18695487007[.]zip

Resubmissions

22/08/2024, 05:33

240822-f89qpa1bqc 3

22/08/2024, 05:30

240822-f69mxa1aqg 3

22/08/2024, 05:28

240822-f55ybstfpm 3

Sharing

Copy URL Twitter E-mail

General

Target

18695487007.zip
Size

3.9MB
MD5

0cb7b4ddc9741c4e8cce50d93a0f2dc9
SHA1

aaab6ec2eb7af6981fc88eeefd6b3ad6749cb328
SHA256

f4d962d6ffaabd9c8d868348563aba9c1168d8b7d587f021ae40597f100dfa18
SHA512

b04b92b1845ee3d4c4b09395fd9caa953b4c47be58845ba903c0f0b660068acd428a96089914bf685c7bdac71557f3bd781ed91ecca9dd97dfded6fde9024b20
SSDEEP

98304:TWXNFenpAMvHxF0UkiCUbTYn766L9hxajZYq8S:6XNapA80BHnJL9hxaNYqB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/tak_deco_lib.dll

Files

18695487007.zip
.zip

Password: infected
ad12c4695218510096f7b75e699a106f877d378b66dd11f86783ac2c40b432c8
.zip

Password: infected
caramel.eps
libvlc.dll
.dll windows:4 windows x86 arch:x86

Password: infected

5c455bebc40d8ab001d42875154b8ef8

Code Sign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:07:ab:b6:4e:99:90:18:07:89:ea:cb:81:f5:f9:14
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

14/12/2020, 00:00

Not After

18/12/2023, 23:59

Subject

CN=VideoLAN,O=VideoLAN,L=Paris,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:07:ab:b6:4e:99:90:18:07:89:ea:cb:81:f5:f9:14
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

14/12/2020, 00:00

Not After

18/12/2023, 23:59

Subject

CN=VideoLAN,O=VideoLAN,L=Paris,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

bf:d5:97:c4:40:b5:52:70:56:3b:e7:49:9c:29:22:94:55:7f:48:4b:6c:ce:a1:cf:3f:38:8f:8c:3a:c2:52:95
Signer

Actual PE Digest

bf:d5:97:c4:40:b5:52:70:56:3b:e7:49:9c:29:22:94:55:7f:48:4b:6c:ce:a1:cf:3f:38:8f:8c:3a:c2:52:95

Digest Algorithm

sha256

PE Digest Matches

true

7b:15:e8:df:9c:f5:42:4d:67:f4:ab:1f:32:02:ea:aa:39:19:84:91
Signer

Actual PE Digest

7b:15:e8:df:9c:f5:42:4d:67:f4:ab:1f:32:02:ea:aa:39:19:84:91

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Imports

libvlccore

VLC_Compiler
aout_DeviceGet
aout_DeviceSet
aout_DevicesList
aout_MuteGet
aout_MuteSet
aout_VolumeGet
aout_VolumeSet
config_GetPszChoices
config_GetType
config_GetUserDir
input_Close
input_Control
input_Create
input_Read
input_Start
input_Stop
input_item_AddOpaque
input_item_AddOption
input_item_AddSlave
input_item_GetDuration
input_item_GetMeta
input_item_GetNowPlayingFb
input_item_GetURI
input_item_Hold
input_item_IsPreparsed
input_item_NewExt
input_item_Release
input_item_SetMeta
input_item_WriteMeta
input_item_slave_New
input_resource_GetAout
input_resource_HoldAout
input_resource_New
input_resource_PutAout
input_resource_Release
input_resource_ResetAout
input_resource_Terminate
libvlc_ArtRequest
libvlc_InternalAddIntf
libvlc_InternalCleanup
libvlc_InternalCreate
libvlc_InternalDestroy
libvlc_InternalInit
libvlc_InternalPlay
libvlc_MetadataCancel
libvlc_MetadataRequest
libvlc_Quit
libvlc_SetExitHandler
mdate
module_exists
module_find
module_get_help
module_get_name
module_get_object
module_list_free
module_list_get
module_provides
var_AddCallback
var_AddListCallback
var_Change
var_Create
var_DelCallback
var_DelListCallback
var_Destroy
var_FreeList
var_GetAndSet
var_GetChecked
var_SetChecked
var_TriggerCallback
var_Type
vlc_Log
vlc_LogSet
vlc_cancel
vlc_clone
vlc_cond_broadcast
vlc_cond_destroy
vlc_cond_init
vlc_cond_signal
vlc_cond_wait
vlc_control_cancel
vlc_dialog_id_dismiss
vlc_dialog_id_get_context
vlc_dialog_id_post_action
vlc_dialog_id_post_login
vlc_dialog_id_set_context
vlc_dialog_provider_set_callbacks
vlc_event_attach
vlc_event_detach
vlc_fourcc_GetDescription
vlc_gettext
vlc_http_cookies_destroy
vlc_http_cookies_new
vlc_join
vlc_mutex_destroy
vlc_mutex_init
vlc_mutex_init_recursive
vlc_mutex_lock
vlc_mutex_unlock
vlc_object_create
vlc_object_hold
vlc_object_release
vlc_path2uri
vlc_rd_get_names
vlc_rd_new
vlc_rd_release
vlc_renderer_item_flags
vlc_renderer_item_hold
vlc_renderer_item_icon_uri
vlc_renderer_item_name
vlc_renderer_item_release
vlc_renderer_item_type
vlc_restorecancel
vlc_savecancel
vlc_sd_Create
vlc_sd_Destroy
vlc_sd_GetNames
vlc_sem_destroy
vlc_sem_init
vlc_sem_post
vlc_sem_wait
vlc_strerror_c
vlc_threadvar_create
vlc_threadvar_delete
vlc_threadvar_get
vlc_threadvar_set
vlm_Control
vlm_Delete
vlm_ExecuteCommand
vlm_MessageDelete
vlm_New

advapi32

CryptAcquireContextA
CryptGenRandom
CryptReleaseContext

kernel32

DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
MultiByteToWideChar
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WideCharToMultiByte

msvcrt

__dllonexit
__mb_cur_max
_amsg_exit
_errno
_exit
_filbuf
_flsbuf
_initterm
_iob
_lock
_onexit
_strnicmp
_unlock
bsearch
calloc
fputc
free
fwrite
getenv
localeconv
malloc
memcpy
memmove
realloc
setlocale
strchr
strcmp
strcpy
strerror
strlen
strncmp
strstr
abort
vfprintf
wcslen
atoi
_write
_strdup
_open
_close

Exports

Exports

libvlc_add_intf
libvlc_audio_equalizer_get_amp_at_index
libvlc_audio_equalizer_get_band_count
libvlc_audio_equalizer_get_band_frequency
libvlc_audio_equalizer_get_preamp
libvlc_audio_equalizer_get_preset_count
libvlc_audio_equalizer_get_preset_name
libvlc_audio_equalizer_new
libvlc_audio_equalizer_new_from_preset
libvlc_audio_equalizer_release
libvlc_audio_equalizer_set_amp_at_index
libvlc_audio_equalizer_set_preamp
libvlc_audio_filter_list_get
libvlc_audio_get_channel
libvlc_audio_get_delay
libvlc_audio_get_mute
libvlc_audio_get_track
libvlc_audio_get_track_count
libvlc_audio_get_track_description
libvlc_audio_get_volume
libvlc_audio_output_device_count
libvlc_audio_output_device_enum
libvlc_audio_output_device_get
libvlc_audio_output_device_id
libvlc_audio_output_device_list_get
libvlc_audio_output_device_list_release
libvlc_audio_output_device_longname
libvlc_audio_output_device_set
libvlc_audio_output_get_device_type
libvlc_audio_output_list_get
libvlc_audio_output_list_release
libvlc_audio_output_set
libvlc_audio_output_set_device_type
libvlc_audio_set_callbacks
libvlc_audio_set_channel
libvlc_audio_set_delay
libvlc_audio_set_format
libvlc_audio_set_format_callbacks
libvlc_audio_set_mute
libvlc_audio_set_track
libvlc_audio_set_volume
libvlc_audio_set_volume_callback
libvlc_audio_toggle_mute
libvlc_chapter_descriptions_release
libvlc_clearerr
libvlc_clock
libvlc_dialog_dismiss
libvlc_dialog_get_context
libvlc_dialog_post_action
libvlc_dialog_post_login
libvlc_dialog_set_callbacks
libvlc_dialog_set_context
libvlc_errmsg
libvlc_event_attach
libvlc_event_detach
libvlc_event_type_name
libvlc_free
libvlc_get_changeset
libvlc_get_compiler
libvlc_get_fullscreen
libvlc_get_input_thread
libvlc_get_log_verbosity
libvlc_get_version
libvlc_log_clear
libvlc_log_close
libvlc_log_count
libvlc_log_get_context
libvlc_log_get_iterator
libvlc_log_get_object
libvlc_log_iterator_free
libvlc_log_iterator_has_next
libvlc_log_iterator_next
libvlc_log_open
libvlc_log_set
libvlc_log_set_file
libvlc_log_unset
libvlc_media_add_option
libvlc_media_add_option_flag
libvlc_media_discoverer_event_manager
libvlc_media_discoverer_is_running
libvlc_media_discoverer_list_get
libvlc_media_discoverer_list_release
libvlc_media_discoverer_localized_name
libvlc_media_discoverer_media_list
libvlc_media_discoverer_new
libvlc_media_discoverer_new_from_name
libvlc_media_discoverer_release
libvlc_media_discoverer_start
libvlc_media_discoverer_stop
libvlc_media_duplicate
libvlc_media_event_manager
libvlc_media_get_codec_description
libvlc_media_get_duration
libvlc_media_get_meta
libvlc_media_get_mrl
libvlc_media_get_parsed_status
libvlc_media_get_state
libvlc_media_get_stats
libvlc_media_get_tracks_info
libvlc_media_get_type
libvlc_media_get_user_data
libvlc_media_is_parsed
libvlc_media_library_load
libvlc_media_library_media_list
libvlc_media_library_new
libvlc_media_library_release
libvlc_media_library_retain
libvlc_media_list_add_file_content
libvlc_media_list_add_media
libvlc_media_list_count
libvlc_media_list_event_manager
libvlc_media_list_index_of_item
libvlc_media_list_insert_media
libvlc_media_list_is_readonly
libvlc_media_list_item_at_index
libvlc_media_list_lock
libvlc_media_list_media
libvlc_media_list_new
libvlc_media_list_player_event_manager
libvlc_media_list_player_get_media_player
libvlc_media_list_player_get_state
libvlc_media_list_player_is_playing
libvlc_media_list_player_new
libvlc_media_list_player_next
libvlc_media_list_player_pause
libvlc_media_list_player_play
libvlc_media_list_player_play_item
libvlc_media_list_player_play_item_at_index
libvlc_media_list_player_previous
libvlc_media_list_player_release
libvlc_media_list_player_retain
libvlc_media_list_player_set_media_list
libvlc_media_list_player_set_media_player
libvlc_media_list_player_set_pause
libvlc_media_list_player_set_playback_mode
libvlc_media_list_player_stop
libvlc_media_list_release
libvlc_media_list_remove_index
libvlc_media_list_retain
libvlc_media_list_set_media
libvlc_media_list_unlock
libvlc_media_new_as_node
libvlc_media_new_callbacks
libvlc_media_new_fd
libvlc_media_new_from_input_item
libvlc_media_new_location
libvlc_media_new_path
libvlc_media_parse
libvlc_media_parse_async
libvlc_media_parse_stop
libvlc_media_parse_with_options
libvlc_media_player_add_slave
libvlc_media_player_can_pause
libvlc_media_player_event_manager
libvlc_media_player_get_agl
libvlc_media_player_get_chapter
libvlc_media_player_get_chapter_count
libvlc_media_player_get_chapter_count_for_title
libvlc_media_player_get_fps
libvlc_media_player_get_full_chapter_descriptions
libvlc_media_player_get_full_title_descriptions
libvlc_media_player_get_hwnd
libvlc_media_player_get_length
libvlc_media_player_get_media
libvlc_media_player_get_nsobject
libvlc_media_player_get_position
libvlc_media_player_get_rate
libvlc_media_player_get_role
libvlc_media_player_get_state
libvlc_media_player_get_time
libvlc_media_player_get_title
libvlc_media_player_get_title_count
libvlc_media_player_get_xwindow
libvlc_media_player_has_vout
libvlc_media_player_is_playing
libvlc_media_player_is_seekable
libvlc_media_player_navigate
libvlc_media_player_new
libvlc_media_player_new_from_media
libvlc_media_player_next_chapter
libvlc_media_player_next_frame
libvlc_media_player_pause
libvlc_media_player_play
libvlc_media_player_previous_chapter
libvlc_media_player_program_scrambled
libvlc_media_player_release
libvlc_media_player_retain
libvlc_media_player_set_agl
libvlc_media_player_set_android_context
libvlc_media_player_set_chapter
libvlc_media_player_set_equalizer
libvlc_media_player_set_hwnd
libvlc_media_player_set_media
libvlc_media_player_set_nsobject
libvlc_media_player_set_pause
libvlc_media_player_set_position
libvlc_media_player_set_rate
libvlc_media_player_set_renderer
libvlc_media_player_set_role
libvlc_media_player_set_time
libvlc_media_player_set_title
libvlc_media_player_set_video_title_display
libvlc_media_player_set_xwindow
libvlc_media_player_stop
libvlc_media_player_will_play
libvlc_media_release
libvlc_media_retain
libvlc_media_save_meta
libvlc_media_set_meta
libvlc_media_set_state
libvlc_media_set_user_data
libvlc_media_slaves_add
libvlc_media_slaves_clear
libvlc_media_slaves_get
libvlc_media_slaves_release
libvlc_media_subitems
libvlc_media_tracks_get
libvlc_media_tracks_release
libvlc_module_description_list_release
libvlc_new
libvlc_playlist_play
libvlc_printerr
libvlc_release
libvlc_renderer_discoverer_event_manager
libvlc_renderer_discoverer_list_get
libvlc_renderer_discoverer_list_release
libvlc_renderer_discoverer_new
libvlc_renderer_discoverer_release
libvlc_renderer_discoverer_start
libvlc_renderer_discoverer_stop
libvlc_renderer_item_flags
libvlc_renderer_item_hold
libvlc_renderer_item_icon_uri
libvlc_renderer_item_name
libvlc_renderer_item_release
libvlc_renderer_item_type
libvlc_retain
libvlc_set_app_id
libvlc_set_exit_handler
libvlc_set_fullscreen
libvlc_set_log_verbosity
libvlc_set_user_agent
libvlc_title_descriptions_release
libvlc_toggle_fullscreen
libvlc_toggle_teletext
libvlc_track_description_list_release
libvlc_track_description_release
libvlc_video_filter_list_get
libvlc_video_get_adjust_float
libvlc_video_get_adjust_int
libvlc_video_get_aspect_ratio
libvlc_video_get_chapter_description
libvlc_video_get_crop_geometry
libvlc_video_get_cursor
libvlc_video_get_height
libvlc_video_get_logo_int
libvlc_video_get_marquee_int
libvlc_video_get_marquee_string
libvlc_video_get_scale
libvlc_video_get_size
libvlc_video_get_spu
libvlc_video_get_spu_count
libvlc_video_get_spu_delay
libvlc_video_get_spu_description
libvlc_video_get_teletext
libvlc_video_get_title_description
libvlc_video_get_track
libvlc_video_get_track_count
libvlc_video_get_track_description
libvlc_video_get_width
libvlc_video_new_viewpoint
libvlc_video_set_adjust_float
libvlc_video_set_adjust_int
libvlc_video_set_aspect_ratio
libvlc_video_set_callbacks
libvlc_video_set_crop_geometry
libvlc_video_set_deinterlace
libvlc_video_set_format
libvlc_video_set_format_callbacks
libvlc_video_set_key_input
libvlc_video_set_logo_int
libvlc_video_set_logo_string
libvlc_video_set_marquee_int
libvlc_video_set_marquee_string
libvlc_video_set_mouse_input
libvlc_video_set_scale
libvlc_video_set_spu
libvlc_video_set_spu_delay
libvlc_video_set_subtitle_file
libvlc_video_set_teletext
libvlc_video_set_track
libvlc_video_take_snapshot
libvlc_video_update_viewpoint
libvlc_vlm_add_broadcast
libvlc_vlm_add_input
libvlc_vlm_add_vod
libvlc_vlm_change_media
libvlc_vlm_del_media
libvlc_vlm_get_event_manager
libvlc_vlm_get_media_instance_length
libvlc_vlm_get_media_instance_position
libvlc_vlm_get_media_instance_rate
libvlc_vlm_get_media_instance_time
libvlc_vlm_pause_media
libvlc_vlm_play_media
libvlc_vlm_release
libvlc_vlm_seek_media
libvlc_vlm_set_enabled
libvlc_vlm_set_input
libvlc_vlm_set_loop
libvlc_vlm_set_mux
libvlc_vlm_set_output
libvlc_vlm_show_media
libvlc_vlm_stop_media
libvlc_vprinterr
libvlc_wait

Sections

.text
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libvlccore.dll
.dll windows:4 windows x86 arch:x86

Password: infected

f11716690dc3b1ac312b344caaf28102

Code Sign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:07:ab:b6:4e:99:90:18:07:89:ea:cb:81:f5:f9:14
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

14/12/2020, 00:00

Not After

18/12/2023, 23:59

Subject

CN=VideoLAN,O=VideoLAN,L=Paris,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:07:ab:b6:4e:99:90:18:07:89:ea:cb:81:f5:f9:14
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

14/12/2020, 00:00

Not After

18/12/2023, 23:59

Subject

CN=VideoLAN,O=VideoLAN,L=Paris,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

c8:2b:0a:3a:b9:68:6d:f0:cc:a6:1f:b8:4e:54:72:ee:c7:8e:04:dd:83:bc:5a:f6:4e:97:0c:6f:6e:e3:c3:c3
Signer

Actual PE Digest

c8:2b:0a:3a:b9:68:6d:f0:cc:a6:1f:b8:4e:54:72:ee:c7:8e:04:dd:83:bc:5a:f6:4e:97:0c:6f:6e:e3:c3:c3

Digest Algorithm

sha256

PE Digest Matches

true

a3:0e:e2:a5:ad:ee:c2:60:7f:35:0e:5c:ff:58:bb:8b:73:bf:09:fe
Signer

Actual PE Digest

a3:0e:e2:a5:ad:ee:c2:60:7f:35:0e:5c:ff:58:bb:8b:73:bf:09:fe

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Imports

advapi32

CryptAcquireContextA
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
RegCloseKey
RegOpenKeyExA
RegQueryValueExA

kernel32

AllocConsole
CloseHandle
CreateDirectoryA
CreateEventA
CreateFileA
CreateFileW
CreateMutexW
CreateSemaphoreW
CreateThread
CreateTimerQueueTimer
DeleteCriticalSection
DeleteTimerQueueTimer
DeviceIoControl
DuplicateHandle
EnterCriticalSection
EnumResourceLanguagesA
EnumSystemLocalesA
FormatMessageW
FreeLibrary
GetACP
GetConsoleOutputCP
GetConsoleScreenBufferInfo
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetFileAttributesW
GetFileSize
GetLastError
GetLocaleInfoA
GetLogicalDrives
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetNativeSystemInfo
GetProcAddress
GetProcessHeap
GetProcessTimes
GetProcessWorkingSetSize
GetStartupInfoA
GetStdHandle
GetSystemTimeAsFileTime
GetTempFileNameW
GetTempPathA
GetTempPathW
GetThreadLocale
GetThreadTimes
GetTickCount
GetTimeZoneInformation
GetVersion
GetVersionExA
GlobalMemoryStatus
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LocalAlloc
LocalFree
MapViewOfFile
MultiByteToWideChar
OpenFileMappingA
OutputDebugStringW
QueryPerformanceCounter
QueryPerformanceFrequency
QueueUserAPC
ReadFile
ReleaseMutex
ReleaseSemaphore
ResetEvent
SetConsoleOutputCP
SetConsoleTitleW
SetEvent
SetFilePointerEx
SetLastError
SetPriorityClass
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SleepEx
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
UnmapViewOfFile
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
WideCharToMultiByte
WriteConsoleW
WriteFile

msvcrt

__dllonexit
__mb_cur_max
__setusermatherr
_amsg_exit
_beginthreadex
_close
_commit
_endthreadex
_errno
_exit
_fdopen
_fileno
_findclose
_fstati64
_get_osfhandle
_initterm
_iob
_isatty
_lock
_lseeki64
_onexit
_open_osfhandle
_pipe
_snwprintf
_wfindfirst
time
mktime
localtime
gmtime
fwprintf
_stricmp
_strnicmp
_sys_errlist
_sys_nerr
_unlock
bsearch
calloc
clearerr
clock
div
exit
fclose
feof
ferror
fflush
fgetc
fgets
fopen
fprintf
fputc
fputs
fputwc
fputws
fread
free
freopen
fseek
ftell
fwprintf
fwrite
getc
getchar
getenv
isalnum
isalpha
iscntrl
islower
isspace
isupper
iswctype
isxdigit
localeconv
malloc
memchr
memcmp
memcpy
memmove
memset
putc
putchar
puts
qsort
raise
rand
realloc
rewind
setlocale
sprintf
strcat
strchr
strcmp
strcpy
strcspn
strerror
strftime
strlen
strncmp
strncpy
strpbrk
strrchr
strspn
strstr
strtol
strtoul
_vsnprintf
_vsnwprintf
_wfindnext
_wfullpath
_wgetcwd
_wmkdir
_wopen
_wremove
_wrename
_wunlink
abort
atof
tolower
toupper
towlower
ungetc
vfprintf
wcscat
wcschr
wcscmp
wcscpy
wcslen
wcsrchr
wcstombs
atoi
atol
_wstati64
_stati64
_fstat
_write
_stricmp
_strdup
_setmode
_read
_open
_getpid
_getcwd
_fileno
_fdopen
_dup
_close
_access

shell32

SHGetFolderPathW
ShellExecuteW

user32

FindWindowW
GetActiveWindow
GetCapture
GetCaretPos
GetClipboardOwner
GetClipboardViewer
GetCursorPos
GetDesktopWindow
GetFocus
GetInputState
GetMessagePos
GetMessageTime
GetOpenClipboardWindow
GetProcessWindowStation
MessageBoxW
SendMessageW

ws2_32

WSACleanup
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAGetLastError
WSARecv
WSARecvFrom
WSASendTo
WSAStartup
WSAWaitForMultipleEvents
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostname
getnameinfo
getpeername
getsockname
getsockopt
htonl
ioctlsocket
listen
ntohl
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket

Exports

Exports

AddMD5
EndMD5
FromCharset
GetLang_1
GetLang_2B
GetLang_2T
InitMD5
NTPtime64
ToCharset
VLC_CompileBy
VLC_CompileHost
VLC_Compiler
access_vaDirectoryControlHelper
addon_entry_Hold
addon_entry_New
addon_entry_Release
addons_manager_Delete
addons_manager_Gather
addons_manager_Install
addons_manager_LoadCatalog
addons_manager_New
addons_manager_Remove
aout_BitsPerSample
aout_ChannelExtract
aout_ChannelReorder
aout_CheckChannelExtraction
aout_CheckChannelReorder
aout_Deinterleave
aout_DeviceGet
aout_DeviceSet
aout_DevicesList
aout_FiltersAdjustResampling
aout_FiltersChangeViewpoint
aout_FiltersDelete
aout_FiltersDrain
aout_FiltersFlush
aout_FiltersNew
aout_FiltersPlay
aout_FormatPrepare
aout_FormatPrint
aout_FormatPrintChannels
aout_Interleave
aout_MuteGet
aout_MuteSet
aout_VolumeGet
aout_VolumeSet
aout_VolumeUpdate
aout_filter_RequestVout
block_Alloc
block_FifoCount
block_FifoEmpty
block_FifoGet
block_FifoNew
block_FifoPut
block_FifoRelease
block_FifoShow
block_File
block_FilePath
block_Init
block_Realloc
block_TryRealloc
block_heap_Alloc
block_mmap_Alloc
block_shm_Alloc
config_AddIntf
config_ChainCreate
config_ChainDestroy
config_ChainDuplicate
config_ChainParse
config_ChainParseOptions
config_ExistIntf
config_FindConfig
config_GetDataDir
config_GetFloat
config_GetInt
config_GetIntChoices
config_GetLibDir
config_GetPsz
config_GetPszChoices
config_GetType
config_GetUserDir
config_PutFloat
config_PutInt
config_PutPsz
config_RemoveIntf
config_ResetAll
config_SaveConfigFile
config_StringEscape
config_StringUnescape
date_Change
date_Decrement
date_Get
date_Increment
date_Init
date_Move
date_Set
decoder_AbortPictures
decoder_GetDisplayDate
decoder_GetDisplayRate
decoder_GetInputAttachments
decoder_NewAudioBuffer
decoder_NewSubpicture
demux_Delete
demux_New
demux_PacketizerDestroy
demux_PacketizerNew
demux_vaControl
demux_vaControlHelper
es_format_Clean
es_format_Copy
es_format_Init
es_format_InitFromVideo
es_format_IsSimilar
filter_AddProxyCallbacks
filter_Blend
filter_ConfigureBlend
filter_DelProxyCallbacks
filter_DeleteBlend
filter_NewBlend
filter_chain_AppendConverter
filter_chain_AppendFilter
filter_chain_AppendFromString
filter_chain_Delete
filter_chain_DeleteFilter
filter_chain_GetFmtOut
filter_chain_IsEmpty
filter_chain_MouseEvent
filter_chain_MouseFilter
filter_chain_NewVideo
filter_chain_Reset
filter_chain_SubFilter
filter_chain_VideoFilter
filter_chain_VideoFlush
fingerprinter_Create
fingerprinter_Destroy
httpd_ClientIP
httpd_FileDelete
httpd_FileNew
httpd_HandlerDelete
httpd_HandlerNew
httpd_HostDelete
httpd_MsgAdd
httpd_MsgGet
httpd_RedirectDelete
httpd_RedirectNew
httpd_ServerIP
httpd_StreamDelete
httpd_StreamHeader
httpd_StreamNew
httpd_StreamSend
httpd_StreamSetHTTPHeaders
httpd_UrlCatch
httpd_UrlDelete
httpd_UrlNew
image_Ext2Fourcc
image_HandlerCreate
image_HandlerDelete
image_Mime2Fourcc
image_Type2Fourcc
input_Close
input_Control
input_Create
input_CreateFilename
input_DecoderCreate
input_DecoderDecode
input_DecoderDelete
input_DecoderDrain
input_DecoderFlush
input_GetItem
input_Read
input_Start
input_Stop
input_item_AddInfo
input_item_AddOpaque
input_item_AddOption
input_item_AddOptions
input_item_AddSlave
input_item_Copy
input_item_CopyOptions
input_item_DelInfo
input_item_GetDuration
input_item_GetInfo
input_item_GetMeta
input_item_GetName
input_item_GetNowPlayingFb
input_item_GetTitleFbName
input_item_GetURI
input_item_HasErrorWhenReading
input_item_Hold
input_item_IsArtFetched
input_item_IsPreparsed
input_item_MergeInfos
input_item_MetaMatch
input_item_NewExt
input_item_Release
input_item_ReplaceInfos
input_item_SetDuration
input_item_SetMeta
input_item_SetName
input_item_SetURI
input_item_WriteMeta
input_item_node_AppendItem
input_item_node_AppendNode
input_item_node_Create
input_item_node_Delete
input_item_slave_GetType
input_item_slave_New
input_resource_GetAout
input_resource_HoldAout
input_resource_New
input_resource_PutAout
input_resource_Release
input_resource_ResetAout
input_resource_Terminate
input_resource_TerminateVout
input_vaControl
intf_Create
libvlc_ArtRequest
libvlc_InternalAddIntf
libvlc_InternalCleanup
libvlc_InternalCreate
libvlc_InternalDestroy
libvlc_InternalDialogClean
libvlc_InternalDialogInit
libvlc_InternalInit
libvlc_InternalKeystoreClean
libvlc_InternalKeystoreInit
libvlc_InternalPlay
libvlc_MetadataCancel
libvlc_MetadataRequest
libvlc_Quit
libvlc_SetExitHandler
mdate
module_config_free
module_config_get
module_exists
module_find
module_get_capability
module_get_help
module_get_name
module_get_object
module_get_score
module_gettext
module_list_free
module_list_get
module_need
module_provides
module_unneed
msleep
mwait
net_Accept
net_AcceptSingle
net_Connect
net_ConnectDgram
net_Gets
net_Listen
net_ListenClose
net_OpenDgram
net_Printf
net_Read
net_SetCSCov
net_Write
net_vaPrintf
picture_BlendSubpicture
picture_Clone
picture_Copy
picture_CopyPixels
picture_CopyProperties
picture_Export
picture_Hold
picture_New
picture_NewFromFormat
picture_NewFromResource
picture_Release
picture_Reset
picture_Setup
picture_fifo_Delete
picture_fifo_Flush
picture_fifo_New
picture_fifo_OffsetDate
picture_fifo_Peek
picture_fifo_Pop
picture_fifo_Push
picture_pool_Enum
picture_pool_Get
picture_pool_GetSize
picture_pool_New
picture_pool_NewExtended
picture_pool_NewFromFormat
picture_pool_Release
picture_pool_Reserve
picture_pool_Wait
plane_CopyPixels
playlist_Add
playlist_AddExt
playlist_AddInput
playlist_AssertLocked
playlist_ChildSearchName
playlist_Clear
playlist_Control
playlist_CurrentInput
playlist_CurrentInputLocked
playlist_CurrentPlayingItem
playlist_Deactivate
playlist_EnableAudioFilter
playlist_Export
playlist_GetAout
playlist_GetNodeDuration
playlist_Import
playlist_IsServicesDiscoveryLoaded
playlist_ItemGetById
playlist_ItemGetByInput
playlist_LiveSearchUpdate
playlist_Lock
playlist_MuteGet
playlist_MuteSet
playlist_NodeAddCopy
playlist_NodeAddInput
playlist_NodeCreate
playlist_NodeDelete
playlist_RecursiveNodeSort
playlist_ServicesDiscoveryAdd
playlist_ServicesDiscoveryControl
playlist_ServicesDiscoveryRemove
playlist_SetRenderer
playlist_Status
playlist_TreeMove
playlist_TreeMoveMany
playlist_Unlock
playlist_VolumeGet
playlist_VolumeSet
playlist_VolumeUp
sdp_AddAttribute
sdp_AddMedia
secstotimestr
sout_AccessOutControl
sout_AccessOutDelete
sout_AccessOutNew
sout_AccessOutRead
sout_AccessOutSeek
sout_AccessOutWrite
sout_AnnounceRegisterSDP
sout_AnnounceUnRegister
sout_EncoderCreate
sout_MuxAddStream
sout_MuxDelete
sout_MuxDeleteStream
sout_MuxFlush
sout_MuxGetStream
sout_MuxNew
sout_MuxSendBuffer
sout_StreamChainDelete
sout_StreamChainNew
spu_ChangeFilters
spu_ChangeSources
spu_ClearChannel
spu_Create
spu_Destroy
spu_PutSubpicture
spu_RegisterChannel
spu_Render
subpicture_Delete
subpicture_New
subpicture_NewFromPicture
subpicture_Update
subpicture_region_ChainDelete
subpicture_region_Copy
subpicture_region_Delete
subpicture_region_New
text_segment_ChainDelete
text_segment_Copy
text_segment_Delete
text_segment_New
text_segment_NewInheritStyle
text_style_Copy
text_style_Create
text_style_Delete
text_style_Duplicate
text_style_Merge
text_style_New
update_Check
update_Delete
update_Download
update_GetRelease
update_NeedUpgrade
update_New
us_asprintf
us_atof
us_strtod
us_strtof
us_vasprintf
utf8_fprintf
utf8_vfprintf
var_AddCallback
var_AddListCallback
var_Change
var_Create
var_DelCallback
var_DelListCallback
var_Destroy
var_FreeList
var_Get
var_GetAndSet
var_GetChecked
var_Inherit
var_InheritURational
var_LocationParse
var_Set
var_SetChecked
var_TriggerCallback
var_Type
video_format_ApplyRotation
video_format_CopyCrop
video_format_FixRgb
video_format_GetTransform
video_format_IsSimilar
video_format_Print
video_format_ScaleCropAr
video_format_Setup
video_format_TransformBy
video_format_TransformTo
vlc_CPU
vlc_GetCPUCount
vlc_Log
vlc_LogSet
vlc_UrlClean
vlc_UrlParse
vlc_UrlParseFixup
vlc_accept
vlc_accept_i11e
vlc_access_NewMRL
vlc_actions_get_id
vlc_actions_get_key_names
vlc_actions_get_keycodes
vlc_b64_decode
vlc_b64_decode_binary
vlc_b64_decode_binary_to_buffer
vlc_b64_encode
vlc_b64_encode_binary
vlc_cancel
vlc_clone
vlc_close
vlc_cond_broadcast
vlc_cond_destroy
vlc_cond_init
vlc_cond_signal
vlc_cond_timedwait
vlc_cond_wait
vlc_control_cancel
vlc_credential_clean
vlc_credential_get
vlc_credential_init
vlc_credential_store
vlc_demux_chained_ControlVa
vlc_demux_chained_Delete
vlc_demux_chained_New
vlc_demux_chained_Send
vlc_dialog_display_error
vlc_dialog_display_error_va
vlc_dialog_display_progress
vlc_dialog_display_progress_va
vlc_dialog_id_dismiss
vlc_dialog_id_get_context
vlc_dialog_id_post_action
vlc_dialog_id_post_login
vlc_dialog_id_set_context
vlc_dialog_is_cancelled
vlc_dialog_provider_set_callbacks
vlc_dialog_provider_set_ext_callback
vlc_dialog_release
vlc_dialog_update_progress
vlc_dialog_update_progress_text
vlc_dialog_update_progress_text_va
vlc_dialog_wait_login
vlc_dialog_wait_login_va
vlc_dialog_wait_question
vlc_dialog_wait_question_va
vlc_drand48
vlc_dup
vlc_epg_AddEvent
vlc_epg_Delete
vlc_epg_Duplicate
vlc_epg_New
vlc_epg_SetCurrent
vlc_epg_event_Delete
vlc_epg_event_Duplicate
vlc_epg_event_New
vlc_error
vlc_event_attach
vlc_event_detach
vlc_ext_dialog_update
vlc_fifo_DequeueAllUnlocked
vlc_fifo_DequeueUnlocked
vlc_fifo_GetBytes
vlc_fifo_GetCount
vlc_fifo_Lock
vlc_fifo_QueueUnlocked
vlc_fifo_Signal
vlc_fifo_Unlock
vlc_fifo_Wait

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
patrial.gz
plugins/Microsoft.VisualStudio.VsWebProtocol
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

33:00:00:03:4e:b5:3c:7a:c1:84:6f:eb:2b:00:00:00:00:03:4e
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/03/2023, 18:43

Not After

14/03/2024, 18:43

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5f:af:0c:58:d2:42:9a:e0:4a:81:ab:97:5c:6c:f6:e8:7d:30:0a:ad:18:b9:59:1c:3f:a4:76:78:f5:ef:fd:00
Signer

Actual PE Digest

5f:af:0c:58:d2:42:9a:e0:4a:81:ab:97:5c:6c:f6:e8:7d:30:0a:ad:18:b9:59:1c:3f:a4:76:78:f5:ef:fd:00

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\dbs\el\ddvsm\out\Intermediate\appid\microsoft.visualstudio.vswebprotocolselector_x86Retail_E59B6BE4\Release\net472\Microsoft.VisualStudio.VsWebProtocolSelector.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 471KB - Virtual size: 470KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 179KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/NvStWiz
.exe windows:6 windows x86 arch:x86

Password: infected

a7e73ef2207e9ee97c678506145e1258

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4f:be:0a:02:42:6e:bd:20:c2:62:44:b5:ec:a6:52:a3
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

09/07/2018, 00:00

Not After

10/07/2019, 23:59

Subject

CN=NVIDIA Corporation,OU=IT-MIS,O=NVIDIA Corporation,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:e7:45:e9:21:65:21:3c:97:1f:5c:49:0a:ea:12:a5
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

09/07/2018, 00:00

Not After

09/07/2021, 23:59

Subject

CN=NVIDIA Corporation,OU=IT-MIS,O=NVIDIA Corporation,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7c:1b:35:35:4a:e7:db:74:e7:41:5f:11:69:ca:6b:a8
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

22/07/2014, 00:00

Not After

21/07/2024, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:2d:23:cb:00:00:00:00:00:21
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:46

Not After

22/02/2021, 19:56

Subject

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

54:cb:ab:94:75:80:97:ed:a8:bb:b7:bd:5b:5f:9b:d9:c4:b8:e5:05:1b:74:5b:83:60:86:a9:f7:ca:58:97:d7
Signer

Actual PE Digest

54:cb:ab:94:75:80:97:ed:a8:bb:b7:bd:5b:5f:9b:d9:c4:b8:e5:05:1b:74:5b:83:60:86:a9:f7:ca:58:97:d7

Digest Algorithm

sha256

PE Digest Matches

true

7f:01:56:fd:7c:3f:56:65:ab:41:e1:66:0d:22:36:1d:f4:00:d1:24
Signer

Actual PE Digest

7f:01:56:fd:7c:3f:56:65:ab:41:e1:66:0d:22:36:1d:f4:00:d1:24

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\dvs\p4\build\sw\rel\gpu_drv\r415\r415_00\drivers\stereo_vision\Apps\GeForce3DVisionSetupWizard\release\NvStWiz.pdb

Imports

user32

GetDesktopWindow
PostQuitMessage
GetUserObjectInformationW
SetCursor
LoadCursorW
TranslateMessage
OpenInputDesktop
ValidateRect
PeekMessageW
EnumDisplaySettingsExW
DestroyIcon
EnumDisplaySettingsW
CloseDesktop
ChangeDisplaySettingsW
ShowWindow
DestroyCursor
RegisterClassExW
SendMessageW
CreateWindowExW
MessageBoxW
DestroyWindow
DefWindowProcW
ChangeDisplaySettingsExW
UpdateWindow
LoadImageW
SetCursorPos
DispatchMessageW
GetCursorPos

shell32

SHGetFolderPathW
ShellExecuteW
SHGetKnownFolderPath

ole32

CoTaskMemFree
CreateStreamOnHGlobal
CoCreateInstance
CoUninitialize
CoInitialize

d3d9

Direct3DCreate9

d3d10

D3D10CreateDevice

gdiplus

GdipLoadImageFromStream
GdipSetStringFormatFlags
GdipGetImageWidth
GdipSetStringFormatAlign
GdiplusStartup
GdipCreatePen1
GdipCreateStringFormat
GdipDeleteFontFamily
GdipGetImageHeight
GdipSetImageAttributesColorMatrix
GdipDeleteFont
GdipSetCompositingMode
GdipDeleteStringFormat
GdipDeleteGraphics
GdiplusShutdown
GdipMeasureString
GdipCloneBrush
GdipSetTextRenderingHint
GdipCreateFromHDC
GdipDrawString
GdipFree
GdipGetGenericFontFamilySansSerif
GdipCreateImageAttributes
GdipDrawLine
GdipCreateSolidFill
GdipCreateFont
GdipDisposeImage
GdipDisposeImageAttributes
GdipDrawImageRectI
GdipAlloc
GdipDeleteBrush
GdipCloneImage
GdipDrawImageRectRect
GdipCreateFontFamilyFromName
GdipDeletePen

kernel32

GetConsoleCP
FlushFileBuffers
SetStdHandle
GetProcessHeap
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
GetStringTypeW
GetFileType
HeapAlloc
HeapFree
GetACP
WriteFile
GetStdHandle
HeapSize
MultiByteToWideChar
GetModuleFileNameA
GetModuleHandleExW
ExitProcess
GetCommandLineW
GetCommandLineA
EncodePointer
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RaiseException
RtlUnwind
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
SetEvent
GetConsoleMode
HeapReAlloc
SetFilePointerEx
SetEndOfFile
ReadFile
ReadConsoleW
DecodePointer
WideCharToMultiByte
SizeofResource
FindFirstFileW
GetSystemDefaultLCID
FindNextFileW
lstrcpynW
GetThreadLocale
GetUserDefaultUILanguage
GetTempPathW
FindClose
GetLocaleInfoW
GetFileAttributesW
GetVersionExW
GetSystemDirectoryW
FreeResource
CreateEventW
Sleep
GetLastError
LockResource
GlobalAlloc
GlobalFree
CloseHandle
LoadLibraryW
FindResourceExW
LoadResource
FindResourceW
GetProcAddress
GlobalLock
WriteConsoleW
FreeLibrary
lstrcmpiW
GlobalUnlock
LoadLibraryExW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
VerSetConditionMask
ExpandEnvironmentStringsW
CreateFileW
GetFullPathNameW
SetLastError
GetCurrentProcess
GetModuleHandleA
LocalAlloc
LocalFree
lstrcmpW
VerifyVersionInfoW
GetModuleHandleW

advapi32

RegQueryValueExW
RegOpenKeyExA
InitializeSecurityDescriptor
RegSetValueExA
RegQueryValueExA
RegCloseKey
SetSecurityDescriptorDacl
RegOpenKeyExW

Sections

.text
Size: 182KB - Virtual size: 182KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/StartupHelper
.exe windows:5 windows x86 arch:x86

Password: infected

d21794f0d47bb5c7f5977a6500854d85

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:28:14:36:98:54:a8:5f:9b:8f:90:12:67:c0:3c:f2
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

17/08/2022, 00:00

Not After

29/07/2025, 23:59

Subject

SERIALNUMBER=91110108680456115E,CN=Glarysoft Ltd,O=Glarysoft Ltd,ST=Beijing,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13104861696469616e204469737472696374,1.3.6.1.4.1.311.60.2.1.2=#13074265696a696e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:28:14:36:98:54:a8:5f:9b:8f:90:12:67:c0:3c:f2
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

17/08/2022, 00:00

Not After

29/07/2025, 23:59

Subject

SERIALNUMBER=91110108680456115E,CN=Glarysoft Ltd,O=Glarysoft Ltd,ST=Beijing,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13104861696469616e204469737472696374,1.3.6.1.4.1.311.60.2.1.2=#13074265696a696e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cc:08:bb:49:63:6e:cf:3f:72:bf:92:cf:45:8b:91:0e:90:0f:7d:11:28:70:03:90:0a:af:8b:19:89:f5:2f:7b
Signer

Actual PE Digest

cc:08:bb:49:63:6e:cf:3f:72:bf:92:cf:45:8b:91:0e:90:0f:7d:11:28:70:03:90:0a:af:8b:19:89:f5:2f:7b

Digest Algorithm

sha256

PE Digest Matches

true

b2:c8:9c:70:dd:00:70:00:00:18:3b:25:00:02:8e:c2:fc:f9:28:b7
Signer

Actual PE Digest

b2:c8:9c:70:dd:00:70:00:00:18:3b:25:00:02:8e:c2:fc:f9:28:b7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\winapps\mh\trunk\exe\vc\StartupHelper\sourcecode\Release\StartupHelper.pdb

Imports

mfc90u

ord404
ord2597
ord2141
ord4131
ord6635
ord4044
ord611
ord595
ord3489
ord5664
ord4652
ord1493
ord6411
ord3355
ord1665
ord5939
ord4405
ord1607
ord3220
ord5632
ord5167
ord5324
ord1810
ord1809
ord1675
ord3353
ord6408
ord1754
ord1751
ord4345
ord1492
ord4664
ord5602
ord2074
ord5512
ord6800
ord4603
ord3743
ord5154
ord4702
ord1728
ord6466
ord5685
ord5683
ord960
ord965
ord969
ord967
ord971
ord2615
ord2635
ord2619
ord2625
ord2623
ord2621
ord2638
ord2633
ord2617
ord2640
ord2628
ord2610
ord2612
ord2630
ord2375
ord2368
ord1641
ord6802
ord4174
ord6804
ord3682
ord5404
ord6376
ord3226
ord1442
ord5625
ord2139
ord1792
ord1791
ord1727
ord5650
ord3140
ord4910
ord4682
ord3515
ord2593
ord5653
ord6091
ord4774
ord4815
ord5078
ord613
ord337
ord4631
ord2901
ord4741
ord1533
ord3537
ord6095
ord3622
ord6187
ord6094
ord333
ord3488
ord1354
ord1353
ord2097
ord3543
ord1183
ord3486
ord4527
ord6579
ord4543
ord6577
ord2592
ord744
ord524
ord2069
ord1063
ord663
ord2146
ord1166
ord1064
ord6604
ord4530
ord2904
ord1047
ord2596
ord5008
ord1108
ord367
ord586
ord4000
ord374
ord2130
ord3577
ord2282
ord4512
ord4442
ord4448
ord4423
ord6801
ord4173
ord6803
ord4747
ord2251
ord2206
ord6035
ord4179
ord1048
ord5548
ord6741
ord5830
ord4213
ord2087
ord3217
ord5674
ord5676
ord4347
ord4996
ord5680
ord5663
ord6018
ord2771
ord2983
ord3112
ord799
ord265
ord266
ord1272
ord1137
ord1254
ord686
ord436
ord792
ord587
ord4728
ord2966
ord3115
ord2774
ord2893
ord2764
ord4080
ord4081
ord4071
ord2891
ord4348
ord4905
ord4681
ord3670
ord2447
ord636
ord790
ord639
ord2208
ord6482
ord1098
ord4211
ord794
ord589
ord4043
ord4967
ord1318
ord2327
ord316
ord601
ord899
ord1315
ord938
ord1603
ord2478
ord5979
ord6687
ord285
ord5535
ord6079
ord6813
ord1552
ord2551
ord946
ord821
ord2470
ord6096
ord4541
ord4410
ord290
ord1088
ord6659
ord2243
ord6204
ord339
ord289
ord288
ord6164
ord1599
ord809
ord6013
ord935
ord936
ord2702
ord286
ord5851
ord3637
ord2106
ord811
ord280
ord2326
ord2694
ord6529
ord813
ord2537
ord600
ord1143
ord296
ord1248
ord2084
ord1250
ord801

msvcr90

memcpy
memset
towupper
__CxxFrameHandler3
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_controlfp_s
_invoke_watson
_except_handler4_common
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
__wargv
__argc
setlocale
_resetstkoflw
?what@exception@std@@UBEPBDXZ
_msize
_purecall
_set_errno
_get_errno
_wtoi64
realloc
_gcvt_s
_fpclass
_HUGE
iswspace
wcsrchr
wcschr
_ui64toa_s
_i64toa_s
isspace
_itoa_s
wcsncmp
wcstod
wcstol
_wcstoui64
_wcstoi64
strtol
_wtoi
wcsnlen
_wcsicmp
_scwprintf
_ultoa_s
strncmp
_strlwr_s
_recalloc
calloc
_itow_s
swprintf_s
_CxxThrowException
malloc
wcscpy_s
wcsncpy_s
_invalid_parameter_noinfo
??0exception@std@@QAE@ABV01@@Z
free
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
memmove_s
memcpy_s

kernel32

GetPrivateProfileSectionW
LocalFree
GetCurrentProcessId
InterlockedCompareExchange
GetStartupInfoW
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
TerminateProcess
SetLastError
LoadLibraryW
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
GetProcAddress
GetModuleHandleW
Sleep
GetTickCount
GetCommandLineW
InterlockedExchange
CreateMutexW
CloseHandle
HeapReAlloc
GetPrivateProfileIntW
HeapFree
GetProcessHeap
HeapAlloc
WideCharToMultiByte
lstrlenA
MultiByteToWideChar
GetLastError
GetModuleFileNameW
lstrlenW
WaitForSingleObject
HeapDestroy
HeapSize
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection

user32

SendMessageW
AppendMenuW
GetSystemMenu
GetWindowRect
MessageBoxW
GetWindowLongW
SetWindowLongW
UnionRect
GetMenuBarInfo
GetMenuItemID
GetMenuItemCount
GetSysColor
OffsetRect
FrameRect
DrawFrameControl
CopyRect
EnableWindow
IsWindow
InvalidateRect
KillTimer
PtInRect
ReleaseDC
FillRect
GetDC
SystemParametersInfoW
EndPaint
BeginPaint
DrawIcon
GetSystemMetrics
IsIconic
SetTimer
GetClientRect
LoadIconW

gdi32

CreatePen
CreateCompatibleBitmap
CreateSolidBrush
GetObjectW
SetDIBColorTable
GetTextExtentPoint32W
SetBkMode
CreateRoundRectRgn
GetCurrentObject
GetBkMode
CreatePatternBrush
SetBrushOrgEx
FillRgn
FrameRgn
SelectObject
CreateFontW
GetDIBColorTable
StretchBlt
CreateDIBSection
BitBlt
CreateCompatibleDC
DeleteDC
DeleteObject

msimg32

TransparentBlt
GradientFill
AlphaBlend

advapi32

RegQueryValueExW
RegOpenKeyExW

shell32

ShellExecuteW
CommandLineToArgvW

comctl32

_TrackMouseEvent
InitCommonControlsEx

shlwapi

PathFileExistsW

ole32

OleInitialize
CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

SysAllocStringLen
VariantClear
SysAllocString
VariantInit
SysFreeString

msvcp90

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
?find_last_not_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?find_first_not_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ

ws2_32

WSASetLastError
GetAddrInfoW
WSAStartup
WSACleanup
closesocket
WSACloseEvent
WSASocketW
WSAGetLastError
WSAConnect
WSAEnumNetworkEvents
WSAResetEvent
WSASend
WSAGetOverlappedResult
WSARecv
WSACreateEvent
WSASetEvent
WSAEventSelect
FreeAddrInfoW

boottime

ord2
GetSetupTime
ord1

gdiplus

GdipDisposeImage
GdipFree
GdiplusShutdown
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipDrawImageI
GdipCloneImage
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateBitmapFromFile
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdiplusStartup
GdipAlloc

languages

ord5
ord3
ord6
ord8
ord4

config

ord13
ord11

Sections

.text
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/lang-1049.dll
.dll windows:6 windows x86 arch:x86

Password: infected

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=PIRIFORM SOFTWARE LIMITED,O=PIRIFORM SOFTWARE LIMITED,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

47:61:59:f6:b7:42:45:ca:c9:25:78:ae:bc:3c:f6:ba:c3:c2:15:e8:6d:ed:75:4a:cd:f7:6c:5e:97:9a:9e:e5
Signer

Actual PE Digest

47:61:59:f6:b7:42:45:ca:c9:25:78:ae:bc:3c:f6:ba:c3:c2:15:e8:6d:ed:75:4a:cd:f7:6c:5e:97:9a:9e:e5

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 247KB - Virtual size: 246KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
plugins/lang-1058.dll
.dll windows:6 windows x86 arch:x86

Password: infected

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:75:e1:f7:ec:9b:d8:a6:7a:3f:61:89:c6:3e:97:bb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=PIRIFORM SOFTWARE LIMITED,O=PIRIFORM SOFTWARE LIMITED,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:ad:e0:64:e4:e6:2d:91:c0:f1:bf:7f:f7:1a:3d:a5:01:8f:45:2b:7e:ff:ba:4b:f0:59:d2:18:e7:a8:32:e4
Signer

Actual PE Digest

79:ad:e0:64:e4:e6:2d:91:c0:f1:bf:7f:f7:1a:3d:a5:01:8f:45:2b:7e:ff:ba:4b:f0:59:d2:18:e7:a8:32:e4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 251KB - Virtual size: 250KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
tak_deco_lib.dll
.dll windows:5 windows x64 arch:x64

054c3a71efe2d154d9d5da7bc250cf69

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

user32

MessageBoxA
CharNextW
LoadStringW
MessageBoxW
LoadStringW
GetSystemMetrics
CharUpperBuffW
CharUpperW

kernel32

Sleep
VirtualFree
VirtualAlloc
lstrlenW
VirtualQuery
GetTickCount
GetSystemInfo
GetVersion
CompareStringW
IsValidLocale
SetThreadLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetACP
LoadLibraryExW
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetCommandLineW
FreeLibrary
GetLastError
UnhandledExceptionFilter
RtlUnwindEx
RtlUnwind
RaiseException
ExitProcess
SwitchToThread
GetCurrentThreadId
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FindFirstFileW
FindClose
WriteFile
GetStdHandle
CloseHandle
GetProcAddress
RaiseException
LoadLibraryA
GetLastError
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
FreeLibrary
WriteFile
WideCharToMultiByte
WaitForSingleObject
VirtualQuery
VerSetConditionMask
VerifyVersionInfoW
SetFilePointer
SetEvent
ResetEvent
ReadFile
QueryPerformanceFrequency
QueryPerformanceCounter
IsValidLocale
GetVersionExW
GetThreadLocale
GetStdHandle
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFileSize
GetDiskFreeSpaceW
GetCPInfo
FreeLibrary
EnumSystemLocalesW
EnumCalendarInfoW
CreateFileW
CreateEventW
CompareStringW
CloseHandle

winmm

timeGetTime

Exports

Exports

__dbk_fcall_wrapper
dbkFCallWrapperAddr
tak_APE_GetDesc
tak_APE_GetErrorString
tak_APE_GetIndexOfKey
tak_APE_GetItemDesc
tak_APE_GetItemKey
tak_APE_GetItemNum
tak_APE_GetItemValue
tak_APE_GetTextItemValueAsAnsi
tak_APE_ReadOnly
tak_APE_State
tak_APE_Valid
tak_GetCodecName
tak_GetLibraryVersion
tak_GetWaveExtensibleSpeakerMask
tak_SSD_Create_FromFile
tak_SSD_Create_FromFileW
tak_SSD_Create_FromStream
tak_SSD_Destroy
tak_SSD_GetAPEv2Tag
tak_SSD_GetCurFrameBitRate
tak_SSD_GetEncoderInfo
tak_SSD_GetErrorString
tak_SSD_GetFrameSize
tak_SSD_GetMD5
tak_SSD_GetReadPos
tak_SSD_GetSimpleWaveDataDesc
tak_SSD_GetStateInfo
tak_SSD_GetStreamInfo
tak_SSD_GetStreamInfo_V22
tak_SSD_ReadAudio
tak_SSD_ReadSimpleWaveData
tak_SSD_Seek
tak_SSD_State
tak_SSD_Valid

Sections

.text
Size: 247KB - Virtual size: 247KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 37KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 70B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.pdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Password: infected

5c455bebc40d8ab001d42875154b8ef8

Code Sign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39Certificate

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

04:07:ab:b6:4e:99:90:18:07:89:ea:cb:81:f5:f9:14Certificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39Certificate

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

04:07:ab:b6:4e:99:90:18:07:89:ea:cb:81:f5:f9:14Certificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

bf:d5:97:c4:40:b5:52:70:56:3b:e7:49:9c:29:22:94:55:7f:48:4b:6c:ce:a1:cf:3f:38:8f:8c:3a:c2:52:95Signer

7b:15:e8:df:9c:f5:42:4d:67:f4:ab:1f:32:02:ea:aa:39:19:84:91Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

libvlccore

advapi32

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 118KB - Virtual size: 117KB

.data Size: 512B - Virtual size: 80B

.rdata Size: 12KB - Virtual size: 11KB

.buildid Size: 512B - Virtual size: 53B

.bss Size: - Virtual size: 3KB

.edata Size: 12KB - Virtual size: 11KB

.idata Size: 6KB - Virtual size: 6KB

.CRT Size: 512B - Virtual size: 44B

.tls Size: 512B - Virtual size: 32B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 3KB

/4 Size: 512B - Virtual size: 20B

Password: infected

f11716690dc3b1ac312b344caaf28102

Code Sign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39Certificate

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

04:07:ab:b6:4e:99:90:18:07:89:ea:cb:81:f5:f9:14Certificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

04:07:ab:b6:4e:99:90:18:07:89:ea:cb:81:f5:f9:14
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

04:07:ab:b6:4e:99:90:18:07:89:ea:cb:81:f5:f9:14
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

bf:d5:97:c4:40:b5:52:70:56:3b:e7:49:9c:29:22:94:55:7f:48:4b:6c:ce:a1:cf:3f:38:8f:8c:3a:c2:52:95
Signer

7b:15:e8:df:9c:f5:42:4d:67:f4:ab:1f:32:02:ea:aa:39:19:84:91
Signer

.text
Size: 118KB - Virtual size: 117KB

.data
Size: 512B - Virtual size: 80B

.rdata
Size: 12KB - Virtual size: 11KB

.buildid
Size: 512B - Virtual size: 53B

.bss
Size: - Virtual size: 3KB

.edata
Size: 12KB - Virtual size: 11KB

.idata
Size: 6KB - Virtual size: 6KB

.CRT
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 32B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB

/4
Size: 512B - Virtual size: 20B

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

04:07:ab:b6:4e:99:90:18:07:89:ea:cb:81:f5:f9:14
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

04:07:ab:b6:4e:99:90:18:07:89:ea:cb:81:f5:f9:14
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

c8:2b:0a:3a:b9:68:6d:f0:cc:a6:1f:b8:4e:54:72:ee:c7:8e:04:dd:83:bc:5a:f6:4e:97:0c:6f:6e:e3:c3:c3
Signer

a3:0e:e2:a5:ad:ee:c2:60:7f:35:0e:5c:ff:58:bb:8b:73:bf:09:fe
Signer

.text
Size: 1.4MB - Virtual size: 1.4MB

.data
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.buildid
Size: 512B - Virtual size: 53B

.bss
Size: - Virtual size: 13KB

.edata
Size: 21KB - Virtual size: 21KB

.idata
Size: 8KB - Virtual size: 8KB

.CRT
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 32B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 47KB - Virtual size: 46KB

/4
Size: 512B - Virtual size: 24B

33:00:00:03:4e:b5:3c:7a:c1:84:6f:eb:2b:00:00:00:00:03:4e
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

5f:af:0c:58:d2:42:9a:e0:4a:81:ab:97:5c:6c:f6:e8:7d:30:0a:ad:18:b9:59:1c:3f:a4:76:78:f5:ef:fd:00
Signer

.text
Size: 471KB - Virtual size: 470KB

.rsrc
Size: 179KB - Virtual size: 178KB

.reloc
Size: 512B - Virtual size: 12B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate