3600ae053b5a09de97a307a6868d2ad282d22065c18db197994c86d3ed0c02c3

Sharing

Copy URL Twitter E-mail

General

Target

3600ae053b5a09de97a307a6868d2ad282d22065c18db197994c86d3ed0c02c3
Size

12.7MB
MD5

04e9d5bdde4882387f3513c084fddcc7
SHA1

001c809886cd233f98d9a9db25ade5a1a78b9037
SHA256

3600ae053b5a09de97a307a6868d2ad282d22065c18db197994c86d3ed0c02c3
SHA512

c56b2ecab2a31a278f753ac2299fe3d9452ec1a2e3db17b94ffbd30459614d3518c7a4fb3ec5c735f9c1fdd26b7c32e44c1c8b8189b702d06ca3e8170fcf9392
SSDEEP

196608:Qsl37eJsHi4lsL/vgBxM+1+zRQXBLUwwHwozOTDDCy72xRS1gslhkxSli4O8I:hl3COOOxM+gi9wrzYDDH7oRGc46

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Macro/v8/GZFlashingFix by alferov.asi
unpack001/Macro/v8/lua51.dll
unpack001/Version/v3/IEShims.dll

Files

3600ae053b5a09de97a307a6868d2ad282d22065c18db197994c86d3ed0c02c3
.zip
Macro/norecoil/cargrp.dat
Macro/norecoil/default.dat
Macro/norecoil/default.ide
Macro/v2/bg_security_wizard.tga
Macro/v2/clienttexture2.tga
Macro/v2/clienttexture2b.tga
Macro/v2/clienttexture8.tga
Macro/v2/gridview_mask.tga
Macro/v8/GZFlashingFix by alferov.asi
.dll windows:6 windows x86 arch:x86

7d160b88661881130511c74ebf7466bb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
VirtualProtect
ExitThread
GetModuleHandleA
CloseHandle
CreateThread
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent

user32

MessageBoxA

msvcp140

?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
_Thrd_sleep
_Query_perf_counter
_Xtime_get_ticks
_Query_perf_frequency

vcruntime140

memcpy
__std_terminate
_except_handler4_common
memset
__std_exception_copy
__std_type_info_destroy_list
memmove
__CxxFrameHandler3
__std_exception_destroy
_CxxThrowException

api-ms-win-crt-runtime-l1-1-0

_initterm
_cexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_seh_filter_dll
_initterm_e
_crt_atexit
_invalid_parameter_noinfo_noreturn
_configure_narrow_argv

api-ms-win-crt-heap-l1-1-0

free
malloc
_callnewh

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Macro/v8/Licenses/License.Apache2.0.txt
Macro/v8/Licenses/License.BouncyCastle.txt
Macro/v8/Licenses/License.NotifyIcon.txt
Macro/v8/Licenses/License.WebSocketSharp.txt
Macro/v8/Licenses/License.avro.txt
Macro/v8/Licenses/License.bzip2.txt
Macro/v8/Licenses/License.cefsharp.txt
Macro/v8/Licenses/License.cpol.htm
Macro/v8/Licenses/License.ionc.zip.txt
Macro/v8/Licenses/License.jose-jwt.txt
Macro/v8/Licenses/License.zlib.txt
Macro/v8/gtaweap3.ttf
Macro/v8/lua51.dll
.dll windows:6 windows x86 arch:x86

9466a71df1d3a59794f8605626534abe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
SetLastError
VirtualAlloc
VirtualFree
VirtualQuery
VirtualProtect
FreeLibrary
GetModuleHandleExA
GetProcAddress
LoadLibraryExA
FormatMessageA
RaiseException
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WaitForSingleObject
Sleep
CreateThread
RtlUnwind
GetModuleFileNameA
GetModuleHandleA
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
SetEndOfFile
InterlockedFlushSList
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
ReadFile
CloseHandle
DuplicateHandle
CreateProcessA
GetTempPathW
QueryPerformanceFrequency
MultiByteToWideChar
WideCharToMultiByte
HeapFree
HeapAlloc
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
GetStdHandle
GetFileType
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ReadConsoleW
DecodePointer
GetACP
SetFilePointerEx
GetExitCodeProcess
GetFileAttributesExW
CreatePipe
CreateFileW
GetTimeZoneInformation
DeleteFileW
MoveFileExW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetProcessHeap
SetStdHandle
GetStringTypeW
HeapSize
HeapReAlloc
WriteConsoleW

Exports

Exports

luaJIT_profile_dumpstack
luaJIT_profile_start
luaJIT_profile_stop
luaJIT_setmode
luaJIT_version_2_1_0_beta3
luaL_addlstring
luaL_addstring
luaL_addvalue
luaL_argerror
luaL_buffinit
luaL_callmeta
luaL_checkany
luaL_checkinteger
luaL_checklstring
luaL_checknumber
luaL_checkoption
luaL_checkstack
luaL_checktype
luaL_checkudata
luaL_error
luaL_execresult
luaL_fileresult
luaL_findtable
luaL_getmetafield
luaL_gsub
luaL_loadbuffer
luaL_loadbufferx
luaL_loadfile
luaL_loadfilex
luaL_loadstring
luaL_newmetatable
luaL_newstate
luaL_openlib
luaL_openlibs
luaL_optinteger
luaL_optlstring
luaL_optnumber
luaL_prepbuffer
luaL_pushmodule
luaL_pushresult
luaL_ref
luaL_register
luaL_setfuncs
luaL_setmetatable
luaL_testudata
luaL_traceback
luaL_typerror
luaL_unref
luaL_where
lua_atpanic
lua_call
lua_checkstack
lua_close
lua_concat
lua_copy
lua_cpcall
lua_createtable
lua_dump
lua_equal
lua_error
lua_gc
lua_getallocf
lua_getfenv
lua_getfield
lua_gethook
lua_gethookcount
lua_gethookmask
lua_getinfo
lua_getlocal
lua_getmetatable
lua_getstack
lua_gettable
lua_gettop
lua_getupvalue
lua_insert
lua_iscfunction
lua_isnumber
lua_isstring
lua_isuserdata
lua_isyieldable
lua_lessthan
lua_load
lua_loadx
lua_newstate
lua_newthread
lua_newuserdata
lua_next
lua_objlen
lua_pcall
lua_pushboolean
lua_pushcclosure
lua_pushfstring
lua_pushinteger
lua_pushlightuserdata
lua_pushlstring
lua_pushnil
lua_pushnumber
lua_pushstring
lua_pushthread
lua_pushvalue
lua_pushvfstring
lua_rawequal
lua_rawget
lua_rawgeti
lua_rawset
lua_rawseti
lua_remove
lua_replace
lua_resume
lua_setallocf
lua_setfenv
lua_setfield
lua_sethook
lua_setlocal
lua_setmetatable
lua_settable
lua_settop
lua_setupvalue
lua_status
lua_toboolean
lua_tocfunction
lua_tointeger
lua_tointegerx
lua_tolstring
lua_tonumber
lua_tonumberx
lua_topointer
lua_tothread
lua_touserdata
lua_type
lua_typename
lua_upvalueid
lua_upvaluejoin
lua_version
lua_xmove
lua_yield
luaopen_base
luaopen_bit
luaopen_debug
luaopen_ffi
luaopen_io
luaopen_jit
luaopen_math
luaopen_os
luaopen_package
luaopen_string
luaopen_table

Sections

.text
Size: 479KB - Virtual size: 478KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MainDownl/resources.pak
Script/SDL3.dll
.dll windows:6 windows x64 arch:x64

bf37d15db47edd266f750b3223564310

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:89:b3:bc:eb:44:09:89:0a:32:d7:19:76:b1:32:a4
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

07/10/2021, 00:00

Not After

09/10/2024, 23:59

Subject

CN=Valve Corp.,O=Valve Corp.,L=Bellevue,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a8:03:fb:c4:04:fd:df:9f:e0:a6:1f:a4:27:e3:bb:81:b6:b6:52:a6:7a:ab:10:14:52:a8:e1:5d:1f:51:06:b8
Signer

Actual PE Digest

a8:03:fb:c4:04:fd:df:9f:e0:a6:1f:a4:27:e3:bb:81:b6:b6:52:a6:7a:ab:10:14:52:a8:e1:5d:1f:51:06:b8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

c:\buildslave\steam_rel_client_hotfix_win64\build\src\external\SDL3\win64\Release\SDL3.pdb

Imports

kernel32

GetLocaleInfoA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
DeleteCriticalSection
GetSystemPowerStatus
ReleaseSemaphore
CreateSemaphoreW
RaiseException
AddVectoredExceptionHandler
RemoveVectoredExceptionHandler
CreateThread
GetCurrentThread
SetThreadPriority
GetSystemTimeAsFileTime
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SystemTimeToFileTime
GetLocaleInfoW
QueryPerformanceCounter
QueryPerformanceFrequency
SetWaitableTimerEx
CreateWaitableTimerExW
Sleep
TlsAlloc
TlsGetValue
TlsSetValue
GetCommandLineW
HeapAlloc
HeapFree
GetProcessHeap
LoadLibraryExW
LocalFree
WideCharToMultiByte
GlobalAlloc
GlobalSize
GlobalUnlock
GlobalLock
GlobalFree
GetTickCount
IsWow64Process
EnumResourceNamesW
CompareStringA
MulDiv
SetEvent
WaitForMultipleObjects
RemoveDirectoryW
WaitForSingleObjectEx
WriteConsoleW
HeapSize
GetStringTypeW
ReadConsoleW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
HeapReAlloc
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetFileType
GetStdHandle
LCMapStringW
SetConsoleCtrlHandler
FreeLibraryAndExitThread
ExitThread
TlsFree
SetLastError
InterlockedFlushSList
RtlUnwindEx
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
GetCurrentProcessId
MoveFileExW
GetLogicalDrives
GetFileAttributesExW
FindNextFileW
FindFirstFileExW
FindClose
DeleteFileW
GetModuleFileNameW
CreateDirectoryW
GetCurrentThreadId
SetThreadExecutionState
GetModuleHandleA
OutputDebugStringW
SetErrorMode
SetFilePointerEx
GetFileTime
SetFilePointer
GetFileSizeEx
MultiByteToWideChar
VerifyVersionInfoW
FormatMessageW
CreateEventW
WaitForSingleObject
ResetEvent
CancelIo
GetOverlappedResult
DeviceIoControl
CloseHandle
WriteFile
ReadFile
CreateFileW
VerSetConditionMask
SetEnvironmentVariableA
GetEnvironmentVariableA
LoadLibraryA
GetModuleHandleW
GetLastError
GetSystemInfo
GlobalMemoryStatusEx
LoadLibraryW
GetProcAddress
FreeLibrary
TerminateProcess
ExitProcess
GetModuleHandleExW
GetCurrentProcess

user32

GetWindowTextW
GetWindowTextLengthW
IntersectRect
PtInRect
SetWindowLongW
SetParent
GetWindowThreadProcessId
SetWindowsHookExW
UnhookWindowsHookEx
CreateIconFromResource
FlashWindowEx
SetCursorPos
ReleaseCapture
SetCapture
EnumDisplayMonitors
GetMonitorInfoW
EnumDisplayDevicesW
EnumDisplaySettingsW
ChangeDisplaySettingsExW
SystemParametersInfoW
SystemParametersInfoA
SetWindowLongPtrW
SetWindowTextW
ReleaseDC
DrawTextW
SetFocus
EndDialog
DialogBoxIndirectParamW
ToUnicode
GetKeyboardState
GetKeyboardLayout
SetLayeredWindowAttributes
PostThreadMessageW
GetMessageW
GetRawInputDeviceList
GetRawInputBuffer
GetRawInputDeviceInfoA
DestroyIcon
LoadIconW
CallNextHookEx
GetWindowLongW
SetRectEmpty
FillRect
ClipCursor
ScreenToClient
ClientToScreen
RemovePropW
SetPropW
SetForegroundWindow
SetActiveWindow
EnableWindow
GetWindowLongPtrW
GetFocus
GetDesktopWindow
MessageBoxA
RegisterDeviceNotificationW
UnregisterDeviceNotification
DefWindowProcW
UnregisterClassA
GetDlgItem
ShowWindow
RegisterClassW
GetClipCursor
GetCursorPos
SetCursor
GetWindowRect
GetClientRect
GetPropW
ValidateRect
InvalidateRect
GetUpdateRect
EndPaint
BeginPaint
AttachThreadInput
SendMessageW
RegisterWindowMessageA
SetWindowRgn
RegisterRawInputDevices
GetQueueStatus
CreateIconIndirect
DestroyCursor
CreateWindowExW
LoadCursorW
RegisterClassExA
CreateWindowExA
DestroyWindow
GetDoubleClickTime
DefWindowProcA
RegisterClassA
GetDC
GetForegroundWindow
GetMenu
GetSystemMetrics
KillTimer
SetTimer
MsgWaitForMultipleObjects
MapVirtualKeyW
GetAsyncKeyState
GetKeyState
IsZoomed
IsIconic
SetWindowPos
GetClassInfoExW
RegisterClassExW
UnregisterClassW
CallWindowProcW
PostMessageW
GetMessageExtraInfo
GetMessageTime
PeekMessageW
DispatchMessageW
TranslateMessage
TrackMouseEvent
IsClipboardFormatAvailable
EmptyClipboard
GetClipboardData
SetClipboardData
GetClipboardSequenceNumber
CloseClipboard
OpenClipboard
LoadIconA
LoadCursorA
AdjustWindowRectEx

gdi32

CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
GetDIBits
SelectObject
CreateDIBSection
BitBlt
CreateFontIndirectW
GetDeviceCaps
GetTextExtentPoint32A
GetTextMetricsW
CreateDCW
CreateBitmap
DescribePixelFormat
SwapBuffers
CombineRgn
CreateRectRgn
GetPixelFormat
GetICMProfileW
DeleteObject
CreateSolidBrush
ChoosePixelFormat
SetPixelFormat

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

shell32

DragFinish
DragQueryFileW
CommandLineToArgvW
ShellExecuteW
SHGetFolderPathW
DragAcceptFiles

ole32

PropVariantClear
CLSIDFromString
CoCreateInstance
CoTaskMemFree
CoInitializeEx
CoUninitialize

oleaut32

SysFreeString

imm32

ImmGetContext
ImmReleaseContext
ImmAssociateContext
ImmGetCompositionStringW
ImmSetCompositionStringW
ImmGetCandidateListW
ImmNotifyIME
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetIMEFileNameA

setupapi

SetupDiGetDevicePropertyW
SetupDiGetClassDevsA
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInstanceIdA
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
SetupDiGetDeviceRegistryPropertyA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

winmm

timeBeginPeriod
timeEndPeriod

Exports

Exports

SDL_AcquireCameraFrame
SDL_AddEventWatch
SDL_AddGamepadMapping
SDL_AddGamepadMappingsFromFile
SDL_AddGamepadMappingsFromIO
SDL_AddHintCallback
SDL_AddTimer
SDL_AddTimerNS
SDL_AddVulkanRenderSemaphores
SDL_AllocateEventMemory
SDL_AtomicAdd
SDL_AtomicCompareAndSwap
SDL_AtomicCompareAndSwapPointer
SDL_AtomicGet
SDL_AtomicGetPtr
SDL_AtomicSet
SDL_AtomicSetPtr
SDL_AttachVirtualJoystick
SDL_AudioDevicePaused
SDL_BindAudioStream
SDL_BindAudioStreams
SDL_BlitSurface
SDL_BlitSurfaceScaled
SDL_BlitSurfaceUnchecked
SDL_BlitSurfaceUncheckedScaled
SDL_BroadcastCondition
SDL_CaptureMouse
SDL_CleanupTLS
SDL_ClearAudioStream
SDL_ClearClipboardData
SDL_ClearComposition
SDL_ClearError
SDL_ClearProperty
SDL_CloseAudioDevice
SDL_CloseCamera
SDL_CloseGamepad
SDL_CloseHaptic
SDL_CloseIO
SDL_CloseJoystick
SDL_CloseSensor
SDL_CloseStorage
SDL_ComposeCustomBlendMode
SDL_ConvertAudioSamples
SDL_ConvertEventToRenderCoordinates
SDL_ConvertPixels
SDL_ConvertPixelsAndColorspace
SDL_ConvertSurface
SDL_ConvertSurfaceFormat
SDL_ConvertSurfaceFormatAndColorspace
SDL_CopyProperties
SDL_CreateAudioStream
SDL_CreateColorCursor
SDL_CreateCondition
SDL_CreateCursor
SDL_CreateDirectory
SDL_CreateHapticEffect
SDL_CreateMutex
SDL_CreatePalette
SDL_CreatePixelFormat
SDL_CreatePopupWindow
SDL_CreateProperties
SDL_CreateRWLock
SDL_CreateRenderer
SDL_CreateRendererWithProperties
SDL_CreateSemaphore
SDL_CreateSoftwareRenderer
SDL_CreateStorageDirectory
SDL_CreateSurface
SDL_CreateSurfaceFrom
SDL_CreateSystemCursor
SDL_CreateTLS
SDL_CreateTexture
SDL_CreateTextureFromSurface
SDL_CreateTextureWithProperties
SDL_CreateThreadRuntime
SDL_CreateThreadWithPropertiesRuntime
SDL_CreateWindow
SDL_CreateWindowAndRenderer
SDL_CreateWindowWithProperties
SDL_CursorVisible
SDL_DXGIGetOutputInfo
SDL_DYNAPI_entry
SDL_DateTimeToTime
SDL_DelEventWatch
SDL_DelHintCallback
SDL_Delay
SDL_DelayNS
SDL_DestroyAudioStream
SDL_DestroyCondition
SDL_DestroyCursor
SDL_DestroyHapticEffect
SDL_DestroyMutex
SDL_DestroyPalette
SDL_DestroyPixelFormat
SDL_DestroyProperties
SDL_DestroyRWLock
SDL_DestroyRenderer
SDL_DestroySemaphore
SDL_DestroySurface
SDL_DestroyTexture
SDL_DestroyWindow
SDL_DestroyWindowSurface
SDL_DetachThread
SDL_DetachVirtualJoystick
SDL_Direct3D9GetAdapterIndex
SDL_DisableScreenSaver
SDL_DuplicateSurface
SDL_EGL_GetCurrentEGLConfig
SDL_EGL_GetCurrentEGLDisplay
SDL_EGL_GetProcAddress
SDL_EGL_GetWindowEGLSurface
SDL_EGL_SetEGLAttributeCallbacks
SDL_EnableScreenSaver
SDL_EnterAppMainCallbacks
SDL_EnumerateDirectory
SDL_EnumerateProperties
SDL_EnumerateStorageDirectory
SDL_EventEnabled
SDL_FillSurfaceRect
SDL_FillSurfaceRects
SDL_FilterEvents
SDL_FlashWindow
SDL_FlipSurface
SDL_FlushAudioStream
SDL_FlushEvent
SDL_FlushEvents
SDL_FlushRenderer
SDL_GL_CreateContext
SDL_GL_DeleteContext
SDL_GL_ExtensionSupported
SDL_GL_GetAttribute
SDL_GL_GetCurrentContext
SDL_GL_GetCurrentWindow
SDL_GL_GetProcAddress
SDL_GL_GetSwapInterval
SDL_GL_LoadLibrary
SDL_GL_MakeCurrent
SDL_GL_ResetAttributes
SDL_GL_SetAttribute
SDL_GL_SetSwapInterval
SDL_GL_SwapWindow
SDL_GL_UnloadLibrary
SDL_GUIDFromString
SDL_GUIDToString
SDL_GamepadConnected
SDL_GamepadEventsEnabled
SDL_GamepadHasAxis
SDL_GamepadHasButton
SDL_GamepadHasSensor
SDL_GamepadSensorEnabled
SDL_GetAssertionHandler
SDL_GetAssertionReport
SDL_GetAudioCaptureDevices
SDL_GetAudioDeviceFormat
SDL_GetAudioDeviceName
SDL_GetAudioDriver
SDL_GetAudioOutputDevices
SDL_GetAudioStreamAvailable
SDL_GetAudioStreamData
SDL_GetAudioStreamDevice
SDL_GetAudioStreamFormat
SDL_GetAudioStreamFrequencyRatio
SDL_GetAudioStreamProperties
SDL_GetAudioStreamQueued
SDL_GetBasePath
SDL_GetBooleanProperty
SDL_GetCPUCacheLineSize
SDL_GetCPUCount
SDL_GetCameraDeviceName
SDL_GetCameraDevicePosition
SDL_GetCameraDeviceSupportedFormats
SDL_GetCameraDevices
SDL_GetCameraDriver
SDL_GetCameraFormat
SDL_GetCameraInstanceID
SDL_GetCameraPermissionState
SDL_GetCameraProperties
SDL_GetClipboardData
SDL_GetClipboardText
SDL_GetClosestFullscreenDisplayMode
SDL_GetCurrentAudioDriver
SDL_GetCurrentCameraDriver
SDL_GetCurrentDisplayMode
SDL_GetCurrentDisplayOrientation
SDL_GetCurrentRenderOutputSize
SDL_GetCurrentThreadID
SDL_GetCurrentTime
SDL_GetCurrentVideoDriver
SDL_GetCursor
SDL_GetDateTimeLocalePreferences
SDL_GetDayOfWeek
SDL_GetDayOfYear
SDL_GetDaysInMonth
SDL_GetDefaultAssertionHandler
SDL_GetDefaultCursor
SDL_GetDefaultKeyFromScancode
SDL_GetDesktopDisplayMode
SDL_GetDisplayBounds
SDL_GetDisplayContentScale
SDL_GetDisplayForPoint
SDL_GetDisplayForRect
SDL_GetDisplayForWindow
SDL_GetDisplayName
SDL_GetDisplayProperties
SDL_GetDisplayUsableBounds
SDL_GetDisplays
SDL_GetError
SDL_GetEventFilter
SDL_GetFloatProperty
SDL_GetFullscreenDisplayModes
SDL_GetGamepadAppleSFSymbolsNameForAxis
SDL_GetGamepadAppleSFSymbolsNameForButton
SDL_GetGamepadAxis
SDL_GetGamepadAxisFromString
SDL_GetGamepadBindings
SDL_GetGamepadButton
SDL_GetGamepadButtonFromString
SDL_GetGamepadButtonLabel
SDL_GetGamepadButtonLabelForType
SDL_GetGamepadConnectionState
SDL_GetGamepadFirmwareVersion
SDL_GetGamepadFromInstanceID
SDL_GetGamepadFromPlayerIndex
SDL_GetGamepadInstanceGUID
SDL_GetGamepadInstanceID
SDL_GetGamepadInstanceMapping
SDL_GetGamepadInstanceName
SDL_GetGamepadInstancePath
SDL_GetGamepadInstancePlayerIndex
SDL_GetGamepadInstanceProduct
SDL_GetGamepadInstanceProductVersion
SDL_GetGamepadInstanceType
SDL_GetGamepadInstanceVendor
SDL_GetGamepadJoystick
SDL_GetGamepadMapping
SDL_GetGamepadMappingForGUID
SDL_GetGamepadMappings
SDL_GetGamepadName
SDL_GetGamepadPath
SDL_GetGamepadPlayerIndex
SDL_GetGamepadPowerInfo
SDL_GetGamepadProduct
SDL_GetGamepadProductVersion
SDL_GetGamepadProperties
SDL_GetGamepadSensorData
SDL_GetGamepadSensorDataRate
SDL_GetGamepadSerial
SDL_GetGamepadSteamHandle
SDL_GetGamepadStringForAxis
SDL_GetGamepadStringForButton
SDL_GetGamepadStringForType
SDL_GetGamepadTouchpadFinger
SDL_GetGamepadType
SDL_GetGamepadTypeFromString
SDL_GetGamepadVendor
SDL_GetGamepads
SDL_GetGlobalMouseState
SDL_GetGlobalProperties
SDL_GetGrabbedWindow
SDL_GetHapticEffectStatus
SDL_GetHapticFeatures
SDL_GetHapticFromInstanceID
SDL_GetHapticInstanceID
SDL_GetHapticInstanceName
SDL_GetHapticName
SDL_GetHaptics
SDL_GetHint
SDL_GetHintBoolean
SDL_GetIOProperties
SDL_GetIOSize
SDL_GetIOStatus
SDL_GetJoystickAxis
SDL_GetJoystickAxisInitialState
SDL_GetJoystickBall
SDL_GetJoystickButton
SDL_GetJoystickConnectionState
SDL_GetJoystickFirmwareVersion
SDL_GetJoystickFromInstanceID
SDL_GetJoystickFromPlayerIndex
SDL_GetJoystickGUID
SDL_GetJoystickGUIDFromString
SDL_GetJoystickGUIDInfo
SDL_GetJoystickGUIDString
SDL_GetJoystickHat
SDL_GetJoystickInstanceGUID
SDL_GetJoystickInstanceID
SDL_GetJoystickInstanceName
SDL_GetJoystickInstancePath
SDL_GetJoystickInstancePlayerIndex
SDL_GetJoystickInstanceProduct
SDL_GetJoystickInstanceProductVersion
SDL_GetJoystickInstanceType
SDL_GetJoystickInstanceVendor
SDL_GetJoystickName
SDL_GetJoystickPath
SDL_GetJoystickPlayerIndex
SDL_GetJoystickPowerInfo
SDL_GetJoystickProduct
SDL_GetJoystickProductVersion
SDL_GetJoystickProperties
SDL_GetJoystickSerial
SDL_GetJoystickType
SDL_GetJoystickVendor
SDL_GetJoysticks
SDL_GetKeyFromName
SDL_GetKeyFromScancode
SDL_GetKeyName
SDL_GetKeyboardFocus
SDL_GetKeyboardInstanceName
SDL_GetKeyboardState
SDL_GetKeyboards
SDL_GetLogOutputFunction
SDL_GetLogPriority
SDL_GetMasksForPixelFormatEnum
SDL_GetMaxHapticEffects
SDL_GetMaxHapticEffectsPlaying
SDL_GetMemoryFunctions
SDL_GetMice
SDL_GetModState
SDL_GetMouseFocus
SDL_GetMouseInstanceName
SDL_GetMouseState
SDL_GetNaturalDisplayOrientation
SDL_GetNumAllocations
SDL_GetNumAudioDrivers
SDL_GetNumCameraDrivers
SDL_GetNumGamepadTouchpadFingers
SDL_GetNumGamepadTouchpads
SDL_GetNumHapticAxes
SDL_GetNumJoystickAxes
SDL_GetNumJoystickBalls
SDL_GetNumJoystickButtons
SDL_GetNumJoystickHats
SDL_GetNumRenderDrivers
SDL_GetNumVideoDrivers
SDL_GetNumberProperty
SDL_GetOriginalMemoryFunctions
SDL_GetPathInfo
SDL_GetPenCapabilities
SDL_GetPenFromGUID
SDL_GetPenGUID
SDL_GetPenName
SDL_GetPenStatus
SDL_GetPenType
SDL_GetPens
SDL_GetPerformanceCounter
SDL_GetPerformanceFrequency
SDL_GetPixelFormatEnumForMasks
SDL_GetPixelFormatName
SDL_GetPlatform
SDL_GetPowerInfo
SDL_GetPrefPath
SDL_GetPreferredLocales
SDL_GetPrimaryDisplay
SDL_GetPrimarySelectionText
SDL_GetProperty
SDL_GetPropertyType
SDL_GetRGB
SDL_GetRGBA
SDL_GetRealGamepadInstanceType
SDL_GetRealGamepadType
SDL_GetRectAndLineIntersection
SDL_GetRectAndLineIntersectionFloat
SDL_GetRectEnclosingPoints
SDL_GetRectEnclosingPointsFloat
SDL_GetRectIntersection
SDL_GetRectIntersectionFloat
SDL_GetRectUnion
SDL_GetRectUnionFloat
SDL_GetRelativeMouseMode
SDL_GetRelativeMouseState
SDL_GetRenderClipRect
SDL_GetRenderColorScale
SDL_GetRenderDrawBlendMode
SDL_GetRenderDrawColor
SDL_GetRenderDrawColorFloat
SDL_GetRenderDriver
SDL_GetRenderLogicalPresentation
SDL_GetRenderMetalCommandEncoder
SDL_GetRenderMetalLayer
SDL_GetRenderOutputSize
SDL_GetRenderScale
SDL_GetRenderTarget
SDL_GetRenderVSync
SDL_GetRenderViewport
SDL_GetRenderWindow
SDL_GetRenderer
SDL_GetRendererFromTexture
SDL_GetRendererName
SDL_GetRendererProperties
SDL_GetRevision
SDL_GetSIMDAlignment
SDL_GetScancodeFromKey
SDL_GetScancodeFromName
SDL_GetScancodeName
SDL_GetSemaphoreValue
SDL_GetSensorData
SDL_GetSensorFromInstanceID
SDL_GetSensorInstanceID
SDL_GetSensorInstanceName
SDL_GetSensorInstanceNonPortableType
SDL_GetSensorInstanceType
SDL_GetSensorName
SDL_GetSensorNonPortableType
SDL_GetSensorProperties
SDL_GetSensorType
SDL_GetSensors
SDL_GetSilenceValueForFormat
SDL_GetStorageFileSize
SDL_GetStoragePathInfo
SDL_GetStorageSpaceRemaining
SDL_GetStringProperty
SDL_GetSurfaceAlphaMod
SDL_GetSurfaceBlendMode
SDL_GetSurfaceClipRect
SDL_GetSurfaceColorKey
SDL_GetSurfaceColorMod
SDL_GetSurfaceColorspace
SDL_GetSurfaceProperties
SDL_GetSystemRAM
SDL_GetSystemTheme
SDL_GetTLS
SDL_GetTextureAlphaMod
SDL_GetTextureAlphaModFloat
SDL_GetTextureBlendMode
SDL_GetTextureColorMod
SDL_GetTextureColorModFloat
SDL_GetTextureProperties
SDL_GetTextureScaleMode
SDL_GetTextureSize
SDL_GetThreadID
SDL_GetThreadName
SDL_GetTicks
SDL_GetTicksNS
SDL_GetTouchDeviceName
SDL_GetTouchDeviceType
SDL_GetTouchDevices
SDL_GetTouchFingers
SDL_GetUserFolder
SDL_GetVersion
SDL_GetVideoDriver
SDL_GetWindowAspectRatio
SDL_GetWindowBordersSize
SDL_GetWindowDisplayScale
SDL_GetWindowFlags
SDL_GetWindowFromID
SDL_GetWindowFullscreenMode
SDL_GetWindowICCProfile
SDL_GetWindowID
SDL_GetWindowKeyboardGrab
SDL_GetWindowMaximumSize
SDL_GetWindowMinimumSize
SDL_GetWindowMouseGrab
SDL_GetWindowMouseRect
SDL_GetWindowOpacity
SDL_GetWindowParent
SDL_GetWindowPixelDensity
SDL_GetWindowPixelFormat
SDL_GetWindowPosition
SDL_GetWindowProperties
SDL_GetWindowSize
SDL_GetWindowSizeInPixels
SDL_GetWindowSurface
SDL_GetWindowSurfaceVSync
SDL_GetWindowTitle
SDL_GlobDirectory
SDL_GlobStorageDirectory
SDL_HapticEffectSupported
SDL_HapticRumbleSupported
SDL_HasARMSIMD
SDL_HasAVX
SDL_HasAVX2
SDL_HasAVX512F
SDL_HasAltiVec
SDL_HasClipboardData
SDL_HasClipboardText
SDL_HasEvent
SDL_HasEvents
SDL_HasGamepad
SDL_HasJoystick
SDL_HasKeyboard
SDL_HasLASX
SDL_HasLSX
SDL_HasMMX
SDL_HasMouse
SDL_HasNEON
SDL_HasPrimarySelectionText
SDL_HasProperty
SDL_HasRectIntersection
SDL_HasRectIntersectionFloat
SDL_HasSSE
SDL_HasSSE2
SDL_HasSSE3
SDL_HasSSE41
SDL_HasSSE42
SDL_HasScreenKeyboardSupport
SDL_HideCursor
SDL_HideWindow
SDL_IOFromConstMem
SDL_IOFromDynamicMem

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 444KB - Virtual size: 444KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Settings/winje/clientui.uifont
Settings/winje/rxcore.dll
.dll windows:6 windows x86 arch:x86

69d28feb2a9bd2e7508e612bffe3d31e

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:97:c5:6c:aa:59:05:53:94:d9:a9:cd:b8:be:eb:56
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

13/01/2023, 00:00

Not After

16/01/2026, 23:59

Subject

CN=NVIDIA Corporation,OU=2-J,O=NVIDIA Corporation,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

38:63:de:f8
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

24/12/1999, 17:50

Not After

24/07/2029, 14:15

Subject

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

22/07/2015, 19:02

Not After

22/06/2029, 19:32

Subject

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:d7:13:53:da:25:61:b4:61:e9:90:47:8a:4c:ce:04
Certificate

Issuer

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

19/01/2024, 16:46

Not After

01/06/2029, 00:00

Subject

CN=Entrust Timestamp Authority - TSA1,O=Entrust\, Inc.,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

d6:a5:63:b5:d9:c1:58:3b:e0:05:6a:bc:e9:99:f9:48:2e:8b:6b:3a:62:b2:a5:34:00:07:01:64:6d:61:9c:91
Signer

Actual PE Digest

d6:a5:63:b5:d9:c1:58:3b:e0:05:6a:bc:e9:99:f9:48:2e:8b:6b:3a:62:b2:a5:34:00:07:01:64:6d:61:9c:91

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\dvs\p4\build\sw\gcomp\rel\gs_04_50\src\Mjolnir\RemoteInput\rxinput\core\_out\win7_x86_release\rxcore.pdb

Imports

kernel32

FreeLibrary
GetSystemTime
GetTickCount
CreateEventA
VirtualProtect
GetCurrentThreadId
GetCurrentProcessId
SetLastError
WriteProcessMemory
TerminateProcess
ResumeThread
OpenProcess
GetCurrentThread
LoadLibraryA
VirtualAllocEx
LocalFree
GlobalMemoryStatusEx
CreateProcessW
CreateRemoteThread
CreateProcessA
VirtualFreeEx
IsWow64Process
OpenThread
ReadFile
WriteFile
GetTempPathW
GetTempFileNameW
GetFileSizeEx
GetCommandLineW
GetFullPathNameW
GetModuleFileNameW
GetEnvironmentVariableW
CreateFileW
GetFileAttributesW
CreateFileMappingW
MapViewOfFileEx
SetThreadPriority
TerminateThread
WaitForMultipleObjects
GetThreadPriority
ResetEvent
CreateTimerQueueTimer
DeviceIoControl
CreateFileA
GetOverlappedResult
DeleteTimerQueueTimer
VerifyVersionInfoA
VerSetConditionMask
VirtualAlloc
SuspendThread
GetThreadContext
FlushInstructionCache
SetThreadContext
VirtualQuery
ExpandEnvironmentStringsW
LocalAlloc
lstrcmpA
SystemTimeToFileTime
OutputDebugStringW
FileTimeToSystemTime
GetModuleHandleW
VerifyVersionInfoW
lstrcmpW
LoadLibraryExW
Module32Next
Module32First
CreateToolhelp32Snapshot
CreateMutexA
ReleaseMutex
LoadLibraryW
WaitForMultipleObjectsEx
UnregisterWaitEx
QueryDepthSList
InterlockedPopEntrySList
ReleaseSemaphore
DuplicateHandle
SetProcessAffinityMask
VirtualFree
GetVersionExW
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
ChangeTimerQueueTimer
GetLogicalProcessorInformation
SignalObjectAndWait
CreateTimerQueue
WriteConsoleW
HeapSize
HeapReAlloc
SetConsoleCtrlHandler
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
SetEndOfFile
SetStdHandle
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
RtlCaptureStackBackTrace
GetDateFormatW
GetConsoleCP
FlushFileBuffers
CreateThread
UnmapViewOfFile
InitializeCriticalSection
CreateFileMappingNumaA
MapViewOfFile
OpenFileMappingA
DeleteCriticalSection
CreateFileMappingA
GetProcAddress
CloseHandle
SetEvent
GetLastError
Sleep
GetModuleHandleA
WaitForSingleObject
LeaveCriticalSection
GetCurrentProcess
EnterCriticalSection
GetSystemDirectoryW
GetModuleFileNameA
GetStdHandle
HeapAlloc
HeapFree
FreeLibraryAndExitThread
ExitThread
GetModuleHandleExW
ExitProcess
SetFilePointerEx
GetFileType
ReadConsoleW
GetConsoleMode
InterlockedFlushSList
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
TryEnterCriticalSection
FormatMessageW
WideCharToMultiByte
QueryPerformanceFrequency
SwitchToThread
GetExitCodeThread
GetNativeSystemInfo
EncodePointer
DecodePointer
RaiseException
MultiByteToWideChar
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
RtlUnwind
InterlockedPushEntrySList

ole32

CoInitialize
CoUninitialize
CoCreateInstance
CoSetProxyBlanket
CoTaskMemFree

user32

GetCursorPos
GetWindowTextW
GetMessageA
DispatchMessageA
LoadCursorA
DestroyWindow
SetWindowPos
CallNextHookEx
ShowWindow
GetCursorInfo
UnhookWindowsHookEx
DefWindowProcA
CreateWindowExA
GetSystemMetrics
LoadIconA
PostQuitMessage
RegisterClassExA
UpdateWindow
GetWindowThreadProcessId
FindWindowExW
EnumChildWindows
PostMessageA
GetWindowPlacement
EnumDesktopWindows
SendMessageA
GetAncestor
GetForegroundWindow
IsIconic
TranslateMessage
MonitorFromPoint
SetWindowsHookExA

shell32

ord165
CommandLineToArgvW
SHGetKnownFolderPath

shlwapi

PathIsDirectoryW
PathFileExistsW

advapi32

SetSecurityDescriptorDacl
AdjustTokenPrivileges
LookupPrivilegeValueA
InitializeSecurityDescriptor
RegNotifyChangeKeyValue
RegGetValueA
RegQueryValueExA
RegCreateKeyExA
RegDeleteKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegEnumValueA
RegDeleteValueA
RegEnumKeyExA
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
OpenProcessToken

winmm

timeEndPeriod
timeBeginPeriod

oleaut32

GetErrorInfo
VariantInit
VariantChangeType
SetErrorInfo
VariantClear
SysFreeString
SysAllocString
CreateErrorInfo

setupapi

SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA
SetupDiGetDeviceInterfaceDetailA
SetupDiDestroyDeviceInfoList

Exports

Exports

?RxiDummy@@YAHXZ
RmClientActive
RmCoplayClient
RmCoreAudioDetourEnable
RmCoreAudioLocal
RmCoreAudioNumChannels
RmCoreAudioOpusMappingMode
RmCoreAudioSupported
RmCreateProcessA
RmCreateProcessW
RmEtwLoggingEnable
RmFileWhiteListMechanism
RmFlushAudioBuffer
RmGamepadMapping
RmGetAudioStream
RmGetDevicesDetouringBitmap
RmGetGamepadMapping
RmGetLatencyMeasurementTrigger
RmGetVirtualDevicesMap
RmHapticsEnable
RmHookingComplete
RmIsStreamingSetup
RmJoinCoreThreads
RmLaunchDetour
RmNvGamepadDetach
RmNvGamepadEnable
RmOpenDevices
RmProcessInEarlyInjectionListW
RmReleaseDetour
RmRemappingMap
RmRemoteThreadInjection
RmSendVibrationCommandLocal
RmSendVibrationCommandRemote
RmSetControllersBitmap
RmSetControllersBitmapCallback
RmSetControllersBitmapVhci
RmSetDevicesDetouringBitmap
RmSetGamepadPresenceFlag
RmSetLatencyMeasurementTrigger
RmSetSelectiveDetouringAppsList
RmSetSimulationMode
RmSimulationMode
RmStreamingSetup
RmVirtualGamepadCount
RmVirtualNvGamepadReplug
RmWindowsHook
RmWindowsHookSetup
RmXInputUpdateCapabilities
RmXInputUpdateState
RmXInputUpdateStateBlake
RxDetourActivated
RxGetCompileTime
RxGetShMemPointer
RxGetShMemSignature
VbAttach
VbAttachBitmap
VbAttachBitmapDetached
VbAttachEx
VbConsolidateDevices
VbDetach
VbDetachEx
VbEnumerated
VbGetHidOutputData
VbGetHidOutputEvent
VbGetMouseRuntimeError
VbQueueInputReport
VbQueueInputReportDetachedHid

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 314KB - Virtual size: 314KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Version/plugins/en-US/effectsPC.txd
Version/v3/AudioEventHistory.txt
Version/v3/BankLkup.dat
Version/v3/BankSlot.dat
Version/v3/EventVol.dat
Version/v3/IEShims.dll
.dll windows:10 windows x86 arch:x86

c1ef8f648c60d79681dabb7185b9aaf5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ieshims.pdb

Imports

msvcrt

wcsrchr
_vscwprintf
_vsnwprintf
_vsnprintf_s
??0exception@@QAE@XZ
??1exception@@UAE@XZ
memcmp
_CxxThrowException
??0exception@@QAE@ABV0@@Z
_wcslwr
wcspbrk
wcschr
_wcsicmp
wcsncmp
fputws
_wfopen
fclose
_stricmp
calloc
_XcptFilter
_amsg_exit
wcsstr
memmove_s
towlower
iswctype
wcsspn
memcpy_s
realloc
free
wcstok_s
iswspace
_wcsnicmp
malloc
_initterm
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_lock
_unlock
__dllonexit
_onexit
_except_handler4_common
memmove
__CxxFrameHandler3
memset

kernel32

LeaveCriticalSection
DelayLoadFailureHook
ResolveDelayLoadedAPI
RaiseException
QueryFullProcessImageNameW
GetLogicalDriveStringsW
QueryDosDeviceW
IsWow64Process
GetTickCount64
OpenProcess
CreateMutexW
InitializeCriticalSection
InitializeSRWLock
OpenFileMappingW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
GetTickCount
GetSystemTimeAsFileTime
QueryPerformanceCounter
SleepConditionVariableSRW
WakeAllConditionVariable
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
OutputDebugStringA
GetModuleHandleA
SetEnvironmentVariableW
GetCurrentProcess
DuplicateHandle
CopyFileExW
SetFileAttributesW
DeviceIoControl
GetFileInformationByHandle
CreateDirectoryW
lstrcmpiW
EncodePointer
FindClose
FindNextFileW
FindFirstFileW
TlsFree
VirtualProtect
RaiseFailFastException
GetFileSizeEx
CreateFileW
DecodePointer
GetCurrentThreadId
GetModuleHandleExW
GetModuleFileNameW
SearchPathW
GetFileAttributesW
SetLastError
LocalAlloc
VirtualQuery
GetCurrentDirectoryW
LocalFree
MultiByteToWideChar
WideCharToMultiByte
GetProcAddress
GetCurrentProcessId
GetProcessId
GetLastError
TlsSetValue
ExitThread
GetProcessIdOfThread
GetThreadId
HeapAlloc
GetProcessHeap
HeapFree
FormatMessageW
GetSystemDirectoryW
GetWindowsDirectoryW
GetLongPathNameW
GetFullPathNameW
GetEnvironmentVariableW
ExpandEnvironmentStringsW
GetModuleFileNameA
DebugBreak
GetModuleHandleW
IsDebuggerPresent
OutputDebugStringW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
CloseHandle
ReleaseSemaphore
ReleaseMutex
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
WaitForSingleObjectEx
EnterCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
WaitForSingleObject
OpenSemaphoreW
CreateThreadpoolTimer
CreateMutexExW
CreateSemaphoreExW
TerminateProcess
LoadLibraryA
InitializeCriticalSectionAndSpinCount
TlsGetValue
TlsAlloc
OpenEventW
InitializeProcThreadAttributeList
DeleteProcThreadAttributeList

api-ms-win-downlevel-shlwapi-l1-1-0

StrCmpCW
StrCmpICA
PathGetArgsW
StrCmpICW
PathFindFileNameW
StrCmpIW
StrCmpNICW
StrCmpNIA
PathSkipRootW
StrDupW
PathIsUNCW
StrCmpNCW

api-ms-win-downlevel-advapi32-l1-1-0

RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegGetValueW
RegEnumKeyExW
RegSetValueExW
RegCreateKeyExW
RegQueryInfoKeyW
RegEnumValueW

ntdll

RtlNtStatusToDosError
NtQueryObject

iertutil

ord45
ord170
ord137
ord58
ord134
ord50
ord791
ord820
ord101
ord916
ord793

Exports

Exports

AcRedirNotify
AcRedirNotifySetEnabled
AcRedirSetEnabled
IEShims_AdminCheckAndLaunch
IEShims_CreateWindowEx
IEShims_GetOriginatingThreadId
IEShims_InDllMainContext
IEShims_Initialize
IEShims_SetRedirectRegistryForThread
IEShims_Uninitialize

Sections

.text
Size: 293KB - Virtual size: 293KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mrdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Version/v3/PakFiles.dat
Version/v3/StrmPaks.dat
Version/v3/TrakLkup.dat
Version/v4/Hardcodet.Wpf.TaskbarNotification.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:c3:e3:0f:10:1b:62:fe:0a:49:9e:b1:18:90:12:ea
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

26/01/2022, 00:00

Not After

26/02/2025, 23:59

Subject

CN=Razer USA Ltd.,O=Razer USA Ltd.,L=Irvine,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f4:97:8c:65:d7:61:66:2c:7e:f0:9e:32:d4:d3:ae:bb:a5:94:09:23:00:59:bf:a9:df:b8:47:a3:dc:b1:ae:64
Signer

Actual PE Digest

f4:97:8c:65:d7:61:66:2c:7e:f0:9e:32:d4:d3:ae:bb:a5:94:09:23:00:59:bf:a9:df:b8:47:a3:dc:b1:ae:64

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\jenkins\workspace\CommonTools\Natasha_Master\3rdParty\NotifyIconWpf\obj\x86\Release\Hardcodet.Wpf.TaskbarNotification.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lnjector.exe
.exe windows:6 windows x86 arch:x86

2d5a04ae813ffe31a2e41d0cc08bf5dc

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:fe:f2:b9:ed:0f:49:e6:85:02:f3:bd:91:52:fc:ac
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/02/2022, 00:00

Not After

01/03/2025, 23:59

Subject

SERIALNUMBER=54620074,CN=Palo Alto Networks (Netherlands) B.V.,OU=Palo Alto Networks,O=Palo Alto Networks (Netherlands) B.V.,L=Amsterdam,ST=Noord-Holland,C=NL,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024e4c

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

54:98:d2:d1:d4:5b:19:95:48:13:79:c8:11:c0:87:99
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

16/04/2020, 18:36

Not After

16/04/2045, 18:44

Subject

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:01:27:12:e9:9a:58:b2:bc:cf:a8:e4:00:00:00:01:27:12
Certificate

Issuer

CN=Microsoft ID Verified CS AOC CA 02,O=Microsoft Corporation,C=US

Not Before

24/06/2024, 22:05

Not After

27/06/2024, 22:05

Subject

CN=Palo Alto Networks,O=Palo Alto Networks,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:01:27:12:e9:9a:58:b2:bc:cf:a8:e4:00:00:00:01:27:12
Certificate

Issuer

CN=Microsoft ID Verified CS AOC CA 02,O=Microsoft Corporation,C=US

Not Before

24/06/2024, 22:05

Not After

27/06/2024, 22:05

Subject

CN=Palo Alto Networks,O=Palo Alto Networks,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:00:04:96:50:4b:d2:db:ee:cb:88:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft ID Verified Code Signing PCA 2021,O=Microsoft Corporation,C=US

Not Before

13/04/2021, 17:31

Not After

13/04/2026, 17:31

Subject

CN=Microsoft ID Verified CS AOC CA 02,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:07:87:a3:34:a3:7b:a5:8e:1c:00:00:00:00:00:07
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

01/04/2021, 20:05

Not After

01/04/2036, 20:15

Subject

CN=Microsoft ID Verified Code Signing PCA 2021,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:05:e5:cf:0f:ff:66:2e:c9:87:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

19/11/2020, 20:32

Not After

19/11/2035, 20:42

Subject

CN=Microsoft Public RSA Timestamping CA 2020,O=Microsoft Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:3b:8a:69:59:be:14:05:64:71:00:00:00:00:00:3b
Certificate

Issuer

CN=Microsoft Public RSA Timestamping CA 2020,O=Microsoft Corporation,C=US

Not Before

15/02/2024, 20:36

Not After

15/02/2025, 20:36

Subject

CN=Microsoft Public RSA Time Stamping Authority,OU=Microsoft America Operations+OU=nShield TSS ESN:7800-05E0-D947,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:c2:01:2d:61:78:a7:a3:c1:ac:99:e6:53:12:4d:35:f7:43:29:0e:4c:e9:5d:08:46:23:10:e3:67:28:bc:bc
Signer

Actual PE Digest

07:c2:01:2d:61:78:a7:a3:c1:ac:99:e6:53:12:4d:35:f7:43:29:0e:4c:e9:5d:08:46:23:10:e3:67:28:bc:bc

Digest Algorithm

sha256

PE Digest Matches

false

07:c2:01:2d:61:78:a7:a3:c1:ac:99:e6:53:12:4d:35:f7:43:29:0e:4c:e9:5d:08:46:23:10:e3:67:28:bc:bc
Signer

Actual PE Digest

07:c2:01:2d:61:78:a7:a3:c1:ac:99:e6:53:12:4d:35:f7:43:29:0e:4c:e9:5d:08:46:23:10:e3:67:28:bc:bc

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\BuildAgent\work\53efeb3c1c1ac12a\win\Release\Client\Win32\sym\cyreport.pdb

Imports

ntdll

RtlImageNtHeader
RtlImageDirectoryEntryToData
RtlFreeUnicodeString
RtlEqualSid
RtlInterlockedPopEntrySList
RtlInitializeSListHead
RtlQueryDepthSList
RtlInterlockedPushEntrySList
NtQueryPerformanceCounter
RtlInitUnicodeStringEx
RtlUnwind
RtlCopyUnicodeString
RtlConvertSidToUnicodeString
RtlAppendUnicodeToString
RtlCompareMemory
LdrUnlockLoaderLock
ZwFreeVirtualMemory
ZwProtectVirtualMemory
RtlClearBits
ZwAllocateVirtualMemory
LdrLockLoaderLock
ZwQueryVirtualMemory
RtlAreBitsSet
RtlAreBitsClear
RtlFindClearBits
ZwQueryObject
ZwDuplicateToken
RtlCreateSecurityDescriptor
RtlCreateAcl
RtlCopySid
RtlAbsoluteToSelfRelativeSD
ZwSetInformationThread
ZwQueryInformationToken
RtlLengthSid
RtlSetDaclSecurityDescriptor
ZwOpenProcessTokenEx
ZwOpenThreadTokenEx
RtlValidSid
RtlLengthSecurityDescriptor
RtlDosPathNameToNtPathName_U
RtlIntegerToUnicodeString
ZwQueryVolumeInformationFile
ZwDeviceIoControlFile
ZwQuerySystemInformation
ZwOpenFile
RtlInitAnsiString
RtlAppendUnicodeStringToString
RtlFreeHeap
NtProtectVirtualMemory
RtlAcquireResourceExclusive
RtlInitializeResource
RtlReleaseResource
RtlAcquireResourceShared
RtlDeleteResource
NtQueryVirtualMemory
RtlAllocateHeap
NtFlushInstructionCache
ZwOpenKey
ZwQueryValueKey
ZwEnumerateKey
RtlPrefixUnicodeString
ZwEnumerateValueKey
RtlGUIDFromString
ZwQueryKey
RtlInsertElementGenericTableAvl
RtlLookupElementGenericTableAvl
RtlDeleteElementGenericTableAvl
RtlInitializeGenericTableAvl
ZwClose
ZwSetEvent
NtCreateKeyedEvent
ZwCreateEvent
ZwWaitForSingleObject
RtlAcquireSRWLockExclusive
RtlReleaseSRWLockExclusive
RtlDeregisterWaitEx
RtlInitializeSRWLock
RtlCompareUnicodeString
RtlSetBits
RtlInitializeBitMap
ZwQueryInformationFile
ZwSetInformationFile
ZwQueryInformationProcess
RtlGetVersion
RtlLeaveCriticalSection
RtlEnterCriticalSection
ZwWriteFile
ZwReadFile
ZwDeleteFile
RtlInitializeCriticalSection
RtlStringFromGUID
ZwCreateFile
RtlNtStatusToDosError
RtlInitUnicodeString
RtlEqualUnicodeString

wintrust

WinVerifyTrust
CryptCATAdminAcquireContext2
CryptCATAdminEnumCatalogFromHash
CryptCATCatalogInfoFromContext
CryptCATAdminCalcHashFromFileHandle2
CryptCATAdminReleaseContext
CryptCATAdminReleaseCatalogContext
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData

rpcrt4

NdrClientCall2
UuidToStringW
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcStringFreeW
RpcBindingFree
UuidCreate

dbghelp

MiniDumpWriteDump

shlwapi

SHCreateStreamOnFileW

advapi32

RegGetValueA
OpenThreadToken
TraceMessageVa
ConvertSidToStringSidW
CreateProcessAsUserW
CloseServiceHandle
OpenSCManagerW
EnumServicesStatusExW
OpenProcessToken
DuplicateTokenEx
GetTokenInformation
RegSaveKeyExW
LookupAccountSidW
RevertToSelf
RegCloseKey
ImpersonateLoggedOnUser
RegOpenKeyExW
RegQueryValueExW
DeregisterEventSource
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
RegisterTraceGuidsW
UnregisterTraceGuids
RegisterEventSourceW
ReportEventW

user32

wsprintfW
GetUserObjectInformationW

kernel32

GetModuleHandleExW
ExitProcess
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedPushEntrySList
GetCurrentProcessId
GetStartupInfoW
IsDebuggerPresent
InitializeCriticalSectionAndSpinCount
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
LCMapStringEx
DecodePointer
EncodePointer
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetConsoleMode
GetCurrentThreadId
DeleteCriticalSection
TryEnterCriticalSection
InitializeCriticalSectionEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
InitOnceBeginInitialize
InitOnceComplete
LoadLibraryExA
FreeLibrary
VirtualQuery
VirtualProtect
GetSystemInfo
RaiseException
WideCharToMultiByte
MultiByteToWideChar
WriteFile
GetFileType
GetStdHandle
GetModuleHandleA
GetEnvironmentVariableA
ReadFile
CreateFileW
GetCurrentThread
GetThreadLocale
MapViewOfFile
GetTimeZoneInformation
OpenFileMappingW
GetCommandLineW
CreateThread
WaitForSingleObjectEx
DeleteFileW
OpenProcess
DuplicateHandle
GetProcessTimes
FormatMessageW
LocalAlloc
VirtualFree
SetLastError
GetModuleHandleW
GetProcAddress
Sleep
WaitForSingleObject
VirtualAlloc
GetCurrentProcess
CancelIo
GetProcessHeap
ReadProcessMemory
HeapAlloc
ResetEvent
CloseHandle
CreateEventW
GetConsoleCP
GetModuleFileNameW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
SetStdHandle
SetFilePointerEx
GetFileSizeEx
HeapReAlloc
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapSize
WriteConsoleW
GetStringTypeW
LeaveCriticalSection
WaitForMultipleObjects
EnterCriticalSection
GetLastError
FindFirstFileW
FindNextFileW
FindClose
LocalFree
TerminateProcess
ResumeThread
SetEvent
TerminateThread
HeapFree

shell32

CommandLineToArgvW

crypt32

CertFreeCertificateContext
CertFindCertificateInStore
CertOpenStore
CertGetCertificateContextProperty
CertGetNameStringW
CertCloseStore

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 293KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7d160b88661881130511c74ebf7466bb

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 11KB - Virtual size: 11KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

9466a71df1d3a59794f8605626534abe

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 479KB - Virtual size: 478KB

.rdata Size: 96KB - Virtual size: 96KB

.data Size: 3KB - Virtual size: 5KB

.reloc Size: 12KB - Virtual size: 12KB

bf37d15db47edd266f750b3223564310

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5cCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

06:89:b3:bc:eb:44:09:89:0a:32:d7:19:76:b1:32:a4Certificate

Extended Key Usages

Key Usages

a8:03:fb:c4:04:fd:df:9f:e0:a6:1f:a4:27:e3:bb:81:b6:b6:52:a6:7a:ab:10:14:52:a8:e1:5d:1f:51:06:b8Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

imm32

setupapi

version

winmm

Exports

Exports

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 444KB - Virtual size: 444KB

.data Size: 35KB - Virtual size: 51KB

.pdata Size: 75KB - Virtual size: 75KB

_RDATA Size: 512B - Virtual size: 252B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 7KB

69d28feb2a9bd2e7508e612bffe3d31e

.text
Size: 11KB - Virtual size: 11KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 479KB - Virtual size: 478KB

.rdata
Size: 96KB - Virtual size: 96KB

.data
Size: 3KB - Virtual size: 5KB

.reloc
Size: 12KB - Virtual size: 12KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

06:89:b3:bc:eb:44:09:89:0a:32:d7:19:76:b1:32:a4
Certificate

a8:03:fb:c4:04:fd:df:9f:e0:a6:1f:a4:27:e3:bb:81:b6:b6:52:a6:7a:ab:10:14:52:a8:e1:5d:1f:51:06:b8
Signer

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 444KB - Virtual size: 444KB

.data
Size: 35KB - Virtual size: 51KB

.pdata
Size: 75KB - Virtual size: 75KB

_RDATA
Size: 512B - Virtual size: 252B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 7KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

09:97:c5:6c:aa:59:05:53:94:d9:a9:cd:b8:be:eb:56
Certificate

38:63:de:f8
Certificate

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

07:d7:13:53:da:25:61:b4:61:e9:90:47:8a:4c:ce:04
Certificate

d6:a5:63:b5:d9:c1:58:3b:e0:05:6a:bc:e9:99:f9:48:2e:8b:6b:3a:62:b2:a5:34:00:07:01:64:6d:61:9c:91
Signer

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 314KB - Virtual size: 314KB

.data
Size: 52KB - Virtual size: 70KB

.rsrc
Size: 1024B - Virtual size: 840B

.reloc
Size: 89KB - Virtual size: 88KB

.text
Size: 293KB - Virtual size: 293KB

.data
Size: 512B - Virtual size: 4KB

.idata
Size: 5KB - Virtual size: 4KB

.didat
Size: 512B - Virtual size: 188B

.mrdata
Size: 19KB - Virtual size: 18KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 28KB - Virtual size: 27KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate