ByWave_3[.]0[.]4_x64-setup[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

ByWave_3.0.4_x64-setup.exe
Size

27.2MB
MD5

9495df39702b145c1f66ee83f92c5022
SHA1

5a18d4731aeff73d72953dfc314ed15cc807762a
SHA256

1ee85174f1ed4b346ce16f8702577838f09dfdba3198a94506cd038c68cd269d
SHA512

bea31182c07e42908b49db1a42a9a14404fded2383b12ff4cc02ddc89c1d1269277524a6d15834c75b78b3a8232e6886ef74e7df2a64652ef2dd88122386549c
SSDEEP

786432:MlFemgeNOdtag3AaGRe7McZQoWpV4SFfI30OgCWuCwGIx3V:MlvjkdtfA58qESFg3muCJIpV

Score

3^/10

Malware Config

Signatures

Unsigned PE 18 IoCs

Checks for missing Authenticode signature.

resource
ByWave_3.0.4_x64-setup.exe
unpack001/$PLUGINSDIR/LangDLL.dll
unpack001/$PLUGINSDIR/SimpleSC.dll
unpack001/$PLUGINSDIR/StartMenu.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$PLUGINSDIR/nsis_tauri_utils.dll
unpack001/ByWave.exe
unpack001/clash-meta-alpha.exe
unpack001/clash-meta.exe
unpack001/resources/clash-verge-service.exe
unpack001/resources/install-service.exe
unpack001/resources/uninstall-service.exe
unpack001/uninstall.exe
unpack002/$PLUGINSDIR/LangDLL.dll
unpack002/$PLUGINSDIR/SimpleSC.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/nsis_tauri_utils.dll

Files

ByWave_3.0.4_x64-setup.exe
.exe windows:4 windows x86 arch:x86

61259b55b8912888e90f516ca08dc514

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW

shell32

SHGetSpecialFolderLocation
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

GetClientRect
EndPaint
DrawTextW
IsWindowEnabled
DispatchMessageW
wsprintfA
CharNextA
CharPrevW
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
GetSystemMetrics
FillRect
AppendMenuW
TrackPopupMenu
OpenClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetSysColor
SetWindowPos
GetWindowLongW
PeekMessageW
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
EmptyClipboard
CreatePopupMenu

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
lstrcatW
Sleep
lstrcpyA
WriteFile
GetTempFileNameW
lstrcmpiA
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
CopyFileW
ExitProcess
GetCurrentProcess
GetModuleFileNameW
GetFileSize
CreateFileW
GetTickCount
MulDiv
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
MoveFileExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 184KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LangDLL.dll
.dll windows:4 windows x86 arch:x86

3e8d18bb71c7ebbda2ddc2a4bb03547b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenW
GlobalFree
lstrcpynW
lstrcmpW
GlobalAlloc
MulDiv
GetModuleHandleW
lstrcpyW

user32

DialogBoxParamW
SetDlgItemTextW
SendDlgItemMessageW
EndDialog
SetWindowTextW
LoadIconW
ShowWindow
SendMessageW
GetDC

gdi32

GetDeviceCaps
CreateFontIndirectW
DeleteObject

Exports

Exports

LangDialog

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 681B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/SimpleSC.dll
.dll windows:5 windows x86 arch:x86

a9546246ff97b887a4072a24f9106617

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

EnterCriticalSection
SetFilePointer
GetACP
CloseHandle
LocalFree
SuspendThread
VirtualProtect
TlsAlloc
GetTickCount
IsDebuggerPresent
GetFullPathNameW
VirtualFree
HeapAlloc
GetStartupInfoW
ExitProcess
GetFileAttributesW
InitializeCriticalSection
GetCPInfoExW
GetThreadPriority
GetCurrentProcess
SetThreadPriority
VirtualAlloc
RtlUnwind
GetCPInfo
GetCommandLineW
GetSystemInfo
ResumeThread
GetProcAddress
LeaveCriticalSection
EnumSystemLocalesW
GetStdHandle
GetVersionExW
VerifyVersionInfoW
GetModuleHandleW
FreeLibrary
HeapCreate
HeapDestroy
ReadFile
GetDiskFreeSpaceW
VerSetConditionMask
GetUserDefaultUILanguage
FindFirstFileW
TlsFree
HeapSize
lstrcpynW
SetLastError
GetModuleFileNameW
GetLastError
GlobalAlloc
lstrlenW
SetEndOfFile
CompareStringW
CreateThread
HeapFree
WideCharToMultiByte
MultiByteToWideChar
FindClose
LoadLibraryA
ResetEvent
SetEvent
CreateFileW
GetLocaleInfoW
GetVersion
RaiseException
FormatMessageW
SwitchToThread
GetExitCodeThread
GetLocalTime
WaitForSingleObject
GetCurrentThread
WriteFile
ExitThread
DeleteCriticalSection
GetDateFormatW
TlsGetValue
IsValidLocale
TlsSetValue
LoadLibraryExW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
CreateEventW
GlobalFree
VirtualQueryEx
GetThreadLocale
Sleep
SetThreadLocale

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

user32

CharUpperBuffW
CharNextW
MsgWaitForMultipleObjects
FindWindowExW
CharLowerBuffW
LoadStringW
CharUpperW
PeekMessageW
GetSystemMetrics
MessageBoxW

oleaut32

SysAllocStringLen
SafeArrayPtrOfIndex
VariantCopy
SafeArrayGetLBound
SafeArrayGetUBound
VariantInit
VariantClear
SysFreeString
SysReAllocStringLen
VariantChangeType
SafeArrayCreate

netapi32

NetWkstaGetInfo
NetApiBufferFree

advapi32

CloseServiceHandle
ControlService
CreateServiceW
LookupAccountNameW
DeleteService
LsaAddAccountRights
StartServiceW
UnlockServiceDatabase
GetServiceKeyNameW
GetServiceDisplayNameW
ChangeServiceConfigW
LsaClose
LockServiceDatabase
OpenServiceW
ChangeServiceConfig2W
EnumDependentServicesW
QueryServiceConfig2W
LsaRemoveAccountRights
QueryServiceStatus
AdjustTokenPrivileges
QueryServiceConfigW
LookupPrivilegeValueW
OpenSCManagerW
LsaOpenPolicy
OpenProcessToken
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

Exports

Exports

ContinueService
ExistsService
GetErrorMessage
GetServiceBinaryPath
GetServiceDelayedAutoStartInfo
GetServiceDescription
GetServiceDisplayName
GetServiceFailure
GetServiceFailureFlag
GetServiceLogon
GetServiceName
GetServiceStartType
GetServiceStatus
GrantServiceLogonPrivilege
InstallService
PauseService
RemoveService
RemoveServiceLogonPrivilege
RestartService
ServiceIsPaused
ServiceIsRunning
ServiceIsStopped
SetServiceBinaryPath
SetServiceDelayedAutoStartInfo
SetServiceDescription
SetServiceFailure
SetServiceFailureFlag
SetServiceLogon
SetServiceStartType
StartService
StopService
TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 956KB - Virtual size: 956KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 25KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 512B - Virtual size: 490B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 69B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/StartMenu.dll
.dll windows:4 windows x86 arch:x86

80469f6834e579db68a646d49780b9d5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcatW
FindClose
FindNextFileW
lstrcmpW
GetModuleHandleW
lstrcmpiW
MulDiv
lstrcpynW
GlobalAlloc
lstrcpyW
FindFirstFileW
GlobalFree

user32

GetMessageW
TranslateMessage
PostMessageW
DispatchMessageW
GetDlgItem
GetWindowLongW
CheckDlgButton
ShowWindow
LoadIconW
GetClientRect
MoveWindow
DestroyWindow
GetWindowRect
ReleaseDC
GetDC
EnableWindow
SetWindowTextW
SendMessageW
IsDlgButtonChecked
GetWindowTextW
CreateDialogParamW
SetWindowLongW
wsprintfW
ScreenToClient
IsDialogMessageW
CallWindowProcW

gdi32

GetTextMetricsW
SelectObject

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW

ole32

CoTaskMemFree

Exports

Exports

Init
Select
Show

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 578B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

fc0224e99e736751432961db63a41b76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GlobalAlloc
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 662B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

6b5c4f7d679059f68f1269aad3a5cecd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesW
lstrcpyW
MulDiv
lstrlenW
HeapFree
GetCurrentDirectoryW
lstrcmpiW
GetProcessHeap
HeapReAlloc
GlobalFree
lstrcpynW
GlobalAlloc
SetCurrentDirectoryW
HeapAlloc

user32

DestroyWindow
CallWindowProcW
SetCursor
LoadCursorW
GetPropW
CharPrevW
DrawFocusRect
GetWindowLongW
DrawTextW
GetClientRect
SetWindowLongW
GetDlgItem
GetSysColor
SetWindowPos
CreateDialogParamW
MapDialogRect
GetWindowRect
SetPropW
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
CharNextW
SendMessageW
MapWindowPoints
RemovePropW
GetWindowTextW

gdi32

SetTextColor

shell32

SHBrowseForFolderW
SHGetPathFromIDListW

comdlg32

GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 638B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsis_tauri_utils.dll
.dll windows:6 windows x86 arch:x86

17cb20871354b907f678c7c220e4ca60

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

OpenProcess
ExitProcess
HeapAlloc
CloseHandle
GetCurrentProcessId
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
HeapFree
TerminateProcess
GetProcessHeap
GlobalFree
InitializeProcThreadAttributeList
GetLastError
UpdateProcThreadAttribute
CreateProcessW
HeapReAlloc
GlobalAlloc
lstrcpyW

advapi32

GetTokenInformation
OpenProcessToken
EqualSid

user32

GetShellWindow
GetWindowThreadProcessId

Exports

Exports

DllMain
FindProcess
FindProcessCurrentUser
KillProcess
KillProcessCurrentUser
RunAsUser
SemverCompare
memcmp
memcpy
memset

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 376B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/MicrosoftEdgeWebview2Setup.exe
.exe windows:5 windows x86 arch:x86

7899cb8ba886a0690bdc28d8b481bbd1

Code Sign

33:00:00:03:a4:cb:e3:56:b8:cb:7f:e4:27:00:00:00:00:03:a4
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2023, 19:51

Not After

16/10/2024, 19:51

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

64:57:97:41:81:d1:09:95:4f:1c:10:95:8c:65:4e:63
Certificate

Issuer

CN=EdgeBuild,O=EdgeBuild,L=Redmond,ST=Washington,C=US

Not Before

15/06/2020, 23:52

Not After

31/12/2039, 23:59

Subject

CN=EdgeBuild,O=EdgeBuild,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment

32:bf:d2:56:3d:b0:c2:39:3c:8b:51:5c:2e:ee:96:62:0f:1f:55:ef:54:22:c9:b6:c6:69:68:5f:34:b2:79:f1
Signer

Actual PE Digest

32:bf:d2:56:3d:b0:c2:39:3c:8b:51:5c:2e:ee:96:62:0f:1f:55:ef:54:22:c9:b6:c6:69:68:5f:34:b2:79:f1

Digest Algorithm

sha256

PE Digest Matches

true

32:bf:d2:56:3d:b0:c2:39:3c:8b:51:5c:2e:ee:96:62:0f:1f:55:ef:54:22:c9:b6:c6:69:68:5f:34:b2:79:f1
Signer

Actual PE Digest

32:bf:d2:56:3d:b0:c2:39:3c:8b:51:5c:2e:ee:96:62:0f:1f:55:ef:54:22:c9:b6:c6:69:68:5f:34:b2:79:f1

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

mi_exe_stub.pdb

Imports

kernel32

GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
OutputDebugStringW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
RaiseException
LCMapStringW
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
CreateFileW
CloseHandle
WriteConsoleW
DecodePointer
VirtualProtect
EncodePointer
LoadLibraryExW
QueryPerformanceCounter
GetProcAddress
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetLastError
RtlUnwind
TerminateProcess
GetCurrentProcess
GetModuleHandleW
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
GetStringTypeW
CreateDirectoryW
SizeofResource
FindFirstFileW
Wow64DisableWow64FsRedirection
RemoveDirectoryW
GetTempPathW
FormatMessageW
Wow64RevertWow64FsRedirection
GetFileAttributesExW
GetDiskFreeSpaceExW
LockResource
DeleteFileW
FindResourceExW
LoadResource
FindResourceW
HeapDestroy
LocalFree
VerSetConditionMask
CopyFileW
VerifyVersionInfoW
GetTempFileNameW
lstrcmpiW
CreateMutexW
WaitForSingleObject
ReleaseMutex
CreateEventW
SetEvent
CreateThread
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
VirtualQuery
CreateProcessW
GetExitCodeProcess
ResetEvent
WaitForSingleObjectEx
GetSystemInfo
LoadLibraryExA

advapi32

RegSetValueExA
SetSecurityDescriptorDacl
GetAclInformation
SetSecurityDescriptorOwner
GetSidSubAuthority
GetSidLengthRequired
CopySid
InitializeSid
IsValidSid
AddAce
InitializeSecurityDescriptor
InitializeAcl
GetLengthSid
GetSecurityDescriptorLength
MakeSelfRelativeSD
MakeAbsoluteSD
SetSecurityDescriptorGroup
RegOpenKeyExW
RegQueryValueExW
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorControl
GetSecurityDescriptorOwner
RegCloseKey
RegQueryValueExA
RegCreateKeyExA
RegSetValueExW
RegOpenKeyExA
RegDeleteValueA

ole32

CoTaskMemFree
CoUninitialize
CoInitializeEx

shell32

SHGetKnownFolderPath
ord680
CommandLineToArgvW
SHGetFolderPathW

user32

CharLowerBuffW
MessageBoxW

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ByWave.exe
.exe windows:6 windows x64 arch:x64

872e8f30883e374d0ab766aa4e7aa2ae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\Clash_verge\Clash_verge\src-tauri\target\x86_64-pc-windows-msvc\release\deps\clash_verge.pdb

Imports

kernel32

CreatePipe
GetModuleHandleA
GetProcAddress
WakeAllConditionVariable
SetConsoleTextAttribute
lstrlenW
OpenProcess
GetCurrentProcess
GetConsoleMode
LocalFree
CreateNamedPipeW
GetCurrentProcessId
GetExitCodeProcess
WaitForSingleObject
CreateFileW
WriteConsoleW
ReadFile
Sleep
GetSystemInfo
GetCurrentThread
GetTimeZoneInformationForYear
GetProcessId
TerminateProcess
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
SleepConditionVariableSRW
WakeConditionVariable
PostQueuedCompletionStatus
SetLastError
CreateWaitableTimerExW
SetWaitableTimer
QueryPerformanceFrequency
FormatMessageW
GetCurrentDirectoryW
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
ReleaseMutex
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
GetEnvironmentVariableW
GetTempPathW
GetModuleFileNameW
GetCommandLineW
SetFileInformationByHandle
GetFileInformationByHandle
GetFileInformationByHandleEx
ReleaseSRWLockShared
GetFullPathNameW
GetFinalPathNameByHandleW
FindNextFileW
CreateDirectoryW
FindFirstFileW
AcquireSRWLockShared
GetQueuedCompletionStatusEx
TryAcquireSRWLockExclusive
CreateIoCompletionPort
SetHandleInformation
HeapReAlloc
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
CreateThread
ReadFileEx
SleepEx
WriteFileEx
WaitForMultipleObjects
GetOverlappedResult
CreateEventW
CancelIo
ExitProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetProcessHeap
HeapAlloc
MoveFileExW
CopyFileExW
SetThreadStackGuarantee
GetProcessTimes
GetSystemTimes
GetProcessIoCounters
AddVectoredExceptionHandler
GetConsoleScreenBufferInfo
ReadProcessMemory
GetStdHandle
VirtualQueryEx
GlobalSize
SetEnvironmentVariableW
FindClose
GlobalMemoryStatusEx
K32GetPerformanceInfo
CloseHandle
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetModuleHandleW
RtlUnwindEx
DeleteFileW
RtlPcToFileHeader
LoadLibraryW
RaiseException
EncodePointer
SetFileCompletionNotificationModes
DeleteCriticalSection
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
TlsAlloc
ReleaseSRWLockExclusive
SwitchToThread
GlobalFree
LoadLibraryExW
TlsGetValue
TlsSetValue
GlobalUnlock
GlobalLock
OutputDebugStringW
OutputDebugStringA
LCIDToLocaleName
GetUserDefaultUILanguage
GlobalAlloc
LoadLibraryExA
FreeLibrary
SetFilePointerEx
GetLastError
MultiByteToWideChar
AcquireSRWLockExclusive
HeapFree
TlsFree

user32

GetMessageA
DispatchMessageA
IsIconic
MonitorFromWindow
SetWindowDisplayAffinity
GetDC
GetMessageW
EnumChildWindows
EnumDisplayMonitors
SystemParametersInfoA
GetWindowPlacement
IsWindowVisible
SetForegroundWindow
GetCursorPos
PostThreadMessageW
GetClientRect
ShowWindow
PostQuitMessage
SendInput
MonitorFromPoint
TranslateMessage
SetMenuItemInfoW
CheckMenuItem
TrackPopupMenu
AppendMenuW
RedrawWindow
CreateIcon
PeekMessageW
RegisterHotKey
UnregisterHotKey
IsWindow
VkKeyScanW
DefWindowProcW
RegisterClassW
SetClipboardData
EmptyClipboard
IsProcessDPIAware
GetSystemMenu
MsgWaitForMultipleObjectsEx
RegisterClassExW
CreateMenu
CreatePopupMenu
DestroyAcceleratorTable
DestroyIcon
AdjustWindowRectEx
GetMenu
GetWindowLongW
InvalidateRgn
SetWindowPos
RegisterWindowMessageA
PostMessageW
ShowCursor
ClipCursor
SetCursor
GetSystemMetrics
GetClipCursor
GetActiveWindow
LoadCursorW
CloseTouchInputHandle
ClientToScreen
GetTouchInputInfo
GetAncestor
TranslateAcceleratorW
CreateWindowExW
SetWindowLongPtrW
RegisterRawInputDevices
GetRawInputData
GetWindowRect
MonitorFromRect
ValidateRect
GetUpdateRect
MapVirtualKeyW
DestroyWindow
SetCapture
ScreenToClient
RegisterTouchWindow
GetWindowLongPtrW
GetWindowTextW
GetWindowTextLengthW
TrackMouseEvent
GetKeyState
GetAsyncKeyState
SetCursorPos
GetForegroundWindow
FlashWindowEx
GetMonitorInfoW
SetWindowPlacement
CreateAcceleratorTableW
SetWindowTextW
ToUnicodeEx
GetKeyboardLayout
IsClipboardFormatAvailable
GetClipboardData
GetKeyboardState
MapVirtualKeyExW
ReleaseCapture
SetWindowLongW
SendMessageW
SetMenu
ChangeDisplaySettingsExW
EnableMenuItem
CloseClipboard
OpenClipboard
DispatchMessageW

comctl32

RemoveWindowSubclass
TaskDialogIndirect
SetWindowSubclass
DefSubclassProc

ws2_32

closesocket
WSASocketW
connect
setsockopt
bind
freeaddrinfo
WSAStartup
WSACleanup
getsockname
listen
getsockopt
WSAIoctl
WSAGetLastError
getpeername
ioctlsocket
getaddrinfo
shutdown
WSASend
send
recv
accept

shell32

DragQueryFileW
DragFinish
SHCreateItemFromParsingName
ShellExecuteW
ShellExecuteExW
SHAppBarMessage
CommandLineToArgvW
Shell_NotifyIconW
Shell_NotifyIconGetRect
SHGetKnownFolderPath

advapi32

IsWellKnownSid
RegCreateKeyExW
CopySid
SystemFunction036
RegCloseKey
EventRegister
EventSetInformation
EventWriteTransfer
EventUnregister
RegGetValueW
RegSetValueExW
RegDeleteValueW
RegOpenKeyExW
DuplicateTokenEx
CreateWellKnownSid
ImpersonateAnonymousToken
GetLengthSid
CheckTokenMembership
IsValidSid
OpenProcessToken
GetTokenInformation
RegQueryValueExW
RevertToSelf

pdh

PdhOpenQueryA
PdhGetFormattedCounterValue
PdhCloseQuery
PdhRemoveCounter
PdhCollectQueryData
PdhAddEnglishCounterW

dwmapi

DwmExtendFrameIntoClientArea
DwmEnableBlurBehindWindow

ole32

CoCreateInstance
CoInitializeEx
RevokeDragDrop
CoIncrementMTAUsage
CoTaskMemAlloc
OleInitialize
CoTaskMemFree
CreateStreamOnHGlobal
RegisterDragDrop
CoUninitialize

bcrypt

BCryptGenRandom

ntdll

NtQuerySystemInformation
NtCancelIoFileEx
RtlNtStatusToDosError
NtDeviceIoControlFile
NtCreateFile
RtlGetVersion
NtQueryInformationProcess
NtReadFile
NtWriteFile

crypt32

CertFreeCertificateContext
CertFreeCertificateChain
CertOpenStore
CertDuplicateStore
CertCloseStore
CertVerifyCertificateChainPolicy
CertDuplicateCertificateChain
CertAddCertificateContextToStore
CertEnumCertificatesInStore
CertGetCertificateChain
CertDuplicateCertificateContext

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

oleaut32

GetErrorInfo
SetErrorInfo
SysFreeString
SysStringLen

secur32

QueryContextAttributesW
ApplyControlToken
FreeCredentialsHandle
DecryptMessage
FreeContextBuffer
DeleteSecurityContext
InitializeSecurityContextW
AcceptSecurityContext
EncryptMessage
AcquireCredentialsHandleA

psapi

GetProcessMemoryInfo
GetModuleFileNameExW

powrprof

CallNtPowerInformation

wininet

InternetSetOptionW

uxtheme

SetWindowTheme

gdi32

CreateRectRgn
GetDeviceCaps
DeleteObject

api-ms-win-crt-math-l1-1-0

atan2
trunc
floor
fmod
acos
log
log10
log2
round
fma
sinh
asin
tan
tanh
cbrt
_hypot
expm1
exp
__setusermatherr
sin
log1p
atan
ceil
pow
cosh
cos

api-ms-win-crt-string-l1-1-0

_wcsicmp
strcpy_s
wcsncmp
wcslen

api-ms-win-crt-convert-l1-1-0

wcstol
_ultow_s

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_register_onexit_function
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e
exit
_crt_atexit
_exit
__p___argv
abort
__p___argc
_c_exit
_register_thread_local_exe_atexit_callback
_set_app_type
_seh_filter_exe
terminate
_cexit

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode
_callnewh
calloc
malloc

Sections

.text
Size: 7.3MB - Virtual size: 7.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6.5MB - Virtual size: 6.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 143KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
clash-meta-alpha.exe
.exe windows:6 windows x64 arch:x64

07361a3a7f515bf56ca93120b2aca73b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

WriteFile
WriteConsoleW
WerSetFlags
WerGetFlags
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
TlsAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetThreadPriority
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
RtlVirtualUnwind
RtlLookupFunctionEntry
ResumeThread
RaiseFailFastException
PostQueuedCompletionStatus
LoadLibraryW
LoadLibraryExW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetErrorMode
GetEnvironmentStringsW
GetCurrentThreadId
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerExW
CreateWaitableTimerA
CreateThread
CreateIoCompletionPort
CreateFileA
CreateEventA
CloseHandle
AddVectoredExceptionHandler
AddVectoredContinueHandler

Sections

.text
Size: 11.3MB - Virtual size: 11.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12.3MB - Virtual size: 12.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.3MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 290KB - Virtual size: 290KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 255KB - Virtual size: 254KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.symtab
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
clash-meta.exe
.exe windows:6 windows x64 arch:x64

07361a3a7f515bf56ca93120b2aca73b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

WriteFile
WriteConsoleW
WerSetFlags
WerGetFlags
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
TlsAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetThreadPriority
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
RtlVirtualUnwind
RtlLookupFunctionEntry
ResumeThread
RaiseFailFastException
PostQueuedCompletionStatus
LoadLibraryW
LoadLibraryExW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetErrorMode
GetEnvironmentStringsW
GetCurrentThreadId
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerExW
CreateWaitableTimerA
CreateThread
CreateIoCompletionPort
CreateFileA
CreateEventA
CloseHandle
AddVectoredExceptionHandler
AddVectoredContinueHandler

Sections

.text
Size: 11.3MB - Virtual size: 11.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12.2MB - Virtual size: 12.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.3MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 290KB - Virtual size: 290KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 254KB - Virtual size: 254KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.symtab
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
resources/Country.mmdb
resources/clash-verge-service.exe
.exe windows:6 windows x64 arch:x64

0538fc5616d45c6322c222e89c3c86a0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\clash-verge-service\clash-verge-service\target\x86_64-pc-windows-msvc\release\deps\clash_verge_service.pdb

Imports

bcrypt

BCryptGenRandom

advapi32

GetTokenInformation
SetServiceStatus
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
SystemFunction036
OpenProcessToken
GetLengthSid
IsValidSid
CopySid

kernel32

GetStdHandle
MultiByteToWideChar
WriteConsoleW
QueryPerformanceFrequency
GetModuleHandleW
FormatMessageW
GetCurrentDirectoryW
WaitForSingleObjectEx
LoadLibraryA
GetCurrentProcess
GetCurrentProcessId
CreateMutexA
ReleaseMutex
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
GetEnvironmentVariableW
CreateFileW
GetCurrentThread
WakeConditionVariable
GetFullPathNameW
SleepConditionVariableSRW
WakeAllConditionVariable
GetProcAddress
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetModuleFileNameW
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
CreateNamedPipeW
CreateThread
ReadFileEx
SleepEx
WriteFileEx
CreateEventW
CancelIo
ReadFile
ExitProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetProcessHeap
HeapAlloc
AcquireSRWLockShared
ReleaseSRWLockShared
GetProcessTimes
GetSystemTimes
GetProcessIoCounters
GetModuleHandleA
Sleep
ReadProcessMemory
SetFileCompletionNotificationModes
VirtualQueryEx
CreateIoCompletionPort
LocalFree
GetQueuedCompletionStatusEx
OpenProcess
GlobalMemoryStatusEx
K32GetPerformanceInfo
ReleaseSRWLockExclusive
TryAcquireSRWLockExclusive
GetFinalPathNameByHandleW
SetLastError
SwitchToThread
SetThreadStackGuarantee
PostQueuedCompletionStatus
AddVectoredExceptionHandler
HeapReAlloc
GetSystemInfo
GetCurrentThreadId
SetHandleInformation
InitializeSListHead
LoadLibraryExA
FreeLibrary
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetExitCodeProcess
WaitForSingleObject
GetOverlappedResult
WaitForMultipleObjects
GetLastError
CloseHandle
AcquireSRWLockExclusive
HeapFree
GetConsoleMode
SetFileInformationByHandle
IsProcessorFeaturePresent

ws2_32

closesocket
shutdown
WSAStartup
WSACleanup
WSASend
getsockname
setsockopt
accept
ioctlsocket
listen
bind
WSAGetLastError
WSASocketW
recv
WSAIoctl
send

pdh

PdhRemoveCounter
PdhGetFormattedCounterValue
PdhCollectQueryData
PdhOpenQueryA
PdhCloseQuery
PdhAddEnglishCounterW

ntdll

NtDeviceIoControlFile
RtlGetVersion
NtCreateFile
NtWriteFile
RtlNtStatusToDosError
NtCancelIoFileEx
NtQuerySystemInformation
NtQueryInformationProcess
NtReadFile

psapi

GetProcessMemoryInfo
GetModuleFileNameExW

shell32

CommandLineToArgvW

powrprof

CallNtPowerInformation

oleaut32

SysFreeString
SysStringLen
GetErrorInfo

vcruntime140

__CxxFrameHandler3
memmove
memset
memcmp
memcpy
__C_specific_handler
__current_exception
__current_exception_context

api-ms-win-crt-string-l1-1-0

wcslen

api-ms-win-crt-math-l1-1-0

__setusermatherr
pow

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_set_app_type
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e
exit
_exit
_initialize_onexit_table
_seh_filter_exe
__p___argc
__p___argv
_cexit
_c_exit
terminate
_register_thread_local_exe_atexit_callback
_configure_narrow_argv
_crt_atexit

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode

Sections

.text
Size: 633KB - Virtual size: 632KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 223KB - Virtual size: 222KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
resources/enableLoopback.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:7b:03:86:5a:d9:46:f9:86:49:b3:a2
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

08/04/2021, 17:22

Not After

09/01/2022, 19:20

Subject

CN=Progress Software Corporation,O=Progress Software Corporation,L=Bedford,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:7b:03:86:5a:d9:46:f9:86:49:b3:a2
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

08/04/2021, 17:22

Not After

09/01/2022, 19:20

Subject

CN=Progress Software Corporation,O=Progress Software Corporation,L=Bedford,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

38:63:de:f8
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

24/12/1999, 17:50

Not After

24/07/2029, 14:15

Subject

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

22/07/2015, 19:02

Not After

22/06/2029, 19:32

Subject

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8d:ce:15:f3:a7:94:c5:87:00:00:00:00:55:92:33:f4
Certificate

Issuer

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

22/07/2020, 15:33

Not After

29/12/2030, 16:29

Subject

CN=Entrust Timestamp Authority - TSA1,O=Entrust\, Inc.,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

78:57:eb:0e:50:00:b9:6a:03:e7:33:be:fa:b0:4c:76:28:40:7f:e2:be:fc:3f:75:88:bd:4e:8b:7f:cc:3c:3f
Signer

Actual PE Digest

78:57:eb:0e:50:00:b9:6a:03:e7:33:be:fa:b0:4c:76:28:40:7f:e2:be:fc:3f:75:88:bd:4e:8b:7f:cc:3c:3f

Digest Algorithm

sha256

PE Digest Matches

true

e9:15:89:ba:df:2f:bf:06:e0:79:c0:2a:d8:10:4c:f4:bc:66:95:f7
Signer

Actual PE Digest

e9:15:89:ba:df:2f:bf:06:e0:79:c0:2a:d8:10:4c:f4:bc:66:95:f7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Jenkins\Fiddler_Windows\workspace\Fiddler2\BundledExtensions\EnableLoopback\obj\Release Signed\EnableLoopback.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
resources/geoip.dat
resources/geosite.dat
resources/install-service.exe
.exe windows:6 windows x64 arch:x64

40df559d76262d0368d1c9d46829be9d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\clash-verge-service\clash-verge-service\target\x86_64-pc-windows-msvc\release\deps\install_service.pdb

Imports

kernel32

ReleaseSRWLockShared
GetEnvironmentVariableW
UnhandledExceptionFilter
HeapFree
IsDebuggerPresent
ReleaseSRWLockExclusive
TryAcquireSRWLockExclusive
CloseHandle
AcquireSRWLockShared
GetModuleHandleA
HeapReAlloc
GetCurrentThread
SetThreadStackGuarantee
AddVectoredExceptionHandler
GetModuleFileNameW
GetStdHandle
ReleaseMutex
LoadLibraryA
WaitForSingleObjectEx
CreateMutexA
GetCurrentProcessId
RtlLookupFunctionEntry
RtlCaptureContext
GetCurrentDirectoryW
HeapAlloc
GetProcessHeap
ExitProcess
AcquireSRWLockExclusive
FindClose
FindFirstFileW
GetFileInformationByHandleEx
GetFileInformationByHandle
SetLastError
CreateFileW
GetFullPathNameW
GetCurrentProcess
FormatMessageW
GetModuleHandleW
WriteConsoleW
MultiByteToWideChar
SetUnhandledExceptionFilter
GetLastError
WaitForSingleObject
GetProcAddress
GetConsoleMode
RtlVirtualUnwind
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsProcessorFeaturePresent

advapi32

QueryServiceStatusEx
CreateServiceW
OpenServiceW
OpenSCManagerW
StartServiceW
CloseServiceHandle
ChangeServiceConfig2W

ntdll

NtWriteFile
RtlNtStatusToDosError

vcruntime140

memcpy
memmove
__CxxFrameHandler3
__C_specific_handler
memcmp
__current_exception
__current_exception_context
memset

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
terminate
_register_onexit_function
_initialize_onexit_table
_set_app_type
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___argv
__p___argc
_configure_narrow_argv
_exit
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_seh_filter_exe

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode

Sections

.text
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
resources/set_dns.sh
resources/uninstall-service.exe
.exe windows:6 windows x64 arch:x64

859cfefc336b89b04a4f5c4010ef7512

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\clash-verge-service\clash-verge-service\target\x86_64-pc-windows-msvc\release\deps\uninstall_service.pdb

Imports

kernel32

GetModuleHandleA
HeapFree
HeapReAlloc
GetCurrentThread
SetThreadStackGuarantee
IsDebuggerPresent
Sleep
CloseHandle
WaitForSingleObject
SetWaitableTimer
GetProcAddress
UnhandledExceptionFilter
TryAcquireSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared
RtlVirtualUnwind
ReleaseMutex
LoadLibraryA
WaitForSingleObjectEx
CreateMutexA
GetCurrentProcessId
RtlLookupFunctionEntry
RtlCaptureContext
GetCurrentDirectoryW
HeapAlloc
GetProcessHeap
AcquireSRWLockExclusive
CreateWaitableTimerExW
GetCurrentProcess
FormatMessageW
GetModuleHandleW
SetLastError
WriteConsoleW
MultiByteToWideChar
SetUnhandledExceptionFilter
GetLastError
GetConsoleMode
GetStdHandle
AddVectoredExceptionHandler
ReleaseSRWLockExclusive
GetEnvironmentVariableW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsProcessorFeaturePresent

advapi32

OpenSCManagerW
CloseServiceHandle
DeleteService
ControlService
QueryServiceStatusEx
OpenServiceW

ntdll

NtWriteFile
RtlNtStatusToDosError

vcruntime140

memcpy
__CxxFrameHandler3
memcmp
memset
memmove
__C_specific_handler
__current_exception
__current_exception_context

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
terminate
_register_onexit_function
_initialize_onexit_table
_set_app_type
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___argv
__p___argc
_configure_narrow_argv
_exit
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_seh_filter_exe

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free

Sections

.text
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
resources/unset_dns.sh
uninstall.exe
.exe windows:4 windows x86 arch:x86

61259b55b8912888e90f516ca08dc514

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW

shell32

SHGetSpecialFolderLocation
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

GetClientRect
EndPaint
DrawTextW
IsWindowEnabled
DispatchMessageW
wsprintfA
CharNextA
CharPrevW
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
GetSystemMetrics
FillRect
AppendMenuW
TrackPopupMenu
OpenClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetSysColor
SetWindowPos
GetWindowLongW
PeekMessageW
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
EmptyClipboard
CreatePopupMenu

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
lstrcatW
Sleep
lstrcpyA
WriteFile
GetTempFileNameW
lstrcmpiA
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
CopyFileW
ExitProcess
GetCurrentProcess
GetModuleFileNameW
GetFileSize
CreateFileW
GetTickCount
MulDiv
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
MoveFileExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 184KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LangDLL.dll
.dll windows:4 windows x86 arch:x86

3e8d18bb71c7ebbda2ddc2a4bb03547b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenW
GlobalFree
lstrcpynW
lstrcmpW
GlobalAlloc
MulDiv
GetModuleHandleW
lstrcpyW

user32

DialogBoxParamW
SetDlgItemTextW
SendDlgItemMessageW
EndDialog
SetWindowTextW
LoadIconW
ShowWindow
SendMessageW
GetDC

gdi32

GetDeviceCaps
CreateFontIndirectW
DeleteObject

Exports

Exports

LangDialog

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 681B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/SimpleSC.dll
.dll windows:5 windows x86 arch:x86

a9546246ff97b887a4072a24f9106617

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

EnterCriticalSection
SetFilePointer
GetACP
CloseHandle
LocalFree
SuspendThread
VirtualProtect
TlsAlloc
GetTickCount
IsDebuggerPresent
GetFullPathNameW
VirtualFree
HeapAlloc
GetStartupInfoW
ExitProcess
GetFileAttributesW
InitializeCriticalSection
GetCPInfoExW
GetThreadPriority
GetCurrentProcess
SetThreadPriority
VirtualAlloc
RtlUnwind
GetCPInfo
GetCommandLineW
GetSystemInfo
ResumeThread
GetProcAddress
LeaveCriticalSection
EnumSystemLocalesW
GetStdHandle
GetVersionExW
VerifyVersionInfoW
GetModuleHandleW
FreeLibrary
HeapCreate
HeapDestroy
ReadFile
GetDiskFreeSpaceW
VerSetConditionMask
GetUserDefaultUILanguage
FindFirstFileW
TlsFree
HeapSize
lstrcpynW
SetLastError
GetModuleFileNameW
GetLastError
GlobalAlloc
lstrlenW
SetEndOfFile
CompareStringW
CreateThread
HeapFree
WideCharToMultiByte
MultiByteToWideChar
FindClose
LoadLibraryA
ResetEvent
SetEvent
CreateFileW
GetLocaleInfoW
GetVersion
RaiseException
FormatMessageW
SwitchToThread
GetExitCodeThread
GetLocalTime
WaitForSingleObject
GetCurrentThread
WriteFile
ExitThread
DeleteCriticalSection
GetDateFormatW
TlsGetValue
IsValidLocale
TlsSetValue
LoadLibraryExW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
CreateEventW
GlobalFree
VirtualQueryEx
GetThreadLocale
Sleep
SetThreadLocale

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

user32

CharUpperBuffW
CharNextW
MsgWaitForMultipleObjects
FindWindowExW
CharLowerBuffW
LoadStringW
CharUpperW
PeekMessageW
GetSystemMetrics
MessageBoxW

oleaut32

SysAllocStringLen
SafeArrayPtrOfIndex
VariantCopy
SafeArrayGetLBound
SafeArrayGetUBound
VariantInit
VariantClear
SysFreeString
SysReAllocStringLen
VariantChangeType
SafeArrayCreate

netapi32

NetWkstaGetInfo
NetApiBufferFree

advapi32

CloseServiceHandle
ControlService
CreateServiceW
LookupAccountNameW
DeleteService
LsaAddAccountRights
StartServiceW
UnlockServiceDatabase
GetServiceKeyNameW
GetServiceDisplayNameW
ChangeServiceConfigW
LsaClose
LockServiceDatabase
OpenServiceW
ChangeServiceConfig2W
EnumDependentServicesW
QueryServiceConfig2W
LsaRemoveAccountRights
QueryServiceStatus
AdjustTokenPrivileges
QueryServiceConfigW
LookupPrivilegeValueW
OpenSCManagerW
LsaOpenPolicy
OpenProcessToken
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

Exports

Exports

ContinueService
ExistsService
GetErrorMessage
GetServiceBinaryPath
GetServiceDelayedAutoStartInfo
GetServiceDescription
GetServiceDisplayName
GetServiceFailure
GetServiceFailureFlag
GetServiceLogon
GetServiceName
GetServiceStartType
GetServiceStatus
GrantServiceLogonPrivilege
InstallService
PauseService
RemoveService
RemoveServiceLogonPrivilege
RestartService
ServiceIsPaused
ServiceIsRunning
ServiceIsStopped
SetServiceBinaryPath
SetServiceDelayedAutoStartInfo
SetServiceDescription
SetServiceFailure
SetServiceFailureFlag
SetServiceLogon
SetServiceStartType
StartService
StopService
TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 956KB - Virtual size: 956KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 25KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 512B - Virtual size: 490B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 69B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

fc0224e99e736751432961db63a41b76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GlobalAlloc
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 662B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsis_tauri_utils.dll
.dll windows:6 windows x86 arch:x86

17cb20871354b907f678c7c220e4ca60

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

OpenProcess
ExitProcess
HeapAlloc
CloseHandle
GetCurrentProcessId
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
HeapFree
TerminateProcess
GetProcessHeap
GlobalFree
InitializeProcThreadAttributeList
GetLastError
UpdateProcThreadAttribute
CreateProcessW
HeapReAlloc
GlobalAlloc
lstrcpyW

advapi32

GetTokenInformation
OpenProcessToken
EqualSid

user32

GetShellWindow
GetWindowThreadProcessId

Exports

Exports

DllMain
FindProcess
FindProcessCurrentUser
KillProcess
KillProcessCurrentUser
RunAsUser
SemverCompare
memcmp
memcpy
memset

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 376B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

61259b55b8912888e90f516ca08dc514

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shell32

ole32

comctl32

user32

gdi32

kernel32

Sections

.text Size: 26KB - Virtual size: 25KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 128KB

.ndata Size: - Virtual size: 184KB

.rsrc Size: 54KB - Virtual size: 53KB

3e8d18bb71c7ebbda2ddc2a4bb03547b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 681B

.data Size: 512B - Virtual size: 6KB

.rsrc Size: 512B - Virtual size: 352B

.reloc Size: 512B - Virtual size: 352B

a9546246ff97b887a4072a24f9106617

Headers

File Characteristics

Imports

kernel32

version

user32

oleaut32

netapi32

advapi32

Exports

Exports

Sections

.text Size: 956KB - Virtual size: 956KB

.itext Size: 2KB - Virtual size: 2KB

.data Size: 15KB - Virtual size: 14KB

.bss Size: - Virtual size: 25KB

.idata Size: 4KB - Virtual size: 3KB

.didata Size: 512B - Virtual size: 490B

.edata Size: 1KB - Virtual size: 1KB

.rdata Size: 512B - Virtual size: 69B

.reloc Size: 90KB - Virtual size: 89KB

.rsrc Size: 12KB - Virtual size: 12KB

80469f6834e579db68a646d49780b9d5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 296B

.reloc Size: 1024B - Virtual size: 578B

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 128KB

.ndata
Size: - Virtual size: 184KB

.rsrc
Size: 54KB - Virtual size: 53KB

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 681B

.data
Size: 512B - Virtual size: 6KB

.rsrc
Size: 512B - Virtual size: 352B

.reloc
Size: 512B - Virtual size: 352B

.text
Size: 956KB - Virtual size: 956KB

.itext
Size: 2KB - Virtual size: 2KB

.data
Size: 15KB - Virtual size: 14KB

.bss
Size: - Virtual size: 25KB

.idata
Size: 4KB - Virtual size: 3KB

.didata
Size: 512B - Virtual size: 490B

.edata
Size: 1KB - Virtual size: 1KB

.rdata
Size: 512B - Virtual size: 69B

.reloc
Size: 90KB - Virtual size: 89KB

.rsrc
Size: 12KB - Virtual size: 12KB

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 296B

.reloc
Size: 1024B - Virtual size: 578B

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 1024B - Virtual size: 867B

.data
Size: 512B - Virtual size: 120B

.reloc
Size: 1024B - Virtual size: 662B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 8KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 638B

.text
Size: 13KB - Virtual size: 13KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: - Virtual size: 9B

.reloc
Size: 512B - Virtual size: 376B

33:00:00:03:a4:cb:e3:56:b8:cb:7f:e4:27:00:00:00:00:03:a4
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

64:57:97:41:81:d1:09:95:4f:1c:10:95:8c:65:4e:63
Certificate

32:bf:d2:56:3d:b0:c2:39:3c:8b:51:5c:2e:ee:96:62:0f:1f:55:ef:54:22:c9:b6:c6:69:68:5f:34:b2:79:f1
Signer

32:bf:d2:56:3d:b0:c2:39:3c:8b:51:5c:2e:ee:96:62:0f:1f:55:ef:54:22:c9:b6:c6:69:68:5f:34:b2:79:f1
Signer