Installer-master-BlackMythWukong[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

Installer-master-BlackMythWukong.rar
Size

54.8MB
MD5

ee0ca9deced958f712b37416ded0ec77
SHA1

cc2f57bc78c61b50b76605975ffc2271fce60bf7
SHA256

b28507f5d646bff668608fd5815137dc2317f2536bfd9dcbb4c412506b31856c
SHA512

fbf9d3ff8d5754aafab9f19b2c44b6c60d1e1b80f0fbf5b8cd492a4f6d82f38be225ee4e1e3d46251d1349e9d5f1be66f8cf11b2e6c1d0b60390193e589431e9
SSDEEP

786432:yK9FbHTJiZVCh7UZaMwuM1nfRZ+bs4ZuRJhHxgqCiIFGD0TvjihWrc2oVNVjZc51:pLd8ChPuqfjis4ZuRJhaqqBTIIR1

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/dll/Microsoft.Msmq.Activex.Interop.dll
unpack001/dll/mqcertui.dll
unpack001/dll/mqoa.dll
unpack001/dll/mqsnap.dll
unpack001/dll/nshwfp.dll

Files

Installer-master-BlackMythWukong.rar
.rar

Password: 2121
Driver_x32.exe
.exe windows:5 windows x86 arch:x86

Password: 2121

322007af740de7180c372869bc4e46e0

Code Sign

6f:69:17:9a:79:4a:35:5e:5f:5c:8f:21:12:a4:9c:4a
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

17-12-2019 00:00

Not After

06-01-2021 23:59

Subject

CN=Lenovo,OU=G09,O=Lenovo,L=Morrisville,ST=North Carolina,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7c:1b:35:35:4a:e7:db:74:e7:41:5f:11:69:ca:6b:a8
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

22-07-2014 00:00

Not After

21-07-2024 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-10-2019 00:00

Not After

17-10-2030 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

28:56:5c:d7:46:7a:0d:c8:41:ac:c8:7c:26:65:be:40:7a:76:ec:00:fe:00:67:1c:87:2a:d5:89:01:e4:9f:08
Signer

Actual PE Digest

28:56:5c:d7:46:7a:0d:c8:41:ac:c8:7c:26:65:be:40:7a:76:ec:00:fe:00:67:1c:87:2a:d5:89:01:e4:9f:08

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetModuleFileNameW
GetLastError
GetACP
lstrlenW
CompareStringW
QueryPerformanceCounter
LocalFree
CloseHandle
VirtualProtect
WideCharToMultiByte
GetTickCount
FindClose
MultiByteToWideChar
LoadLibraryA
GetVersion
VirtualFree
RaiseException
ExitProcess
GetStartupInfoW
SwitchToThread
InitializeCriticalSection
GetEnvironmentVariableW
VirtualAlloc
WriteFile
RtlUnwind
GetSystemInfo
GetCommandLineW
GetProcAddress
DeleteCriticalSection
TlsGetValue
GetStdHandle
TlsSetValue
GetModuleHandleW
LoadLibraryExW
FreeLibrary
LocalAlloc
GetCurrentThreadId
UnhandledExceptionFilter
FindFirstFileW
VirtualQuery
SetThreadLocale
Sleep

comctl32

InitCommonControls

user32

CreateWindowExW
CharNextW
LoadStringW

oleaut32

SysAllocStringLen
SysFreeString
SysReAllocStringLen

advapi32

RegQueryValueExW
AdjustTokenPrivileges
RegCloseKey
RegOpenKeyExW
AllocateAndInitializeSid

Exports

Exports

__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 143KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 24KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 113B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 20B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Installer-master-BlackMythWukong.msi
.msi
dll/Microsoft.Msmq.Activex.Interop.dll
.dll windows:4 windows x86 arch:x86

Password: 2121

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dll/Windows.Media.Protection.PlayReady.dll
.dll windows:10 windows x86 arch:x86

Password: 2121

3272cf4753562bdedf68f6b6df70aa27

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-11-2023 19:20

Not After

14-11-2024 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

22:52:42:c8:2c:d9:c1:fc:54:56:7b:26:54:58:97:d4:a1:f9:51:d9:14:1e:b0:14:94:5c:91:f9:cb:f2:28:46
Signer

Actual PE Digest

22:52:42:c8:2c:d9:c1:fc:54:56:7b:26:54:58:97:d4:a1:f9:51:d9:14:1e:b0:14:94:5c:91:f9:cb:f2:28:46

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Windows.Media.Protection.PlayReady.pdb

Imports

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
GetTraceLoggerHandle
TraceMessage
GetTraceEnableFlags
UnregisterTraceGuids
GetTraceEnableLevel

api-ms-win-core-localization-l1-2-0

GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringW
GetACP
FormatMessageW

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
ExitProcess
TlsGetValue
TlsSetValue
GetCurrentThreadId
GetStartupInfoW
TlsAlloc
TlsFree
GetExitCodeProcess
CreateThread
GetCurrentProcessId
CreateProcessW
TerminateProcess
GetCurrentProcess

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapSize
HeapFree
HeapCreate
HeapAlloc
GetProcessHeap
HeapDestroy

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
LoadLibraryExW
LoadLibraryExA
GetProcAddress
GetModuleHandleExW
GetModuleFileNameA
FreeLibrary
FreeLibraryAndExitThread
GetModuleHandleA
GetModuleHandleW
GetModuleFileNameW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent
OutputDebugStringA

api-ms-win-core-errorhandling-l1-1-0

GetLastError
RaiseException
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-synch-l1-1-0

AcquireSRWLockShared
InitializeCriticalSectionEx
ReleaseSRWLockShared
WaitForSingleObjectEx
ResetEvent
EnterCriticalSection
CreateEventW
WaitForSingleObject
InitializeSRWLock
AcquireSRWLockExclusive
OpenSemaphoreW
InitializeCriticalSectionAndSpinCount
ReleaseSRWLockExclusive
ReleaseSemaphore
ReleaseMutex
SetEvent
LeaveCriticalSection
CreateEventExW
CreateMutexExW
CreateSemaphoreExW
DeleteCriticalSection
InitializeCriticalSection

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
CloseThreadpoolTimer

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsStringHasEmbeddedNull
WindowsCreateString
WindowsCompareStringOrdinal
WindowsDeleteString
WindowsGetStringLen
HSTRING_UserSize
HSTRING_UserUnmarshal
WindowsCreateStringReference
HSTRING_UserMarshal
HSTRING_UserFree
WindowsIsStringEmpty

api-ms-win-core-featurestaging-l1-1-0

GetFeatureEnabledState
SubscribeFeatureStateChangeNotification
UnsubscribeFeatureStateChangeNotification
RecordFeatureUsage

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo
GetRestrictedErrorInfo
RoOriginateErrorW
RoTransformError
RoOriginateError

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce
WakeAllConditionVariable
SleepConditionVariableSRW

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventSetInformation
EventUnregister
EventRegister

api-ms-win-core-com-l1-1-0

CoCreateGuid
CoGetApartmentType
CoUninitialize
CoInitializeEx
CoTaskMemFree
CoMarshalInterface
CoCreateInstance
CoGetMarshalSizeMax
CoUnmarshalInterface
CoWaitForMultipleHandles
PropVariantCopy
CoCreateFreeThreadedMarshaler
PropVariantClear
CoTaskMemAlloc
CreateStreamOnHGlobal

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance
RoUninitialize
RoInitialize

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
MapViewOfFileEx
UnmapViewOfFile
MapViewOfFile
VirtualQueryEx
VirtualProtect
VirtualQuery
VirtualFree
VirtualAlloc

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy

api-ms-win-core-string-l1-1-0

GetStringTypeW
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-processenvironment-l1-1-0

FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStdHandle
SetStdHandle
GetCommandLineA

oleaut32

BSTR_UserFree
LPSAFEARRAY_UserSize
BSTR_UserSize
LPSAFEARRAY_UserFree
LPSAFEARRAY_UserUnmarshal
SysAllocString
SysFreeString
SysAllocStringLen
BSTR_UserUnmarshal
SysStringLen
BSTR_UserMarshal
LPSAFEARRAY_UserMarshal

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetLocalTime
GetVersionExW
GetTickCount
GetSystemInfo
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlUnwind

api-ms-win-core-file-l1-1-0

GetFileType
SetFilePointer
CreateDirectoryW
ReadFile
WriteFile
CreateFileW
GetFileSize
LockFileEx
DeleteFileW
GetDiskFreeSpaceW
FlushFileBuffers
SetFileAttributesW
GetFileAttributesW
UnlockFileEx
SetEndOfFile
FileTimeToLocalFileTime

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-console-l1-1-0

GetConsoleCP
GetConsoleMode
WriteConsoleW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

propsys

PSCreateMemoryPropertyStore

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey

api-ms-win-security-sddl-l1-1-0

ConvertSecurityDescriptorToStringSecurityDescriptorW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-version-l1-1-0

GetFileVersionInfoSizeExW
VerQueryValueW
GetFileVersionInfoExW

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-kernel32-legacy-l1-1-0

GlobalMemoryStatus

mfplat

MFCopyImage
MFPutWorkItemEx2
MFPutWaitingWorkItem
MFGetSystemTime
MFPutWorkItem
MFScheduleWorkItemEx
MFLockWorkQueue
MFPutWorkItemEx
MFCreateAsyncResult
MFCreateTrackedSample
MFIsContentProtectionDeviceSupported
MFCreateMediaExtensionActivate
MFCreateCollection
MFShutdown
MFStartup
MFUnwrapMediaType
MFInvokeCallback
MFCreateMediaEvent
MFCreateAttributes
MFCreateEventQueue
MFCreateContentProtectionDevice
MFCreateContentDecryptorContext
MFUnlockWorkQueue

ntdll

VerSetConditionMask

rpcrt4

CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
NdrOleAllocate
CStdStubBuffer_QueryInterface
CStdStubBuffer_DebugServerRelease
NdrDllGetClassObject
NdrCStdStubBuffer_Release
IUnknown_Release_Proxy
NdrDllCanUnloadNow
CStdStubBuffer_AddRef
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrStubForwardingFunction
NdrStubCall2
CStdStubBuffer_CountRefs
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_DebugServerQueryInterface
IUnknown_AddRef_Proxy
CStdStubBuffer_Connect
NdrCStdStubBuffer2_Release

api-ms-win-core-com-midlproxystub-l1-1-0

NdrProxyForwardingFunction5
NdrProxyForwardingFunction3
NdrProxyForwardingFunction4
CStdStubBuffer2_QueryInterface
NdrProxyForwardingFunction7
CStdStubBuffer2_Connect
ObjectStublessClient3
CStdStubBuffer2_Disconnect
ObjectStublessClient10
ObjectStublessClient7
ObjectStublessClient5
NdrProxyForwardingFunction8
ObjectStublessClient6
ObjectStublessClient8
ObjectStublessClient9
ObjectStublessClient4
ObjectStublessClient16
CStdStubBuffer2_CountRefs
NdrProxyForwardingFunction6
ObjectStublessClient11
NdrProxyForwardingFunction9
ObjectStublessClient17
ObjectStublessClient19
ObjectStublessClient13
ObjectStublessClient15
ObjectStublessClient18
ObjectStublessClient14
ObjectStublessClient12

userenv

GetAppContainerRegistryLocation

api-ms-win-dx-d3dkmt-l1-1-0

GdiEntry13

api-ms-win-security-provider-l1-1-0

GetSecurityInfo

api-ms-win-core-heap-l2-1-0

GlobalFree
LocalAlloc
LocalFree

api-ms-win-core-wow64-l1-1-0

IsWow64Process
Wow64RevertWow64FsRedirection
Wow64DisableWow64FsRedirection

api-ms-win-appmodel-runtime-l1-1-0

GetCurrentPackageId
GetCurrentPackageFamilyName
GetCurrentApplicationUserModelId

rtworkq

RtwqSetLongRunning

Exports

Exports

BootstrapReleaseUnusedResources
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
MSPRMFDllCanUnloadNow
MSPRMFGetClassObject

Sections

.text
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 142KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dll/install_from_ida.py
dll/mispace.dll
.dll regsvr32 windows:10 windows x86 arch:x86

Password: 2121

96cc7d69d4489565fff1a31584ba2774

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-11-2023 19:20

Not After

14-11-2024 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

34:75:02:f2:49:7d:a8:b1:16:7f:23:e0:50:f4:8b:9e:52:54:05:aa:b1:80:1f:42:3c:e6:08:51:0f:17:37:a5
Signer

Actual PE Digest

34:75:02:f2:49:7d:a8:b1:16:7f:23:e0:50:f4:8b:9e:52:54:05:aa:b1:80:1f:42:3c:e6:08:51:0f:17:37:a5

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

mispace.pdb

Imports

msvcrt

?terminate@@YAXXZ
_CxxThrowException
__dllonexit
_unlock
_lock
_initterm
_amsg_exit
_XcptFilter
_except_handler4_common
??1type_info@@UAE@XZ
_callnewh
memmove_s
_vsnprintf_s
??0exception@@QAE@ABV0@@Z
memmove
_wcsicmp
??0exception@@QAE@XZ
??1exception@@UAE@XZ
_purecall
memcpy_s
_vsnwprintf
__CxxFrameHandler3
wcstok_s
_ui64tow_s
_wcsnicmp
wcsnlen
_itow_s
_wtoi
_ftol2
towupper
wcschr
wcsncmp
wcsncat_s
swscanf_s
iswalpha
_wtoi64
iswspace
mbtowc
localeconv
wcsstr
_vscwprintf
memcmp
memcpy
toupper
malloc
free
swprintf_s
_onexit
isspace
memset

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventRegister
EventSetInformation
EventWriteTransfer
EventUnregister

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetWindowsDirectoryW
GetSystemTimeAsFileTime
GetSystemTime
GetTickCount
GetComputerNameExW

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
FreeLibrary
GetModuleFileNameW
GetModuleFileNameA
LoadLibraryExW
LoadStringW
GetModuleHandleW
GetProcAddress
DisableThreadLibraryCalls

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockShared
InitializeCriticalSection
CreateMutexExW
WaitForMultipleObjectsEx
OpenSemaphoreW
CreateEventW
ReleaseSRWLockExclusive
AcquireSRWLockShared
DeleteCriticalSection
ResetEvent
ReleaseMutex
InitializeSRWLock
AcquireSRWLockExclusive
WaitForSingleObject
SetEvent
WaitForSingleObjectEx
CreateSemaphoreExW
EnterCriticalSection
ReleaseSemaphore
InitializeCriticalSectionEx
LeaveCriticalSection

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolWorkCallbacks
SetThreadpoolThreadMaximum
SetThreadpoolThreadMinimum
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SubmitThreadpoolWork
SetThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolWork
CloseThreadpool
CreateThreadpool
CreateThreadpoolWork

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentThread
GetCurrentProcessId
GetCurrentThreadId
OpenProcessToken
OpenThreadToken
CreateThread
ResumeThread
TlsGetValue
SetThreadToken

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-handle-l1-1-0

CloseHandle

rpcrt4

UuidCreate
RpcServerListen
RpcServerRegisterIfEx
RpcServerUnregisterIf
RpcServerUseProtseqEpW
RpcMgmtStopServerListening
NdrServerCall2
RpcRevertToSelf
RpcImpersonateClient
I_RpcServerDisableExceptionFilter

api-ms-win-core-synch-l1-2-0

Sleep

sxshared

SxTracerGetThreadContextRetail
SxTracerShouldTrackFailure
SxTracerDebuggerBreak

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegGetValueW
RegDeleteKeyExW
RegEnumKeyExW
RegQueryValueExW
RegCloseKey
RegSetValueExW
RegCreateKeyExW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-security-base-l1-1-0

IsValidSid
GetLengthSid
AdjustTokenPrivileges
CopySid
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
ImpersonateLoggedOnUser
DuplicateTokenEx
RevertToSelf
GetTokenInformation

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoUninitialize
CLSIDFromString
CoTaskMemFree
CoDisconnectObject
CoCreateGuid
CoSetProxyBlanket
CoCreateInstance

api-ms-win-core-io-l1-1-0

DeviceIoControl
GetOverlappedResult

api-ms-win-core-file-l1-1-0

FlushFileBuffers
QueryDosDeviceW
SetFilePointer
FindFirstVolumeW
ReadFile
GetDriveTypeW
GetDiskFreeSpaceW
WriteFile
SetFilePointerEx
DeleteFileW
GetVolumePathNameW
GetFileAttributesW
CreateFileW
FindClose
GetFinalPathNameByHandleW
RemoveDirectoryW
FindNextFileW
FindFirstFileW
FindNextVolumeW
CompareFileTime
DeleteVolumeMountPointW
GetDiskFreeSpaceExW
CreateDirectoryW
FindVolumeClose
DefineDosDeviceW
GetLongPathNameW
GetVolumeInformationW
GetFileSizeEx

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

sspicli

LogonUserExExW

api-ms-win-eventing-controller-l1-1-0

ControlTraceW
EnableTraceEx2
StartTraceW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-file-l2-1-0

MoveFileWithProgressW

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSecurityDescriptorToStringSecurityDescriptorW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringOrdinal
CompareStringW

api-ms-win-core-file-l1-2-0

GetVolumePathNamesForVolumeNameW
GetVolumeNameForVolumeMountPointW

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureStackBackTrace

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPushEntrySList
InterlockedPopEntrySList

api-ms-win-core-wow64-l1-1-0

IsWow64Process

api-ms-win-devices-config-l1-1-1

CM_Get_Parent

srvcli

NetShareAdd
NetShareEnum
NetShareDel

netutils

NetApiBufferFree

api-ms-win-core-perfcounters-l1-1-0

PerfSetCounterSetInfo
PerfStartProviderEx
PerfCreateInstance
PerfDeleteInstance
PerfSetULongCounterValue
PerfIncrementULongCounterValue
PerfStopProvider

wmiclnt

WmiQueryAllDataW
WmiOpenBlock
WmiCloseBlock

devobj

DevObjDeleteDevice
DevObjEnumDeviceInfo
DevObjDestroyDeviceInfoList
DevObjGetDeviceInterfaceDetail
DevObjEnumDeviceInterfaces
DevObjGetDeviceRegistryProperty
DevObjOpenDeviceInterface
DevObjGetClassDevs
DevObjCreateDeviceInfoList
DevObjGetDeviceInstanceId

ntdll

RtlGetLastNtStatus
RtlSetThreadErrorMode
NtQueryVolumeInformationFile
NtPowerInformation
NtQuerySystemInformation
RtlFreeHeap
RtlAllocateHeap
NtSystemDebugControl
RtlNtStatusToDosError
NtCompareTokens
RtlEnumerateGenericTableAvl
RtlEnumerateGenericTableWithoutSplayingAvl
RtlInsertElementGenericTableAvl
RtlLookupElementGenericTableAvl
RtlDeleteElementGenericTableAvl
RtlInitializeGenericTableAvl
EtwTraceMessage
RtlDeleteElementGenericTableAvlEx
RtlAnsiStringToUnicodeString
RtlxAnsiStringToUnicodeSize
RtlInitAnsiString

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW
SetVolumeMountPointW

wevtapi

EvtArchiveExportedLog
EvtExportLog

mi

MI_Application_InitializeV1

virtdisk

GetStorageDependencyInformation

resutils

ResUtilFindSzProperty

bcrypt

BCryptGenRandom

cfgmgr32

CM_Unregister_Notification
CM_Reenumerate_DevNode
CM_MapCrToWin32Err
CM_Register_Notification
CM_Reenumerate_DevNode_Ex

bcd

BcdOpenSystemStore
BcdCloseObject
BcdOpenObject
BcdDeleteObject
BcdCloseStore
BcdEnumerateObjects
BcdEnumerateElementTypes
BcdGetElementDataWithFlags
BcdSetElementData
BcdDeleteElement
BcdGetElementData

api-ms-win-core-version-l1-1-0

VerQueryValueW
GetFileVersionInfoExW
GetFileVersionInfoSizeExW

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

api-ms-win-core-io-l1-1-1

CancelIo

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualFree

api-ms-win-core-rtlsupport-l1-2-0

RtlCompareMemory

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
GetProviderClassID
MI_Main
PreShutdown
SetShutdownCallback
SmpUnload
WspCheckMinimumSubsystemVersion
WspCompleteMethod
WspCreateJob
WspEnumerateRemoteInstances
WspFreeString
WspGetClassName
WspGetRemoteInstance
WspGetSubsystemFilter
WspGuidToString
WspInvokeRemoteMethod
WspIsAutomaticClusteringEnabled
WspIsRemoteInstance
WspIsRemoteRequest
WspPackObjectId
WspPostAssociation
WspPostSubsystemAssociationReferenceObject
WspProviderEnter
WspProviderExit
WspReferencesOfRemoteInstance
WspRunMethodAsJob
WspSendIndication
WspUnpackObjectId
WspUpdateMethod

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dll/mqcertui.dll
.dll windows:10 windows x86 arch:x86

Password: 2121

7e2c8964de87ab813c601b588607ecc6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

mqcertui.pdb

Imports

msvcrt

_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
??1type_info@@UAE@XZ
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
malloc
free
_except_handler4_common
?terminate@@YAXXZ
_callnewh
__CxxFrameHandler3
memset

kernel32

TerminateProcess
GetCurrentProcess
GetCurrentProcessId
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
Sleep
QueryPerformanceCounter
GetCurrentThreadId

user32

SetWindowTextW
EndDialog
SendMessageW
DialogBoxParamW
MessageBoxW
GetWindowPlacement
SetWindowPlacement
EnableWindow
GetDlgItem
LoadStringW
ShowWindow

comctl32

ord17

crypt32

CertEnumCertificatesInStore
CertFreeCertificateContext
CertOpenSystemStoreW
CertDuplicateCertificateContext
CertCloseStore

advapi32

CryptAcquireContextW
CryptReleaseContext

cryptui

CryptUIDlgViewCertificateW

mqsec

MQSigCloneCertFromSysStore
MQSigCreateCertificate
MQSigCloneCertFromReg

mqrt

MQFreeMemory
RTGetInternalCert

mqutil

MQGetResourceHandle

Exports

Exports

SelectPersonalCertificateForRegister
SelectPersonalCertificateForRemoval
ShowCertificate
ShowPersonalCertificates

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 916B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 692B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dll/mqoa.dll
.dll regsvr32 windows:10 windows x86 arch:x86

Password: 2121

fe565bc43e01092ee087db21572e5104

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

mqoa.pdb

Imports

msvcrt

??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
_purecall
_vsnwprintf
?what@exception@@UBEPBDXZ
free
malloc
wcscat_s
memcpy_s
_vsnprintf_s
memmove_s
_ui64tow_s
_snwscanf_s
??0exception@@QAE@ABQBD@Z
_callnewh
_CxxThrowException
_XcptFilter
_amsg_exit
realloc
mktime
iswspace
wcschr
time
_wcsnicmp
localtime
_initterm
?terminate@@YAXXZ
_except_handler4_common
??1type_info@@UAE@XZ
_lock
memcmp
memcpy
_unlock
__dllonexit
_onexit
__CxxFrameHandler3
??0exception@@QAE@XZ
memset

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
OutputDebugStringA
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetLastError
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetComputerNameW
InitializeCriticalSectionAndSpinCount
InitializeCriticalSection
FreeLibrary
GetProcAddress
LoadLibraryExW
GetModuleHandleW
lstrcmpiW
lstrcpynW
VirtualProtect
VirtualAlloc
VirtualQuery
GetSystemInfo
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceExW
GetModuleFileNameW
DisableThreadLibraryCalls
HeapDestroy
GetModuleHandleA
FormatMessageW
GetCurrentThreadId
HeapAlloc
GetProcessHeap
HeapFree
GetModuleHandleExW
GetModuleFileNameA
DebugBreak
IsDebuggerPresent
OutputDebugStringW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
SetLastError
CloseHandle
ReleaseSemaphore
ReleaseMutex
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
WaitForSingleObjectEx
InitializeCriticalSectionEx
GlobalAlloc
GlobalLock
WaitForSingleObject
OpenSemaphoreW
CreateThreadpoolTimer
GlobalHandle
GlobalFree
GlobalUnlock
GetCurrentProcessId
CreateMutexExW
CreateSemaphoreExW
LoadLibraryW
GetCurrentThread
GetCurrentProcess
Sleep
WakeAllConditionVariable
SleepConditionVariableSRW

user32

RegisterClassA
CharPrevW
CharNextW
DestroyWindow
SetWindowPos
SetWindowLongW
CreateWindowExW
GetWindowLongW
DefWindowProcA
PostMessageA
IsWindow
CharLowerW
LoadStringW
UnregisterClassA
RegisterWindowMessageW

advapi32

InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
GetLengthSid
CopySid
GetTokenInformation
OpenProcessToken
OpenThreadToken
TraceMessage
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegEnumValueW
RegQueryInfoKeyW
RegEnumKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
GetAce
EqualSid
GetAclInformation

ole32

ReadClassStg
OleSave
StgCreateDocfileOnILockBytes
OleSaveToStream
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
StringFromGUID2
ReadClassStm
CoCreateInstance
CoCreateFreeThreadedMarshaler
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CLSIDFromString
CreateStreamOnHGlobal

oleaut32

CreateErrorInfo
VariantTimeToSystemTime
VariantCopy
SysFreeString
SysStringLen
SetErrorInfo
SystemTimeToVariantTime
SysReAllocString
VariantChangeType
SysStringByteLen
SafeArrayPutElement
VariantClear
SysAllocStringByteLen
LoadRegTypeLi
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreate
VarUI4FromStr
SysAllocStringLen
SysAllocString
VariantInit

mqsec

MQSec_GetAnonymousSid
MQSec_GetWorldSid
MQSec_GetDefaultQueueAuthentication
MQSec_GetDefaultHashAlgorithm
MQSec_GetDefaultMessageAuthenticationLevel

mqrt

MQBeginTransaction
RTXactGetDTC
MQInstanceToFormatName
MQLocateNext
MQLocateBegin
MQLocateEnd
MQGetQueueSecurity
MQSetQueueProperties
MQGetQueueProperties
MQOpenQueue
MQDeleteQueue
MQCreateQueue
MQPurgeQueue
MQCreateCursor
MQCloseCursor
MQReceiveMessage
MQReceiveMessageByLookupId
MQDeleteCursorMemory
MQCloseQueue
MQHandleToFormatName
MQPathNameToFormatName
MQACCloseCursor
MQSendMessage
MQGetSecurityContext
MQGetSecurityContextEx
MQFreeSecurityContext
MQLogHR
MQMgmtAction
MQMgmtGetInfo
MQGetPrivateComputerInformation
MQRegisterCertificate
MQFreeMemory
MQGetMachineProperties
MQADsPathToFormatName

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dll/mqsnap.dll
.dll regsvr32 windows:10 windows x86 arch:x86

Password: 2121

6a3cf26e6f7821c972ab1c02b9ecd997

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

mqsnap.pdb

Imports

mfc42u

ord5303
ord4692
ord4074
ord5298
ord5296
ord3341
ord2388
ord3917
ord5727
ord2546
ord6371
ord3605
ord656
ord4270
ord3614
ord2406
ord3621
ord1634
ord5142
ord860
ord3714
ord793
ord2293
ord2356
ord2287
ord3133
ord4294
ord2281
ord941
ord539
ord5677
ord2809
ord926
ord859
ord3092
ord2507
ord3494
ord6484
ord2876
ord3470
ord6655
ord536
ord826
ord269
ord600
ord1240
ord1571
ord1250
ord1568
ord1570
ord342
ord1179
ord1248
ord1115
ord1194
ord1563
ord1197
ord2116
ord6195
ord1594
ord2821
ord3993
ord3991
ord6485
ord5949
ord1145
ord2914
ord2910
ord6456
ord561
ord5193
ord1089
ord2504
ord4480
ord1143
ord5710
ord4219
ord2235
ord355
ord942
ord2036
ord2440
ord5830
ord4371
ord3396
ord540
ord800
ord6466
ord4616
ord3733
ord1128
ord2717
ord3948
ord815
ord324
ord2822
ord1155
ord1165
ord1662
ord2385
ord2644
ord1560
ord268
ord1196
ord2606
ord3658
ord6390
ord326
ord4229
ord1808
ord4848
ord4992
ord2506
ord6048
ord4073
ord1767
ord4508
ord6481
ord2371
ord4253
ord6593
ord4401
ord5237
ord2377
ord5157
ord6370
ord4347
ord5283
ord3793
ord4829
ord4435
ord2640
ord2047
ord6372
ord3744
ord5059
ord1720
ord5257
ord2438
ord5273
ord2977
ord5446
ord2099
ord6928
ord6379
ord5436
ord768
ord2362
ord4155
ord3087
ord6330
ord861
ord2820
ord2634
ord4419
ord4621
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3142
ord3254
ord4459
ord3131
ord5285
ord5977
ord924
ord6238
ord3088
ord2859
ord4272
ord4273
ord5679
ord4370
ord5276
ord4847
ord2637
ord2350
ord2291
ord2284
ord2854
ord2756
ord6218
ord5568
ord5268
ord5267
ord927
ord537
ord3332
ord3312
ord4124
ord6279
ord6278
ord5706
ord2755
ord3577
ord4392
ord2570
ord4213
ord2015
ord2403
ord4704
ord6024
ord2357
ord2290
ord6483
ord4709
ord6584
ord5284
ord4433
ord2046
ord3381
ord4425
ord6740
ord2520
ord6564
ord6525
ord693
ord3635
ord3365
ord4396
ord2574
ord2729
ord3798
ord3871
ord692
ord3634
ord4395
ord2573
ord4214
ord2016
ord2405
ord6362
ord1764
ord3569
ord4390
ord2567
ord795
ord567
ord3716
ord4418
ord3397
ord4831
ord5286
ord1768
ord6051
ord6211
ord940
ord925
ord922
ord535
ord858
ord641
ord616
ord609
ord4199
ord2836
ord2294
ord5155
ord5156
ord5154
ord4899
ord4736
ord4970
ord4942
ord4352
ord2078
ord5261

msvcrt

memcmp
__RTDynamicCast
__CxxFrameHandler3
_vsnwprintf
memcpy_s
_vsnprintf_s
??0exception@@QAE@XZ
??1exception@@UAE@XZ
memmove
memmove_s
wcsnlen
_purecall
malloc
_wcsicmp
free
realloc
?what@exception@@UBEPBDXZ
_itow_s
memcpy
??0exception@@QAE@ABV0@@Z
swscanf_s
_ui64tow_s
_except_handler4_common
_onexit
__dllonexit
_unlock
_lock
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
memset
iswdigit
_snwscanf_s
towupper
wcstol
_wtoi
wcstoul
wcscspn
??0exception@@QAE@ABQBD@Z
wcschr
iswspace
isalpha
qsort
_wcsnicmp
_strnicmp
_wcsdup

mqsec

?Add@CColumns@@QAEXABK@Z
??1CColumns@@QAE@XZ
??0CColumns@@QAE@I@Z
SetFalconKeyValue
GetFalconKeyValue
MQSec_GetAnonymousSid
MQSec_GetWorldSid
GetComputerNameInternal
IsLocalSystemCluster
??0CRestriction@@QAE@I@Z
??1CRestriction@@QAE@XZ
?AddRestriction@CRestriction@@QAEXPAU_GUID@@KK@Z
MQSec_GetAdminSid
MQSec_SetDirectorySecurityForService
MQSec_SetPrivilegeInThread
MQSec_GetProcessUserSid
MQSigCreateCertificate
MQSec_StorePubKeysInDS
GetDomainFQDNName
MSMQGetOperatingSystem
MQSec_GetUserType

mqutil

MQGetResourceHandle

mqrt

MQReceiveMessage
MQFreeMemory
RTRemoveUserCert
RTRemoveUserCertSid
MQGetQueueProperties
MQMgmtGetInfo
MQMgmtAction
MQGetMachineProperties
MQBeginTransaction
MQMoveMessage
MQDeleteQueue
MQGetQueueSecurity
MQSetQueueProperties
MQCreateCursor
MQOpenQueue
RTDeleteInternalCert
RTRegisterUserCert
RTGetInternalCert
RTCreateInternalCertificate
RTIsDependentClient
MQSetQueueSecurity
MQPathNameToFormatName
MQPurgeQueue
MQCreateQueue
MQCloseQueue
MQSendMessage
MQReceiveMessageByLookupId
RTGetUserCerts
MQCloseCursor

mqcertui

SelectPersonalCertificateForRemoval
SelectPersonalCertificateForRegister
ShowCertificate
ShowPersonalCertificates

kernel32

VirtualAlloc
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
OutputDebugStringA
GetModuleFileNameW
LoadLibraryW
LoadLibraryExW
GetModuleHandleA
lstrcpynW
CreateSemaphoreExW
LeaveCriticalSection
CreateMutexExW
GetCurrentProcessId
CreateThreadpoolTimer
OpenSemaphoreW
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSectionEx
EnterCriticalSection
WaitForSingleObjectEx
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
ReleaseMutex
ReleaseSemaphore
SetLastError
ReleaseSRWLockShared
AcquireSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
OutputDebugStringW
IsDebuggerPresent
GetLastError
InitializeCriticalSectionAndSpinCount
DebugBreak
GetModuleFileNameA
GetModuleHandleExW
HeapFree
GetProcessHeap
HeapAlloc
GetCurrentThreadId
FormatMessageW
CloseHandle
LoadLibraryA
LocalAlloc
ExpandEnvironmentStringsW
FindClose
GetFileAttributesW
GetDriveTypeW
CreateDirectoryW
RemoveDirectoryW
FindFirstFileW
MoveFileW
FindNextFileW
OpenProcess
Sleep
GetComputerNameW
VirtualFree
LoadLibraryExA
EncodePointer
DecodePointer
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
lstrlenA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
WakeAllConditionVariable
SleepConditionVariableSRW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
GetVersionExW
RaiseException
GetCurrentProcess
InitializeCriticalSection
HeapDestroy
lstrcpyW
GlobalFree
GetModuleHandleW
LockResource
GetDateFormatW
GetTimeFormatW
CompareStringW
GetProcAddress
GlobalAlloc
LocalFree

user32

CharNextW
LoadStringW
RegisterClipboardFormatW
GetDlgItem
SendMessageW
GetWindowLongW
GetParent
GetWindowRect
GetClientRect
SetWindowLongW
GetWindowTextLengthW
GetWindowTextW
EnableWindow
LoadImageW
LoadMenuW
GetSubMenu
GetMenuItemInfoW
DestroyMenu
PostMessageW
IsWindow
InsertMenuW
SetWindowTextW
GetDC
ReleaseDC
LoadIconW
ScreenToClient
SetDlgItemTextW
GetDlgItemTextW
SetActiveWindow
BringWindowToTop
FindWindowExW
GetWindowThreadProcessId
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx

oleaut32

VarI4FromStr
SysFreeString
SysStringLen
SysAllocStringLen
GetErrorInfo
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
RegisterTypeLi
LoadTypeLi
VariantInit
VariantClear
SysAllocString

ole32

CoTaskMemRealloc
CoCreateInstance
CoTaskMemAlloc
StringFromCLSID
CreateStreamOnHGlobal
CoTaskMemFree
IIDFromString
StringFromGUID2
OleRun
CoInitialize
CLSIDFromProgID

advapi32

RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegQueryInfoKeyW
RegQueryValueExW
MakeSelfRelativeSD
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
GetLengthSid
InitializeSecurityDescriptor
TraceMessage
CopySid
OpenProcessToken
GetSecurityDescriptorDacl
GetAclInformation
GetAce
RegCreateKeyExW
EqualSid
LookupPrivilegeValueW
AdjustTokenPrivileges
ConvertSidToStringSidW
LookupAccountSidW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
GetSecurityDescriptorLength
MapGenericMask
GetFileSecurityW
InitiateSystemShutdownExW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceStatusEx
QueryServiceStatus
ControlService
EnumDependentServicesW
StartServiceW
TraceEvent
IsValidSid
RegOpenKeyExW
RegSetValueExW
RegEnumKeyExW

gdi32

GetTextExtentPoint32W
DeleteObject
CreateFontIndirectW

aclui

ord1

activeds

ord9
ord18
ord20

crypt32

CertCloseStore
CertOpenStore

netapi32

NetApiBufferFree
DsGetDcNameW

ntdsapi

DsFreeNameResultW
DsCrackNamesW

cryptui

CryptUIDlgSelectCertificateFromStore

clusapi

CloseClusterNode
CloseCluster
OpenCluster
OpenClusterNode

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 432KB - Virtual size: 432KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dll/nshwfp.dll
.dll windows:10 windows x86 arch:x86

Password: 2121

d66558feaf8c05a236d7bec5cbc74298

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

nshwfp.pdb

Imports

msvcrt

memset
bsearch
_tempnam
remove
_lseek
_close
_write
_read
_errno
_open
strcpy_s
_wcsnicmp
qsort
_ui64toa_s
_i64toa_s
_ltoa_s
isprint
sprintf_s
strstr
strpbrk
_ultoa_s
_get_errno
wcstoul
_set_errno
wcsncmp
swprintf_s
_ultow_s
_snwprintf_s
_wcsicmp
wcstol
wprintf
_vsnwprintf
_vsnprintf
memcmp
memcpy
_onexit
__dllonexit
_unlock
_lock
_except_handler4_common
_initterm
malloc
free
_amsg_exit
_XcptFilter

netsh.exe

PrintMessage
MatchEnumTag
PrintMessageFromModule
PreprocessCommand
RegisterHelper
RegisterContext

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
LoadStringW
GetProcAddress
GetModuleHandleExW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

ExitProcess
CreateProcessW
GetExitCodeProcess
TerminateProcess
GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemInfo
GetSystemTimeAsFileTime

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

ntdll

RtlIpv6AddressToStringW
RtlEthernetAddressToStringA
RtlIpv6AddressToStringA
RtlIpv4AddressToStringA
RtlIpv4StringToAddressW
RtlIpv6StringToAddressW
EtwEventWriteTransfer
RtlApplicationVerifierStop
RtlNtStatusToDosError
EtwTraceMessage

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapSize
HeapAlloc
HeapReAlloc
HeapCreate
HeapDestroy

rpcrt4

MesDecodeBufferHandleCreate
MesEncodeDynBufferHandleCreate
UuidFromStringW
NdrMesTypeDecode2
I_RpcExceptionFilter
MesHandleFree
UuidCreate

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionAndSpinCount
CreateEventW
EnterCriticalSection
LeaveCriticalSection
OpenEventW
WaitForSingleObject
SetEvent
DeleteCriticalSection

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

firewallapi

FWFreeDynamicKeywordAddressData0
FWEnumDynamicKeywordAddressesByType0

fwpuclnt

FwpmFilterSetSecurityInfoByKey0
FwpmEngineOpen0
FwpmEngineSetSecurityInfo0
IkeextSaDbSetSecurityInfo0
FwpmCalloutGetSecurityInfoByKey0
FwpmLayerEnum0
FwpmLayerCreateEnumHandle0
FwpmCalloutDestroyEnumHandle0
FwpmCalloutEnum0
FwpmFilterGetByKey0
FwpmCalloutCreateEnumHandle0
FwpmProviderContextDeleteByKey0
FwpmCalloutGetByKey0
FwpmNetEventsGetSecurityInfo0
FwpmGetAppIdFromFileName0
FwpmEngineSetOption0
FwpmCalloutSetSecurityInfoByKey0
FwpmSubLayerGetByKey0
FwpmLayerSetSecurityInfoByKey0
FwpmEngineGetOption0
FwpmProviderContextGetByKey3
FwpmProviderGetByKey0
FwpmProviderContextDestroyEnumHandle0
FwpmProviderContextGetSecurityInfoByKey0
FwpmProviderContextCreateEnumHandle0
FwpmSubLayerGetSecurityInfoByKey0
FwpmFilterGetSecurityInfoByKey0
FwpmFilterDestroyEnumHandle0
FwpmFilterEnum0
FwpmProviderUnsubscribeChanges0
FwpmProviderContextUnsubscribeChanges0
FwpmFilterCreateEnumHandle0
FwpmSubLayerUnsubscribeChanges0
FwpmCalloutUnsubscribeChanges0
FwpmFilterUnsubscribeChanges0
FwpmNetEventUnsubscribe0
FwpmNetEventSubscribe4
FwpmFilterSubscribeChanges0
FwpmCalloutSubscribeChanges0
IPsecDospStateDestroyEnumHandle0
IPsecDospStateEnum0
FwpmSubLayerSubscribeChanges0
FwpmProviderContextSubscribeChanges0
FwpmProviderSubscribeChanges0
FwpmNetEventDestroyEnumHandle0
FwpmNetEventEnum5
FwpmNetEventCreateEnumHandle0
IPsecGetStatistics1
IkeextGetStatistics1
FwpmSubLayerSubscriptionsGet0
FwpmProviderContextSubscriptionsGet0
FwpmProviderSubscriptionsGet0
FwpmNetEventSubscriptionsGet0
IPsecDospStateCreateEnumHandle0
IPsecDospGetStatistics0
FwpmFilterSubscriptionsGet0
FwpmCalloutSubscriptionsGet0
FwpmTransactionAbort0
FwpsAleEndpointDestroyEnumHandle0
FwpsAleEndpointEnum0
FwpsAleEndpointCreateEnumHandle0
IPsecSaContextDestroyEnumHandle0
IPsecSaContextEnum1
IPsecSaContextCreateEnumHandle0
IkeextSaDestroyEnumHandle0
IkeextSaEnum2
IkeextSaCreateEnumHandle0
FwpmSubLayerDestroyEnumHandle0
FwpmSubLayerEnum0
FwpmSubLayerCreateEnumHandle0
FwpmTransactionCommit0
FwpmTransactionBegin0
FwpmEngineGetSecurityInfo0
FwpmProviderContextAdd3
FwpmProviderGetSecurityInfoByKey0
FwpmNetEventsLost0
IPsecSaDbGetSecurityInfo0
FwpmEngineClose0
FwpmLayerGetSecurityInfoByKey0
FwpmSessionDestroyEnumHandle0
FwpmFilterAdd0
FwpmSessionEnum0
FwpmProviderContextSetSecurityInfoByKey0
FwpmSessionCreateEnumHandle0
FwpmProviderDestroyEnumHandle0
FwpmProviderEnum0
FwpmNetEventsSetSecurityInfo0
FwpmProviderCreateEnumHandle0
FwpmSubLayerSetSecurityInfoByKey0
FwpmSystemPortsGet0
FwpmLayerDestroyEnumHandle0
FwpmFreeMemory0
IPsecSaDbSetSecurityInfo0
FwpmFilterDeleteByKey0
IkeextSaDbGetSecurityInfo0
FwpmProviderSetSecurityInfoByKey0
FwpmProviderContextEnum3

nsi

NsiSetAllParameters
NsiGetAllParameters

api-ms-win-service-management-l2-1-0

QueryServiceStatusEx

api-ms-win-core-console-l1-1-0

GetConsoleOutputCP

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle

api-ms-win-core-file-l1-1-0

GetFileAttributesA
WriteFile
DeleteFileW
DeleteFileA
CreateFileA
GetFileInformationByHandle
FileTimeToLocalFileTime
CreateFileW

api-ms-win-service-management-l1-1-0

CloseServiceHandle
OpenSCManagerW
OpenServiceW

api-ms-win-security-base-l1-1-0

GetLengthSid

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-console-l1-2-0

AttachConsole

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW
ConvertSidToStringSidW
ConvertSecurityDescriptorToStringSecurityDescriptorW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindExtensionW

iphlpapi

GetAdaptersAddresses

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

crypt32

CertNameToStrW
CertFreeCertificateContext
CertGetNameStringW
CertCreateCertificateContext

api-ms-win-security-lsapolicy-l1-1-0

LsaQueryInformationPolicy
LsaFreeMemory
LsaOpenPolicy
LsaClose

api-ms-win-security-lsalookup-l2-1-0

LookupAccountNameW

api-ms-win-eventing-controller-l1-1-0

ControlTraceW
StartTraceW

api-ms-win-eventing-legacy-l1-1-0

EnableTrace

cabinet

ord11
ord13
ord14
ord10

api-ms-win-core-kernel32-legacy-l1-1-0

FileTimeToDosDateTime

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegOpenKeyExW
RegEnumValueW
RegCloseKey
RegQueryValueExW

Exports

Exports

IdpConfigAddPolicy
IdpConfigAllocateAndGetPolicy
IdpConfigFreePolicy
IdpConfigInitDefaultPolicy
IdpConfigRemovePolicy
InitHelperDll
WfpCaptureExportedW
WfpCaptureStop

Sections

.text
Size: 485KB - Virtual size: 484KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 75KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ipyida/.gitignore
ipyida/LICENSE
ipyida/README.adoc
ipyida/README.virtualenv.adoc
ipyida/__init__.py
ipyida/ida_plugin.py
ipyida/ida_qtconsole.py
ipyida/ipyida-screenshot.png
.png
ipyida/ipyida_plugin_stub.py
ipyida/kernel.py
ipyida/notebook.py
ipyida/setup.py
.py .sh linux
mispace.dll

Sharing

General

Malware Config

Signatures

Files

Password: 2121

Password: 2121

322007af740de7180c372869bc4e46e0

Code Sign

6f:69:17:9a:79:4a:35:5e:5f:5c:8f:21:12:a4:9c:4aCertificate

Extended Key Usages

Key Usages

7c:1b:35:35:4a:e7:db:74:e7:41:5f:11:69:ca:6b:a8Certificate

Extended Key Usages

Key Usages

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6dCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

28:56:5c:d7:46:7a:0d:c8:41:ac:c8:7c:26:65:be:40:7a:76:ec:00:fe:00:67:1c:87:2a:d5:89:01:e4:9f:08Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

comctl32

user32

oleaut32

advapi32

Exports

Exports

Sections

.text Size: 143KB - Virtual size: 142KB

.itext Size: 5KB - Virtual size: 4KB

.data Size: 6KB - Virtual size: 5KB

.bss Size: - Virtual size: 24KB

.idata Size: 2KB - Virtual size: 1KB

.didata Size: 4KB - Virtual size: 3KB

.edata Size: 512B - Virtual size: 113B

.tls Size: - Virtual size: 20B

.rdata Size: 512B - Virtual size: 93B

.rsrc Size: 14KB - Virtual size: 14KB

Password: 2121

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 88KB - Virtual size: 84KB

.rsrc Size: 4KB - Virtual size: 936B

.reloc Size: 4KB - Virtual size: 12B

Password: 2121

3272cf4753562bdedf68f6b6df70aa27

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

22:52:42:c8:2c:d9:c1:fc:54:56:7b:26:54:58:97:d4:a1:f9:51:d9:14:1e:b0:14:94:5c:91:f9:cb:f2:28:46Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-featurestaging-l1-1-0

6f:69:17:9a:79:4a:35:5e:5f:5c:8f:21:12:a4:9c:4a
Certificate

7c:1b:35:35:4a:e7:db:74:e7:41:5f:11:69:ca:6b:a8
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

28:56:5c:d7:46:7a:0d:c8:41:ac:c8:7c:26:65:be:40:7a:76:ec:00:fe:00:67:1c:87:2a:d5:89:01:e4:9f:08
Signer

.text
Size: 143KB - Virtual size: 142KB

.itext
Size: 5KB - Virtual size: 4KB

.data
Size: 6KB - Virtual size: 5KB

.bss
Size: - Virtual size: 24KB

.idata
Size: 2KB - Virtual size: 1KB

.didata
Size: 4KB - Virtual size: 3KB

.edata
Size: 512B - Virtual size: 113B

.tls
Size: - Virtual size: 20B

.rdata
Size: 512B - Virtual size: 93B

.rsrc
Size: 14KB - Virtual size: 14KB

.text
Size: 88KB - Virtual size: 84KB

.rsrc
Size: 4KB - Virtual size: 936B

.reloc
Size: 4KB - Virtual size: 12B

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

22:52:42:c8:2c:d9:c1:fc:54:56:7b:26:54:58:97:d4:a1:f9:51:d9:14:1e:b0:14:94:5c:91:f9:cb:f2:28:46
Signer

.text
Size: 4.7MB - Virtual size: 4.7MB

.rdata
Size: 3.5MB - Virtual size: 3.5MB

.data
Size: 44KB - Virtual size: 58KB

.didat
Size: 512B - Virtual size: 72B

.rsrc
Size: 37KB - Virtual size: 37KB

.reloc
Size: 142KB - Virtual size: 141KB

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

34:75:02:f2:49:7d:a8:b1:16:7f:23:e0:50:f4:8b:9e:52:54:05:aa:b1:80:1f:42:3c:e6:08:51:0f:17:37:a5
Signer