Malwarebytes Anti-Exploit[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Malwarebytes Anti-Exploit.zip
Size

3.7MB
MD5

d6734b2620e54e0f7f56d0bdc00c8654
SHA1

574f7bdf1d779c1fc0f27b70e1fb90d4e4676a4e
SHA256

a771a2b422b964399df75624d897bc2ff3b5bf99a9f661aed3c8232565ded1a2
SHA512

fa0cae4b37b6038555ed296fd2f8b8a5e33c0d5a01f154f76226c1a243eb7b2ac38eeb700c4bd05e4d220906d6b5288c1941ce67bdc00d459f4f8c9a7098d4a5
SSDEEP

98304:MoeWMGcO5nJEG0C5DY3hqDftrwXpii/IPS3E+Orn5NsZeTD4vJ:QsX5nJjND3Fs5iiwK3E+OK9h

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Malwarebytes Anti-Exploit/unins000.exe

Files

Malwarebytes Anti-Exploit.zip
.zip
Malwarebytes Anti-Exploit/changelog.txt
Malwarebytes Anti-Exploit/license.rtf
.rtf
Malwarebytes Anti-Exploit/mbae-api-na.dll
.dll windows:5 windows x86 arch:x86

edb8ff4c18752ccd03054d2aa7434571

Code Sign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12-03-2019 00:00

Not After

31-12-2028 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a6:57:f7:78:b3:1a:e5:23:d6:67:13:17:18:d1:6e:b2
Certificate

Issuer

CN=Sectigo RSA Code Signing CA 2,O=Sectigo Limited,C=GB

Not Before

23-03-2022 00:00

Not After

16-03-2025 23:59

Subject

CN=Malwarebytes Inc.,O=Malwarebytes Inc.,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

9e:02:b0:e9:4a:ce:b2:10:9c:a1:e9:83:6b:e0:c2:db
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

25-05-2021 00:00

Not After

24-05-2036 23:59

Subject

CN=Sectigo RSA Code Signing CA 2,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

54:98:d2:d1:d4:5b:19:95:48:13:79:c8:11:c0:87:99
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

16-04-2020 18:36

Not After

16-04-2045 18:44

Subject

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:7f:fe:7b:c6:50:70:3f:15:74:eb:00:00:00:00:7f:fe
Certificate

Issuer

CN=Microsoft ID Verified CS AOC CA 01,O=Microsoft Corporation,C=US

Not Before

27-04-2023 17:57

Not After

30-04-2023 17:57

Subject

CN=Malwarebytes Inc,O=Malwarebytes Inc,L=Santa Clara,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:7f:fe:7b:c6:50:70:3f:15:74:eb:00:00:00:00:7f:fe
Certificate

Issuer

CN=Microsoft ID Verified CS AOC CA 01,O=Microsoft Corporation,C=US

Not Before

27-04-2023 17:57

Not After

30-04-2023 17:57

Subject

CN=Malwarebytes Inc,O=Malwarebytes Inc,L=Santa Clara,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:00:07:37:8c:5b:a1:d9:5b:8c:d4:00:00:00:00:00:07
Certificate

Issuer

CN=Microsoft ID Verified Code Signing PCA 2021,O=Microsoft Corporation,C=US

Not Before

13-04-2021 17:31

Not After

13-04-2026 17:31

Subject

CN=Microsoft ID Verified CS AOC CA 01,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:07:87:a3:34:a3:7b:a5:8e:1c:00:00:00:00:00:07
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

01-04-2021 20:05

Not After

01-04-2036 20:15

Subject

CN=Microsoft ID Verified Code Signing PCA 2021,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

75:7e:15:0d:56:40:bc:ff:68:91:17:2b:38:91:08:d6:f7:74:b1:ce:02:b5:5d:63:ad:58:bf:fb:db:56:d5:83
Signer

Actual PE Digest

75:7e:15:0d:56:40:bc:ff:68:91:17:2b:38:91:08:d6:f7:74:b1:ce:02:b5:5d:63:ad:58:bf:fb:db:56:d5:83

Digest Algorithm

sha256

PE Digest Matches

true

75:7e:15:0d:56:40:bc:ff:68:91:17:2b:38:91:08:d6:f7:74:b1:ce:02:b5:5d:63:ad:58:bf:fb:db:56:d5:83
Signer

Actual PE Digest

75:7e:15:0d:56:40:bc:ff:68:91:17:2b:38:91:08:d6:f7:74:b1:ce:02:b5:5d:63:ad:58:bf:fb:db:56:d5:83

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\Jenkins\workspace\A_MBAEFuture_Corporate\bin\Release\mbae-api-na.pdb

Imports

crypt32

CryptVerifyMessageSignature
CryptBinaryToStringA
CertFreeCertificateContext
CertGetNameStringW

ws2_32

gethostbyname
WSACleanup
WSAStartup
inet_ntoa

kernel32

EnterCriticalSection
TryEnterCriticalSection
CreateProcessW
GetLogicalDriveStringsW
InitializeCriticalSection
OpenProcess
GetExitCodeProcess
TerminateProcess
Process32FirstW
QueryDosDeviceW
Module32FirstW
Process32NextW
CreateToolhelp32Snapshot
Module32NextW
GetCurrentProcess
WaitForSingleObject
DisableThreadLibraryCalls
DeleteCriticalSection
SetEvent
CreateRemoteThread
SetLastError
GetExitCodeThread
CreateEventW
WaitForMultipleObjects
CreateThread
InterlockedCompareExchange
InterlockedExchange
SystemTimeToFileTime
SetFilePointerEx
GetSystemTimeAsFileTime
GetPrivateProfileStringW
CopyFileW
FileTimeToSystemTime
WTSGetActiveConsoleSessionId
GetPrivateProfileSectionNamesW
GetPrivateProfileIntW
GetPrivateProfileSectionW
GetSystemTime
WideCharToMultiByte
MultiByteToWideChar
GetTempPathW
LeaveCriticalSection
GetVersion
VirtualProtect
VirtualQuery
VirtualAllocEx
VirtualFreeEx
VirtualProtectEx
VirtualQueryEx
GetCurrentThread
WriteProcessMemory
DuplicateHandle
SetThreadPriority
TerminateThread
ReleaseSemaphore
ReleaseMutex
GetTickCount
CreatePipe
lstrcpyA
lstrcatA
lstrlenA
CreateMutexW
CreateSemaphoreW
IsBadReadPtr
ExitProcess
ResumeThread
lstrcpyW
lstrlenW
GetSystemDirectoryW
GetCurrentDirectoryW
VirtualAlloc
VirtualFree
GetOverlappedResult
ResetEvent
DeviceIoControl
CreateFileMappingA
CancelIo
GetWindowsDirectoryW
OpenEventW
OpenFileMappingW
GetConsoleCP
LoadLibraryExW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetFileType
GetStdHandle
HeapSize
GetProcessHeap
HeapFree
HeapAlloc
GetFileSize
ReadProcessMemory
LoadLibraryW
FreeLibrary
VerifyVersionInfoW
GetModuleHandleW
VerSetConditionMask
LocalAlloc
FindNextFileW
FindClose
FindFirstFileW
GetCurrentProcessId
DeleteFileW
OutputDebugStringA
GetCurrentThreadId
GetFileAttributesExW
GetModuleFileNameA
GetSystemInfo
LoadLibraryA
GetLocalTime
MoveFileW
GetLastError
GetTimeZoneInformation
GetModuleFileNameW
ReadFile
GetVersionExW
Sleep
GetLocaleInfoW
WriteFile
OutputDebugStringW
CreateDirectoryW
GetSystemDefaultUILanguage
GetFullPathNameW
LocalFree
CloseHandle
GetModuleHandleA
CreateFileMappingW
GetProcAddress
GetFileSizeEx
CreateFileW
GetFileAttributesW
UnmapViewOfFile
MapViewOfFile
GetConsoleMode
SetStdHandle
WriteConsoleW
FlushFileBuffers
ReadConsoleW
GetModuleHandleExW
GetOEMCP
GetACP
IsValidCodePage
LCMapStringW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
RtlUnwind
RaiseException
GetCommandLineA
HeapReAlloc
IsProcessorFeaturePresent
IsDebuggerPresent
GetStringTypeW
DecodePointer
EncodePointer

user32

DispatchMessageW
MsgWaitForMultipleObjects
TranslateMessage
PeekMessageW
GetSystemMetrics
wsprintfW

advapi32

RegOpenKeyExW
RegCloseKey
RegSetValueExW
CryptGetHashParam
CryptAcquireContextW
CryptReleaseContext
SetNamedSecurityInfoW
GetNamedSecurityInfoW
CryptCreateHash
SetEntriesInAclW
CryptDestroyHash
CryptHashData
CreateWellKnownSid
GetUserNameW
OpenProcessToken
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
ConvertStringSecurityDescriptorToSecurityDescriptorW
StartServiceW
SetServiceObjectSecurity
QueryServiceStatus
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
ChangeServiceConfigW
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
FreeSid
AllocateAndInitializeSid
GetTokenInformation
GetKernelObjectSecurity
RegEnumKeyW
CreateProcessAsUserW
RegCreateKeyW
CryptDestroyKey
CryptImportKey
CryptSetHashParam
RegEnumKeyExW
RegNotifyChangeKeyValue
RegEnumValueW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegQueryValueExW

shell32

CommandLineToArgvW
SHGetFolderPathW

ole32

CoCreateGuid

psapi

GetModuleInformation
GetProcessImageFileNameW

netapi32

NetApiBufferFree
NetWkstaGetInfo

wintrust

WinVerifyTrust

imagehlp

ImageGetCertificateData
ImageGetCertificateHeader
ImageEnumerateCertificates

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

shlwapi

StrStrIW

wininet

HttpAddRequestHeadersW
InternetCloseHandle
HttpSendRequestA
HttpAddRequestHeadersA
InternetOpenW
HttpQueryInfoA
InternetConnectA
InternetQueryDataAvailable
InternetReadFile
InternetConnectW
HttpOpenRequestW
HttpOpenRequestA
HttpQueryInfoW
HttpSendRequestW

wtsapi32

WTSQueryUserToken

winhttp

WinHttpCloseHandle
WinHttpOpenRequest
WinHttpConnect
WinHttpSendRequest
WinHttpOpen
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpReadData

Exports

Exports

SETUPAUX_IsKB4474419InstalledSA
_CheckShieldProcessAliveSA@4
_GetExclusionFileUpdateSA@0
_GetLicenseInfo@12
_InitializeHooksSA@4
_InitializeSA@8
_InstallTrialVersionSA@0
_KillClientApplicationsSA@0
_KillUnWantedProcessesSA@0
_LoadApplicationConfigSA@4
_LoadDynamicConfigSA@4
_LoadExclusionsSA@4
_LoadProtectedApplicationsSA@4
_LoadQuarantineSA@4
_LoadReportFileSA@4
_MbaePostStatisticExSA@4
_MbaeSetLoggingStatus@4
_MbaeShutdown@0
_NotifyChangeConfigSA@4
_SendCacheFilesToCosmosSA@4
_SendExploitFileToCosmosSA@4
_SendMonitorModeFilesToCosmosSA@8
_SendQuarantineFilesToCosmosSA@4
_SetProductLicenseSA@4
_SetRegistryKeySA@12
_StartClientApplicationSA@4
_StartService64@0
_UpgradeAvailable@8
_UpgradeInstall@0
_ValidateLicenseSA@4

Sections

.text
Size: 423KB - Virtual size: 422KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 176KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 302KB - Virtual size: 313KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malwarebytes Anti-Exploit/mbae-api.dll
.dll windows:5 windows x86 arch:x86

8f26b5839ae4329d2487f98f74c225be

Code Sign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12-03-2019 00:00

Not After

31-12-2028 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a6:57:f7:78:b3:1a:e5:23:d6:67:13:17:18:d1:6e:b2
Certificate

Issuer

CN=Sectigo RSA Code Signing CA 2,O=Sectigo Limited,C=GB

Not Before

23-03-2022 00:00

Not After

16-03-2025 23:59

Subject

CN=Malwarebytes Inc.,O=Malwarebytes Inc.,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

9e:02:b0:e9:4a:ce:b2:10:9c:a1:e9:83:6b:e0:c2:db
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

25-05-2021 00:00

Not After

24-05-2036 23:59

Subject

CN=Sectigo RSA Code Signing CA 2,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

54:98:d2:d1:d4:5b:19:95:48:13:79:c8:11:c0:87:99
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

16-04-2020 18:36

Not After

16-04-2045 18:44

Subject

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:7f:fe:7b:c6:50:70:3f:15:74:eb:00:00:00:00:7f:fe
Certificate

Issuer

CN=Microsoft ID Verified CS AOC CA 01,O=Microsoft Corporation,C=US

Not Before

27-04-2023 17:57

Not After

30-04-2023 17:57

Subject

CN=Malwarebytes Inc,O=Malwarebytes Inc,L=Santa Clara,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:7f:fe:7b:c6:50:70:3f:15:74:eb:00:00:00:00:7f:fe
Certificate

Issuer

CN=Microsoft ID Verified CS AOC CA 01,O=Microsoft Corporation,C=US

Not Before

27-04-2023 17:57

Not After

30-04-2023 17:57

Subject

CN=Malwarebytes Inc,O=Malwarebytes Inc,L=Santa Clara,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:00:07:37:8c:5b:a1:d9:5b:8c:d4:00:00:00:00:00:07
Certificate

Issuer

CN=Microsoft ID Verified Code Signing PCA 2021,O=Microsoft Corporation,C=US

Not Before

13-04-2021 17:31

Not After

13-04-2026 17:31

Subject

CN=Microsoft ID Verified CS AOC CA 01,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:07:87:a3:34:a3:7b:a5:8e:1c:00:00:00:00:00:07
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

01-04-2021 20:05

Not After

01-04-2036 20:15

Subject

CN=Microsoft ID Verified Code Signing PCA 2021,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e9:5a:49:05:ae:81:f9:7c:cc:ff:4e:23:f3:af:0c:4e:5f:25:80:f8:fd:74:ea:34:68:80:ff:08:d1:57:1f:61
Signer

Actual PE Digest

e9:5a:49:05:ae:81:f9:7c:cc:ff:4e:23:f3:af:0c:4e:5f:25:80:f8:fd:74:ea:34:68:80:ff:08:d1:57:1f:61

Digest Algorithm

sha256

PE Digest Matches

true

e9:5a:49:05:ae:81:f9:7c:cc:ff:4e:23:f3:af:0c:4e:5f:25:80:f8:fd:74:ea:34:68:80:ff:08:d1:57:1f:61
Signer

Actual PE Digest

e9:5a:49:05:ae:81:f9:7c:cc:ff:4e:23:f3:af:0c:4e:5f:25:80:f8:fd:74:ea:34:68:80:ff:08:d1:57:1f:61

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\Jenkins\workspace\A_MBAEFuture_Corporate\bin\Release\mbae-api.pdb

Imports

kernel32

FreeLibrary
LocalAlloc
LocalFree
OpenProcess
CreateThread
SetThreadPriority
SetLastError
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ReleaseSemaphore
ReleaseMutex
WaitForMultipleObjects
DuplicateHandle
GetTickCount
CreatePipe
MapViewOfFile
UnmapViewOfFile
lstrcpyA
lstrcatA
lstrlenA
CreateMutexW
CreateEventW
CreateSemaphoreW
CreateFileMappingW
GetModuleHandleA
IsBadReadPtr
ReadProcessMemory
VirtualAlloc
VirtualFree
OpenEventW
OpenFileMappingW
CreateToolhelp32Snapshot
HeapAlloc
HeapFree
GetProcessHeap
TerminateProcess
WriteConsoleW
FlushFileBuffers
SetStdHandle
LCMapStringW
Process32NextW
Process32FirstW
GetExitCodeProcess
GetSystemTimeAsFileTime
WaitForSingleObject
GetCurrentProcess
ExitProcess
GetModuleHandleW
FindNextFileW
FindClose
FindFirstFileW
GetCurrentProcessId
DeleteFileW
CloseHandle
OutputDebugStringA
GetCurrentThreadId
GetFileAttributesExW
GetModuleFileNameA
LoadLibraryA
GetLocalTime
MoveFileW
GetProcAddress
GetLastError
GetFileSizeEx
CreateFileW
GetModuleFileNameW
ReadFile
GetVersionExW
Sleep
WriteFile
OutputDebugStringW
CreateDirectoryW
VirtualQuery
GetFullPathNameW
LoadLibraryExW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
GetStringTypeW
HeapSize
RaiseException
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetFileType
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
WideCharToMultiByte
IsDebuggerPresent
IsProcessorFeaturePresent
GetCommandLineA
EncodePointer
DecodePointer
HeapReAlloc
RtlUnwind
GetModuleHandleExW
MultiByteToWideChar
GetStdHandle
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TlsAlloc

user32

MsgWaitForMultipleObjects
PeekMessageW
DispatchMessageW
PostQuitMessage
TranslateMessage

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
LookupPrivilegeValueW
AdjustTokenPrivileges
GetTokenInformation
GetLengthSid
FreeSid
AllocateAndInitializeSid
QueryServiceStatus
DuplicateTokenEx
SetTokenInformation
CreateProcessAsUserW
OpenServiceW
GetUserNameW
OpenSCManagerW
OpenProcessToken
CloseServiceHandle
RegCloseKey
RegOpenKeyExW
RegQueryValueExW

shell32

SHGetFolderPathW

ole32

CoTaskMemFree

psapi

GetModuleInformation

netapi32

NetWkstaGetInfo
NetApiBufferFree

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wininet

FindFirstUrlCacheEntryW
FindCloseUrlCache
FindNextUrlCacheEntryW

Exports

Exports

_MbaeAddExclusion@8
_MbaeAddShieldApplication@8
_MbaeChangeApplicationShieldState@16
_MbaeCreateSession@12
_MbaeDelExclusion@8
_MbaeDelReports@4
_MbaeDelShieldApplication@12
_MbaeGetMbaeConfig@8
_MbaeLoadExclusions@12
_MbaeLoadProtectedApplications@12
_MbaeLoadReports@12
_MbaeModifyShieldApplication@8
_MbaeReleaseMemory@4
_MbaeReleaseSession@4
_MbaeSetCallback@12
_MbaeSetDefaultMbaeConfig@4
_MbaeSetMbaeConfig@8
_MbaeSetMbaeLoggingStatus@8
_MbaeStartNotifications@4
_MbaeStopNotifications@4
_MbaeStoreIEC@4

Sections

.text
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malwarebytes Anti-Exploit/mbae-cli.exe
.exe windows:5 windows x86 arch:x86

d952d065f138ce72e4cf48f537ea7d8d

Code Sign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12-03-2019 00:00

Not After

31-12-2028 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a6:57:f7:78:b3:1a:e5:23:d6:67:13:17:18:d1:6e:b2
Certificate

Issuer

CN=Sectigo RSA Code Signing CA 2,O=Sectigo Limited,C=GB

Not Before

23-03-2022 00:00

Not After

16-03-2025 23:59

Subject

CN=Malwarebytes Inc.,O=Malwarebytes Inc.,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

9e:02:b0:e9:4a:ce:b2:10:9c:a1:e9:83:6b:e0:c2:db
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

25-05-2021 00:00

Not After

24-05-2036 23:59

Subject

CN=Sectigo RSA Code Signing CA 2,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

54:98:d2:d1:d4:5b:19:95:48:13:79:c8:11:c0:87:99
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

16-04-2020 18:36

Not After

16-04-2045 18:44

Subject

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:7f:fe:7b:c6:50:70:3f:15:74:eb:00:00:00:00:7f:fe
Certificate

Issuer

CN=Microsoft ID Verified CS AOC CA 01,O=Microsoft Corporation,C=US

Not Before

27-04-2023 17:57

Not After

30-04-2023 17:57

Subject

CN=Malwarebytes Inc,O=Malwarebytes Inc,L=Santa Clara,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:7f:fe:7b:c6:50:70:3f:15:74:eb:00:00:00:00:7f:fe
Certificate

Issuer

CN=Microsoft ID Verified CS AOC CA 01,O=Microsoft Corporation,C=US

Not Before

27-04-2023 17:57

Not After

30-04-2023 17:57

Subject

CN=Malwarebytes Inc,O=Malwarebytes Inc,L=Santa Clara,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:00:07:37:8c:5b:a1:d9:5b:8c:d4:00:00:00:00:00:07
Certificate

Issuer

CN=Microsoft ID Verified Code Signing PCA 2021,O=Microsoft Corporation,C=US

Not Before

13-04-2021 17:31

Not After

13-04-2026 17:31

Subject

CN=Microsoft ID Verified CS AOC CA 01,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:07:87:a3:34:a3:7b:a5:8e:1c:00:00:00:00:00:07
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

01-04-2021 20:05

Not After

01-04-2036 20:15

Subject

CN=Microsoft ID Verified Code Signing PCA 2021,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4c:b2:c2:59:60:de:05:6f:8e:e5:6d:80:35:1d:e7:ef:96:ed:1d:4b:2c:1b:87:e7:c5:8e:cf:56:a2:e4:c3:c9
Signer

Actual PE Digest

4c:b2:c2:59:60:de:05:6f:8e:e5:6d:80:35:1d:e7:ef:96:ed:1d:4b:2c:1b:87:e7:c5:8e:cf:56:a2:e4:c3:c9

Digest Algorithm

sha256

PE Digest Matches

true

4c:b2:c2:59:60:de:05:6f:8e:e5:6d:80:35:1d:e7:ef:96:ed:1d:4b:2c:1b:87:e7:c5:8e:cf:56:a2:e4:c3:c9
Signer

Actual PE Digest

4c:b2:c2:59:60:de:05:6f:8e:e5:6d:80:35:1d:e7:ef:96:ed:1d:4b:2c:1b:87:e7:c5:8e:cf:56:a2:e4:c3:c9

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\Jenkins\workspace\A_MBAEFuture_Corporate\bin\Release\mbae-cli.pdb

Imports

mbae-api

_MbaeGetMbaeConfig@8
_MbaeReleaseMemory@4
_MbaeSetMbaeConfig@8
_MbaeChangeApplicationShieldState@16
_MbaeReleaseSession@4
_MbaeAddShieldApplication@8
_MbaeDelShieldApplication@12
_MbaeLoadProtectedApplications@12
_MbaeCreateSession@12
_MbaeAddExclusion@8
_MbaeLoadExclusions@12
_MbaeDelExclusion@8

kernel32

LCMapStringW
GetFullPathNameW
CreateDirectoryW
OutputDebugStringW
WriteFile
Sleep
GetVersionExW
ReadFile
GetModuleFileNameW
CreateFileW
GetFileSizeEx
GetLastError
SetStdHandle
MoveFileW
GetLocalTime
LoadLibraryA
GetModuleFileNameA
GetFileAttributesExW
GetCurrentThreadId
OutputDebugStringA
CloseHandle
DeleteFileW
GetCurrentProcessId
FindFirstFileW
FindClose
FindNextFileW
SystemTimeToFileTime
GetCurrentProcess
GetModuleHandleW
WritePrivateProfileStringW
GetSystemTime
FlushFileBuffers
WriteConsoleW
HeapReAlloc
HeapSize
SetEndOfFile
GetProcAddress
HeapFree
GetStringTypeW
LoadLibraryExW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FreeEnvironmentStringsW
ReadConsoleW
HeapAlloc
WideCharToMultiByte
IsDebuggerPresent
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCommandLineW
EncodePointer
DecodePointer
GetProcessHeap
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
GetStdHandle
EnterCriticalSection
LeaveCriticalSection
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
RtlUnwind
GetFileType
DeleteCriticalSection
QueryPerformanceCounter
GetEnvironmentStringsW

advapi32

CloseServiceHandle
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
OpenSCManagerW

shell32

SHGetFolderPathW

psapi

GetModuleInformation

netapi32

NetApiBufferFree
NetWkstaGetInfo

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

Sections

.text
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malwarebytes Anti-Exploit/mbae-svc.exe
.exe windows:5 windows x86 arch:x86

09652eeab32b1f208be7eb79a5a0f603

Code Sign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12-03-2019 00:00

Not After

31-12-2028 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a6:57:f7:78:b3:1a:e5:23:d6:67:13:17:18:d1:6e:b2
Certificate

Issuer

CN=Sectigo RSA Code Signing CA 2,O=Sectigo Limited,C=GB

Not Before

23-03-2022 00:00

Not After

16-03-2025 23:59

Subject

CN=Malwarebytes Inc.,O=Malwarebytes Inc.,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

9e:02:b0:e9:4a:ce:b2:10:9c:a1:e9:83:6b:e0:c2:db
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

25-05-2021 00:00

Not After

24-05-2036 23:59

Subject

CN=Sectigo RSA Code Signing CA 2,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

54:98:d2:d1:d4:5b:19:95:48:13:79:c8:11:c0:87:99
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

16-04-2020 18:36

Not After

16-04-2045 18:44

Subject

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:7f:fe:7b:c6:50:70:3f:15:74:eb:00:00:00:00:7f:fe
Certificate

Issuer

CN=Microsoft ID Verified CS AOC CA 01,O=Microsoft Corporation,C=US

Not Before

27-04-2023 17:57

Not After

30-04-2023 17:57

Subject

CN=Malwarebytes Inc,O=Malwarebytes Inc,L=Santa Clara,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:7f:fe:7b:c6:50:70:3f:15:74:eb:00:00:00:00:7f:fe
Certificate

Issuer

CN=Microsoft ID Verified CS AOC CA 01,O=Microsoft Corporation,C=US

Not Before

27-04-2023 17:57

Not After

30-04-2023 17:57

Subject

CN=Malwarebytes Inc,O=Malwarebytes Inc,L=Santa Clara,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:00:07:37:8c:5b:a1:d9:5b:8c:d4:00:00:00:00:00:07
Certificate

Issuer

CN=Microsoft ID Verified Code Signing PCA 2021,O=Microsoft Corporation,C=US

Not Before

13-04-2021 17:31

Not After

13-04-2026 17:31

Subject

CN=Microsoft ID Verified CS AOC CA 01,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:07:87:a3:34:a3:7b:a5:8e:1c:00:00:00:00:00:07
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

01-04-2021 20:05

Not After

01-04-2036 20:15

Subject

CN=Microsoft ID Verified Code Signing PCA 2021,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

91:00:c1:6c:b6:24:5c:5b:36:13:24:87:56:63:03:bd:cc:95:97:5f:6c:8f:cc:5f:00:32:4b:0d:fe:14:80:d2
Signer

Actual PE Digest

91:00:c1:6c:b6:24:5c:5b:36:13:24:87:56:63:03:bd:cc:95:97:5f:6c:8f:cc:5f:00:32:4b:0d:fe:14:80:d2

Digest Algorithm

sha256

PE Digest Matches

true

91:00:c1:6c:b6:24:5c:5b:36:13:24:87:56:63:03:bd:cc:95:97:5f:6c:8f:cc:5f:00:32:4b:0d:fe:14:80:d2
Signer

Actual PE Digest

91:00:c1:6c:b6:24:5c:5b:36:13:24:87:56:63:03:bd:cc:95:97:5f:6c:8f:cc:5f:00:32:4b:0d:fe:14:80:d2

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\Jenkins\workspace\A_MBAEFuture_Corporate\bin\Release\mbae-svc.pdb

Imports

mbae-api-na

_NotifyChangeConfigSA@4
_SendMonitorModeFilesToCosmosSA@8
_SetProductLicenseSA@4
_SendQuarantineFilesToCosmosSA@4
_StartClientApplicationSA@4
_GetLicenseInfo@12
_StartService64@0
_ValidateLicenseSA@4
_UpgradeInstall@0
_SendCacheFilesToCosmosSA@4
_InitializeSA@8
_UpgradeAvailable@8
_LoadApplicationConfigSA@4
_GetExclusionFileUpdateSA@0
_SendExploitFileToCosmosSA@4
_LoadQuarantineSA@4
_MbaeShutdown@0
_LoadDynamicConfigSA@4
_MbaePostStatisticExSA@4
_LoadReportFileSA@4
_InitializeHooksSA@4
_SetRegistryKeySA@12
_CheckShieldProcessAliveSA@4
_LoadExclusionsSA@4
_KillClientApplicationsSA@0
_LoadProtectedApplicationsSA@4
_InstallTrialVersionSA@0
_KillUnWantedProcessesSA@0

kernel32

DeleteCriticalSection
GetStartupInfoW
TlsFree
GetFullPathNameW
GetSystemDefaultUILanguage
CreateDirectoryW
OutputDebugStringW
WriteFile
GetLocaleInfoW
Sleep
GetVersionExW
ReadFile
GetModuleFileNameW
GetTimeZoneInformation
CreateFileW
GetFileSizeEx
GetLastError
GetProcAddress
MoveFileW
GetLocalTime
LoadLibraryA
GetFileType
GetModuleFileNameA
GetFileAttributesExW
GetCurrentThreadId
OutputDebugStringA
CloseHandle
DeleteFileW
GetCurrentProcessId
FindFirstFileW
FindClose
FindNextFileW
GetCommandLineW
CreateProcessW
GetCurrentProcess
WaitForSingleObject
GetModuleHandleW
FormatMessageW
lstrlenW
GlobalFree
SetConsoleCtrlHandler
LocalFree
CreateThread
TlsSetValue
TlsGetValue
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetConsoleCP
SetFilePointerEx
LoadLibraryExW
RtlUnwind
GetStringTypeW
LCMapStringW
ReadConsoleW
WriteConsoleW
SetStdHandle
HeapReAlloc
HeapSize
FlushFileBuffers
GetSystemInfo
TlsAlloc
TerminateProcess
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
HeapFree
HeapAlloc
WideCharToMultiByte
IsDebuggerPresent
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetConsoleMode
GetNumberOfConsoleInputEvents
PeekConsoleInputA
GetCommandLineA
EncodePointer
DecodePointer
GetProcessHeap
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
GetStdHandle
EnterCriticalSection
LeaveCriticalSection

user32

GetSystemMetrics

advapi32

ChangeServiceConfig2W
ControlService
ReportEventW
RegisterServiceCtrlHandlerW
SetServiceStatus
RegDeleteValueW
QueryServiceStatus
StartServiceW
DeregisterEventSource
RegCreateKeyW
OpenServiceW
GetUserNameW
StartServiceCtrlDispatcherW
OpenSCManagerW
DeleteService
CloseServiceHandle
RegisterEventSourceW
CreateServiceW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW

shell32

SHGetFolderPathW
CommandLineToArgvW

psapi

GetModuleInformation

netapi32

NetApiBufferFree
NetWkstaGetInfo

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

Sections

.text
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malwarebytes Anti-Exploit/mbae-uninstall.log
Malwarebytes Anti-Exploit/mbae-uninstaller.exe
.exe windows:5 windows x86 arch:x86

e3f9e3ffb53996073fcb62f4b6cd4535

Code Sign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12-03-2019 00:00

Not After

31-12-2028 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a6:57:f7:78:b3:1a:e5:23:d6:67:13:17:18:d1:6e:b2
Certificate

Issuer

CN=Sectigo RSA Code Signing CA 2,O=Sectigo Limited,C=GB

Not Before

23-03-2022 00:00

Not After

16-03-2025 23:59

Subject

CN=Malwarebytes Inc.,O=Malwarebytes Inc.,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

9e:02:b0:e9:4a:ce:b2:10:9c:a1:e9:83:6b:e0:c2:db
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

25-05-2021 00:00

Not After

24-05-2036 23:59

Subject

CN=Sectigo RSA Code Signing CA 2,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

54:98:d2:d1:d4:5b:19:95:48:13:79:c8:11:c0:87:99
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

16-04-2020 18:36

Not After

16-04-2045 18:44

Subject

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:7f:fe:7b:c6:50:70:3f:15:74:eb:00:00:00:00:7f:fe
Certificate

Issuer

CN=Microsoft ID Verified CS AOC CA 01,O=Microsoft Corporation,C=US

Not Before

27-04-2023 17:57

Not After

30-04-2023 17:57

Subject

CN=Malwarebytes Inc,O=Malwarebytes Inc,L=Santa Clara,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:7f:fe:7b:c6:50:70:3f:15:74:eb:00:00:00:00:7f:fe
Certificate

Issuer

CN=Microsoft ID Verified CS AOC CA 01,O=Microsoft Corporation,C=US

Not Before

27-04-2023 17:57

Not After

30-04-2023 17:57

Subject

CN=Malwarebytes Inc,O=Malwarebytes Inc,L=Santa Clara,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:00:07:37:8c:5b:a1:d9:5b:8c:d4:00:00:00:00:00:07
Certificate

Issuer

CN=Microsoft ID Verified Code Signing PCA 2021,O=Microsoft Corporation,C=US

Not Before

13-04-2021 17:31

Not After

13-04-2026 17:31

Subject

CN=Microsoft ID Verified CS AOC CA 01,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:07:87:a3:34:a3:7b:a5:8e:1c:00:00:00:00:00:07
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

01-04-2021 20:05

Not After

01-04-2036 20:15

Subject

CN=Microsoft ID Verified Code Signing PCA 2021,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

38:30:bb:29:b6:c9:5b:5b:0a:ea:34:27:97:11:13:79:ca:b1:74:09:5c:30:5c:97:a8:41:33:b3:83:4c:43:5b
Signer

Actual PE Digest

38:30:bb:29:b6:c9:5b:5b:0a:ea:34:27:97:11:13:79:ca:b1:74:09:5c:30:5c:97:a8:41:33:b3:83:4c:43:5b

Digest Algorithm

sha256

PE Digest Matches

true

38:30:bb:29:b6:c9:5b:5b:0a:ea:34:27:97:11:13:79:ca:b1:74:09:5c:30:5c:97:a8:41:33:b3:83:4c:43:5b
Signer

Actual PE Digest

38:30:bb:29:b6:c9:5b:5b:0a:ea:34:27:97:11:13:79:ca:b1:74:09:5c:30:5c:97:a8:41:33:b3:83:4c:43:5b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\Jenkins\workspace\A_MBAEFuture_Corporate\src\setup\bin\Win32\Release\mbae-uninstaller.pdb

Imports

kernel32

CreateFileW
GetLastError
GetCurrentDirectoryW
GetProcAddress
FindClose
GetModuleFileNameW
GetSystemInfo
CloseHandle
DeleteFileW
LocalFree
GetExitCodeProcess
Sleep
WriteFile
GetModuleHandleW
OutputDebugStringW
WaitForSingleObject
CreateDirectoryW
MoveFileExW
CreateProcessW
GetLocalTime
FindFirstFileW
HeapSize
GetFileAttributesExW
WideCharToMultiByte
GetCommandLineW
IsDebuggerPresent
IsProcessorFeaturePresent
EncodePointer
DecodePointer
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
GetCurrentThreadId
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EnterCriticalSection
LeaveCriticalSection
GetConsoleCP
GetConsoleMode
SetFilePointerEx
HeapFree
GetStringTypeW
LoadLibraryExW
RtlUnwind
SetStdHandle
WriteConsoleW
HeapAlloc
HeapReAlloc
LCMapStringW
FlushFileBuffers

advapi32

RegCloseKey
RegOpenKeyExW
FreeSid
SetEntriesInAclW
AllocateAndInitializeSid
GetNamedSecurityInfoW
SetNamedSecurityInfoW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW

shell32

SHGetFolderPathW

Sections

.text
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malwarebytes Anti-Exploit/mbae.chm
.chm
Malwarebytes Anti-Exploit/mbae.dll
.dll windows:5 windows x86 arch:x86

d8ccb45104a6a4f3616c31b07ba5413a

Code Sign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12-03-2019 00:00

Not After

31-12-2028 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a6:57:f7:78:b3:1a:e5:23:d6:67:13:17:18:d1:6e:b2
Certificate

Issuer

CN=Sectigo RSA Code Signing CA 2,O=Sectigo Limited,C=GB

Not Before

23-03-2022 00:00

Not After

16-03-2025 23:59

Subject

CN=Malwarebytes Inc.,O=Malwarebytes Inc.,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

9e:02:b0:e9:4a:ce:b2:10:9c:a1:e9:83:6b:e0:c2:db
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

25-05-2021 00:00

Not After

24-05-2036 23:59

Subject

CN=Sectigo RSA Code Signing CA 2,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

54:98:d2:d1:d4:5b:19:95:48:13:79:c8:11:c0:87:99
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

16-04-2020 18:36

Not After

16-04-2045 18:44

Subject

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:7f:fe:7b:c6:50:70:3f:15:74:eb:00:00:00:00:7f:fe
Certificate

Issuer

CN=Microsoft ID Verified CS AOC CA 01,O=Microsoft Corporation,C=US

Not Before

27-04-2023 17:57

Not After

30-04-2023 17:57

Subject

CN=Malwarebytes Inc,O=Malwarebytes Inc,L=Santa Clara,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:7f:fe:7b:c6:50:70:3f:15:74:eb:00:00:00:00:7f:fe
Certificate

Issuer

CN=Microsoft ID Verified CS AOC CA 01,O=Microsoft Corporation,C=US

Not Before

27-04-2023 17:57

Not After

30-04-2023 17:57

Subject

CN=Malwarebytes Inc,O=Malwarebytes Inc,L=Santa Clara,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:00:07:37:8c:5b:a1:d9:5b:8c:d4:00:00:00:00:00:07
Certificate

Issuer

CN=Microsoft ID Verified Code Signing PCA 2021,O=Microsoft Corporation,C=US

Not Before

13-04-2021 17:31

Not After

13-04-2026 17:31

Subject

CN=Microsoft ID Verified CS AOC CA 01,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:07:87:a3:34:a3:7b:a5:8e:1c:00:00:00:00:00:07
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

01-04-2021 20:05

Not After

01-04-2036 20:15

Subject

CN=Microsoft ID Verified Code Signing PCA 2021,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

64:24:8b:a9:1e:0e:80:67:41:bb:6d:db:7d:91:29:23:6d:87:0c:d6:01:ea:d7:b9:fd:ee:13:93:29:5c:10:04
Signer

Actual PE Digest

64:24:8b:a9:1e:0e:80:67:41:bb:6d:db:7d:91:29:23:6d:87:0c:d6:01:ea:d7:b9:fd:ee:13:93:29:5c:10:04

Digest Algorithm

sha256

PE Digest Matches

true

64:24:8b:a9:1e:0e:80:67:41:bb:6d:db:7d:91:29:23:6d:87:0c:d6:01:ea:d7:b9:fd:ee:13:93:29:5c:10:04
Signer

Actual PE Digest

64:24:8b:a9:1e:0e:80:67:41:bb:6d:db:7d:91:29:23:6d:87:0c:d6:01:ea:d7:b9:fd:ee:13:93:29:5c:10:04

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\Jenkins\workspace\A_MBAEFuture_Corporate\bin\Release\mbae.pdb

Imports

psapi

GetModuleInformation
GetModuleFileNameExW
GetProcessMemoryInfo

ws2_32

htons
inet_addr
inet_ntoa

kernel32

VirtualQuery
LoadLibraryExW
GetSystemDirectoryW
Module32FirstW
CreateToolhelp32Snapshot
Module32NextW
GetCommandLineW
LoadLibraryW
RemoveVectoredExceptionHandler
AddVectoredExceptionHandler
GetDriveTypeW
TlsGetValue
TlsSetValue
WaitForSingleObject
TerminateProcess
OutputDebugStringW
DisableThreadLibraryCalls
MultiByteToWideChar
GetFullPathNameW
SystemTimeToTzSpecificLocalTime
GetFileAttributesExW
SetEvent
InterlockedExchange
ResetEvent
CreateEventW
VerSetConditionMask
GetVersionExW
VerifyVersionInfoW
GetSystemInfo
GetEnvironmentVariableW
ResumeThread
GlobalMemoryStatus
GetProcessAffinityMask
FileTimeToDosDateTime
DosDateTimeToFileTime
SetFilePointer
SetFileTime
WriteFile
LocalFileTimeToFileTime
WideCharToMultiByte
GetStdHandle
GetFileInformationByHandle
FileTimeToLocalFileTime
GetOEMCP
ReleaseSemaphore
CreateSemaphoreW
SetThreadAffinityMask
GetCurrentThreadId
GetWindowsDirectoryW
IsProcessorFeaturePresent
FreeLibrary
QueryPerformanceCounter
VirtualProtect
InterlockedIncrement
FlushInstructionCache
ExitThread
lstrlenW
CreateFileMappingA
GetVersion
OpenProcess
ReleaseMutex
DuplicateHandle
lstrcpyA
lstrcatA
lstrlenA
CreateMutexW
VirtualProtectEx
ExitProcess
GetExitCodeThread
ReadProcessMemory
WriteProcessMemory
lstrcpyW
GetModuleFileNameA
GetThreadContext
VirtualAllocEx
VirtualFreeEx
VirtualQueryEx
CreateRemoteThread
GetCurrentThread
OpenEventW
OpenFileMappingW
GetOverlappedResult
DeviceIoControl
GetModuleHandleExW
SetStdHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetFileType
HeapSize
GetACP
IsValidCodePage
EnumSystemLocalesW
VirtualAlloc
VirtualFree
TlsFree
GetSystemTime
DeleteFileW
TlsAlloc
DeleteCriticalSection
GetFileTime
SetLastError
GetCurrentDirectoryW
GetModuleFileNameW
FileTimeToSystemTime
InitializeCriticalSection
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
SearchPathW
CreateThread
GetCurrentProcessId
HeapWalk
HeapLock
HeapUnlock
GetProcessHeaps
Sleep
TerminateThread
GetCurrentProcess
EnterCriticalSection
ReadFile
LeaveCriticalSection
GetProcessHeap
HeapFree
HeapAlloc
GetFileSize
LocalAlloc
GetLastError
lstrcmpA
LocalFree
CloseHandle
GetModuleHandleA
CreateFileMappingW
GetProcAddress
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetStartupInfoW
InitializeCriticalSectionAndSpinCount
GetCommandLineA
RtlUnwind
RaiseException
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetFileSizeEx
CreateFileW
GetFileAttributesW
UnmapViewOfFile
MapViewOfFile
WriteConsoleW
FlushFileBuffers
HeapReAlloc
IsDebuggerPresent
DecodePointer
EncodePointer
WaitForMultipleObjects
CancelIo
GetStringTypeW

user32

DispatchMessageW
PeekMessageW
MsgWaitForMultipleObjects
CharPrevExA
CharUpperW
TranslateMessage
wsprintfW
GetSystemMetrics

advapi32

RegQueryValueExA
RegOpenKeyExW
RegCloseKey
CryptGetHashParam
CryptAcquireContextW
CryptReleaseContext
CryptCreateHash
CryptDestroyHash
CryptHashData
GetUserNameW
IsTextUnicode
OpenProcessToken
RegSetValueExA
RegQueryValueExW
RegOpenKeyExA
RegDeleteValueA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetKernelObjectSecurity
FreeSid
AllocateAndInitializeSid
LookupPrivilegeValueW
AdjustTokenPrivileges
GetTokenInformation

shell32

CommandLineToArgvW
SHGetKnownFolderPath
SHGetFolderPathW

ole32

CoInitialize
CoTaskMemFree
CoCreateInstance
CoUninitialize

oleaut32

SysFreeString
SysStringLen
SysAllocStringLen
VariantCopy
VariantClear
SysAllocString

crypt32

CryptMsgClose
CryptQueryObject
CertGetNameStringW
CertOpenStore
CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CryptMsgUpdate
CryptMsgGetParam
CryptBinaryToStringW
CryptMsgOpenToDecode
CertComparePublicKeyInfo
CryptStringToBinaryA

wintrust

WTHelperGetProvCertFromChain
WinVerifyTrust
WTHelperGetProvSignerFromChain
CryptCATAdminEnumCatalogFromHash
CryptCATCatalogInfoFromContext
CryptCATAdminReleaseContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminReleaseCatalogContext
WTHelperProvDataFromStateData
CryptCATAdminAcquireContext

imagehlp

ImageGetCertificateHeader

shlwapi

PathAddBackslashW
PathIsURLW
PathFileExistsW
PathCanonicalizeW
PathIsUNCServerShareW
PathAppendW
PathIsRelativeW
PathIsFileSpecW
StrStrW
PathFindFileNameW
PathIsDirectoryW
StrStrIA
PathIsUNCW
PathSearchAndQualifyW
StrStrIW

wininet

InternetQueryOptionW
InternetCrackUrlW

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 195KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 66KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malwarebytes Anti-Exploit/mbae.exe
.exe windows:5 windows x86 arch:x86

34de6995547caa46e6ababd4a8de1afa

Code Sign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12-03-2019 00:00

Not After

31-12-2028 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a6:57:f7:78:b3:1a:e5:23:d6:67:13:17:18:d1:6e:b2
Certificate

Issuer

CN=Sectigo RSA Code Signing CA 2,O=Sectigo Limited,C=GB

Not Before

23-03-2022 00:00

Not After

16-03-2025 23:59

Subject

CN=Malwarebytes Inc.,O=Malwarebytes Inc.,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

9e:02:b0:e9:4a:ce:b2:10:9c:a1:e9:83:6b:e0:c2:db
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

25-05-2021 00:00

Not After

24-05-2036 23:59

Subject

CN=Sectigo RSA Code Signing CA 2,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

54:98:d2:d1:d4:5b:19:95:48:13:79:c8:11:c0:87:99
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

16-04-2020 18:36

Not After

16-04-2045 18:44

Subject

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:7f:fe:7b:c6:50:70:3f:15:74:eb:00:00:00:00:7f:fe
Certificate

Issuer

CN=Microsoft ID Verified CS AOC CA 01,O=Microsoft Corporation,C=US

Not Before

27-04-2023 17:57

Not After

30-04-2023 17:57

Subject

CN=Malwarebytes Inc,O=Malwarebytes Inc,L=Santa Clara,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:7f:fe:7b:c6:50:70:3f:15:74:eb:00:00:00:00:7f:fe
Certificate

Issuer

CN=Microsoft ID Verified CS AOC CA 01,O=Microsoft Corporation,C=US

Not Before

27-04-2023 17:57

Not After

30-04-2023 17:57

Subject

CN=Malwarebytes Inc,O=Malwarebytes Inc,L=Santa Clara,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:00:07:37:8c:5b:a1:d9:5b:8c:d4:00:00:00:00:00:07
Certificate

Issuer

CN=Microsoft ID Verified Code Signing PCA 2021,O=Microsoft Corporation,C=US

Not Before

13-04-2021 17:31

Not After

13-04-2026 17:31

Subject

CN=Microsoft ID Verified CS AOC CA 01,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:07:87:a3:34:a3:7b:a5:8e:1c:00:00:00:00:00:07
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

01-04-2021 20:05

Not After

01-04-2036 20:15

Subject

CN=Microsoft ID Verified Code Signing PCA 2021,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ee:2e:25:c2:8d:51:8b:61:47:ab:f6:42:79:28:c6:14:ed:20:c5:31:b5:9f:db:19:3e:8a:14:04:4f:ff:82:6d
Signer

Actual PE Digest

ee:2e:25:c2:8d:51:8b:61:47:ab:f6:42:79:28:c6:14:ed:20:c5:31:b5:9f:db:19:3e:8a:14:04:4f:ff:82:6d

Digest Algorithm

sha256

PE Digest Matches

true

ee:2e:25:c2:8d:51:8b:61:47:ab:f6:42:79:28:c6:14:ed:20:c5:31:b5:9f:db:19:3e:8a:14:04:4f:ff:82:6d
Signer

Actual PE Digest

ee:2e:25:c2:8d:51:8b:61:47:ab:f6:42:79:28:c6:14:ed:20:c5:31:b5:9f:db:19:3e:8a:14:04:4f:ff:82:6d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\Jenkins\workspace\A_MBAEFuture_Corporate\bin\Release\mbae.exe.pdb

Imports

comctl32

ImageList_ReplaceIcon
ImageList_Create

mbae-api

_MbaeSetDefaultMbaeConfig@4
_MbaeReleaseSession@4
_MbaeStoreIEC@4
_MbaeSetMbaeLoggingStatus@8
_MbaeModifyShieldApplication@8
_MbaeChangeApplicationShieldState@16
_MbaeAddShieldApplication@8
_MbaeDelShieldApplication@12
_MbaeAddExclusion@8
_MbaeDelExclusion@8
_MbaeGetMbaeConfig@8
_MbaeReleaseMemory@4
_MbaeLoadProtectedApplications@12
_MbaeCreateSession@12
_MbaeLoadReports@12
_MbaeLoadExclusions@12
_MbaeStartNotifications@4
_MbaeSetCallback@12
_MbaeSetMbaeConfig@8
_MbaeDelReports@4

kernel32

OutputDebugStringW
WriteFile
Sleep
GetVersionExW
ReadFile
GetModuleFileNameW
CreateFileW
GetFileSizeEx
GetLastError
GetProcAddress
MoveFileW
GetLocalTime
LoadLibraryA
GetModuleFileNameA
GetFileAttributesExW
GetCurrentThreadId
OutputDebugStringA
CloseHandle
DeleteFileW
GetCurrentProcessId
FindFirstFileW
FindClose
FindNextFileW
CreateThread
SystemTimeToFileTime
GetModuleHandleW
FileTimeToSystemTime
ExitProcess
GetCurrentProcess
GetConsoleCP
FreeEnvironmentStringsW
GetEnvironmentStringsW
DeleteCriticalSection
CreateDirectoryW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
LeaveCriticalSection
EnterCriticalSection
GetStdHandle
MultiByteToWideChar
GetModuleHandleExW
GetProcessHeap
DecodePointer
EncodePointer
GetCommandLineA
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
IsDebuggerPresent
WideCharToMultiByte
HeapAlloc
HeapFree
ReadConsoleW
LCMapStringW
GetFullPathNameW
GetConsoleMode
SetFilePointerEx
LoadLibraryExW
GetStringTypeW
RtlUnwind
GetFileType
SetStdHandle
WriteConsoleW
HeapReAlloc
HeapSize
FlushFileBuffers
QueryPerformanceCounter

user32

TranslateAcceleratorW
EnableWindow
SendMessageW
CreateWindowExW
ShowWindow
GetWindowRect
GetMessageW
PostQuitMessage
TrackPopupMenu
PostMessageW
SetForegroundWindow
LoadCursorW
FindWindowW
TranslateMessage
LoadAcceleratorsW
IsDialogMessageW
RegisterClassExW
GetCursorPos
CreatePopupMenu
SetMenuDefaultItem
InsertMenuW
GetSystemMetrics
UpdateWindow
DestroyMenu
GetDlgCtrlID
DefWindowProcW
DispatchMessageW
LoadImageW
SetFocus
GetDC
LoadIconW
ReleaseDC
SetWindowPos
CreateDialogParamW
MessageBoxW
GetDlgItemTextW
SetDlgItemTextW
DestroyIcon
SetWindowTextW
GetClientRect
GetDlgItem
SetCursor

gdi32

GetStockObject
BitBlt
DeleteDC
SelectObject
CreateCompatibleDC
GetObjectW
CreateFontW
SetBkMode

comdlg32

GetOpenFileNameW

advapi32

GetUserNameW
GetTokenInformation
RegQueryValueExW
RegOpenKeyExW
OpenSCManagerW
OpenProcessToken
CloseServiceHandle
RegCreateKeyW
RegSetValueExW
RegCloseKey

shell32

SHGetFolderPathW
ShellExecuteW
Shell_NotifyIconW

psapi

GetModuleInformation

netapi32

NetWkstaGetInfo
NetApiBufferFree

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

Sections

.text
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malwarebytes Anti-Exploit/mbae.sys
.dll windows:10 windows x86 arch:x86

b8e55457459384a1b9bddbaadea17dc6

Code Sign

33:00:00:00:dc:34:1a:52:0f:bb:cf:3d:8c:00:00:00:00:00:dc
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

10-03-2022 19:58

Not After

08-03-2023 19:58

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18-04-2012 23:48

Not After

18-04-2027 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

be:7b:cd:de:2e:a8:ab:cf:bd:8a:a9:01:31:20:4d:9b:9f:f5:36:bd:d5:b8:a7:bd:4c:9b:4d:5a:94:99:e5:14
Signer

Actual PE Digest

be:7b:cd:de:2e:a8:ab:cf:bd:8a:a9:01:31:20:4d:9b:9f:f5:36:bd:d5:b8:a7:bd:4c:9b:4d:5a:94:99:e5:14

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Projects\MBAE\MBAENA\src\mbae-sys\MadCodeHook-MBDriver\MBMCHDrv\bin\x86\release\mbae.pdb

Imports

ksecdd.sys

BCryptImportKeyPair
BCryptCreateHash
BCryptGetProperty
BCryptOpenAlgorithmProvider
BCryptDestroyKey
BCryptVerifySignature
BCryptHashData
BCryptFinishHash
BCryptCloseAlgorithmProvider
GetSecurityUserInfo
BCryptDestroyHash

ntoskrnl.exe

KeLeaveCriticalRegion
KeWaitForSingleObject
IofCompleteRequest
IoReleaseCancelSpinLock
ZwCreateFile
ZwClose
ZwQueryInformationProcess
_alldiv
_allmul
_wcsicmp
KeDelayExecutionThread
IoAllocateWorkItem
IoFreeWorkItem
IoQueueWorkItem
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
RtlCompareMemory
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlGetVersion
MmGetSystemRoutineAddress
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
ZwOpenKey
ZwQueryValueKey
RtlPrefixUnicodeString
PsSetCreateProcessNotifyRoutine
RtlLengthRequiredSid
RtlInitializeSid
RtlSubAuthoritySid
RtlCreateAcl
RtlAddAccessAllowedAce
ZwSetSecurityObject
ObOpenObjectByPointer
_stricmp
wcsncpy
KeInitializeMutex
KeReleaseMutex
ProbeForRead
PsGetVersion
ObReferenceObjectByHandle
ObfDereferenceObject
ZwWriteFile
ZwCreateSection
ZwMapViewOfSection
KeSetEvent
ZwQuerySystemInformation
ZwQueryInformationToken
ZwOpenProcessToken
ZwAllocateVirtualMemory
PsLookupProcessByProcessId
IoQueryFileDosDeviceName
KeStackAttachProcess
KeUnstackDetachProcess
memmove
IoFileObjectType
MmHighestUserAddress
RtlCopyUnicodeString
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
RtlTimeFieldsToTime
KeQuerySystemTime
IoGetStackLimits
ZwEnumerateKey
towupper
wcschr
RtlEqualUnicodeString
IoGetDeviceObjectPointer
ZwOpenFile
ZwOpenSymbolicLinkObject
ZwQuerySymbolicLinkObject
FsRtlDissectName
KeBugCheckEx
RtlUnwind
KeEnterCriticalRegion
KeClearEvent
KeInitializeEvent
RtlFreeUnicodeString
RtlInitUnicodeString
_wcslwr
memset
_aulldiv
memcpy
ZwQueryInformationFile
ExFreePoolWithTag
ExFreePool
ExAllocatePoolWithTag
ExAllocatePool
ZwUnmapViewOfSection

hal

KeQueryPerformanceCounter
KeGetCurrentIrql

Sections

.text
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1018B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malwarebytes Anti-Exploit/mbae64.dll
.dll windows:5 windows x64 arch:x64

106b599d526ecd13cfdaa7e057a93300

Code Sign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12-03-2019 00:00

Not After

31-12-2028 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a6:57:f7:78:b3:1a:e5:23:d6:67:13:17:18:d1:6e:b2
Certificate

Issuer

CN=Sectigo RSA Code Signing CA 2,O=Sectigo Limited,C=GB

Not Before

23-03-2022 00:00

Not After

16-03-2025 23:59

Subject

CN=Malwarebytes Inc.,O=Malwarebytes Inc.,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

9e:02:b0:e9:4a:ce:b2:10:9c:a1:e9:83:6b:e0:c2:db
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

25-05-2021 00:00

Not After

24-05-2036 23:59

Subject

CN=Sectigo RSA Code Signing CA 2,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

54:98:d2:d1:d4:5b:19:95:48:13:79:c8:11:c0:87:99
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

16-04-2020 18:36

Not After

16-04-2045 18:44

Subject

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:7f:fe:7b:c6:50:70:3f:15:74:eb:00:00:00:00:7f:fe
Certificate

Issuer

CN=Microsoft ID Verified CS AOC CA 01,O=Microsoft Corporation,C=US

Not Before

27-04-2023 17:57

Not After

30-04-2023 17:57

Subject

CN=Malwarebytes Inc,O=Malwarebytes Inc,L=Santa Clara,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:7f:fe:7b:c6:50:70:3f:15:74:eb:00:00:00:00:7f:fe
Certificate

Issuer

CN=Microsoft ID Verified CS AOC CA 01,O=Microsoft Corporation,C=US

Not Before

27-04-2023 17:57

Not After

30-04-2023 17:57

Subject

CN=Malwarebytes Inc,O=Malwarebytes Inc,L=Santa Clara,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:00:07:37:8c:5b:a1:d9:5b:8c:d4:00:00:00:00:00:07
Certificate

Issuer

CN=Microsoft ID Verified Code Signing PCA 2021,O=Microsoft Corporation,C=US

Not Before

13-04-2021 17:31

Not After

13-04-2026 17:31

Subject

CN=Microsoft ID Verified CS AOC CA 01,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:07:87:a3:34:a3:7b:a5:8e:1c:00:00:00:00:00:07
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

01-04-2021 20:05

Not After

01-04-2036 20:15

Subject

CN=Microsoft ID Verified Code Signing PCA 2021,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ef:8a:40:ec:85:51:e7:df:33:ce:46:27:14:dc:7d:5a:36:ec:21:43:07:48:5a:e6:08:c1:d5:78:5f:b7:98:f3
Signer

Actual PE Digest

ef:8a:40:ec:85:51:e7:df:33:ce:46:27:14:dc:7d:5a:36:ec:21:43:07:48:5a:e6:08:c1:d5:78:5f:b7:98:f3

Digest Algorithm

sha256

PE Digest Matches

true

ef:8a:40:ec:85:51:e7:df:33:ce:46:27:14:dc:7d:5a:36:ec:21:43:07:48:5a:e6:08:c1:d5:78:5f:b7:98:f3
Signer

Actual PE Digest

ef:8a:40:ec:85:51:e7:df:33:ce:46:27:14:dc:7d:5a:36:ec:21:43:07:48:5a:e6:08:c1:d5:78:5f:b7:98:f3

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

F:\Jenkins\workspace\A_MBAEFuture_Corporate\bin\Release\mbae64.pdb

Imports

ws2_32

inet_addr
inet_ntoa
htons

psapi

GetModuleInformation
GetModuleFileNameExW

kernel32

LoadLibraryExW
GetSystemDirectoryW
Module32FirstW
CreateToolhelp32Snapshot
Module32NextW
GetCommandLineW
LoadLibraryW
GetDriveTypeW
TlsGetValue
TlsSetValue
WaitForSingleObject
TerminateProcess
OutputDebugStringW
DisableThreadLibraryCalls
MultiByteToWideChar
GetFullPathNameW
SystemTimeToTzSpecificLocalTime
GetFileAttributesExW
SetEvent
ResetEvent
CreateEventW
VerSetConditionMask
GetVersionExW
VerifyVersionInfoW
GetSystemInfo
GetEnvironmentVariableW
IsWow64Process
ResumeThread
GlobalMemoryStatusEx
GetProcessAffinityMask
FileTimeToDosDateTime
DosDateTimeToFileTime
SetFilePointer
SetFileTime
WriteFile
LocalFileTimeToFileTime
WideCharToMultiByte
GetStdHandle
GetFileInformationByHandle
FileTimeToLocalFileTime
GetOEMCP
ReleaseSemaphore
CreateSemaphoreW
SetThreadAffinityMask
GetCurrentThreadId
GetWindowsDirectoryW
IsProcessorFeaturePresent
QueryPerformanceCounter
WaitForMultipleObjects
FlushInstructionCache
ExitThread
VirtualQuery
CreateFileMappingA
GetVersion
OpenProcess
ReleaseMutex
DuplicateHandle
lstrcpyA
lstrcatA
lstrlenA
CreateMutexW
VirtualProtectEx
ExitProcess
GetExitCodeThread
ReadProcessMemory
WriteProcessMemory
lstrcpyW
GetModuleFileNameA
GetThreadContext
VirtualAllocEx
VirtualFreeEx
VirtualQueryEx
CreateRemoteThread
GetCurrentThread
OpenThread
SetThreadContext
Thread32First
Thread32Next
OpenEventW
OpenFileMappingW
GetOverlappedResult
DeviceIoControl
CancelIo
GetModuleHandleExW
SetStdHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetFileType
HeapSize
GetACP
IsValidCodePage
EnumSystemLocalesW
VirtualProtect
VirtualAlloc
VirtualFree
TlsFree
GetSystemTime
DeleteFileW
TlsAlloc
DeleteCriticalSection
GetFileTime
SetLastError
GetCurrentDirectoryW
GetModuleFileNameW
FileTimeToSystemTime
InitializeCriticalSection
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
SearchPathW
CreateThread
GetCurrentProcessId
Sleep
TerminateThread
GetCurrentProcess
EnterCriticalSection
ReadFile
LeaveCriticalSection
GetProcessHeap
HeapFree
HeapAlloc
GetFileSize
LocalAlloc
GetLastError
lstrcmpA
LocalFree
CloseHandle
GetModuleHandleA
CreateFileMappingW
GetProcAddress
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetStartupInfoW
InitializeCriticalSectionAndSpinCount
GetCommandLineA
RtlUnwindEx
RtlPcToFileHeader
RaiseException
RtlLookupFunctionEntry
GetCPInfo
GetFileSizeEx
CreateFileW
GetFileAttributesW
UnmapViewOfFile
MapViewOfFile
WriteConsoleW
FlushFileBuffers
HeapReAlloc
IsDebuggerPresent
DecodePointer
EncodePointer
lstrlenW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
GetStringTypeW

user32

CharPrevExA
MsgWaitForMultipleObjects
PeekMessageW
DispatchMessageW
TranslateMessage
wsprintfW
GetSystemMetrics
CharUpperW

advapi32

RegQueryValueExA
RegOpenKeyExW
RegCloseKey
CryptGetHashParam
CryptAcquireContextW
CryptReleaseContext
CryptCreateHash
CryptDestroyHash
CryptHashData
GetUserNameW
IsTextUnicode
SystemFunction036
RegSetValueExA
RegQueryValueExW
RegOpenKeyExA
RegDeleteValueA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetKernelObjectSecurity
FreeSid
AllocateAndInitializeSid
LookupPrivilegeValueW
AdjustTokenPrivileges
GetTokenInformation
OpenProcessToken

shell32

SHGetFolderPathW
SHGetKnownFolderPath
CommandLineToArgvW

ole32

CoTaskMemFree
CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysFreeString
SysStringLen
SysAllocStringLen
VariantCopy
VariantClear
SysAllocString

crypt32

CryptMsgClose
CryptQueryObject
CertGetNameStringW
CertOpenStore
CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CryptMsgUpdate
CryptMsgGetParam
CryptBinaryToStringW
CryptMsgOpenToDecode
CertComparePublicKeyInfo
CryptStringToBinaryA

wintrust

CryptCATCatalogInfoFromContext
CryptCATAdminReleaseContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminEnumCatalogFromHash
WTHelperGetProvCertFromChain
WTHelperProvDataFromStateData
WinVerifyTrust
WTHelperGetProvSignerFromChain
CryptCATAdminAcquireContext
CryptCATAdminReleaseCatalogContext

imagehlp

ImageGetCertificateHeader

shlwapi

PathIsUNCServerShareW
PathAppendW
PathCanonicalizeW
PathSearchAndQualifyW
PathFileExistsW
PathIsDirectoryW
StrStrIA
PathIsUNCW
StrStrIW
PathFindFileNameW
PathIsRelativeW
PathIsFileSpecW
PathIsURLW
PathAddBackslashW
StrStrW

wininet

InternetQueryOptionW
InternetCrackUrlW

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 353KB - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 81KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malwarebytes Anti-Exploit/mbae64.exe
.exe windows:5 windows x64 arch:x64

97b16e4e70d0d1ceede422082ec9830e

Code Sign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12-03-2019 00:00

Not After

31-12-2028 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a6:57:f7:78:b3:1a:e5:23:d6:67:13:17:18:d1:6e:b2
Certificate

Issuer

CN=Sectigo RSA Code Signing CA 2,O=Sectigo Limited,C=GB

Not Before

23-03-2022 00:00

Not After

16-03-2025 23:59

Subject

CN=Malwarebytes Inc.,O=Malwarebytes Inc.,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

9e:02:b0:e9:4a:ce:b2:10:9c:a1:e9:83:6b:e0:c2:db
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

25-05-2021 00:00

Not After

24-05-2036 23:59

Subject

CN=Sectigo RSA Code Signing CA 2,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

54:98:d2:d1:d4:5b:19:95:48:13:79:c8:11:c0:87:99
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

16-04-2020 18:36

Not After

16-04-2045 18:44

Subject

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:7f:fe:7b:c6:50:70:3f:15:74:eb:00:00:00:00:7f:fe
Certificate

Issuer

CN=Microsoft ID Verified CS AOC CA 01,O=Microsoft Corporation,C=US

Not Before

27-04-2023 17:57

Not After

30-04-2023 17:57

Subject

CN=Malwarebytes Inc,O=Malwarebytes Inc,L=Santa Clara,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:7f:fe:7b:c6:50:70:3f:15:74:eb:00:00:00:00:7f:fe
Certificate

Issuer

CN=Microsoft ID Verified CS AOC CA 01,O=Microsoft Corporation,C=US

Not Before

27-04-2023 17:57

Not After

30-04-2023 17:57

Subject

CN=Malwarebytes Inc,O=Malwarebytes Inc,L=Santa Clara,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:00:07:37:8c:5b:a1:d9:5b:8c:d4:00:00:00:00:00:07
Certificate

Issuer

CN=Microsoft ID Verified Code Signing PCA 2021,O=Microsoft Corporation,C=US

Not Before

13-04-2021 17:31

Not After

13-04-2026 17:31

Subject

CN=Microsoft ID Verified CS AOC CA 01,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:07:87:a3:34:a3:7b:a5:8e:1c:00:00:00:00:00:07
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

01-04-2021 20:05

Not After

01-04-2036 20:15

Subject

CN=Microsoft ID Verified Code Signing PCA 2021,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e7:bd:af:31:cb:d1:26:cb:8c:4f:a9:0c:46:30:6c:da:55:50:7f:fe:0d:03:e1:61:e9:c9:19:42:69:82:f2:0f
Signer

Actual PE Digest

e7:bd:af:31:cb:d1:26:cb:8c:4f:a9:0c:46:30:6c:da:55:50:7f:fe:0d:03:e1:61:e9:c9:19:42:69:82:f2:0f

Digest Algorithm

sha256

PE Digest Matches

true

e7:bd:af:31:cb:d1:26:cb:8c:4f:a9:0c:46:30:6c:da:55:50:7f:fe:0d:03:e1:61:e9:c9:19:42:69:82:f2:0f
Signer

Actual PE Digest

e7:bd:af:31:cb:d1:26:cb:8c:4f:a9:0c:46:30:6c:da:55:50:7f:fe:0d:03:e1:61:e9:c9:19:42:69:82:f2:0f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

F:\Jenkins\workspace\A_MBAEFuture_Corporate\bin\Release\mbae64.exe.pdb

Imports

kernel32

CreateToolhelp32Snapshot
Module32NextW
GetVersion
LocalAlloc
LocalFree
VirtualProtectEx
ExitProcess
GetExitCodeThread
SetLastError
ReadProcessMemory
WriteProcessMemory
ResumeThread
WaitForSingleObject
DuplicateHandle
GetTickCount
MapViewOfFile
UnmapViewOfFile
lstrcpyW
lstrlenW
GetSystemDirectoryW
GetCurrentDirectoryW
GetFileAttributesW
FreeLibrary
CreateThread
SetThreadPriority
TerminateThread
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ReleaseSemaphore
ReleaseMutex
WaitForMultipleObjects
CreatePipe
lstrcpyA
lstrcatA
lstrlenA
CreateMutexW
CreateEventW
Process32NextW
CreateFileMappingW
GetModuleHandleA
IsBadReadPtr
VirtualAlloc
VirtualFree
GetOverlappedResult
ResetEvent
GetFileSize
DeviceIoControl
CreateFileMappingA
CancelIo
GetWindowsDirectoryW
OpenEventW
OpenFileMappingW
VirtualQuery
HeapAlloc
HeapFree
GetProcessHeap
VirtualProtect
VirtualAllocEx
VirtualFreeEx
VirtualQueryEx
CreateRemoteThread
GetCurrentThread
OpenThread
GetThreadContext
SetThreadContext
LoadLibraryW
Thread32First
Thread32Next
WriteConsoleW
SetStdHandle
LCMapStringW
Module32FirstW
Process32FirstW
TerminateProcess
OpenProcess
GetModuleHandleW
GetCurrentProcess
FindNextFileW
FindClose
FindFirstFileW
GetCurrentProcessId
DeleteFileW
CloseHandle
OutputDebugStringA
GetCurrentThreadId
GetFileAttributesExW
GetModuleFileNameA
LoadLibraryA
GetLocalTime
MoveFileW
GetProcAddress
GetLastError
GetFileSizeEx
CreateFileW
GetModuleFileNameW
ReadFile
GetVersionExW
Sleep
WriteFile
OutputDebugStringW
CreateDirectoryW
CreateSemaphoreW
GetFullPathNameW
LoadLibraryExW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
GetStringTypeW
HeapSize
RaiseException
RtlPcToFileHeader
WideCharToMultiByte
IsDebuggerPresent
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCommandLineW
HeapReAlloc
RtlUnwindEx
EncodePointer
DecodePointer
GetModuleHandleExW
MultiByteToWideChar
GetStdHandle
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetFileType
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
GetTokenInformation
FreeSid
AllocateAndInitializeSid
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
GetKernelObjectSecurity

shell32

SHGetFolderPathW

psapi

GetModuleInformation

netapi32

NetApiBufferFree
NetWkstaGetInfo

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Sections

.text
Size: 197KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malwarebytes Anti-Exploit/mbae64.sys
.dll windows:10 windows x64 arch:x64

9288e06ed90dd02e6f399bf016995dd1

Code Sign

33:00:00:00:dc:34:1a:52:0f:bb:cf:3d:8c:00:00:00:00:00:dc
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

10-03-2022 19:58

Not After

08-03-2023 19:58

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18-04-2012 23:48

Not After

18-04-2027 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

49:93:c1:90:57:32:9a:8b:26:30:1d:2d:d5:78:c6:72:25:77:d1:d8:41:51:6a:8e:8b:a4:9f:2b:f7:bf:67:77
Signer

Actual PE Digest

49:93:c1:90:57:32:9a:8b:26:30:1d:2d:d5:78:c6:72:25:77:d1:d8:41:51:6a:8e:8b:a4:9f:2b:f7:bf:67:77

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Projects\MBAE\MBAENA\src\mbae-sys\MadCodeHook-MBDriver\MBMCHDrv\bin\x64\release\mbae64.pdb

Imports

ksecdd.sys

BCryptHashData
BCryptCreateHash
BCryptVerifySignature
BCryptFinishHash
BCryptImportKeyPair
BCryptCloseAlgorithmProvider
BCryptGetProperty
BCryptOpenAlgorithmProvider
BCryptDestroyKey
GetSecurityUserInfo
BCryptDestroyHash

ntoskrnl.exe

KeEnterCriticalRegion
KeLeaveCriticalRegion
KeWaitForSingleObject
IofCompleteRequest
IoReleaseCancelSpinLock
ZwCreateFile
ZwClose
ZwQueryInformationProcess
_wcsicmp
KeDelayExecutionThread
IoAllocateWorkItem
IoFreeWorkItem
IoQueueWorkItem
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
RtlCompareMemory
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlGetVersion
MmGetSystemRoutineAddress
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
ZwOpenKey
ZwQueryValueKey
RtlPrefixUnicodeString
PsSetCreateProcessNotifyRoutine
RtlLengthRequiredSid
RtlInitializeSid
RtlSubAuthoritySid
RtlCreateAcl
RtlAddAccessAllowedAce
ZwSetSecurityObject
ObOpenObjectByPointer
_stricmp
wcsncpy
DbgPrint
KeInitializeMutex
KeReleaseMutex
ProbeForRead
IoGetCurrentProcess
ObReferenceObjectByHandle
ObfDereferenceObject
ZwWriteFile
ZwCreateSection
ZwMapViewOfSection
ZwUnmapViewOfSection
PsSetLoadImageNotifyRoutine
KeClearEvent
ZwQuerySystemInformation
ZwQueryInformationThread
ZwQueryInformationToken
ZwOpenProcessTokenEx
ZwAllocateVirtualMemory
PsLookupProcessByProcessId
PsGetProcessSessionId
IoQueryFileDosDeviceName
KeStackAttachProcess
KeUnstackDetachProcess
IoFileObjectType
MmHighestUserAddress
RtlCopyUnicodeString
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
RtlTimeFieldsToTime
IoGetStackLimits
ZwEnumerateKey
towupper
wcschr
RtlEqualUnicodeString
IoGetDeviceObjectPointer
ZwOpenFile
ZwOpenSymbolicLinkObject
ZwQuerySymbolicLinkObject
FsRtlDissectName
KeBugCheckEx
KeSetEvent
KeInitializeEvent
RtlFreeUnicodeString
RtlInitUnicodeString
_wcslwr
_local_unwind
__C_specific_handler
ZwQueryInformationFile
ExFreePoolWithTag
ExAllocatePoolWithTag
ExAllocatePool
PsRemoveLoadImageNotifyRoutine

hal

KeQueryPerformanceCounter

Sections

.text
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malwarebytes Anti-Exploit/unins000.dat
Malwarebytes Anti-Exploit/unins000.exe
.exe windows:1 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 607KB - Virtual size: 607KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 5KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

edb8ff4c18752ccd03054d2aa7434571

Code Sign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

a6:57:f7:78:b3:1a:e5:23:d6:67:13:17:18:d1:6e:b2Certificate

Extended Key Usages

Key Usages

9e:02:b0:e9:4a:ce:b2:10:9c:a1:e9:83:6b:e0:c2:dbCertificate

Extended Key Usages

Key Usages

54:98:d2:d1:d4:5b:19:95:48:13:79:c8:11:c0:87:99Certificate

Key Usages

33:00:00:7f:fe:7b:c6:50:70:3f:15:74:eb:00:00:00:00:7f:feCertificate

Extended Key Usages

Key Usages

33:00:00:7f:fe:7b:c6:50:70:3f:15:74:eb:00:00:00:00:7f:feCertificate

Extended Key Usages

Key Usages

33:00:00:00:07:37:8c:5b:a1:d9:5b:8c:d4:00:00:00:00:00:07Certificate

Key Usages

33:00:00:00:07:87:a3:34:a3:7b:a5:8e:1c:00:00:00:00:00:07Certificate

Key Usages

75:7e:15:0d:56:40:bc:ff:68:91:17:2b:38:91:08:d6:f7:74:b1:ce:02:b5:5d:63:ad:58:bf:fb:db:56:d5:83Signer

75:7e:15:0d:56:40:bc:ff:68:91:17:2b:38:91:08:d6:f7:74:b1:ce:02:b5:5d:63:ad:58:bf:fb:db:56:d5:83Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

crypt32

ws2_32

kernel32

user32

advapi32

shell32

ole32

psapi

netapi32

wintrust

imagehlp

version

shlwapi

wininet

wtsapi32

winhttp

Exports

Exports

Sections

.text Size: 423KB - Virtual size: 422KB

.rdata Size: 176KB - Virtual size: 175KB

.data Size: 302KB - Virtual size: 313KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 28KB - Virtual size: 27KB

8f26b5839ae4329d2487f98f74c225be

Code Sign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

a6:57:f7:78:b3:1a:e5:23:d6:67:13:17:18:d1:6e:b2Certificate

Extended Key Usages

Key Usages

9e:02:b0:e9:4a:ce:b2:10:9c:a1:e9:83:6b:e0:c2:dbCertificate

Extended Key Usages

Key Usages

54:98:d2:d1:d4:5b:19:95:48:13:79:c8:11:c0:87:99Certificate

Key Usages

33:00:00:7f:fe:7b:c6:50:70:3f:15:74:eb:00:00:00:00:7f:feCertificate

Extended Key Usages

Key Usages

33:00:00:7f:fe:7b:c6:50:70:3f:15:74:eb:00:00:00:00:7f:feCertificate

Extended Key Usages

Key Usages

33:00:00:00:07:37:8c:5b:a1:d9:5b:8c:d4:00:00:00:00:00:07Certificate

Key Usages

33:00:00:00:07:87:a3:34:a3:7b:a5:8e:1c:00:00:00:00:00:07Certificate

Key Usages

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

a6:57:f7:78:b3:1a:e5:23:d6:67:13:17:18:d1:6e:b2
Certificate

9e:02:b0:e9:4a:ce:b2:10:9c:a1:e9:83:6b:e0:c2:db
Certificate

54:98:d2:d1:d4:5b:19:95:48:13:79:c8:11:c0:87:99
Certificate

33:00:00:7f:fe:7b:c6:50:70:3f:15:74:eb:00:00:00:00:7f:fe
Certificate

33:00:00:7f:fe:7b:c6:50:70:3f:15:74:eb:00:00:00:00:7f:fe
Certificate

33:00:00:00:07:37:8c:5b:a1:d9:5b:8c:d4:00:00:00:00:00:07
Certificate

33:00:00:00:07:87:a3:34:a3:7b:a5:8e:1c:00:00:00:00:00:07
Certificate

75:7e:15:0d:56:40:bc:ff:68:91:17:2b:38:91:08:d6:f7:74:b1:ce:02:b5:5d:63:ad:58:bf:fb:db:56:d5:83
Signer

75:7e:15:0d:56:40:bc:ff:68:91:17:2b:38:91:08:d6:f7:74:b1:ce:02:b5:5d:63:ad:58:bf:fb:db:56:d5:83
Signer

.text
Size: 423KB - Virtual size: 422KB

.rdata
Size: 176KB - Virtual size: 175KB

.data
Size: 302KB - Virtual size: 313KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 28KB - Virtual size: 27KB

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

a6:57:f7:78:b3:1a:e5:23:d6:67:13:17:18:d1:6e:b2
Certificate

9e:02:b0:e9:4a:ce:b2:10:9c:a1:e9:83:6b:e0:c2:db
Certificate

54:98:d2:d1:d4:5b:19:95:48:13:79:c8:11:c0:87:99
Certificate

33:00:00:7f:fe:7b:c6:50:70:3f:15:74:eb:00:00:00:00:7f:fe
Certificate

33:00:00:7f:fe:7b:c6:50:70:3f:15:74:eb:00:00:00:00:7f:fe
Certificate

33:00:00:00:07:37:8c:5b:a1:d9:5b:8c:d4:00:00:00:00:00:07
Certificate

33:00:00:00:07:87:a3:34:a3:7b:a5:8e:1c:00:00:00:00:00:07
Certificate

e9:5a:49:05:ae:81:f9:7c:cc:ff:4e:23:f3:af:0c:4e:5f:25:80:f8:fd:74:ea:34:68:80:ff:08:d1:57:1f:61
Signer

e9:5a:49:05:ae:81:f9:7c:cc:ff:4e:23:f3:af:0c:4e:5f:25:80:f8:fd:74:ea:34:68:80:ff:08:d1:57:1f:61
Signer

.text
Size: 116KB - Virtual size: 116KB

.rdata
Size: 47KB - Virtual size: 46KB

.data
Size: 38KB - Virtual size: 47KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 9KB - Virtual size: 8KB

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

a6:57:f7:78:b3:1a:e5:23:d6:67:13:17:18:d1:6e:b2
Certificate

9e:02:b0:e9:4a:ce:b2:10:9c:a1:e9:83:6b:e0:c2:db
Certificate

54:98:d2:d1:d4:5b:19:95:48:13:79:c8:11:c0:87:99
Certificate

33:00:00:7f:fe:7b:c6:50:70:3f:15:74:eb:00:00:00:00:7f:fe
Certificate

33:00:00:7f:fe:7b:c6:50:70:3f:15:74:eb:00:00:00:00:7f:fe
Certificate

33:00:00:00:07:37:8c:5b:a1:d9:5b:8c:d4:00:00:00:00:00:07
Certificate

33:00:00:00:07:87:a3:34:a3:7b:a5:8e:1c:00:00:00:00:00:07
Certificate

4c:b2:c2:59:60:de:05:6f:8e:e5:6d:80:35:1d:e7:ef:96:ed:1d:4b:2c:1b:87:e7:c5:8e:cf:56:a2:e4:c3:c9
Signer

4c:b2:c2:59:60:de:05:6f:8e:e5:6d:80:35:1d:e7:ef:96:ed:1d:4b:2c:1b:87:e7:c5:8e:cf:56:a2:e4:c3:c9
Signer

.text
Size: 172KB - Virtual size: 171KB

.rdata
Size: 50KB - Virtual size: 50KB

.data
Size: 5KB - Virtual size: 14KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 13KB - Virtual size: 12KB

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate