archive[.]7z | Triage

Sharing

Copy URL Twitter E-mail

General

Target

archive.7z
Size

13.2MB
MD5

211968c86767456622200a7a87ed1a51
SHA1

a0da88baa374867e649f9c3587e6ec1a47ab54b2
SHA256

d3cd57a7d1a4d489a613a00fa3e06129c76b30e8e980aefb41d8bfe2f1e851f2
SHA512

53187ac374f32fd28a81ff0823136e3a4516b207821e99db348bfde4c7042cd6b1291828b7763bc04187f97a959fb0fb8044ba4784972bfc63e2b6a2cd2d6296
SSDEEP

393216:9GZ64fhuBhoZufpWCbs5h/jwh1pMw2gMjF7b:9GZ64fhucoWCbu/EhnMngM5b

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/mod/System.Data.dll

Files

archive.7z
.7z

Password: 1234
igo8+2013+torrent.exe
.exe windows:5 windows x86 arch:x86

Password: 1234

bf95d1fc1d10de18b32654b123ad5e1f

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d2:41:9e:41:af:fe:28:57:39:a0:19:a9:14:5a:4b:60
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

30/07/2021, 00:00

Not After

29/07/2024, 23:59

Subject

CN=Innovative Digital Technologies\, LLC,O=Innovative Digital Technologies\, LLC,L=Kyiv,C=UA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6b:3c:bf:8c:78:35:8a:27:f2:3a:1f:83:06:0c:28:6b:4c:8e:a1:d0
Signer

Actual PE Digest

6b:3c:bf:8c:78:35:8a:27:f2:3a:1f:83:06:0c:28:6b:4c:8e:a1:d0

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
CloseHandle
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
CreateFileW
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrlenW

user32

ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 452KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 516KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 296KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/Identifying
$TEMP/Nations
InfluencedCrash/Dictionary
InfluencedCrash/Earning
InfluencedCrash/Gp
JourneyTender/Aluminum
JourneyTender/Camel
JourneyTender/Deals
JourneyTender/Descriptions
JourneyTender/Door
JourneyTender/Draw
JourneyTender/Dropped
JourneyTender/Eligible
JourneyTender/Horny
JourneyTender/Inherited
JourneyTender/Ivory
JourneyTender/Lincoln
JourneyTender/Loans
JourneyTender/Locks
JourneyTender/Lying
JourneyTender/Mathematical
JourneyTender/Optional
JourneyTender/Philip
JourneyTender/Prior
JourneyTender/Rentals
JourneyTender/Residence
JourneyTender/Role
JourneyTender/Transcription
JourneyTender/Weeks
JourneyTender/Withdrawal
JourneyTender/Writes
mod/CbsCore.dll
.dll windows:10 windows x86 arch:x86

Password: 1234

567fa7223ee15b5dc8b8e470602f7b7e

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:40:05:86:53:8d:f1:67:84:21:47:56:5f:ef:08:ff:e3:1a:c3:66:df:5e:a9:fe:f3:73:50:21:9e:e0:c3:eb
Signer

Actual PE Digest

04:40:05:86:53:8d:f1:67:84:21:47:56:5f:ef:08:ff:e3:1a:c3:66:df:5e:a9:fe:f3:73:50:21:9e:e0:c3:eb

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

cbscore.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__itow_s
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__stricmp
_o__strnicmp
_o__ui64tow_s
_o__wcsicmp
_o__wcsnicmp
_o__wtoi
_o__wtol
memmove
_o_free
_o_isdigit
_o_isspace
_o_malloc
_o_memcpy_s
_o_strncpy_s
_o_strtol
_o_toupper
_o_towlower
_o_wcscat_s
_o_wcsncpy_s
_o_wcstok_s
_o_wcstoul
_o_wmemcpy_s
wcsstr
wcsrchr
wcschr
_except_handler4_common
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o__aligned_malloc
_o__aligned_free
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___stdio_common_vsscanf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o__execute_onexit_table
_o__errno
__CxxFrameHandler3
strrchr
strchr
strstr
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

strncmp
wcsnlen
wcsncmp
memset

api-ms-win-core-libraryloader-l1-1-0

GetModuleHandleExW
LoadLibraryExA
LoadStringW
GetProcAddress
GetModuleFileNameA
GetModuleFileNameW
LoadLibraryExW
GetModuleHandleW
FreeLibrary

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionEx
LeaveCriticalSection
ReleaseSemaphore
WaitForMultipleObjectsEx
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
CreateSemaphoreExW
TryEnterCriticalSection
InitializeCriticalSection
OpenEventW
ReleaseMutex
CreateEventW
ReleaseSRWLockExclusive
CreateMutexW
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
SetEvent
ResetEvent
AcquireSRWLockExclusive
WaitForSingleObjectEx
ReleaseSRWLockShared
OpenSemaphoreW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
CompareStringW
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapDestroy
HeapCreate
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
RaiseException
UnhandledExceptionFilter
GetLastError

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegSetKeySecurity
RegQueryInfoKeyW
RegDeleteValueW
RegUnLoadKeyW
RegCreateKeyExW
RegSaveKeyExW
RegRestoreKeyW
RegEnumValueW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegFlushKey
RegLoadKeyW
RegOpenKeyExW
RegGetKeySecurity

api-ms-win-core-localization-obsolete-l1-2-0

EnumUILanguagesW
CompareStringA

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW
ExpandEnvironmentStringsW

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-file-l1-1-0

SetFileInformationByHandle
CreateFileW
GetFileAttributesExW
FindClose
GetFileAttributesW
DeleteFileW
GetFileInformationByHandle
SetEndOfFile
SetFilePointer
GetVolumePathNameW
FindNextFileW
GetFinalPathNameByHandleW
GetFileTime
FindFirstFileW
CompareFileTime
GetFileSize
FlushFileBuffers
SetFileTime
GetFullPathNameW
GetFileSizeEx
GetDiskFreeSpaceExW
ReadFile
CreateDirectoryW
SetFileAttributesW
WriteFile

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
SetThreadToken
GetCurrentThreadId
OpenThreadToken
GetThreadPriority
TlsSetValue
OpenProcessToken
GetCurrentThread
CreateProcessW
CreateThread
SetThreadPriority
GetExitCodeProcess
InitializeProcThreadAttributeList
ResumeThread
UpdateProcThreadAttribute
TlsAlloc
GetExitCodeThread
TlsGetValue
TlsFree
GetCurrentProcess
DeleteProcThreadAttributeList

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce

api-ms-win-core-localization-l1-2-0

GetLocaleInfoEx
GetThreadPreferredUILanguages
LocaleNameToLCID
FormatMessageW

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemInfo
GetTickCount64
GetTickCount
GetSystemTime
GetWindowsDirectoryW
GetVersionExW
GetSystemTimeAsFileTime
GetSystemWindowsDirectoryW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
OutputDebugStringA
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-registry-l2-1-0

RegOpenKeyTransactedW
RegDeleteKeyW
RegCreateKeyTransactedW
RegDeleteKeyTransactedW

api-ms-win-security-base-l1-1-0

GetKernelObjectSecurity
ImpersonateSelf
GetAclInformation
SetSecurityDescriptorDacl
GetAce
CreateRestrictedToken
DuplicateToken
InitializeSecurityDescriptor
GetTokenInformation
GetLengthSid
IsValidSid
CopySid
RevertToSelf
SetFileSecurityW
AdjustTokenPrivileges
DuplicateTokenEx
IsValidAcl
AddAccessAllowedAceEx
IsValidSecurityDescriptor
DestroyPrivateObjectSecurity
GetSecurityDescriptorLength
MakeSelfRelativeSD
GetSecurityDescriptorControl
CreatePrivateObjectSecurityWithMultipleInheritance
InitializeAcl
CheckTokenMembership
FreeSid
AddAce
AllocateAndInitializeSid

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-security-sddl-l1-1-0

ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW

api-ms-win-core-heap-obsolete-l1-1-0

LocalAlloc
LocalFree
GlobalLock
GlobalAlloc
GlobalFree
GlobalUnlock

api-ms-win-core-com-l1-1-0

CoGetCallContext
CoGetMalloc
StringFromCLSID
CoImpersonateClient
CLSIDFromString
CoRevertToSelf
CoTaskMemAlloc
CoUnmarshalInterface
CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitializeEx
CreateStreamOnHGlobal
StringFromGUID2
CoCreateGuid

api-ms-win-core-kernel32-legacy-l1-1-0

MoveFileW
RaiseFailFastException
LoadLibraryW
CopyFileW

api-ms-win-core-file-l2-1-0

CreateHardLinkW
GetFileInformationByHandleEx
MoveFileExW
CopyFileExW

api-ms-win-eventing-provider-l1-1-0

EventWrite
EventRegister
EventUnregister
EventProviderEnabled
EventWriteTransfer

api-ms-win-core-version-l1-1-0

GetFileVersionInfoSizeExW
VerQueryValueW
GetFileVersionInfoExW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-kernel32-private-l1-1-1

PrivCopyFileExW

api-ms-win-security-provider-l1-1-0

SetNamedSecurityInfoW
GetNamedSecurityInfoW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpA
lstrcmpW

api-ms-win-eventing-legacy-l1-1-0

FlushTraceW

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-timezone-l1-1-0

SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime

api-ms-win-core-memory-l1-1-0

VirtualQueryEx
UnmapViewOfFile
ReadProcessMemory
WriteProcessMemory
CreateFileMappingW
MapViewOfFile

api-ms-win-security-cryptoapi-l1-1-0

CryptReleaseContext
CryptAcquireContextA
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureStackBackTrace

api-ms-win-core-privateprofile-l1-1-0

GetPrivateProfileStringW

api-ms-win-security-lsalookup-l2-1-0

LookupAccountSidW

api-ms-win-core-file-l1-2-1

GetCompressedFileSizeW

ntdll

RtlGetCurrentTransaction
NtDeleteValueKey
RtlAddAce
NtQueryAttributesFile
NtFlushBuffersFile
NtDuplicateObject
NtFsControlFile
NtYieldExecution
NtOpenThreadToken
RtlCreateAcl
NtCreateKey
NtOpenKeyTransactedEx
NtQueryVolumeInformationFile
RtlCreateSecurityDescriptor
RtlDestroyEnvironment
NtQueryDirectoryFile
NtQuerySecurityObject
NtSetValueKey
RtlGetDaclSecurityDescriptor
RtlDeleteSecurityObject
RtlCopyUnicodeString
RtlDuplicateUnicodeString
RtlAppendUnicodeStringToString
RtlEqualUnicodeString
RtlLengthSecurityDescriptor
RtlGetControlSecurityDescriptor
RtlMakeSelfRelativeSD
RtlSetEnvironmentVariable
RtlCreateEnvironment
RtlpApplyLengthFunction
RtlEnterCriticalSection
RtlDestroyHeap
RtlLeaveCriticalSection
NtQuerySystemTime
RtlSetControlSecurityDescriptor
RtlAnsiCharToUnicodeChar
RtlUnicodeToMultiByteN
RtlIsTextUnicode
RtlUnicodeToMultiByteSize
RtlConvertSidToUnicodeString
RtlValidAcl
NtAdjustPrivilegesToken
RtlSetSaclSecurityDescriptor
RtlValidSid
NtDuplicateToken
RtlGetSaclSecurityDescriptor
RtlGetOwnerSecurityDescriptor
RtlAllocateAndInitializeSid
RtlGetGroupSecurityDescriptor
RtlCopySid
RtlSetGroupSecurityDescriptor
RtlFindAceByType
NtQueryInformationToken
NtDelayExecution
RtlQueryEnvironmentVariable_U
RtlExpandEnvironmentStrings_U
NtQueryLicenseValue
RtlNtStatusToDosErrorNoTeb
RtlTimeToTimeFields
LdrGetDllHandle
DbgPrint
RtlCreateUnicodeStringFromAsciiz
RtlRunOnceComplete
RtlRunOnceBeginInitialize
RtlFindNextForwardRunClear
RtlNumberOfSetBits
RtlInitializeSRWLock
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
NtQueryPerformanceCounter
RtlGetAce
NtOpenKeyEx
RtlSetDaclSecurityDescriptor
NtEnumerateValueKey
NtWriteFile
RtlGetLengthWithoutLastFullDosOrNtPathElement
NtEnumerateKey
RtlSetCurrentTransaction
RtlSetOwnerSecurityDescriptor
NtOpenProcessToken
NtDeleteKey
NtQueryKey
RtlReAllocateHeap
RtlUpcaseUnicodeChar
RtlDowncaseUnicodeChar
DbgPrintEx
RtlMultiByteToUnicodeN
RtlMultiByteToUnicodeSize
NtWaitForSingleObject
NtQueryEaFile
RtlReleaseRelativeName
NtSetEaFile
RtlDosPathNameToRelativeNtPathName_U_WithStatus
NtLoadKey2
NtOpenFile
NtReadFile
NtSetSecurityObject
NtDeleteFile
RtlNewSecurityObjectEx
NtCreateKeyTransacted
RtlAddAccessAllowedAceEx
NtSetInformationFile
RtlCreateEnvironmentEx
RtlQueryInformationAcl
NtClose
NtQueryInformationProcess
NtQueryOpenSubKeysEx
RtlInitUnicodeString
NtQueryObject
NtSetInformationThread
NtQueryInformationThread
NtCreateFile
NtCreateTransaction
NtRollbackTransaction
RtlInitUnicodeStringEx
NtQueryInformationTransaction
NtCommitTransaction
RtlDosPathNameToNtPathName_U
NtQueryInformationFile
RtlFreeHeap
RtlAllocateHeap
RtlLengthSid
NtOpenKey
NtQueryValueKey
LdrGetProcedureAddress
LdrUnloadDll
LdrLoadDll
RtlNtStatusToDosError
RtlDestroyProcessParameters
RtlCreateHeap
RtlCreateProcessParameters
RtlCreateUserProcess
NtResumeThread
RtlFreeSid
NtUnloadKey2
RtlDeleteCriticalSection
RtlTimeToSecondsSince1980
RtlRaiseStatus
RtlInitializeCriticalSection

userenv

GetProfilesDirectoryW

rpcrt4

UuidCreate

api-ms-win-core-wow64-l1-1-0

IsWow64Process

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

oleaut32

VariantInit
VariantClear
SysFreeString
SysAllocString

crypt32

CryptMsgUpdate
CertGetSubjectCertificateFromStore
CertVerifyCertificateChainPolicy
CertOpenStore
CertFreeCertificateChain
CryptHashCertificate2
CertCreateCTLContext
CryptDecodeObject
CertFreeCTLContext
CertCreateContext
CryptStringToBinaryW
CertAddStoreToCollection
CertAddEncodedCertificateToStore
CryptMsgClose
CertGetEnhancedKeyUsage
CertCloseStore
CertGetCertificateChain
CertFreeCertificateContext
CryptMsgGetAndVerifySigner
CertFindSubjectInCTL
CryptMsgOpenToDecode
CryptMsgGetParam

bcrypt

BCryptDestroyHash
BCryptHashData
BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
BCryptGetProperty
BCryptCreateHash
BCryptFinishHash

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvCertFromChain
WinVerifyTrust
WTHelperGetProvSignerFromChain

Exports

Exports

CbsCoreEnsureNoStartupProcessing
CbsCoreFinalize
CbsCoreFinalizeShutdownProcessing
CbsCoreGetActiveOfflineSession
CbsCoreInitialize
CbsCoreInitializeDelayedPortion
CbsCoreIsExecutionEngineIdle
CbsCoreLoadComponentStore
CbsCorePrepareShutdownProcessing
CbsCoreServiceIdleProcessing
CbsCoreSetCustomLogging
CbsCoreSetState
CbsCoreShutdownProcessing
CbsCoreStartupProcessing
CbsCoreStopIdleProcessing
CbsCreateSessionNotify
CbsCreateSessionNotifyFinalize
CbsCreateSessionNotifyInitialize
CbsSetCbsCorePathInOfflineImage
SetRebootInProgressFlag
SetTestMode

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mod/System.Data.dll
.dll windows:5 windows x86 arch:x86

Password: 1234

432def252835648e0bb5a238b4ff78f1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

System.Data.pdb

Imports

msvcr80

_cexit
__FrameUnwindFilter
_crt_debugger_hook
__clean_type_info_names_internal
_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
_malloc_crt
_encode_pointer
_callnewh
malloc
strtok_s
srand
_time64
strstr
strcat_s
sprintf_s
strtoul
calloc
strcpy_s
memmove
wcsncmp
strncpy_s
wcsncpy_s
_vsnwprintf_s
memmove_s
_atoi_l
free
_dupenv_s
_stricmp
atoi
_wcsnicmp
strncmp
_stricmp_l
strchr
_strnicmp_l
_purecall
_vsnprintf_s
memset
memcpy
??3@YAXPAX@Z

mscoree

CorBindToRuntimeEx
_CorDllMain

kernel32

IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCurrentProcessId
QueryPerformanceCounter
DisableThreadLibraryCalls
GlobalAlloc
CreateEventA
CloseHandle
PostQueuedCompletionStatus
Sleep
InterlockedExchange
SetLastError
GetLastError
VirtualQuery
GetVersion
FreeLibrary
GetProcAddress
LoadLibraryA
lstrcpynA
ExpandEnvironmentStringsA
GetFullPathNameA
GetDriveTypeA
SearchPathA
lstrlenA
OutputDebugStringA
GetModuleFileNameA
InterlockedDecrement
InterlockedIncrement
GetSystemInfo
HeapSize
HeapAlloc
GetProcessHeap
HeapFree
CreateSemaphoreA
ReleaseSemaphore
GetCurrentThreadId
SetEvent
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetCurrentProcess
DisconnectNamedPipe
SetNamedPipeHandleState
WaitNamedPipeA
CreateFileA
GetTickCount
GetOverlappedResult
WaitForSingleObject
WriteFile
ReadFile
PeekNamedPipe
GetVersionExA
CompareStringA
LCMapStringA
WideCharToMultiByte
InterlockedCompareExchange
MultiByteToWideChar
WaitForMultipleObjects
GetSystemTimeAsFileTime
SetHandleInformation
GetQueuedCompletionStatus
CreateThread
GetComputerNameA
GetSystemDirectoryA
TlsFree
TlsGetValue
TlsSetValue
FormatMessageA
TlsAlloc
FormatMessageW
LCMapStringW
CreateIoCompletionPort

advapi32

CryptDestroyKey
RegCloseKey
RegOpenKeyExA
RegQueryInfoKeyA
RegEnumKeyExA
RegQueryValueExA
CryptReleaseContext
RevertToSelf
ImpersonateNamedPipeClient

ws2_32

WSAStartup
WSAIoctl
shutdown
bind
connect
getsockname
WSASend
WSARecv
ioctlsocket
WSAStringToAddressA
WSACleanup
getservbyport
socket
setsockopt
ntohs
gethostbyaddr
htons
getservbyname
htonl
inet_ntoa
gethostbyname
WSAGetLastError
inet_addr
select
__WSAFDIsSet
recv
sendto
closesocket
WSASetLastError
getpeername

crypt32

CertGetNameStringW
CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CertFreeCertificateContext

user32

CharNextExA

ole32

CoCreateInstance

Exports

Exports

DllBidScopeEnterCW
DllBidTraceCW
_DllBidAssert@12
_DllBidCtlProc@24
_DllBidEnabledW@16
_DllBidEntryPoint@36
_DllBidFinalize@0
_DllBidIndent@8
_DllBidInitialize@0
_DllBidPutStrW@16
_DllBidScopeLeave@16
_DllBidSnap@16
_DllBidTouch@20

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sdbid
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mod/clr.dll
.dll windows:6 windows x86 arch:x86

Password: 1234

5e61e4d9d7646deec743c204b034a657

Code Sign

33:00:00:03:4e:b5:3c:7a:c1:84:6f:eb:2b:00:00:00:00:03:4e
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/03/2023, 18:43

Not After

14/03/2024, 18:43

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f1:b9:6f:4e:fa:68:50:ee:ac:d6:5a:38:f5:a1:11:c7:fa:3b:ec:21:a7:f2:6c:94:3c:56:55:bc:b6:5b:5f:f3
Signer

Actual PE Digest

f1:b9:6f:4e:fa:68:50:ee:ac:d6:5a:38:f5:a1:11:c7:fa:3b:ec:21:a7:f2:6c:94:3c:56:55:bc:b6:5b:5f:f3

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

clr.pdb

Imports

kernel32

LCMapStringW
IsDBCSLeadByte
GetACP
GetCPInfo
SetConsoleTitleW
AllocConsole
FreeConsole
GetTempFileNameW
GetTempPathW
MoveFileExW
MoveFileW
FlushFileBuffers
CompareFileTime
GetFileTime
QueryInformationJobObject
IsProcessInJob
VirtualUnlock
OutputDebugStringA
DeleteFileW
SetThreadAffinityMask
SetThreadGroupAffinity
GetWriteWatch
ResetWriteWatch
SetThreadIdealProcessor
ReadProcessMemory
GetUserDefaultLCID
GetSystemDefaultLCID
ConnectNamedPipe
CreateNamedPipeW
DisconnectNamedPipe
GetSystemTimeAsFileTime
SetThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolTimer
CreateMemoryResourceNotification
GetDriveTypeW
InterlockedFlushSList
InitializeSListHead
InterlockedPopEntrySList
PeekNamedPipe
GetProcessTimes
VerifyVersionInfoW
IsProcessorFeaturePresent
LeaveCriticalSection
EnterCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
RemoveVectoredExceptionHandler
AddVectoredExceptionHandler
TerminateProcess
UnhandledExceptionFilter
SetThreadContext
GetThreadContext
ResetEvent
GetFileAttributesExW
ReadFile
SetFilePointer
GetThreadTimes
SuspendThread
Sleep
IsThreadAFiber
FindFirstFileW
FindClose
GetSystemDirectoryW
CreateActCtxW
ActivateActCtx
DeactivateActCtx
GetWindowsDirectoryW
ReleaseActCtx
IsWow64Process
SizeofResource
LockResource
FindResourceExW
LoadResource
FindNextFileW
GetEnvironmentVariableA
CreateProcessW
QueryActCtxW
GetNativeSystemInfo
LoadLibraryW
EncodePointer
DecodePointer
EnumTimeFormatsW
CompareStringW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
EnumCalendarInfoExW
GetLocaleInfoW
GetCalendarInfoW
GetDateFormatW
SetUnhandledExceptionFilter
LoadLibraryA
MapViewOfFile
HeapReAlloc
LocalAlloc
LoadLibraryExA
SetFileAttributesW
CopyFileW
RemoveDirectoryW
GetFileSizeEx
SetEndOfFile
GetSystemDirectoryA
CreateFileA
SetFileTime
WritePrivateProfileStringW
DeviceIoControl
FindResourceW
GetLocalTime
GetVolumeInformationW
LocalFileTimeToFileTime
DosDateTimeToFileTime
SystemTimeToFileTime
lstrlenA
GetDiskFreeSpaceA
GetWindowsDirectoryA
GetTimeFormatW
GetSystemTime
FlushViewOfFile
IsDBCSLeadByteEx
GetStringTypeW
CreateHardLinkW
SetPriorityClass
SetFilePointerEx
ExitThread
OpenFileMappingW
SearchPathW
GetTimeZoneInformation
GetNLSVersionEx
IsValidLocale
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
GetConsoleTitleW
InterlockedExchange
GetVersionExW
MultiByteToWideChar
FormatMessageW
ExitProcess
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleExW
GetPrivateProfileIntW
GetLastError
GetTickCount
SetEvent
GetCurrentProcessorNumber
QueueUserAPC
CloseHandle
WaitForSingleObject
GlobalMemoryStatusEx
CreateIoCompletionPort
GetProcAddress
SetLastError
GetThreadLocale
QueryPerformanceCounter
QueryPerformanceFrequency
PostQueuedCompletionStatus
FlushProcessWriteBuffers
CreateThread
ResumeThread
SleepEx
WaitForMultipleObjectsEx
GetQueuedCompletionStatus
GetCurrentThread
OutputDebugStringW
DebugBreak
GetModuleHandleW
GetCurrentProcess
ReleaseMutex
ReleaseSemaphore
CreateMutexW
CreateEventW
CreateSemaphoreW
LocalFree
GetCurrentProcessId
OpenProcess
ProcessIdToSessionId
GetCurrentThreadId
SetConsoleCtrlHandler
GetTickCount64
GetCommandLineW
GetCurrentDirectoryW
lstrlenW
GetFullPathNameW
GetShortPathNameW
GetLongPathNameW
GetSystemInfo
TlsGetValue
GetUserDefaultLangID
GetEnvironmentVariableW
SetEnvironmentVariableW
GetProcessId
GetOverlappedResult
CancelIo
GetProcessHeap
HeapFree
InterlockedPushEntrySList
WriteFile
GetStdHandle
WideCharToMultiByte
GetConsoleOutputCP
GetFileInformationByHandle
GetFileAttributesW
CreateDirectoryW
GetProcessAffinityMask
SetThreadLocale
MapViewOfFileEx
VirtualQuery
UnmapViewOfFile
SetErrorMode
FreeLibrary
FreeLibraryAndExitThread
IsDebuggerPresent
RaiseException
GetStringTypeExW
CreateFileMappingW
GetFileSize
TlsSetValue
GetModuleHandleA
TlsAlloc
TlsFree
HeapAlloc
FlushInstructionCache
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CreateFileW
WaitNamedPipeW
SetNamedPipeHandleState
OpenEventW
TransactNamedPipe
VirtualAlloc
VirtualFree
VirtualProtect
HeapCreate
HeapDestroy
HeapValidate
SwitchToThread
GetEnvironmentStringsW
FreeEnvironmentStringsW
DuplicateHandle
WaitForSingleObjectEx
SetThreadPriority
GetThreadPriority
SignalObjectAndWait
SetThreadStackGuarantee

vcruntime140_clr0400

__CxxFrameHandler3
wcsrchr
memcpy
_purecall
memcmp
strchr
memmove
wcsstr
strrchr
wcschr
memchr
_except_handler4_common
__vcrt_InitializeCriticalSectionEx
__std_type_info_destroy_list
memset
_CxxThrowException

ucrtbase_clr0400

_flushall
__stdio_common_vfwprintf
iswspace
__stdio_common_vswprintf_p
_wcsnicmp
_ltow_s
wcsnlen
atoi
toupper
_time64
_strdup
fopen
fwrite
_execute_onexit_table
fclose
fputs
_wfopen
wcsncmp
isalpha
fflush
_copysign
modf
towupper
__stdio_common_vswscanf
towlower
iswupper
_wtoi
__acrt_iob_func
_wcstoui64
__stdio_common_vsscanf
isdigit
_putws
strncpy_s
_errno
_invalid_parameter_noinfo
atol
strnlen
wcstoul
iswascii
wcsncat_s
_wcslwr_s
__stdio_common_vsnwprintf_s
__stdio_common_vsprintf_s
strcat_s
__stdio_common_vfprintf
strcpy_s
strncmp
qsort
_controlfp_s
__stdio_common_vsprintf
_wcsicmp
strcmp
strlen
_itow_s
__stdio_common_vswprintf_s
_stricmp
__stdio_common_vswprintf
wcsncpy_s
wcscat_s
wcscpy_s
_crt_atexit
_cexit
terminate
strncat_s
wcstok_s
bsearch
_initterm
_initterm_e
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_strnicmp
_register_onexit_function
isxdigit
malloc
free
strtoul
_wmakepath_s
_wsplitpath_s
wmemcpy_s
iswxdigit
iswdigit
isupper
_isnan
fopen_s
__stdio_common_vsnprintf_s
_CIacos
_CIasin
_CIcosh
_CIexp
_CIfmod
_CIlog
_CIlog10
_CIpow
_CIsinh
_CItanh
ceil
floor

ntdll

RtlEnterCriticalSection
RtlDeleteCriticalSection
RtlInitializeCriticalSection
vDbgPrintExWithPrefix
NtYieldExecution
RtlNtStatusToDosError
VerSetConditionMask
RtlUnwind
RtlCaptureContext
RtlLeaveCriticalSection

user32

DispatchMessageW
PeekMessageW
MsgWaitForMultipleObjectsEx
TranslateMessage
GetDesktopWindow
LoadStringW
GetUserObjectInformationW
GetProcessWindowStation
InSendMessage
GetFocus

shlwapi

PathCreateFromUrlW
UrlCanonicalizeW
PathAddBackslashW
UrlUnescapeW
StrCmpW
StrStrW
UrlCombineW
PathIsURLW
UrlGetPartW
StrRChrW
PathRemoveExtensionW
PathRemoveFileSpecW
StrChrW
StrToIntW
StrCmpNW
PathFindExtensionW
PathIsRelativeW
PathRemoveBackslashW
UrlEscapeW
PathIsUNCW
UrlIsW
PathCanonicalizeW
PathFindFileNameW
PathCombineW

advapi32

CryptEncrypt
CryptGetDefaultProviderW
CryptDecrypt
CryptDeriveKey
CryptSetKeyParam
DeleteAce
SaferCloseLevel
SetTokenInformation
CreateWellKnownSid
ConvertStringSidToSidW
SaferCreateLevel
AddAccessAllowedAceEx
SaferComputeTokenFromLevel
CryptVerifySignatureW
LookupAccountSidW
CryptEnumProvidersW
CryptGenKey
GetNamedSecurityInfoW
CryptSignHashW
CryptVerifySignatureA
CryptSetHashParam
RegQueryInfoKeyA
RegDeleteValueW
IsValidSid
GetSidIdentifierAuthority
CryptGetKeyParam
CryptImportKey
CryptGetProvParam
CryptAcquireContextA
CryptDestroyKey
CryptGetUserKey
CryptExportKey
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CopySid
DuplicateToken
DeregisterEventSource
RegisterEventSourceW
ReportEventW
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegEnumValueW
GetSidSubAuthorityCount
GetSidSubAuthority
AddAccessAllowedAce
GetLengthSid
EventWriteTransfer
RegQueryInfoKeyW
RegQueryValueW
RegOpenKeyExW
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
ImpersonateLoggedOnUser
EventUnregister
EventRegister
SetThreadToken
RevertToSelf
GetAce
InitializeAcl
GetSecurityDescriptorDacl
SetKernelObjectSecurity
RegQueryValueExW
RegEnumKeyExW
RegCloseKey
OpenThreadToken
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW
FreeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclW
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
EventWrite
CryptSetProvParam

Exports

Exports

AttachProfiler
CertCreateAuthenticodeLicense
CertFreeAuthenticodeSignerInfo
CertFreeAuthenticodeTimestamperInfo
CertTimestampAuthenticodeLicense
CertVerifyAuthenticodeLicense
ClearDownloadCache
ClrCreateManagedInstance
CoEEShutDownCOM
CoInitializeCor
CoInitializeEE
CoUninitializeCor
CoUninitializeEE
CompareAssemblyIdentity
CompareAssemblyIdentityWithConfig
CopyPDBs
CorDllMainForThunk
CorExitProcess
CorLaunchApplication
CorMarkThreadInThreadPool
CreateActContext
CreateApplicationContext
CreateAssemblyCache
CreateAssemblyConfigCookie
CreateAssemblyEnum
CreateAssemblyNameObject
CreateCMSFromXml
CreateHistoryReader
CreateInstallReferenceEnum
DeleteShadowCache
DestroyAssemblyConfigCookie
DllCanUnloadNowInternal
DllGetActivationFactoryImpl
DllGetClassObjectInternal
DllRegisterServerInternal
DllUnregisterServerInternal
EEDllRegisterServer
EEDllUnregisterServer
GetAddrOfContractShutoffFlag
GetAppIdAuthority
GetAssemblyIdentityFromFile
GetAssemblyMDImport
GetCLRFunction
GetCLRIdentityManager
GetCachePath
GetClassActivatorForApplicationImpl
GetHashFromAssemblyFile
GetHashFromAssemblyFileW
GetHashFromBlob
GetHashFromFile
GetHashFromFileW
GetHashFromHandle
GetHistoryFileDirectory
GetIdentityAuthority
GetMetaDataInternalInterface
GetMetaDataInternalInterfaceFromPublic
GetMetaDataPublicInterfaceFromInternal
GetPermissionRequests
GetPrivateContextsPerfCounters
GetUserStateManager
GetUserStore
IEE
InitializeFusion
InstallCustomModule
LegacyNGenCompile
LegacyNGenCreateZapper
LegacyNGenFreeZapper
LegacyNGenTryEnumerateFusionCache
LoadStringRC
LoadStringRCEx
LogHelp_LogAssert
LogHelp_NoGuiOnAssert
LogHelp_TerminateOnAssert
LookupHistoryAssembly
MetaDataGetDispenser
NGenCreateNGenWorker
NukeDownloadedCache
ParseManifest
PostErrorVA
PreBindAssembly
PreBindAssemblyEx
ReOpenMetaDataWithMemory
ReOpenMetaDataWithMemoryEx
SetMSIHandleForLogging
SetRuntimeInfo
StrongNameCompareAssemblies
StrongNameDigestEmbed
StrongNameDigestGenerate
StrongNameDigestSign
StrongNameErrorInfo
StrongNameFreeBuffer
StrongNameGetBlob
StrongNameGetBlobFromImage
StrongNameGetPublicKey
StrongNameGetPublicKeyEx
StrongNameHashSize
StrongNameKeyDelete
StrongNameKeyGen
StrongNameKeyGenEx
StrongNameKeyInstall
StrongNameSignatureGeneration
StrongNameSignatureGenerationEx
StrongNameSignatureSize
StrongNameSignatureVerification
StrongNameSignatureVerificationEx
StrongNameSignatureVerificationEx2
StrongNameSignatureVerificationFromImage
StrongNameTokenFromAssembly
StrongNameTokenFromAssemblyEx
StrongNameTokenFromPublicKey
TranslateSecurityAttributes
_AxlGetIssuerPublicKeyHash
_AxlPublicKeyBlobToPublicKeyToken
_AxlRSAKeyValueToPublicKeyToken
_CorDllMain
_CorExeMain
_CorExeMain2
_GC_Initialize@16
_GC_IsCompatibleWithRuntime@8
_IsOS@4

Sections

.text
Size: 7.8MB - Virtual size: 7.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 54KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 369KB - Virtual size: 369KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mod/updateagent.dll
.dll windows:10 windows x86 arch:x86

Password: 1234

6b5fb648cf0444f16e130a5f46addc46

Code Sign

33:00:00:04:15:82:95:a1:a3:d8:2e:28:57:00:00:00:00:04:15
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/02/2023, 00:05

Not After

01/02/2024, 00:05

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a4:e2:fa:6c:2c:54:b6:97:08:80:c3:53:9f:4c:0f:c0:cb:6c:49:3e:9b:29:b0:fe:cc:2a:64:81:1c:fe:f1:c6
Signer

Actual PE Digest

a4:e2:fa:6c:2c:54:b6:97:08:80:c3:53:9f:4c:0f:c0:cb:6c:49:3e:9b:29:b0:fe:cc:2a:64:81:1c:fe:f1:c6

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

UpdateAgent.pdb

Imports

ntdll

NtSetInformationFile
RtlReAllocateHeap
RtlUpcaseUnicodeChar
RtlDowncaseUnicodeChar
DbgPrintEx
RtlNtStatusToDosError
RtlDeleteSecurityObject
RtlAdjustPrivilege
NtSetInformationProcess
RtlSetEnvironmentVariable
RtlDuplicateUnicodeString
RtlLengthSid
NtQueryVolumeInformationFile
RtlValidAcl
NtAdjustPrivilegesToken
RtlSetSaclSecurityDescriptor
RtlInitUnicodeString
RtlQueryInformationAcl
NtSetInformationThread
NtQueryInformationThread
RtlGetOwnerSecurityDescriptor
RtlDosPathNameToNtPathName_U_WithStatus
RtlCompareUnicodeString
NtUnloadKey2
RtlInitUnicodeStringEx
NtShutdownSystem
RtlLengthSecurityDescriptor
RtlValidSid
NtDelayExecution
RtlAllocateAndInitializeSid
NtOpenProcessToken
RtlGetGroupSecurityDescriptor
RtlCopySid
NtOpenThreadToken
NtQueryLicenseValue
NtLoadKey2
NtQueryPerformanceCounter
NtFlushKey
RtlSetGroupSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlDestroyEnvironment
RtlCreateEnvironmentEx
RtlExpandEnvironmentStrings_U
VerSetConditionMask
RtlGetDaclSecurityDescriptor
RtlGetControlSecurityDescriptor
RtlMakeSelfRelativeSD
NtDuplicateToken
RtlGetVersion
RtlSetDaclSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlCreateUnicodeStringFromAsciiz
RtlCreateSecurityDescriptor
NtYieldExecution
NtQueryKey
NtDeleteKey
RtlSetCurrentTransaction
NtEnumerateKey
RtlGetLengthWithoutLastFullDosOrNtPathElement
NtEnumerateValueKey
NtOpenKeyEx
RtlGetAce
RtlpApplyLengthFunction
RtlAddAccessAllowedAceEx
NtReadFile
NtCreateKeyTransacted
RtlNewSecurityObjectEx
NtDeleteFile
RtlCaptureStackBackTrace
NtSetSecurityObject
RtlGetCurrentTransaction
NtDeleteValueKey
RtlAddAce
NtQueryAttributesFile
NtFlushBuffersFile
NtDuplicateObject
NtFsControlFile
NtQueryInformationFile
RtlCreateAcl
NtCreateKey
NtOpenKeyTransactedEx
NtQueryDirectoryFile
NtQuerySecurityObject
NtSetValueKey
NtOpenFile
RtlDosPathNameToRelativeNtPathName_U_WithStatus
NtSetEaFile
RtlReleaseRelativeName
NtQueryEaFile
NtWaitForSingleObject
RtlCopyUnicodeString
RtlAppendUnicodeStringToString
RtlEqualUnicodeString
RtlCreateEnvironment
NtQuerySystemTime
RtlSetControlSecurityDescriptor
RtlAnsiCharToUnicodeChar
RtlUnicodeToMultiByteN
RtlIsTextUnicode
RtlUnicodeToMultiByteSize
RtlConvertSidToUnicodeString
RtlRunOnceComplete
RtlRunOnceBeginInitialize
RtlFindNextForwardRunClear
RtlNumberOfSetBits
RtlInitializeSRWLock
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
RtlExpandEnvironmentStrings
NtQueryInformationToken
NtQueryValueKey
DbgPrint
NtCreateFile
RtlFreeHeap
NtClose
RtlQueryEnvironmentVariable_U
LdrLoadDll
RtlDosPathNameToNtPathName_U
LdrUnloadDll
LdrGetDllHandle
NtOpenKey
NtWriteFile
LdrGetProcedureAddress
NtQueryObject
RtlLeaveCriticalSection
RtlInitializeCriticalSection
RtlEnterCriticalSection
RtlTimeToTimeFields
RtlDeleteCriticalSection
RtlNtStatusToDosErrorNoTeb
RtlRaiseStatus
RtlCreateHeap
RtlAllocateHeap
RtlDestroyHeap
RtlUnwind
RtlFindAceByType

advapi32

CreatePrivateObjectSecurityWithMultipleInheritance
MakeSelfRelativeSD
DestroyPrivateObjectSecurity
IsValidSecurityDescriptor
GetSecurityDescriptorLength
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext
GetTokenInformation
ConvertStringSidToSidW
CheckTokenMembership
RegQueryValueExW
AddAccessAllowedAceEx
IsValidAcl
AdjustTokenPrivileges
IsValidSid
OpenThreadToken
AddAccessAllowedAce
InitiateSystemShutdownExW
RegDeleteKeyW
GetLengthSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegDeleteValueW
RegEnumValueW
EventUnregister
RegEnumKeyExW
RegOpenKeyExW
InitializeAcl
EqualSid
EventProviderEnabled
InitializeSecurityDescriptor
FreeSid
OpenProcessToken
SetSecurityInfo
RegSetValueExW
RegSetKeySecurity
GetSecurityDescriptorControl
EventWriteString
EnableTraceEx2
ControlTraceW
CopySid
SetSecurityDescriptorDacl
RegCreateKeyExW
RegCloseKey
EventWriteTransfer
EventRegister
AllocateAndInitializeSid

kernel32

CopyFileW
SetEvent
DebugBreak
GetSystemWindowsDirectoryW
OutputDebugStringW
MoveFileW
IsWow64Process
LoadLibraryExW
IsDebuggerPresent
SetUnhandledExceptionFilter
GetExitCodeProcess
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
LCMapStringW
GetLocaleInfoW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStringTypeW
ExitProcess
HeapSize
HeapReAlloc
RaiseException
GetStartupInfoW
QueryPerformanceCounter
InitializeSListHead
VirtualQuery
GetModuleFileNameW
InterlockedFlushSList
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
EncodePointer
CompareStringOrdinal
LocalAlloc
FreeLibrary
GetModuleHandleW
CreateProcessW
ReleaseSRWLockExclusive
CloseThreadpoolTimer
GetProcessHeap
WideCharToMultiByte
GetCurrentProcessId
DeleteCriticalSection
AcquireSRWLockShared
LocalFree
CreateMutexExW
GetProcAddress
GetDiskFreeSpaceExW
HeapAlloc
GetCurrentThread
VerifyVersionInfoW
GetLastError
GetTickCount64
ResetEvent
RaiseFailFastException
FormatMessageW
Sleep
MultiByteToWideChar
GlobalMemoryStatusEx
CreateEventW
CreateThreadpoolTimer
GetVolumeNameForVolumeMountPointW
OpenProcess
GetVolumePathNamesForVolumeNameW
GetSystemDirectoryW
ReleaseMutex
GetVersionExW
GetSystemInfo
ReleaseSRWLockShared
TryEnterCriticalSection
lstrcmpW
GetErrorMode
DecodePointer
WriteConsoleW
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
SetStdHandle
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
FindFirstFileExW
LoadLibraryExA
VirtualProtect
SetFilePointerEx
GetPriorityClass
GetTimeZoneInformation
GetExitCodeThread
GetFileAttributesW
WaitForMultipleObjects
SetPriorityClass
GlobalUnlock
GlobalMemoryStatus
GetFileType
CreateProcessA
GlobalLock
HeapDestroy
HeapCompact
GetOverlappedResult
GetVersionExA
GlobalSize
GetPrivateProfileStringW
GetLogicalDriveStringsW
HeapValidate
DuplicateHandle
HeapWalk
GetComputerNameExW
SetEndOfFile
SetErrorMode
SetFileTime
VirtualAlloc
GetShortPathNameW
VirtualFree
HeapCreate
GetLogicalDrives
GetVolumeInformationW
CreateFileW
WaitForSingleObject
FindClose
WaitForThreadpoolTimerCallbacks
InitializeCriticalSectionEx
OpenEventW
CreateMutexW
GetEnvironmentVariableW
GetCommandLineW
CopyFileExW
GetFileInformationByHandle
GetDiskFreeSpaceW
RemoveDirectoryW
WaitForMultipleObjectsEx
SetThreadpoolTimer
LeaveCriticalSection
CreateFileMappingA
InitializeCriticalSectionAndSpinCount
DeleteFileA
CreateFileA
GetVersion
OutputDebugStringA
SystemTimeToTzSpecificLocalTime
GetSystemTime
CreateMutexA
GetProcessId
LoadLibraryW
GetWindowsDirectoryW
MoveFileExW
GetFullPathNameW
CloseHandle
OpenSemaphoreW
ExpandEnvironmentStringsW
GetModuleHandleExW
ReleaseSemaphore
GetCurrentProcess
GetFileInformationByHandleEx
DeviceIoControl
SetFileAttributesW
SetThreadPriority
SetFilePointer
SetFileInformationByHandle
GetThreadPriority
GlobalAlloc
GlobalFree
FlushFileBuffers
FindNextFileW
DeleteFileW
EnterCriticalSection
SetLastError
HeapFree
CreateSemaphoreExW
CompareStringW
GetFileSizeEx
FindFirstFileW
GetModuleFileNameA
ReadFile
CreateDirectoryW
WaitForSingleObjectEx
GetCurrentThreadId
FileTimeToSystemTime
GetTickCount
InitializeSRWLock
InitOnceExecuteOnce
AcquireSRWLockExclusive
GetDriveTypeW
LCIDToLocaleName
WriteFile
ResolveLocaleName
CreateThread
InitializeCriticalSection
GetTempPathW
UnmapViewOfFile
GetLocalTime
GetFileSize
GetTempFileNameW
CreateFileMappingW
MapViewOfFile
GetCurrentDirectoryW
GetLongPathNameW
GetFinalPathNameByHandleW

ole32

CoTaskMemAlloc
CoUninitialize
StringFromGUID2
CoCreateInstance
CoTaskMemFree
CoSetProxyBlanket
CoCreateGuid
CoInitializeEx
CoGetMalloc

user32

CharNextW
UnregisterClassA

oleaut32

SysAllocString
SystemTimeToVariantTime
SysFreeString
VariantTimeToSystemTime

crypt32

CryptHashCertificate2
CertVerifyCertificateChainPolicy

wintrust

WTHelperGetProvCertFromChain
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WinVerifyTrust

rpcrt4

UuidCreate
I_RpcMapWin32Status
UuidToStringW
RpcStringFreeW
UuidFromStringW

shlwapi

PathMatchSpecW

wer

WerReportCloseHandle
WerReportAddFile
WerReportSetParameter
WerReportSetUIOption
WerReportSubmit
WerReportCreate

version

GetFileVersionInfoSizeExW
GetFileVersionInfoExW
VerQueryValueW

cfgmgr32

CM_Get_Device_Interface_List_SizeW
CM_Get_Device_Interface_ListW
CM_Get_Device_Interface_PropertyW

Exports

Exports

CreateDeploymentSession
CreateDeploymentSessionEx
CreateOfflineDeploymentSession
UA_CommitActionList
UA_CreateActionList
UA_CreateDownloadList
UA_CreateDownloadListFromActionList
UA_CreatePackageListFromDownloadList
UA_InstallActionList
UA_ReleaseDownloadList

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: 1234

Password: 1234

bf95d1fc1d10de18b32654b123ad5e1f

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

d2:41:9e:41:af:fe:28:57:39:a0:19:a9:14:5a:4b:60Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

6b:3c:bf:8c:78:35:8a:27:f2:3a:1f:83:06:0c:28:6b:4c:8e:a1:d0Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 26KB - Virtual size: 25KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 452KB

.ndata Size: - Virtual size: 516KB

.rsrc Size: 296KB - Virtual size: 296KB

Password: 1234

567fa7223ee15b5dc8b8e470602f7b7e

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5fCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

04:40:05:86:53:8d:f1:67:84:21:47:56:5f:ef:08:ff:e3:1a:c3:66:df:5e:a9:fe:f3:73:50:21:9e:e0:c3:ebSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-core-libraryloader-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-localization-obsolete-l1-2-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-registry-l2-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-processthreads-l1-1-1

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

d2:41:9e:41:af:fe:28:57:39:a0:19:a9:14:5a:4b:60
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

6b:3c:bf:8c:78:35:8a:27:f2:3a:1f:83:06:0c:28:6b:4c:8e:a1:d0
Signer

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 452KB

.ndata
Size: - Virtual size: 516KB

.rsrc
Size: 296KB - Virtual size: 296KB

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

04:40:05:86:53:8d:f1:67:84:21:47:56:5f:ef:08:ff:e3:1a:c3:66:df:5e:a9:fe:f3:73:50:21:9e:e0:c3:eb
Signer

.text
Size: 2.0MB - Virtual size: 2.0MB

PAGE
Size: 8KB - Virtual size: 7KB

.data
Size: 5KB - Virtual size: 14KB

.idata
Size: 17KB - Virtual size: 17KB

.didat
Size: 512B - Virtual size: 8B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 96KB - Virtual size: 95KB

.text
Size: 2.7MB - Virtual size: 2.7MB

.data
Size: 1024B - Virtual size: 17KB

.sdbid
Size: 10KB - Virtual size: 10KB

.rsrc
Size: 81KB - Virtual size: 81KB

.reloc
Size: 33KB - Virtual size: 32KB

33:00:00:03:4e:b5:3c:7a:c1:84:6f:eb:2b:00:00:00:00:03:4e
Certificate