lnjectоr[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

lnjectоr.zip
Size

87.9MB
MD5

9c50cffd11e00c461da84998331e20df
SHA1

3b93f831a76378e2f2ef7aa0ec470deff8b772df
SHA256

20649fa33f26f91d87142caf45028403e22b9d3fab997beadf2c299f9954f851
SHA512

ef0baf4e643ec53f81a4c3263c79deaf342f5dbbf6a01725932c32a645f5700d90b39d0dcbebbbc5e11387bd2dbef5b8ccb00785d5b57dd417367fec4b9a0119
SSDEEP

1572864:48NfmrE9FsXd+c0d/f1/c2U64RziXJRG3cjWs92min0d/TzoCJT2nvaf:5ZE0ximJBR5

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Version/themes/sample2.dll
unpack001/lnjector.exe

Files

lnjectоr.zip
.zip
Macro/5FFCCBCC-C049-4E8A-85B0-DE5FC5D20008.dll
.dll windows:6 windows x86 arch:x86

a3324b371ff15b60c25f0e97bff92c32

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0e:3d:c5:b9:6b:df:ee:ef:e8:69:9e:06:16:1d:e3:bc
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

28-01-2022 00:00

Not After

26-02-2025 23:59

Subject

CN=Razer USA Ltd.,O=Razer USA Ltd.,L=Irvine,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

e3:d3:1c:87:ae:d5:fd:bc:8c:bb:b9:01:60:d4:05:66:23:be:93:5e:07:0b:a1:08:02:6a:0a:40:06:0f:99:1f
Signer

Actual PE Digest

e3:d3:1c:87:ae:d5:fd:bc:8c:bb:b9:01:60:d4:05:66:23:be:93:5e:07:0b:a1:08:02:6a:0a:40:06:0f:99:1f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\workspace\chromasdk\RC\3.35\Devices\bin\Win32\Release_Package\5FFCCBCC-C049-4E8A-85B0-DE5FC5D20008.pdb

Imports

kernel32

GetProcessHeap
HeapFree
SetEvent
WaitForSingleObject
CreateThread
WaitForMultipleObjects
OpenMutexW
ReleaseMutex
CreateWaitableTimerW
SetWaitableTimer
LoadLibraryW
GetProcAddress
Sleep
HeapDestroy
HeapSize
HeapReAlloc
SizeofResource
LockResource
LoadResource
FindResourceExW
FindResourceW
ReadFile
MultiByteToWideChar
TerminateThread
InitializeCriticalSectionEx
RaiseException
QueryPerformanceFrequency
QueryPerformanceCounter
IsDebuggerPresent
OutputDebugStringW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CreateEventW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetCurrentProcessId
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleW
WaitForSingleObjectEx
ResetEvent
InitializeCriticalSectionAndSpinCount
HeapAlloc
LocalAlloc
CreateFileW
LocalFree
CloseHandle
GetLastError
GetTickCount

advapi32

RegSetValueExW
FreeSid
AllocateAndInitializeSid
SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegCreateKeyExW
RegCloseKey

ole32

CLSIDFromString
StringFromGUID2

shlwapi

PathStripPathW

msvcp140

?_Xlength_error@std@@YAXPBD@Z

concrt140

?PPLParallelInvokeEventGuid@Concurrency@@3U_GUID@@B
?_Trace_ppl_function@Concurrency@@YAXABU_GUID@@EW4ConcRT_EventType@1@@Z
?Free@Concurrency@@YAXPAX@Z
?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z
?_CheckTaskCollection@_UnrealizedChore@details@Concurrency@@IAEXXZ
?_Schedule@_StructuredTaskCollection@details@Concurrency@@QAEXPAV_UnrealizedChore@23@@Z
??1_StructuredTaskCollection@details@Concurrency@@QAE@XZ

setupapi

SetupDiGetDevicePropertyW
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInfo
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW

vcruntime140

_except_handler4_common
__std_type_info_destroy_list
__CxxFrameHandler3
_CxxThrowException
wcschr
wcsstr
wcsrchr
__std_exception_destroy
memcpy
memset
__std_exception_copy
__std_terminate
memmove

api-ms-win-crt-runtime-l1-1-0

_cexit
_initterm
_initterm_e
_invalid_parameter_noinfo_noreturn
_execute_onexit_table
_errno
_register_onexit_function
_initialize_onexit_table
_invalid_parameter_noinfo
_crt_atexit
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll

api-ms-win-crt-convert-l1-1-0

wcstoul

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf_s
__stdio_common_vswprintf

api-ms-win-crt-heap-l1-1-0

free
malloc
_callnewh

api-ms-win-crt-string-l1-1-0

_wcsicmp
_wcsupr_s
wmemcpy_s
wcscpy_s

Exports

Exports

Init
UnInit

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Macro/6CC98B1D-5CEE-4DDB-A256-E973B40FB5B8.dll
.dll windows:6 windows x86 arch:x86

283c39babc7b2811a54e8a89c47da2d7

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0e:3d:c5:b9:6b:df:ee:ef:e8:69:9e:06:16:1d:e3:bc
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

28-01-2022 00:00

Not After

26-02-2025 23:59

Subject

CN=Razer USA Ltd.,O=Razer USA Ltd.,L=Irvine,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

02:83:ba:ac:4a:23:ff:47:9e:a1:15:0c:0c:73:1f:ef:61:62:81:44:f5:e9:c2:10:5b:98:26:ec:8a:48:1b:28
Signer

Actual PE Digest

02:83:ba:ac:4a:23:ff:47:9e:a1:15:0c:0c:73:1f:ef:61:62:81:44:f5:e9:c2:10:5b:98:26:ec:8a:48:1b:28

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\workspace\chromasdk\RC\3.35\Devices\bin\Win32\Release_Package\6CC98B1D-5CEE-4DDB-A256-E973B40FB5B8.pdb

Imports

kernel32

GetProcessHeap
HeapFree
SetEvent
WaitForSingleObject
CreateThread
WaitForMultipleObjects
OpenMutexW
ReleaseMutex
CreateWaitableTimerW
SetWaitableTimer
LoadLibraryW
GetProcAddress
Sleep
HeapDestroy
HeapSize
HeapReAlloc
SizeofResource
LockResource
LoadResource
FindResourceExW
FindResourceW
HeapAlloc
RaiseException
QueryPerformanceFrequency
QueryPerformanceCounter
IsDebuggerPresent
OutputDebugStringW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
MultiByteToWideChar
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CreateEventW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetCurrentProcessId
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleW
WaitForSingleObjectEx
ResetEvent
InitializeCriticalSectionAndSpinCount
CreateFileW
OpenFileMappingW
LocalAlloc
LocalFree
WriteFile
CloseHandle
GetLastError
InitializeCriticalSectionEx

advapi32

RegSetValueExW
FreeSid
AllocateAndInitializeSid
SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegCreateKeyExW
RegCloseKey

ole32

StringFromGUID2
CLSIDFromString

shlwapi

PathStripPathW

msvcp140

?_Xlength_error@std@@YAXPBD@Z

concrt140

?_CheckTaskCollection@_UnrealizedChore@details@Concurrency@@IAEXXZ
?PPLParallelInvokeEventGuid@Concurrency@@3U_GUID@@B
?_Trace_ppl_function@Concurrency@@YAXABU_GUID@@EW4ConcRT_EventType@1@@Z
?Free@Concurrency@@YAXPAX@Z
?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z
??1_StructuredTaskCollection@details@Concurrency@@QAE@XZ
?_Schedule@_StructuredTaskCollection@details@Concurrency@@QAEXPAV_UnrealizedChore@23@@Z

setupapi

SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW
SetupDiGetDevicePropertyW

vcruntime140

wcsstr
__std_type_info_destroy_list
memset
_CxxThrowException
memcpy
__std_exception_destroy
memmove
__std_exception_copy
__std_terminate
wcsrchr
wcschr
_except_handler4_common
__CxxFrameHandler3

api-ms-win-crt-runtime-l1-1-0

_cexit
_initterm
_initterm_e
_invalid_parameter_noinfo_noreturn
_crt_atexit
_errno
_execute_onexit_table
_register_onexit_function
_invalid_parameter_noinfo
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll

api-ms-win-crt-convert-l1-1-0

wcstoul

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf_s
__stdio_common_vsprintf
__stdio_common_vswprintf

api-ms-win-crt-heap-l1-1-0

malloc
free
_callnewh

api-ms-win-crt-locale-l1-1-0

localeconv

api-ms-win-crt-string-l1-1-0

_wcsicmp
_wcsupr_s
wmemcpy_s
wcscpy_s

api-ms-win-crt-math-l1-1-0

_dsign
_dclass

Exports

Exports

Init
UnInit

Sections

.text
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Macro/norecoil/f_00001a
Macro/norecoil/f_00001b
Macro/norecoil/f_00001c
Macro/v2/00007A.dat
Macro/v2/00007B.dat
Macro/v2/00007C.dat
Macro/v2/00007D.dat
Macro/v2/00007E.dat
Macro/v2/00008A.dat
Resource/bypassing/chrome_elf.dll
.dll windows:5 windows x64 arch:x64

f6016c2b5ff401915f9fb116a7d7e91e

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:d4:1a:66:69:21:53:ff:be:5d:ef:e8:73:ad:ff:6a
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

01-07-2021 00:00

Not After

15-08-2024 23:59

Subject

CN=Hugh Bailey,O=Hugh Bailey,L=Temecula,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

64:e9:a1:aa:d8:d6:f2:c8:17:f8:f9:ba:da:02:bb:63:27:a8:30:93:38:a2:fc:1e:88:b0:15:3b:b8:ae:6e:cf:e1:11:af:1e:d5:6e:fc:74:0c:4f:a1:5b:a8:74:f1:a1:46:cc:db:88:65:92:2b:6e:f8:2e:92:c2:f6:3f:86:84
Signer

Actual PE Digest

64:e9:a1:aa:d8:d6:f2:c8:17:f8:f9:ba:da:02:bb:63:27:a8:30:93:38:a2:fc:1e:88:b0:15:3b:b8:ae:6e:cf:e1:11:af:1e:d5:6e:fc:74:0c:4f:a1:5b:a8:74:f1:a1:46:cc:db:88:65:92:2b:6e:f8:2e:92:c2:f6:3f:86:84

Digest Algorithm

sha512

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

chrome_elf.dll.pdb

Imports

kernel32

AcquireSRWLockExclusive
CloseHandle
CompareStringW
CreateDirectoryW
CreateEventW
CreateFileW
CreateMutexW
CreateNamedPipeW
CreateProcessW
CreateRemoteThread
CreateThread
DeleteCriticalSection
DeleteFileW
DuplicateHandle
EncodePointer
EnterCriticalSection
EnumSystemLocalesW
ExitProcess
ExitThread
ExpandEnvironmentStringsW
FileTimeToSystemTime
FindClose
FindFirstFileExW
FindNextFileW
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
FormatMessageA
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryAndExitThread
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetComputerNameExW
GetConsoleMode
GetConsoleOutputCP
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetDriveTypeW
GetEnvironmentStringsW
GetEnvironmentVariableW
GetFileAttributesW
GetFileInformationByHandle
GetFileSizeEx
GetFileTime
GetFileType
GetFullPathNameW
GetLastError
GetLocalTime
GetLocaleInfoW
GetLogicalProcessorInformation
GetLongPathNameW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetNativeSystemInfo
GetOEMCP
GetProcAddress
GetProcessHeap
GetProcessId
GetProductInfo
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemInfo
GetSystemTimeAsFileTime
GetTempPathW
GetThreadId
GetThreadPriority
GetTickCount
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLCID
GetVersionExW
InitOnceExecuteOnce
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeSListHead
InterlockedFlushSList
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
IsWow64Process
LCMapStringW
LeaveCriticalSection
LoadLibraryExA
LoadLibraryExW
LoadLibraryW
LocalFree
LockFileEx
MultiByteToWideChar
OpenProcess
OutputDebugStringA
OutputDebugStringW
PeekNamedPipe
QueryPerformanceCounter
QueryPerformanceFrequency
QueryThreadCycleTime
RaiseException
ReadConsoleW
ReadFile
ReadProcessMemory
ReleaseMutex
ReleaseSRWLockExclusive
RemoveDirectoryW
ResetEvent
RtlCaptureContext
RtlCaptureStackBackTrace
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwind
RtlUnwindEx
RtlVirtualUnwind
SetConsoleCtrlHandler
SetEndOfFile
SetEnvironmentVariableW
SetEvent
SetFilePointerEx
SetLastError
SetNamedPipeHandleState
SetStdHandle
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SleepConditionVariableSRW
SleepEx
SystemTimeToTzSpecificLocalTime
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TransactNamedPipe
TryAcquireSRWLockExclusive
UnhandledExceptionFilter
UnlockFileEx
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualFree
VirtualProtect
VirtualProtectEx
VirtualQuery
WaitForSingleObject
WaitForSingleObjectEx
WaitNamedPipeW
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFile
WriteProcessMemory
lstrcmpiA

Exports

Exports

ClearReportsBetween_ExportThunk
CrashForException_ExportThunk
DisableHook
DrainLog
DumpHungProcessWithPtype_ExportThunk
DumpProcessWithoutCrash
GetApplyHookResult
GetBlockedModulesCount
GetCrashReports_ExportThunk
GetCrashpadDatabasePath_ExportThunk
GetHandleVerifier
GetInstallDetailsPayload
GetUniqueBlockedModulesCount
GetUserDataDirectoryThunk
InjectDumpForHungInput_ExportThunk
IsBrowserProcess
IsCrashReportingEnabledImpl
IsThirdPartyInitialized
RegisterLogNotification
RequestSingleCrashUpload_ExportThunk
SetCrashKeyValueImpl
SetMetricsClientId
SetUploadConsent_ExportThunk
SignalChromeElf
SignalInitializeCrashReporting

Sections

.text
Size: 857KB - Virtual size: 857KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 135KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.crthunk
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gxfg
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.oldntma
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.retplne
Size: 512B - Virtual size: 92B

.tls
Size: 512B - Virtual size: 305B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.voltbl
Size: 512B - Virtual size: 68B

CPADinfo
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

malloc_h
Size: 512B - Virtual size: 326B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Resource/bypassing/coreaudio-encoder.dll
.dll windows:6 windows x64 arch:x64

f550abf2dc517c933b318666ebeb7000

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:d4:1a:66:69:21:53:ff:be:5d:ef:e8:73:ad:ff:6a
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

01-07-2021 00:00

Not After

15-08-2024 23:59

Subject

CN=Hugh Bailey,O=Hugh Bailey,L=Temecula,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b5:9f:8c:1c:29:fb:a0:8a:6e:9b:06:80:94:9b:eb:0b:fc:39:15:a3:8d:78:e8:79:38:d4:d0:00:38:db:b5:21:3a:aa:dd:c1:a0:51:c3:2e:84:66:8e:70:7e:be:da:ea:a7:1c:12:b2:f1:cb:aa:01:f0:8e:95:ad:19:3c:fe:b2
Signer

Actual PE Digest

b5:9f:8c:1c:29:fb:a0:8a:6e:9b:06:80:94:9b:eb:0b:fc:39:15:a3:8d:78:e8:79:38:d4:d0:00:38:db:b5:21:3a:aa:dd:c1:a0:51:c3:2e:84:66:8e:70:7e:be:da:ea:a7:1c:12:b2:f1:cb:aa:01:f0:8e:95:ad:19:3c:fe:b2

Digest Algorithm

sha512

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

coreaudio-encoder.pdb

Imports

obs

obs_data_get_bool
audio_output_get_info
obs_data_set_default_int
obs_module_load_locale
obs_property_list_clear
obs_properties_add_list
dstr_printf
bfree
obs_encoder_audio
text_lookup_getstr
text_lookup_destroy
obs_property_set_modified_callback
obs_data_set_default_bool
obs_encoder_get_name
obs_register_encoder_s
blog
obs_get_audio_info
obs_properties_add_bool
obs_properties_get
audio_output_get_sample_rate
obs_data_get_int
obs_properties_create
obs_property_list_item_disable
audio_output_get_channels
dstr_vcatf
obs_property_list_add_int

kernel32

InitOnceBeginInitialize
SetDllDirectoryW
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
FreeLibrary
InitOnceComplete
GetProcAddress
LoadLibraryW
GetLastError

shell32

SHGetKnownFolderPath

ole32

CoTaskMemFree

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memcpy
memset
__std_type_info_destroy_list
_CxxThrowException
memmove
__C_specific_handler
__std_exception_destroy
__std_exception_copy
__std_terminate

api-ms-win-crt-runtime-l1-1-0

abort
_cexit
_invalid_parameter_noinfo_noreturn
_initterm
_initterm_e
_execute_onexit_table
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf
__stdio_common_vsprintf

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free

Exports

Exports

obs_module_description
obs_module_free_locale
obs_module_get_string
obs_module_load
obs_module_set_locale
obs_module_set_pointer
obs_module_unload
obs_module_ver

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Resource/bypassing/coreaudio-encoder.pdb
Resource/bypassing/decklink.dll
.dll windows:6 windows x64 arch:x64

892aaf5ec3398ec44fb0f1d20bb945fe

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:d4:1a:66:69:21:53:ff:be:5d:ef:e8:73:ad:ff:6a
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

01-07-2021 00:00

Not After

15-08-2024 23:59

Subject

CN=Hugh Bailey,O=Hugh Bailey,L=Temecula,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

dc:75:88:b4:24:3b:9f:a1:05:f1:da:ed:92:dd:13:6e:95:e3:39:7a:37:6c:39:56:f8:14:7f:55:1f:ae:35:87:23:7b:02:30:1f:04:9a:11:21:ca:0a:5e:70:77:38:74:bb:61:06:f6:98:73:c3:4b:57:bc:f0:1c:46:61:cf:15
Signer

Actual PE Digest

dc:75:88:b4:24:3b:9f:a1:05:f1:da:ed:92:dd:13:6e:95:e3:39:7a:37:6c:39:56:f8:14:7f:55:1f:ae:35:87:23:7b:02:30:1f:04:9a:11:21:ca:0a:5e:70:77:38:74:bb:61:06:f6:98:73:c3:4b:57:bc:f0:1c:46:61:cf:15

Digest Algorithm

sha512

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

decklink.pdb

Imports

obs

obs_data_get_string
obs_output_begin_data_capture
obs_output_set_audio_conversion
obs_properties_add_list
obs_output_end_data_capture
obs_get_audio_info
obs_property_list_item_count
obs_properties_add_bool
obs_property_list_insert_string
obs_property_list_clear
obs_property_list_item_string
obs_data_get_bool
obs_data_set_default_int
obs_property_set_visible
os_wcs_to_utf8
obs_source_update
obs_source_set_async_unbuffered
obs_property_set_long_description
obs_data_set_default_bool
obs_source_set_async_decoupled
obs_data_release
obs_source_get_settings
obs_data_set_int
obs_source_update_properties
obs_data_set_string
obs_get_video_hdr_nominal_peak_level
obs_module_load_locale
obs_register_output_s
obs_register_source_s
text_lookup_destroy
text_lookup_getstr
bfree
brealloc
obs_property_set_modified_callback
obs_properties_get
obs_data_get_int
obs_properties_create
obs_output_set_video_conversion
obs_property_list_item_disable
obs_property_list_add_int
obs_property_list_add_string
obs_output_get_video_conversion
bitstream_reader_read_bits
obs_get_video_info
video_format_get_parameters_for_format
bitstream_reader_r8
bitstream_reader_init
obs_source_output_audio
bmalloc
obs_source_output_video2
os_gettime_ns
obs_source_output_cea708
blog

ole32

CoCreateInstance

msvcp140

?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?good@ios_base@std@@QEBA_NXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Throw_Cpp_error@std@@YAXH@Z
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_init_in_situ
_Mtx_unlock
?uncaught_exception@std@@YA_NXZ

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_exception_copy
__std_terminate
_purecall
__current_exception
__current_exception_context
__C_specific_handler
__std_exception_destroy
__std_type_info_destroy_list
memset
__RTDynamicCast
memcmp
memcpy
memmove
_CxxThrowException

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_seh_filter_dll
_execute_onexit_table
_initialize_narrow_environment
_initterm
terminate
_initterm_e
_invalid_parameter_noinfo_noreturn
_cexit
_initialize_onexit_table

api-ms-win-crt-heap-l1-1-0

malloc
_aligned_malloc
free
_aligned_free
_callnewh

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf
__acrt_iob_func

kernel32

GetCurrentThreadId
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
RtlCaptureContext
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess

Exports

Exports

obs_module_description
obs_module_free_locale
obs_module_get_string
obs_module_load
obs_module_set_locale
obs_module_set_pointer
obs_module_unload
obs_module_ver

Sections

.text
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Settings/api/config.xml
.xml
Settings/api/contextMenu.xml
.xml
Settings/api/langs.xml
.js .xml polyglot
Settings/fr.traineddata
Settings/id.traineddata
Settings/ja.traineddata
Version/plugins/config/converter.ini
Version/themes/rh_binary.png
.png
Version/themes/rh_dlg_ctrl.png
.png
Version/themes/rh_dlg_edit.png
.png
Version/themes/rh_icon.png
.png
Version/themes/rh_main_menu.png
.png
Version/themes/rh_menu2.png
.png
Version/themes/rh_mnu_ctrl.png
.png
Version/themes/rh_scrpt.png
.png
Version/themes/rh_scrpt_err.png
.png
Version/themes/sample1.bmp
Version/themes/sample1.h
Version/themes/sample1.inc
Version/themes/sample1.rc
Version/themes/sample2.dll
.dll windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 780B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 707KB - Virtual size: 706KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Version/userDefineLangs/markdown._preinstalled.udl.xml
Version/userDefineLangs/markdown._preinstalled_DM.udl.xml
Version/v3/data_0
Version/v3/data_1
Version/v3/data_2
lnjector.exe
.exe windows:6 windows x64 arch:x64

7a4fc0c34bc052421d9ece62cd06f6dd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

FreeLibrary
GetProcAddress
LoadLibraryA
LoadLibraryW
LocalFree
FormatMessageW
lstrlenW
GetComputerNameA
VerifyVersionInfoW
SetEndOfFile
WriteConsoleW
VirtualProtect
CreateFileW
GetProcessHeap
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
CreateProcessA
Sleep
GetEnvironmentVariableW
HeapSize
VerSetConditionMask
FindFirstFileExW
FindClose
HeapReAlloc
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
ReadFile
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
CloseHandle
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
HeapFree
HeapAlloc
GetModuleFileNameW
WriteFile
GetStdHandle
GetModuleHandleExW
ExitProcess
LoadLibraryExW
TlsFree
TlsSetValue
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetCPInfo
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
RtlPcToFileHeader
RaiseException
RtlUnwindEx
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
RtlUnwind

user32

GetMessageW
DispatchMessageW
CreateWindowExW
SendMessageW
LoadIconW
MessageBoxW
GetClientRect
UpdateWindow
ShowWindow
DefWindowProcW
RegisterClassW
PostQuitMessage
TranslateMessage

gdi32

SetBkColor
CreateSolidBrush
CreateFontW
SetTextColor

shell32

SHGetFolderPathW
SHGetFolderPathA
ShellExecuteW

ole32

CoInitialize
CoUninitialize

oleaut32

SysAllocString
SysFreeString
SafeArrayCreate
SafeArrayDestroy
VariantInit
VariantClear
VariantCopy
VariantChangeType
LoadTypeLi

shlwapi

PathCombineW
PathFileExistsW
PathAppendW
PathIsDirectoryW
PathRemoveFileSpecW
StrStrW
StrCmpW
StrCatW
PathFindFileNameW

mpr

WNetCancelConnection2W
WNetGetLastErrorW
WNetGetUniversalNameW
WNetGetResourceInformationW
WNetCloseEnum
WNetEnumResourceW
WNetOpenEnumW
WNetGetConnectionW
WNetAddConnection2W

urlmon

URLDownloadToFileW

Sections

.text
Size: 639KB - Virtual size: 638KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 82.9MB - Virtual size: 82.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a3324b371ff15b60c25f0e97bff92c32

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

0e:3d:c5:b9:6b:df:ee:ef:e8:69:9e:06:16:1d:e3:bcCertificate

Extended Key Usages

Key Usages

e3:d3:1c:87:ae:d5:fd:bc:8c:bb:b9:01:60:d4:05:66:23:be:93:5e:07:0b:a1:08:02:6a:0a:40:06:0f:99:1fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

ole32

shlwapi

msvcp140

concrt140

setupapi

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

Exports

Exports

Sections

.text Size: 34KB - Virtual size: 34KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

283c39babc7b2811a54e8a89c47da2d7

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

0e:3d:c5:b9:6b:df:ee:ef:e8:69:9e:06:16:1d:e3:bcCertificate

Extended Key Usages

Key Usages

02:83:ba:ac:4a:23:ff:47:9e:a1:15:0c:0c:73:1f:ef:61:62:81:44:f5:e9:c2:10:5b:98:26:ec:8a:48:1b:28Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

ole32

shlwapi

msvcp140

concrt140

setupapi

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

0e:3d:c5:b9:6b:df:ee:ef:e8:69:9e:06:16:1d:e3:bc
Certificate

e3:d3:1c:87:ae:d5:fd:bc:8c:bb:b9:01:60:d4:05:66:23:be:93:5e:07:0b:a1:08:02:6a:0a:40:06:0f:99:1f
Signer

.text
Size: 34KB - Virtual size: 34KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

0e:3d:c5:b9:6b:df:ee:ef:e8:69:9e:06:16:1d:e3:bc
Certificate

02:83:ba:ac:4a:23:ff:47:9e:a1:15:0c:0c:73:1f:ef:61:62:81:44:f5:e9:c2:10:5b:98:26:ec:8a:48:1b:28
Signer

.text
Size: 57KB - Virtual size: 56KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

06:d4:1a:66:69:21:53:ff:be:5d:ef:e8:73:ad:ff:6a
Certificate

64:e9:a1:aa:d8:d6:f2:c8:17:f8:f9:ba:da:02:bb:63:27:a8:30:93:38:a2:fc:1e:88:b0:15:3b:b8:ae:6e:cf:e1:11:af:1e:d5:6e:fc:74:0c:4f:a1:5b:a8:74:f1:a1:46:cc:db:88:65:92:2b:6e:f8:2e:92:c2:f6:3f:86:84
Signer

.text
Size: 857KB - Virtual size: 857KB

.rdata
Size: 152KB - Virtual size: 151KB

.data
Size: 135KB - Virtual size: 172KB

.pdata
Size: 32KB - Virtual size: 32KB

.00cfg
Size: 512B - Virtual size: 40B

.crthunk
Size: 512B - Virtual size: 64B

.gxfg
Size: 11KB - Virtual size: 10KB

.oldntma
Size: 512B - Virtual size: 8B

.retplne
Size: 512B - Virtual size: 92B

.tls
Size: 512B - Virtual size: 305B

.voltbl
Size: 512B - Virtual size: 68B

CPADinfo
Size: 512B - Virtual size: 56B

_RDATA
Size: 512B - Virtual size: 244B

malloc_h
Size: 512B - Virtual size: 326B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 6KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

06:d4:1a:66:69:21:53:ff:be:5d:ef:e8:73:ad:ff:6a
Certificate