2e203f116ac9a5dda623d4f747e60bb0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

2e203f116ac9a5dda623d4f747e60bb0N.exe
Size

6.0MB
MD5

2e203f116ac9a5dda623d4f747e60bb0
SHA1

29db95daf36a6e42f4c257fbade3a3993dafa690
SHA256

621b3ae2c8fa754ce2706ff44fbd612351b2f5357fc18cc55ae08caa3954ca1c
SHA512

db5b6f723f7cf9d0ff54647ea25fefc9566bf199b02498caa735121d7b75b528befd290846c7e4285ded2e28aba539c84ab9c0977cf0440c98319a09df2a914b
SSDEEP

196608:tdctaMSfIwWGMw/bbKmYvkMuKiMrB+QU7KlmFR:t65wI/GMw/bbKmWkMjXxlmFR

Score

3^/10

Malware Config

Signatures

Unsigned PE 9 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/StartMenu.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/UserMgr.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/CTFarmHWMon.sys
unpack001/CTFarmService.exe
unpack001/CTFarmUpdater.exe
unpack002/$PLUGINSDIR/UserInfo.dll
unpack001/sciter.dll

Files

2e203f116ac9a5dda623d4f747e60bb0N.exe
.exe windows:4 windows x86 arch:x86

f4639a0b3116c2cfc71144b88a929cfd

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

12:d2:80:a8:da:a5:db:5a:55:ab:ec:ce
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

02/07/2024, 15:19

Not After

03/07/2027, 15:19

Subject

SERIALNUMBER=14448767,CN=CryptoCompany OÜ,O=CryptoCompany OÜ,L=Tartu,ST=Tartu County,C=EE,1.2.840.113549.1.9.1=#0c17696e666f4063727970746f636f6d70616e792e73697465,1.3.6.1.4.1.311.60.2.1.3=#13024545,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

12:d2:80:a8:da:a5:db:5a:55:ab:ec:ce
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

02/07/2024, 15:19

Not After

03/07/2027, 15:19

Subject

SERIALNUMBER=14448767,CN=CryptoCompany OÜ,O=CryptoCompany OÜ,L=Tartu,ST=Tartu County,C=EE,1.2.840.113549.1.9.1=#0c17696e666f4063727970746f636f6d70616e792e73697465,1.3.6.1.4.1.311.60.2.1.3=#13024545,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fc:a3:b4:0f:4f:ce:6c:13:ad:2d:ab:63:3e:8c:a6:1c:e4:9f:d7:fa:1e:44:10:1e:11:a0:22:f7:05:9a:1c:5e
Signer

Actual PE Digest

fc:a3:b4:0f:4f:ce:6c:13:ad:2d:ab:63:3e:8c:a6:1c:e4:9f:d7:fa:1e:44:10:1e:11:a0:22:f7:05:9a:1c:5e

Digest Algorithm

sha256

PE Digest Matches

true

9c:f4:22:16:62:b0:60:94:54:93:81:2c:ca:7f:df:92:6a:7e:7b:a7
Signer

Actual PE Digest

9c:f4:22:16:62:b0:60:94:54:93:81:2c:ca:7f:df:92:6a:7e:7b:a7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegEnumValueW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegOpenKeyExW
RegCreateKeyExW

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
SHFileOperationW
ShellExecuteExW

ole32

CoCreateInstance
OleUninitialize
OleInitialize
IIDFromString
CoTaskMemFree

comctl32

ImageList_Destroy
ord17
ImageList_AddMasked
ImageList_Create

user32

MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
CreatePopupMenu
AppendMenuW
TrackPopupMenu
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetSysColor
SetWindowPos
GetWindowLongW
IsWindowEnabled
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CharPrevW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
CharNextA
wsprintfA
DispatchMessageW
CreateWindowExW
PeekMessageW
GetSystemMetrics

gdi32

GetDeviceCaps
SetBkColor
SelectObject
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor

kernel32

lstrcmpiA
CreateFileW
GetTempFileNameW
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
WriteFile
CopyFileW
ExitProcess
GetCurrentProcess
GetModuleFileNameW
GetFileSize
GetTickCount
Sleep
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
MulDiv
lstrcpyA
MoveFileExW
lstrcatW
GetSystemDirectoryW
GetProcAddress
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
SetEnvironmentVariableW

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 172KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/StartMenu.dll
.dll windows:4 windows x86 arch:x86

646971a3aef724d6f553f40ae84fe26b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
lstrcatW
FindClose
FindNextFileW
lstrcmpW
MulDiv
GlobalFree
lstrcpynW
GlobalAlloc
lstrcmpiW
FindFirstFileW
lstrcpyW

user32

TranslateMessage
GetMessageW
IsDialogMessageW
DispatchMessageW
CallWindowProcW
GetWindowLongW
CheckDlgButton
ShowWindow
LoadIconW
GetClientRect
MoveWindow
ScreenToClient
GetWindowRect
ReleaseDC
GetDC
EnableWindow
SetWindowTextW
SendMessageW
IsDlgButtonChecked
GetWindowTextW
DestroyWindow
GetDlgItem
CreateDialogParamW
SetWindowLongW
wsprintfW
PostMessageW

gdi32

GetTextMetricsW
SelectObject

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW

ole32

CoTaskMemFree

Exports

Exports

Init
Select
Show

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 578B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

509a34b3a68a773e0afb4259e68f9f82

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 662B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserMgr.dll
.dll windows:6 windows x86 arch:x86

8f62a14ed3e3b16653ac9eb7e02a4fa6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Test\NSIS_Plugin\UserMgr\x86-Unicode\UserMgr.pdb

Imports

netapi32

NetLocalGroupAddMembers
NetUserChangePassword
NetValidatePasswordPolicy
NetWkstaUserGetInfo
NetLocalGroupDel
NetUserAdd
NetUserDel
NetLocalGroupAdd
NetUserGetInfo
NetApiBufferFree
NetUserSetInfo
NetValidatePasswordPolicyFree
NetLocalGroupGetMembers
NetLocalGroupDelMembers

userenv

UnloadUserProfile
LoadUserProfileW

kernel32

CloseHandle
HeapAlloc
LocalFree
GetProcessHeap
GlobalFree
lstrcpyW
HeapReAlloc
GlobalAlloc
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetLastError
LocalAlloc
GetEnvironmentVariableW
lstrlenW
GetCurrentProcess
HeapFree
GetStringTypeW
SetFilePointerEx
SetStdHandle
HeapSize
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
DecodePointer
CreateFileW
lstrcpynW
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
WriteConsoleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InterlockedFlushSList
RtlUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RaiseException
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
RegCloseKey
LsaFreeMemory
LsaRemoveAccountRights
SetEntriesInAclW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
ConvertStringSidToSidW
LogonUserW
OpenProcessToken
RegUnLoadKeyW
RegLoadKeyW
RegOpenKeyExW
ConvertSidToStringSidW
LsaEnumerateAccountRights
LsaNtStatusToWinError
LsaOpenPolicy
GetUserNameW
LsaAddAccountRights
LsaClose
LookupAccountSidW
RegQueryValueExW
LookupAccountNameW

Exports

Exports

AddPrivilege
AddToGroup
BuiltAccountEnv
ChangeUserPassword
CreateAccount
CreateAccountEx
CreateGroup
DeleteAccount
DeleteGroup
GetCurrentDomain
GetCurrentUserName
GetLocalizedStdAccountName
GetSIDFromUserName
GetUserInfo
GetUserNameFromSID
HasPrivilege
IsMemberOfGroup
RegLoadUserHive
RegUnLoadUserHive
RemoveFromGroup
RemovePrivilege
SetRegKeyAccess
SetUserInfo
ValidatePassword

Sections

.text
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

3b477381217c97b22146297f93df2a92

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyW
GetFileAttributesW
lstrcmpiW
MulDiv
lstrlenW
HeapFree
GetProcessHeap
GetCurrentDirectoryW
HeapReAlloc
GlobalFree
lstrcpynW
GlobalAlloc
HeapAlloc
SetCurrentDirectoryW

user32

GetPropW
DestroyWindow
CallWindowProcW
SetCursor
LoadCursorW
RemovePropW
CharPrevW
GetWindowLongW
DrawTextW
GetWindowTextW
SetWindowLongW
GetDlgItem
GetSysColor
SetWindowPos
CreateDialogParamW
MapWindowPoints
GetWindowRect
SetPropW
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
MapDialogRect
GetClientRect
CharNextW
SendMessageW
DrawFocusRect

gdi32

SetTextColor

shell32

SHBrowseForFolderW
SHGetPathFromIDListW

comdlg32

GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 638B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CTFarm.exe
.exe windows:6 windows x64 arch:x64

5de71b18eafb75d3ab12da7eb6e0b311

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

12:d2:80:a8:da:a5:db:5a:55:ab:ec:ce
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

02/07/2024, 15:19

Not After

03/07/2027, 15:19

Subject

SERIALNUMBER=14448767,CN=CryptoCompany OÜ,O=CryptoCompany OÜ,L=Tartu,ST=Tartu County,C=EE,1.2.840.113549.1.9.1=#0c17696e666f4063727970746f636f6d70616e792e73697465,1.3.6.1.4.1.311.60.2.1.3=#13024545,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

12:d2:80:a8:da:a5:db:5a:55:ab:ec:ce
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

02/07/2024, 15:19

Not After

03/07/2027, 15:19

Subject

SERIALNUMBER=14448767,CN=CryptoCompany OÜ,O=CryptoCompany OÜ,L=Tartu,ST=Tartu County,C=EE,1.2.840.113549.1.9.1=#0c17696e666f4063727970746f636f6d70616e792e73697465,1.3.6.1.4.1.311.60.2.1.3=#13024545,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

38:74:ef:28:b3:e4:0e:3a:ce:08:cb:e9:96:9a:36:a1:0f:18:6f:3a:8b:d8:ae:b8:6b:01:77:a2:e4:0c:e7:24
Signer

Actual PE Digest

38:74:ef:28:b3:e4:0e:3a:ce:08:cb:e9:96:9a:36:a1:0f:18:6f:3a:8b:d8:ae:b8:6b:01:77:a2:e4:0c:e7:24

Digest Algorithm

sha256

PE Digest Matches

true

cf:fa:68:4d:75:0d:e4:b0:26:51:4a:2a:20:5a:2c:f6:be:0e:ba:b6
Signer

Actual PE Digest

cf:fa:68:4d:75:0d:e4:b0:26:51:4a:2a:20:5a:2c:f6:be:0e:ba:b6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CloseHandle
GetCurrentProcess
GlobalMemoryStatusEx
GetModuleFileNameW
GetModuleHandleW
GetComputerNameW
LocalFree
HeapAlloc
HeapFree
GetProcessHeap
QueryPerformanceCounter
QueryPerformanceFrequency
OpenEventA
WaitForSingleObject
SetEvent
ResetEvent
CreateEventA
CreateFileMappingA
OpenFileMappingA
MapViewOfFile
MultiByteToWideChar
GetModuleFileNameA
SwitchToThread
GetCurrentThread
GetSystemInfo
GetVersionExA
VirtualAlloc
GetModuleHandleA
LoadLibraryA
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
GetComputerNameA
GetLargePageMinimum
VirtualFree
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
FindResourceW
SizeofResource
LockResource
LoadResource
Sleep
GetCommandLineW
LoadLibraryW
GetProcAddress
FreeLibrary
CreateMutexA
LocalAlloc
GetLastError
RtlPcToFileHeader
RaiseException
WaitForSingleObjectEx
GetCurrentThreadId
GetExitCodeThread
GetNativeSystemInfo
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
InitOnceBeginInitialize
InitOnceComplete
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
GetModuleHandleExW
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
WideCharToMultiByte
LCMapStringEx
GetStringTypeW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
RtlUnwindEx
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
CreateThread
ExitThread
FreeLibraryAndExitThread
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ReadFile
GetConsoleMode
ReadConsoleW
GetStdHandle
WriteFile
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapReAlloc
HeapSize
GetCurrentDirectoryW
GetFullPathNameW
SetStdHandle
SetFilePointerEx
GetConsoleOutputCP
SetEndOfFile
GetFileSizeEx
FlushFileBuffers
GetTimeZoneInformation
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
RtlUnwind

user32

MessageBoxW
ShowWindow
FindWindowW
PostMessageW

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueExW
GetUserNameW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegSetKeyValueW
RegOpenKeyExW
RegDeleteValueW
RegCloseKey

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 510KB - Virtual size: 509KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 567KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RANDOMX
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CTFarmHWMon.sys
.sys windows:10 windows x64 arch:x64

4cab46abbefc3fd3ffdef1a38a08a461

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

%_PDB

Imports

ntoskrnl.exe

IofCompleteRequest
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
__C_specific_handler
MmGetSystemRoutineAddress
MmUnmapIoSpace
ZwClose
ZwSetSecurityObject
IoDeviceObjectType
IoCreateDevice
ObOpenObjectByPointer
RtlGetDaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
RtlGetSaclSecurityDescriptor
MmMapIoSpace
SeCaptureSecurityDescriptor
_snwprintf
RtlLengthSecurityDescriptor
SeExports
RtlCreateSecurityDescriptor
_wcsnicmp
ExAllocatePoolWithTag
wcschr
RtlAbsoluteToSelfRelativeSD
RtlAddAccessAllowedAce
RtlLengthSid
IoIsWdmVersionAvailable
RtlSetDaclSecurityDescriptor
ZwOpenKey
ZwSetValueKey
ZwQueryValueKey
ZwCreateKey
RtlFreeUnicodeString
ExFreePoolWithTag
RtlInitUnicodeString

hal

HalGetBusDataByOffset
HalSetBusDataByOffset

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CTFarmService.exe
.exe windows:6 windows x64 arch:x64

d281fd490d470826314cd88d74ee16bf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

DeviceIoControl
GetModuleFileNameW
GetCurrentThread
CreateFileW
GetActiveProcessorGroupCount
WriteConsoleW
HeapSize
SetStdHandle
LocalFree
LocalAlloc
OpenFileMappingA
CreateFileMappingA
MapViewOfFile
OpenEventA
CreateEventA
WaitForSingleObject
ResetEvent
SetEvent
CloseHandle
Sleep
GetLastError
SetThreadGroupAffinity
GetCommandLineW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
WideCharToMultiByte
LCMapStringEx
GetStringTypeW
GetCPInfo
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
GetProcAddress
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlPcToFileHeader
RaiseException
RtlUnwindEx
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
HeapFree
HeapAlloc
GetFileType
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
ReadFile
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
RtlUnwind

shell32

CommandLineToArgvW

advapi32

ChangeServiceConfig2A
StartServiceA
QueryServiceStatus
OpenServiceW
OpenSCManagerA
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerExW

Sections

.text
Size: 233KB - Virtual size: 232KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CTFarmUpdater.exe
.exe windows:6 windows x86 arch:x86

15ab83d17a3a53d7e49347db544e8802

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

send
recv
WSAStartup
freeaddrinfo
getaddrinfo
WSASocketW
WSASend
WSARecv
WSAIoctl
WSAGetLastError
WSASetLastError
setsockopt
select
listen
htonl
getsockopt
getsockname
ioctlsocket
connect
closesocket
bind
accept
__WSAFDIsSet
WSACleanup
WSAStringToAddressW

crypt32

CertFreeCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CertOpenSystemStoreW

kernel32

GetDateFormatW
HeapAlloc
HeapFree
ExitProcess
ReadFile
FileTimeToSystemTime
GetTimeFormatW
PeekNamedPipe
GetDriveTypeW
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SystemTimeToTzSpecificLocalTime
FlushFileBuffers
CloseHandle
GetLastError
PostQueuedCompletionStatus
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
WaitForSingleObject
WaitForMultipleObjects
QueueUserAPC
TerminateThread
TlsAlloc
TlsFree
LocalFree
FormatMessageA
FormatMessageW
WideCharToMultiByte
VerSetConditionMask
SetLastError
CreateIoCompletionPort
GetQueuedCompletionStatus
InitializeCriticalSectionAndSpinCount
SleepEx
CreateEventW
SetWaitableTimer
Sleep
GetConsoleOutputCP
TlsSetValue
GetSystemTimeAsFileTime
CreateWaitableTimerA
VerifyVersionInfoA
GetCommandLineW
CreateMutexW
CreateFileW
GetFileSizeEx
WriteFile
ResetEvent
GetCurrentProcess
IsWow64Process
MultiByteToWideChar
GetTempFileNameW
GetTempPathW
CreateProcessW
GetModuleFileNameW
GetSystemTime
SystemTimeToFileTime
GetCurrentThreadId
SwitchToFiber
DeleteFiber
CreateFiber
FindClose
FindFirstFileA
FindNextFileA
GetModuleHandleExA
GetStdHandle
GetFileType
GetModuleHandleA
GetProcAddress
ConvertFiberToThread
ConvertThreadToFiber
QueryPerformanceCounter
GetCurrentProcessId
FreeLibrary
LoadLibraryA
GetEnvironmentVariableW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
SetConsoleCtrlHandler
LoadLibraryExW
InterlockedPushEntrySList
RtlUnwind
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
WriteConsoleW
HeapSize
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitializeSListHead
GetTimeZoneInformation
HeapReAlloc
GetOEMCP
SetStdHandle
IsValidCodePage
GetACP
TlsGetValue
GetProcessHeap
SetEnvironmentVariableW
WaitForSingleObjectEx
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
RaiseException
QueryPerformanceFrequency
GetStringTypeW
GetCurrentDirectoryW
FindFirstFileExW
FindNextFileW
GetFileInformationByHandle
GetFullPathNameW
SetEndOfFile
SetFilePointerEx
InitializeCriticalSectionEx
GetModuleHandleW
EncodePointer
DecodePointer
LCMapStringEx
GetLocaleInfoEx
CompareStringEx
GetCPInfo

user32

MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxW

ole32

CoInitializeEx
OleRun
CoCreateInstance

oleaut32

VariantClear
VariantInit
SysFreeString
SysAllocString

advapi32

ReportEventA
RegisterEventSourceA
DeregisterEventSource
RegOpenKeyExW
RegCloseKey
RegQueryValueExW

bcrypt

BCryptOpenAlgorithmProvider
BCryptGenRandom
BCryptCloseAlgorithmProvider

wintrust

WinVerifyTrust

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 581KB - Virtual size: 580KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 127KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Uninstall.exe
.exe windows:4 windows x86 arch:x86

f4639a0b3116c2cfc71144b88a929cfd

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

12:d2:80:a8:da:a5:db:5a:55:ab:ec:ce
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

02/07/2024, 15:19

Not After

03/07/2027, 15:19

Subject

SERIALNUMBER=14448767,CN=CryptoCompany OÜ,O=CryptoCompany OÜ,L=Tartu,ST=Tartu County,C=EE,1.2.840.113549.1.9.1=#0c17696e666f4063727970746f636f6d70616e792e73697465,1.3.6.1.4.1.311.60.2.1.3=#13024545,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

12:d2:80:a8:da:a5:db:5a:55:ab:ec:ce
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

02/07/2024, 15:19

Not After

03/07/2027, 15:19

Subject

SERIALNUMBER=14448767,CN=CryptoCompany OÜ,O=CryptoCompany OÜ,L=Tartu,ST=Tartu County,C=EE,1.2.840.113549.1.9.1=#0c17696e666f4063727970746f636f6d70616e792e73697465,1.3.6.1.4.1.311.60.2.1.3=#13024545,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

96:e8:ec:7b:ca:12:67:13:87:58:35:9c:a2:c1:9b:d2:73:32:a4:e4:37:b4:b1:49:37:c0:e8:8c:18:82:c8:3c
Signer

Actual PE Digest

96:e8:ec:7b:ca:12:67:13:87:58:35:9c:a2:c1:9b:d2:73:32:a4:e4:37:b4:b1:49:37:c0:e8:8c:18:82:c8:3c

Digest Algorithm

sha256

PE Digest Matches

true

a6:78:44:b1:73:5d:01:73:72:32:61:4e:bc:98:13:d9:cc:18:2c:4b
Signer

Actual PE Digest

a6:78:44:b1:73:5d:01:73:72:32:61:4e:bc:98:13:d9:cc:18:2c:4b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegEnumValueW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegOpenKeyExW
RegCreateKeyExW

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
SHFileOperationW
ShellExecuteExW

ole32

CoCreateInstance
OleUninitialize
OleInitialize
IIDFromString
CoTaskMemFree

comctl32

ImageList_Destroy
ord17
ImageList_AddMasked
ImageList_Create

user32

MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
CreatePopupMenu
AppendMenuW
TrackPopupMenu
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetSysColor
SetWindowPos
GetWindowLongW
IsWindowEnabled
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CharPrevW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
CharNextA
wsprintfA
DispatchMessageW
CreateWindowExW
PeekMessageW
GetSystemMetrics

gdi32

GetDeviceCaps
SetBkColor
SelectObject
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor

kernel32

lstrcmpiA
CreateFileW
GetTempFileNameW
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
WriteFile
CopyFileW
ExitProcess
GetCurrentProcess
GetModuleFileNameW
GetFileSize
GetTickCount
Sleep
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
MulDiv
lstrcpyA
MoveFileExW
lstrcatW
GetSystemDirectoryW
GetProcAddress
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
SetEnvironmentVariableW

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 172KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:4 windows x86 arch:x86

68e847ed6763e00454edac87b3abd95a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
OpenThreadToken
GetUserNameW

kernel32

GlobalAlloc
CloseHandle
GlobalFree
GetLastError
GetCurrentProcess
GetCurrentThread
GetVersion
GetProcAddress
GetModuleHandleA
lstrcpynW

Exports

Exports

GetAccountType
GetName
GetOriginalAccountType

Sections

.text
Size: 1024B - Virtual size: 714B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 705B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sciter.dll
.dll windows:6 windows x64 arch:x64

3d9c2f314077895362b5c939b75e3a27

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\sciter\sciter\sdk.js\bin\windows\x64\sciter.pdb

Imports

ws2_32

GetAddrInfoW
WSAIoctl
WSARecv
connect
socket
getsockname
getpeername
listen
FreeAddrInfoW
freeaddrinfo
getaddrinfo
select
ioctlsocket
WSASocketW
htons
WSASend
ntohl
ntohs
WSASetLastError
WSAStartup
WSASendTo
closesocket
getsockopt
setsockopt
htonl
WSAGetLastError
bind
WSARecvFrom
shutdown

wininet

HttpSendRequestA
HttpQueryInfoA
InternetConnectA
HttpOpenRequestA
HttpQueryInfoW
InternetReadFile
InternetSetOptionW
InternetOpenA
InternetErrorDlg
InternetCloseHandle
InternetQueryOptionW

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
ord74
Shell_NotifyIconW
CommandLineToArgvW
SHGetFileInfoW
ord727
ShellExecuteExW
DragQueryFileW
ShellExecuteW
SHGetSpecialFolderPathW

advapi32

CryptAcquireContextW
RegOpenKeyExW
RegQueryValueExW
GetUserNameW
OpenProcessToken
CryptGenRandom
CryptReleaseContext
SystemFunction036
RegCloseKey

ole32

CoTaskMemFree
CoCreateInstance
CoCreateGuid
StringFromCLSID
OleInitialize
OleUninitialize
CoUninitialize
ReleaseStgMedium
DoDragDrop
RevokeDragDrop
RegisterDragDrop
CreateStreamOnHGlobal
CoInitialize
CoTaskMemAlloc
CoFreeUnusedLibraries

oleaut32

SafeArrayDestroy
SafeArrayPutElement
SafeArrayCreateVector
SysFreeString
SysAllocStringLen

gdi32

SaveDC
GetClipBox
GetFontUnicodeRanges
SetViewportOrgEx
SetLayout
GetStockObject
StartPage
EndDoc
CreateDCW
RestoreDC
StartDocW
EndPage
BitBlt
StretchDIBits
DeleteObject
CreateBitmap
EnumFontFamiliesExW
CreateFontW
GetObjectA
GetGlyphIndicesW
CreateDIBSection
GetDIBits
SelectObject
DeleteDC
CreateCompatibleDC
GetObjectW
GetDeviceCaps
AddFontMemResourceEx
SetMapMode
CreateSolidBrush

comdlg32

GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError
PrintDlgW

winspool.drv

ord203

kernel32

DeleteFileW
EnumSystemLocalesW
IsValidLocale
IsDebuggerPresent
GetModuleHandleW
InitializeSListHead
HeapReAlloc
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCommandLineA
GetStringTypeW
SetThreadPriority
DecodePointer
lstrlenW
FormatMessageW
LocalAlloc
LocalSize
WaitForMultipleObjects
lstrcmpW
LoadLibraryW
GetThreadPriority
GetTickCount
WaitForSingleObjectEx
GetExitCodeThread
LCMapStringEx
InitializeCriticalSectionEx
MultiByteToWideChar
VerSetConditionMask
VerifyVersionInfoW
GetFullPathNameW
GetModuleFileNameW
QueryPerformanceCounter
QueryPerformanceFrequency
WideCharToMultiByte
CompareStringW
GetLocaleInfoW
GetNumberFormatW
GetCurrencyFormatW
GetDateFormatW
GetTimeFormatW
GetComputerNameW
GetUserDefaultLCID
GetSystemDefaultLCID
LoadLibraryExW
GetProcAddress
FindFirstFileW
FindNextFileW
FindClose
GetSystemTime
SystemTimeToFileTime
GetTimeZoneInformation
FileTimeToSystemTime
Sleep
OutputDebugStringW
CreateFileW
GetFileSize
CreateFileMappingW
MapViewOfFile
FlushViewOfFile
UnmapViewOfFile
CloseHandle
SetFilePointer
SetEndOfFile
MulDiv
GetTempPathA
GetTempFileNameA
GetLastError
GetFileAttributesW
FreeLibrary
GetCurrentThreadId
GetCPInfo
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalSize
GlobalFree
SleepConditionVariableCS
TlsSetValue
EnterCriticalSection
ReleaseSemaphore
TryAcquireSRWLockExclusive
WakeAllConditionVariable
WakeConditionVariable
LeaveCriticalSection
InitializeCriticalSection
InitializeConditionVariable
WaitForSingleObject
ResumeThread
DuplicateHandle
CreateEventW
ReleaseSRWLockExclusive
SetEvent
GetCurrentThread
AcquireSRWLockExclusive
TlsAlloc
GetNativeSystemInfo
DeleteCriticalSection
CreateSemaphoreW
TlsGetValue
TlsFree
SetLastError
SetEnvironmentVariableW
GetConsoleTitleW
GetEnvironmentVariableW
GetTempPathW
GetVersionExW
FreeEnvironmentStringsW
GetSystemInfo
GetCurrentDirectoryW
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
SetErrorMode
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
GetConsoleMode
GetFileType
LocalFree
FormatMessageA
DebugBreak
GetModuleHandleA
LoadLibraryA
ReadFile
SetNamedPipeHandleState
CreateNamedPipeA
WriteFile
RegisterWaitForSingleObject
UnregisterWait
CreateNamedPipeW
PeekNamedPipe
QueueUserWorkItem
CancelSynchronousIo
CreateFileA
GetNamedPipeHandleStateW
CancelIoEx
SwitchToThread
WaitNamedPipeW
ConnectNamedPipe
FlushFileBuffers
CreateDirectoryW
GetFileInformationByHandleEx
GetFileSizeEx
GetDiskFreeSpaceW
DeviceIoControl
RemoveDirectoryW
SetFileTime
ReOpenFile
CreateHardLinkW
GetFileInformationByHandle
SetFilePointerEx
MoveFileExW
CopyFileW
CreateSymbolicLinkW
SetConsoleCtrlHandler
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
SetConsoleMode
GetConsoleCursorInfo
SetConsoleCursorInfo
FillConsoleOutputCharacterW
ReadConsoleInputW
ReadConsoleW
ResetEvent
WriteConsoleInputW
FillConsoleOutputAttribute
WriteConsoleW
GetNumberOfConsoleInputEvents
SetConsoleCursorPosition
SetHandleInformation
CancelIo
SetFileCompletionNotificationModes
GetLongPathNameW
GetShortPathNameW
ReadDirectoryChangesW
SetInformationJobObject
AssignProcessToJobObject
TerminateProcess
CreateJobObjectW
UnregisterWaitEx
LCMapStringW
CreateProcessW
GetExitCodeProcess
GetStartupInfoW
GetStdHandle
ExitProcess
VirtualProtect
VirtualFree
VirtualAlloc
HeapFree
GetCommandLineW
HeapAlloc
GetProcessHeap
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
EncodePointer
RtlUnwind
InitializeCriticalSectionAndSpinCount
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
SetStdHandle
GetConsoleOutputCP
GetFileAttributesExW
SetFileAttributesW
HeapSize
FlsAlloc
FlsGetValue
FlsSetValue
GetCurrentProcess
FlsFree
SleepConditionVariableSRW

user32

ReleaseCapture
GetForegroundWindow
CreateWindowExW
SetTimer
MoveWindow
SetWindowLongPtrW
ShowWindow
DefWindowProcW
MapWindowPoints
DestroyWindow
WindowFromPoint
SetForegroundWindow
IsIconic
ScreenToClient
ClientToScreen
RegisterWindowMessageW
LoadIconW
RegisterClassExW
AdjustWindowRectEx
SetClassLongW
GetClassLongW
PostMessageW
KillTimer
GetMessageExtraInfo
GetAsyncKeyState
SetWindowLongW
GetMessageTime
IsZoomed
IsWindowUnicode
GetFocus
SetFocus
SetCursor
SetScrollInfo
GetScrollInfo
GetWindowTextW
SendMessageW
SetCapture
GetCapture
CallNextHookEx
SetWindowsHookExW
UnhookWindowsHookEx
GetActiveWindow
IsChild
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
EnumThreadWindows
IsRectEmpty
UnregisterClassW
FlashWindowEx
RegisterHotKey
UnregisterHotKey
MonitorFromPoint
CreateMenu
GetMenuItemCount
RemoveMenu
InsertMenuW
GetMenu
SetMenu
GetKeyboardLayout
CreateCaret
DestroyCaret
SetCaretPos
FindWindowW
PostQuitMessage
SystemParametersInfoW
GetMessageW
RegisterClassW
GetWindowLongPtrW
MapVirtualKeyW
DispatchMessageW
BeginPaint
SetWindowTextW
TranslateMessage
GetClipboardData
IsClipboardFormatAvailable
SetClipboardData
EnumClipboardFormats
SetParent
GetParent
GetWindowPlacement
CountClipboardFormats
CloseClipboard
EmptyClipboard
OpenClipboard
RegisterClipboardFormatW
GetDesktopWindow
MessageBeep
NotifyWinEvent
GetDoubleClickTime
GetWindowThreadProcessId
GetSystemMetrics
DestroyIcon
DrawIconEx
GetIconInfo
CreateIconIndirect
LoadCursorFromFileA
LoadCursorW
DestroyCursor
GetSysColor
ReleaseDC
GetDC
GetWindowLongW
IsWindowVisible
AnimateWindow
SetWindowPos
UpdateWindow
InvalidateRect
GetCursorPos
GetClientRect
IsWindowEnabled
EnableWindow
EndPaint
IsWindow
GetWindowRect
GetKeyState
MonitorFromWindow
EnumDisplayMonitors
MsgWaitForMultipleObjects
GetMonitorInfoW
PeekMessageW
CallMsgFilterW
GetWindow
UpdateLayeredWindow
SetActiveWindow
MessageBoxW
PostThreadMessageW
GetQueueStatus
EnumDisplayDevicesW

userenv

GetUserProfileDirectoryW

shlwapi

PathIsRelativeW

winmm

timeSetEvent
timeBeginPeriod
timeEndPeriod
timeGetTime
timeKillEvent

comctl32

ImageList_Destroy
ImageList_GetIconSize
ImageList_DrawEx

oleacc

LresultFromObject
AccessibleObjectFromWindow

imm32

ImmGetContext
ImmGetCompositionStringW
ImmIsIME
ImmReleaseContext
ImmAssociateContextEx
ImmNotifyIME
ImmSetCandidateWindow

usp10

ScriptFreeCache
ScriptApplyDigitSubstitution
ScriptPlace
ScriptBreak
ScriptItemize
ScriptShape

gdiplus

GdipDeletePath
GdipAddPathArcI
GdipAddPathLineI
GdipFillPath
GdipGetClipBoundsI
GdipCreateLineBrush
GdipMultiplyLineTransform
GdipCreateMatrix2
GdipSetLinePresetBlend
GdipSetLineWrapMode
GdipAddPathEllipse
GdipCreatePathGradientFromPath
GdipSetPathGradientPresetBlend
GdipSetPathGradientWrapMode
GdipSetPathGradientCenterPoint
GdipSetPathGradientTransform
GdipCreatePen1
GdipDeletePen
GdipDrawPath
GdipFillRectanglesI
GdipDrawLine
GdipSetClipRectI
GdipSetClipPath
GdipTranslateWorldTransform
GdipFillRectangleI
GdipSaveGraphics
GdipRestoreGraphics
GdipBeginContainer2
GdipGetImageGraphicsContext
GdipGraphicsClear
GdipSetClipRect
GdipGetPathWorldBounds
GdipClonePath
GdipAddPathRectangleI
GdipGetImageHeight
GdipGetImageWidth
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipSetSmoothingMode
GdipEndContainer
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipDrawImageRectRect
GdipTransformPoints
GdipMultiplyWorldTransform
GdipSetWorldTransform
GdipCreateMatrix
GdipDeleteMatrix
GdipGetWorldTransform
GdipGetMatrixElements
GdipTranslateMatrix
GdipRotateMatrix
GdipScaleMatrix
GdipShearMatrix
GdipGetBrushType
GdipGetSolidFillColor
GdipCreateTexture
GdipFillEllipse
GdipDrawEllipse
GdipFillPie
GdipDrawPie
GdipDrawArc
GdipFillRectangle
GdipDrawRectangle
GdipResetPath
GdipIsVisiblePathPoint
GdipStartPathFigure
GdipAddPathLine
GdipClosePathFigure
GdipSetPathFillMode
GdipAddPathArc
GdipAddPathBezier
GdipSetPageUnit
GdipSetCompositingQuality
GdipSetPixelOffsetMode
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipCreateFromHWND
GdipCreateFromHDC
GdipCreatePen2
GdipSetPenEndCap
GdipSetPenStartCap
GdipSetPenLineJoin
GdipSetPenMiterLimit
GdipSetPenDashStyle
GdipSetPenDashArray
GdipSetPenDashOffset
GdipGetFontSize
GdipDeleteFont
GdipGetCellAscent
GdipCreateFontFromDC
GdipGetLineSpacing
GdipGetEmHeight
GdipCreateFontFromLogfontA
GdipGetFamily
GdipDeleteFontFamily
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromGraphics
GdipDrawImageI
GdipCreateHBITMAPFromBitmap
GdipDrawDriverString
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipDisposeImage
GdipCloneImage
GdipCreateBitmapFromScan0
GdipFree
GdipAlloc
GdipCreatePath
GdipGetSmoothingMode

Exports

Exports

SciterAPI

Sections

.text
Size: 6.1MB - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 129KB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 215KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.fptable
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 269KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f4639a0b3116c2cfc71144b88a929cfd

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

12:d2:80:a8:da:a5:db:5a:55:ab:ec:ceCertificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

12:d2:80:a8:da:a5:db:5a:55:ab:ec:ceCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

fc:a3:b4:0f:4f:ce:6c:13:ad:2d:ab:63:3e:8c:a6:1c:e4:9f:d7:fa:1e:44:10:1e:11:a0:22:f7:05:9a:1c:5eSigner

9c:f4:22:16:62:b0:60:94:54:93:81:2c:ca:7f:df:92:6a:7e:7b:a7Signer

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shell32

ole32

comctl32

user32

gdi32

kernel32

Sections

.text Size: 26KB - Virtual size: 26KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 1KB - Virtual size: 170KB

.ndata Size: - Virtual size: 172KB

.rsrc Size: 40KB - Virtual size: 40KB

646971a3aef724d6f553f40ae84fe26b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 296B

.reloc Size: 1024B - Virtual size: 578B

509a34b3a68a773e0afb4259e68f9f82

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

12:d2:80:a8:da:a5:db:5a:55:ab:ec:ce
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

12:d2:80:a8:da:a5:db:5a:55:ab:ec:ce
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

fc:a3:b4:0f:4f:ce:6c:13:ad:2d:ab:63:3e:8c:a6:1c:e4:9f:d7:fa:1e:44:10:1e:11:a0:22:f7:05:9a:1c:5e
Signer

9c:f4:22:16:62:b0:60:94:54:93:81:2c:ca:7f:df:92:6a:7e:7b:a7
Signer

.text
Size: 26KB - Virtual size: 26KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 1KB - Virtual size: 170KB

.ndata
Size: - Virtual size: 172KB

.rsrc
Size: 40KB - Virtual size: 40KB

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 296B

.reloc
Size: 1024B - Virtual size: 578B

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 1024B - Virtual size: 867B

.data
Size: 512B - Virtual size: 120B

.reloc
Size: 1024B - Virtual size: 662B

.text
Size: 73KB - Virtual size: 72KB

.rdata
Size: 30KB - Virtual size: 30KB

.data
Size: 2KB - Virtual size: 68KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 5KB - Virtual size: 4KB

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 8KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 638B

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

12:d2:80:a8:da:a5:db:5a:55:ab:ec:ce
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

12:d2:80:a8:da:a5:db:5a:55:ab:ec:ce
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate