RtlEqualUnicodeString
RtlInitializeSRWLock
RtlGetNtSystemRoot
RtlAcquireSRWLockExclusive
RtlReleaseSRWLockExclusive
RtlCopyUnicodeString
NtOpenFile
NtClose
NtOpenSymbolicLinkObject
NtQuerySymbolicLinkObject
NtQueryVolumeInformationFile
NtQueryObject
EtwTraceMessage
RtlPrefixUnicodeString
NtOpenKey
NtQueryValueKey
LdrResSearchResource
RtlCompareUnicodeString
NtDeviceIoControlFile
RtlNtStatusToDosErrorNoTeb
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
RtlInitUnicodeString
RtlRunOnceExecuteOnce
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
NtCreateSection
NtUnmapViewOfSection
NtMapViewOfSection
NtQuerySystemInformation
advapi32
ord1000
srpapi
SrpIsAllowed
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
Exports
Exports
AppIDConstructAppxAttributes
AppIDDecodeAttributeString
AppIDEncodeAttributeString
AppIDFreeAttributeString
AppIDGetAppxFileAttributes
AppIDGetFileAttributes
AppIDGetMsiVersionInfo
AppIDReleaseAppxFileAttributes
AppIDReleaseFileAttributes
CompareToSystemCIPolicy
UpdateSystemCIPolicy
Sections
.text Size: 35KB - Virtual size: 34KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 108B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
loaderV6/acwow64.dll.dll windows:10 windows x86 arch:x86
f5ea38112753322b67a75bd4f0cdcffc
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
AcWow64.pdb
Imports
apphelp
SE_COM_Lookup
SE_ShimDPF
SE_GetShimId
SE_COM_AddServer
SE_COM_AddHook
msvcrt
memcpy
_CxxThrowException
memmove
_amsg_exit
__CxxFrameHandler3
tolower
_wcsnicmp
_strnicmp
_wcsicmp
wcsncmp
toupper
strstr
_stricmp
wcstombs
wcsstr
_strlwr
iswctype
towlower
wcschr
wcspbrk
??1type_info@@UAE@XZ
_onexit
__dllonexit
_unlock
_lock
_except_handler4_common
_initterm
malloc
free
memset
_XcptFilter
ntdll
RtlAllocateHeap
RtlFreeHeap
RtlDosPathNameToNtPathName_U
NtOpenFile
NtClose
NtQueryInformationProcess
RtlpEnsureBufferSize
RtlNtPathNameToDosPathName
RtlFreeUnicodeString
kernel32
Wow64RevertWow64FsRedirection
GetSystemInfo
Wow64DisableWow64FsRedirection
VirtualAlloc
ExpandEnvironmentStringsW
lstrlenA
ExpandEnvironmentStringsA
GetSystemWow64DirectoryW
SetLastError
GetWindowsDirectoryA
IsWow64Process
GetCommandLineW
lstrlenW
GetFileAttributesW
FindFirstFileW
FileTimeToSystemTime
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
GetCurrentProcessId
HeapFree
GetProcessHeap
HeapAlloc
WideCharToMultiByte
MultiByteToWideChar
AddVectoredExceptionHandler
FindClose
CloseHandle
GetFileSize
CreateFileW
VirtualQuery
api-ms-win-core-registry-l1-1-0
RegOpenKeyExA
RegCloseKey
api-ms-win-core-registry-l2-1-0
RegQueryValueA
api-ms-win-core-versionansi-l1-1-0
VerQueryValueA
GetFileVersionInfoExA
Exports
Exports
GetHookAPIs
NotifyShims
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ