BrowserTool[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

BrowserTool.exe
Size

99.6MB
MD5

f489556fdde15b99e202a06f0cf513aa
SHA1

dc7991c837e336484d9bcd56fbe42129cc5a62d0
SHA256

0b5fe211d558daa7d54207d2869f53d0a91ae16397343fd2605fd3a0f292dd21
SHA512

dd87414e68ba61a6821d27853c45399193520d090fc9f69f7c4bd5ba1cc591e0384d680c454525d99d95f0b880cc50dffcca201d838d3c8f2d595ba27eda0cdd
SSDEEP

786432:d0urM/MqRmUT0kBKpM6i8nOhxYjjCmrkIvchTJCILjXvxscyQZfbyrBovl+4BPbG:d0XvQAsKlJGkzR21vYdsj

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/.rsrc/0/RCDATA/DXCAPTUREREPL)
unpack001/.rsrc/0/RCDATA/MSHTM

Files

BrowserTool.exe
.exe windows:4 windows x64 arch:x64

Code Sign

76:53:fe:ac:75:46:48:93:f5:e5:d7:4a:48:3a:4e:f8
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2020 00:00

Not After

18-03-2045 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:b7:f8:3d:95:63:79:cd:f5:c3:13:82
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

20-06-2024 03:32

Not After

21-06-2025 03:32

Subject

SERIALNUMBER=1001266910,CN=CONG TY TNHH SAN XUAT VA THUONG MAI HUU BANG,OU=IT Department,O=CONG TY TNHH SAN XUAT VA THUONG MAI HUU BANG,STREET=Xom 2\, thon Don Nong\, Xa Doan Hung\, Huyen Hung Ha,L=Thai Binh,ST=Thai Binh,C=VN,1.3.6.1.4.1.311.60.2.1.2=#1309546861692042696e68,1.3.6.1.4.1.311.60.2.1.3=#1302564e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

e1:42:a3:c6:78:e6:09:da:77:5c:d1:a0:22:ce:52:d1:27:05:35:7e
Signer

Actual PE Digest

e1:42:a3:c6:78:e6:09:da:77:5c:d1:a0:22:ce:52:d1:27:05:35:7e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 99.5MB - Virtual size: 99.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc/0/BINARY/MPENGINE.DLL
.dll windows:10 windows x64 arch:x64

b420b5b5c9e6f405aac5339dd81b87c2

Code Sign

33:00:00:03:3b:65:5f:ae:fa:db:75:e9:d6:00:00:00:00:03:3b
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-09-2021 18:23

Not After

01-09-2022 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

af:52:52:94:4b:fb:ac:84:e7:78:02:f5:0d:7c:77:f6:98:ca:c8:61:bf:0d:55:58:f1:a9:b9:b8:a3:40:43:a9
Signer

Actual PE Digest

af:52:52:94:4b:fb:ac:84:e7:78:02:f5:0d:7c:77:f6:98:ca:c8:61:bf:0d:55:58:f1:a9:b9:b8:a3:40:43:a9

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

mpengine.pdb

Imports

rpcrt4

RpcMgmtStopServerListening
UuidCreate
UuidFromStringW
NdrClientCall3
NdrServerCallAll
RpcMgmtWaitServerListen
RpcObjectSetType

ntdll

RtlIpv4AddressToStringA
RtlIpv6AddressToStringW
NtEnumerateSystemEnvironmentValuesEx
RtlPrefixUnicodeString
NtQueryKey
NtQueryValueKey
NtDeleteValueKey
NtOpenDirectoryObject
NtQuerySystemInformation
NtOpenFile
NtSetInformationFile
NtQueryVolumeInformationFile
NtSetEaFile
NtQueryEaFile
NtQueryInformationFile
RtlDeleteFunctionTable
RtlAddFunctionTable
NtClose
RtlInitUnicodeString
NtQueryDirectoryObject
NtOpenSymbolicLinkObject
RtlNtStatusToDosError
RtlPcToFileHeader
RtlUnwindEx
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlIpv6AddressToStringA
RtlIpv4AddressToStringW
NtEnumerateValueKey
NtCreateKey
NtDeleteKey
NtOpenKey
RtlInitUnicodeStringEx
NtCreateFile
NtQueryDirectoryFile
NtQueryInformationProcess
VerSetConditionMask
RtlUnwind
RtlGetVersion
NtQueryInformationThread
NtEnumerateKey
NtSetValueKey
NtUnmapViewOfSection
NtOpenSection
NtQuerySymbolicLinkObject
NtMapViewOfSection

kernel32

FindNextVolumeW
GetProcessTimes
GetDriveTypeW
ExpandEnvironmentStringsW
GetProductInfo
CreateFileW
UnmapViewOfFile
GetFileSize
CreateFileMappingW
MapViewOfFile
CreateMutexW
WaitForSingleObject
ReleaseMutex
GetFileTime
GetFileInformationByHandle
DeviceIoControl
SetFilePointerEx
ReadFile
GetFileSizeEx
GetEnvironmentVariableW
VirtualFree
VirtualAlloc
VirtualProtect
VirtualUnlock
WriteFile
SetFilePointer
GetFileAttributesW
CreateDirectoryW
AcquireSRWLockShared
ReleaseSRWLockShared
InitializeSRWLock
GetStringTypeExA
LCMapStringA
FindNextFileW
GetFinalPathNameByHandleW
SetFileTime
GetVolumePathNameW
GetVolumeInformationW
GetSystemInfo
GetFileAttributesExW
DeleteFileW
SetEvent
MoveFileExW
VirtualQueryEx
TryEnterCriticalSection
WaitForMultipleObjects
SetThreadPriority
GetThreadPriority
DeleteTimerQueueTimer
BackupRead
BackupWrite
SystemTimeToFileTime
GetModuleHandleA
FormatMessageW
GetModuleFileNameW
SetFileInformationByHandle
GetDiskFreeSpaceExW
QueryFullProcessImageNameW
GetSystemDefaultLCID
GetComputerNameExW
GetTempPathW
GetUserGeoID
WriteProcessMemory
InitializeProcThreadAttributeList
GetProcessId
OpenProcess
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
GetExitCodeProcess
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolWork
CloseThreadpool
CreateThreadpool
SetThreadpoolThreadMinimum
CloseThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
SetThreadpoolThreadMaximum
CreateThreadpoolCleanupGroup
SubmitThreadpoolWork
CreateThreadpoolWork
CreateFileA
CreateToolhelp32Snapshot
Process32NextW
Module32FirstW
ReadProcessMemory
Module32NextW
FormatMessageA
CreateEventW
ResetEvent
LockFileEx
FindVolumeClose
FindClose
FindFirstVolumeW
FindFirstFileW
QueryDosDeviceW
GetSystemWindowsDirectoryW
GetTickCount
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetModuleFileNameA
GetLongPathNameW
GetFullPathNameW
LocalFree
GetLogicalDrives
GetTickCount64
lstrlenW
CompareStringOrdinal
LoadLibraryA
ProcessIdToSessionId
GetStringTypeExW
Sleep
InitializeCriticalSection
CloseHandle
InitializeCriticalSectionEx
RaiseException
EncodePointer
InterlockedFlushSList
InterlockedPushEntrySList
InitializeSListHead
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
HeapReAlloc
HeapSize
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
GetVolumePathNamesForVolumeNameW
CreateFileMappingA
UnlockFile
HeapCompact
DeleteFileA
GetVersionExA
GetDiskFreeSpaceA
GetVersionExW
UnlockFileEx
GetFullPathNameA
LockFile
OutputDebugStringA
AreFileApisANSI
CreateWaitableTimerW
SetWaitableTimer
TlsSetValue
GetLastError
TlsGetValue
TlsAlloc
GetModuleHandleW
TlsFree
SetLastError
GetSystemTimeAsFileTime
GetSystemDirectoryW
FreeLibrary
GetProcAddress
LoadLibraryExW
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
VirtualLock
UnregisterWaitEx
ReleaseSemaphore
OpenEventW
DuplicateHandle
GetSystemWow64DirectoryW
GetNativeSystemInfo
GetCurrentDirectoryW
CreateProcessW
CreateSemaphoreW
CreateTimerQueueTimer
RegisterWaitForSingleObject
RemoveDirectoryW
SetEnvironmentVariableW
ExpandEnvironmentStringsA
SetFileAttributesW
ChangeTimerQueueTimer
WaitForSingleObjectEx
LoadLibraryW
SwitchToThread
FileTimeToSystemTime
QueryPerformanceFrequency
GetSystemTime
SizeofResource
LockResource
LoadResource
FindResourceW
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
DecodePointer
WaitForThreadpoolWorkCallbacks
HeapCreate
HeapValidate
HeapDestroy
InitOnceComplete
InitOnceBeginInitialize
GetExitCodeThread
GetFileInformationByHandleEx
FindFirstFileExW
SetEndOfFile
CopyFileW
FreeLibraryWhenCallbackReturns
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
SleepConditionVariableSRW
LCMapStringEx
CompareStringEx
GetLocaleInfoEx
CreateThread
ExitThread
ResumeThread
FreeLibraryAndExitThread
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
GetFileType
GetConsoleMode
ReadConsoleW
FlushFileBuffers
GetConsoleOutputCP
GetTimeZoneInformation
SetStdHandle
WriteConsoleW
OutputDebugStringW
GetTempPathA
IsWow64Process
VerifyVersionInfoW
FlushInstructionCache
OpenThread
TerminateThread
Thread32First
SuspendThread
Thread32Next
GetThreadId
GetThreadTimes
MoveFileW
GlobalMemoryStatusEx
FindFirstFileNameW
FindNextFileNameW
GetFileAttributesA
VirtualProtectEx
DosDateTimeToFileTime
GetVolumeNameForVolumeMountPointW
GetFirmwareEnvironmentVariableW
GetWindowsDirectoryW
OpenMutexW
VirtualAllocEx
VirtualFreeEx
GetSystemFirmwareTable
GetTempFileNameW
SetFirmwareEnvironmentVariableW
Process32FirstW
GetDiskFreeSpaceW
CompareStringW
GetTimeFormatW
GetDateFormatW
InitializeCriticalSectionAndSpinCount
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleExW
ExitProcess
GetProcessHeap
HeapFree
GetCurrentThreadId
GetCurrentThread
HeapAlloc
IsProcessorFeaturePresent
TerminateProcess

advapi32

CreateProcessAsUserW
EnumDependentServicesW
SetSecurityDescriptorControl
GetSecurityDescriptorControl
RegReplaceKeyW
QueryServiceStatusEx
ChangeServiceConfig2W
QueryServiceConfig2W
InitiateSystemShutdownExW
NotifyServiceStatusChangeW
QueryServiceStatus
EnumServicesStatusExW
StartServiceW
CreateServiceW
DeleteService
ControlService
DuplicateToken
RegFlushKey
RegGetKeySecurity
RegRestoreKeyW
RegSaveKeyW
RegSetKeySecurity
ConvertSidToStringSidA
GetSecurityDescriptorGroup
RegOpenCurrentUser
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
SetFileSecurityW
GetAclInformation
GetAce
AllocateAndInitializeSid
SetEntriesInAclW
SetNamedSecurityInfoW
CopySid
GetNamedSecurityInfoW
GetSecurityDescriptorOwner
IsValidSid
AddAce
GetFileSecurityW
CheckTokenMembership
InitializeSecurityDescriptor
InitializeAcl
GetLengthSid
DuplicateTokenEx
LookupAccountSidW
RegNotifyChangeKeyValue
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
GetSidSubAuthorityCount
GetSidSubAuthority
RegGetValueA
ConvertStringSidToSidW
CreateRestrictedToken
FreeSid
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityInfo
CloseServiceHandle
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
WriteEncryptedFileRaw
CloseEncryptedFileRaw
ReadEncryptedFileRaw
OpenEncryptedFileRawW
SetThreadToken
EventActivityIdControl
LsaNtStatusToWinError
RegQueryInfoKeyW
RegEnumKeyExW
RegUnLoadKeyW
RegLoadKeyW
RegOpenKeyExW
RegEnumValueW
RegQueryValueExW
ConvertSidToStringSidW
RegCloseKey
EventWriteTransfer
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
LsaOpenPolicy
LsaAddAccountRights
LsaClose
GetTokenInformation
EventRegister
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
RegisterTraceGuidsW
UnregisterTraceGuids
EventUnregister
TraceMessage

Exports

Exports

FreeSigFiles
GetSigFiles
MpBootStrap
MpContainerAnalyze
MpContainerClose
MpContainerCloseObject
MpContainerCommit
MpContainerDelete
MpContainerFreeObjectInfo
MpContainerGetNext
MpContainerOpen
MpContainerOpenObject
MpContainerRead
MpContainerSetSize
MpContainerWrite
__rsignal
rsignal

Sections

.text
Size: 11.1MB - Virtual size: 11.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 268KB - Virtual size: 370KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 432KB - Virtual size: 431KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 480KB - Virtual size: 479KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc/0/BINARY/MPGEAR.DLL
.dll windows:10 windows x64 arch:x64

86d0adb9b2e1f27df0110b9b7b25c534

Code Sign

33:00:00:01:23:30:43:8d:24:48:3c:a0:d7:00:00:00:00:01:23
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24-10-2018 21:07

Not After

10-01-2020 21:07

Subject

CN=Microsoft Time-Stamp Service,OU=Microsoft America Operations+OU=Thales TSS ESN:1A8F-E3C3-D69D,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:e3:7d:a3:1f:82:84:dc:e4:a1:00:02:00:00:01:e3
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-05-2019 21:20

Not After

02-05-2020 21:20

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:04:35:45:00:00:00:00:00:3f
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

20-09-2018 17:42

Not After

09-05-2021 23:28

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:02:c2:81:3c:ef:6a:1e:09:24:01:00:00:00:00:02:c2
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-05-2019 21:25

Not After

02-05-2020 21:25

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06-07-2010 20:40

Not After

06-07-2025 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

37:f3:1c:0d:4a:57:0a:76:d7:ca:28:84:9e:a6:83:49:b6:53:b1:b9:6f:bb:2c:45:e1:78:05:de:d0:55:a7:02
Signer

Actual PE Digest

37:f3:1c:0d:4a:57:0a:76:d7:ca:28:84:9e:a6:83:49:b6:53:b1:b9:6f:bb:2c:45:e1:78:05:de:d0:55:a7:02

Digest Algorithm

sha256

PE Digest Matches

true

f3:ae:96:e5:82:55:56:9f:cd:72:ad:28:21:e8:37:d6:f4:e5:b7:bd
Signer

Actual PE Digest

f3:ae:96:e5:82:55:56:9f:cd:72:ad:28:21:e8:37:d6:f4:e5:b7:bd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

MpGear.pdb

Imports

ntdll

RtlGetVersion
RtlCaptureContext
RtlPcToFileHeader
RtlNtStatusToDosError
RtlUnwindEx
RtlVirtualUnwind
RtlLookupFunctionEntry

kernel32

SetThreadpoolThreadMinimum
WaitForThreadpoolWorkCallbacks
WaitForMultipleObjects
SetFilePointerEx
WriteFile
SetEndOfFile
WideCharToMultiByte
MultiByteToWideChar
SystemTimeToFileTime
GlobalFree
GetComputerNameExW
GetModuleHandleExW
VirtualLock
ReadFile
GetFileSizeEx
CreateFileW
LoadLibraryW
CreateDirectoryW
FindFirstFileW
GetFullPathNameW
FindNextFileW
ExpandEnvironmentStringsW
RemoveDirectoryW
SetEnvironmentVariableW
GetEnvironmentVariableW
FindClose
WaitForSingleObject
GetFileAttributesW
GetSystemDirectoryW
SetFileAttributesW
SetThreadpoolThreadMaximum
SetEvent
DeleteFileW
ResetEvent
CreateProcessW
QueryPerformanceFrequency
GetSystemTime
SwitchToThread
ExitProcess
HeapFree
HeapAlloc
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
FindFirstFileExW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetTimeZoneInformation
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ReadConsoleW
WriteConsoleW
WaitForSingleObjectEx
SubmitThreadpoolWork
CreateThreadpoolWork
TryEnterCriticalSection
GetFileAttributesExW
GetModuleFileNameW
GetExitCodeProcess
CopyFileW
Sleep
GetTickCount
CreateEventW
GetSystemPowerStatus
CloseHandle
lstrcmpiW
FileTimeToSystemTime
GetTempPathW
LoadLibraryExW
GetProcAddress
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
SetLastError
GetLastError
RaiseException
InterlockedFlushSList
TerminateProcess
GetCurrentProcess
GetModuleHandleW
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
InitializeCriticalSection
GetCommandLineW
CreateThreadpool
CloseThreadpool
CloseThreadpoolWork
DecodePointer

advapi32

QueryServiceStatus
RegQueryValueExW
OpenSCManagerW
QueryServiceConfigW
OpenServiceW
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
TraceMessage
RegCloseKey
CloseServiceHandle
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW

crypt32

CertGetCertificateChain
CertFreeCertificateContext
CertVerifyCertificateChainPolicy
CertFreeCertificateChain

wintrust

WinVerifyTrust
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData

winhttp

WinHttpSetOption
WinHttpQueryHeaders
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpOpenRequest
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpWriteData
WinHttpAddRequestHeaders
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpGetDefaultProxyConfiguration
WinHttpConnect
WinHttpCrackUrl
WinHttpCloseHandle
WinHttpSetStatusCallback
WinHttpSetTimeouts
WinHttpOpen
WinHttpQueryOption

ole32

CoCreateInstance
CoWaitForMultipleHandles
CoInitializeEx
CoCreateGuid
StringFromGUID2
CoUninitialize
IIDFromString
CoSetProxyBlanket

oleaut32

VariantInit
SysFreeString
SysAllocString
VariantClear
SysStringLen

shlwapi

PathIsURLW

Exports

Exports

MpGearCloseHandle
MpGearContainerAnalyze
MpGearContainerCloseObject
MpGearContainerCommit
MpGearContainerDelete
MpGearContainerFreeObjectInfo
MpGearContainerGetNext
MpGearContainerOpen
MpGearContainerOpenObject
MpGearContainerRead
MpGearContainerRecognize
MpGearContainerSetSize
MpGearContainerWrite
MpGearCreateManager
MpGearDuplicateHandle
MpGearDynamicConfigAddBinary
MpGearDynamicConfigAddBool
MpGearDynamicConfigAddDWORD
MpGearDynamicConfigAddQWORD
MpGearDynamicConfigAddString
MpGearDynamicConfigAddStringList
MpGearDynamicConfigClear
MpGearDynamicConfigSend
MpGearFreeData
MpGearGetManagerInfo
MpGearGetSigDataDWORD
MpGearGetSigUpdateConfig
MpGearGetVirusNames
MpGearInheritEngine
MpGearInitializeMpPLI
MpGearQuarantineDelete
MpGearQuarantineGetNext
MpGearQuarantineOpen
MpGearQuarantineOpenEnumerator
MpGearQuarantineQuery
MpGearQuarantineRecover
MpGearQuarantineRestore
MpGearRebootActions
MpGearRenderPLIData
MpGearScanControl
MpGearScanFull
MpGearScanGetNextActionResult
MpGearScanGetNextThreat
MpGearScanGetStatistics
MpGearScanOpen
MpGearScanOpenActionResultsEnumerator
MpGearScanOpenThreatEnumerator
MpGearScanPath
MpGearScanQuick
MpGearScanSetDefaultThreatActions
MpGearScanSetOption
MpGearScanSetOptionEx
MpGearScanSetThreatAction
MpGearScanStream
MpGearScanSubmitReport
MpGearScanSubmitReportData
MpGearScanTakeActions
MpGearSetEngine
MpGearSetEngineWithResourceSigs
MpGearSetSigUpdateConfig
MpGearSigUpdateCancel
MpGearSigUpdateRollback
MpGearSigUpdateStart
MpGearSubmitHeartbeatReport
MpGearSubmitHeartbeatReportData
MpGearSubmitReportData

Sections

.text
Size: 406KB - Virtual size: 406KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc/0/CERTIFICATE/MSAUTHROOT
.rsrc/0/CERTIFICATE/MSCVROOT
.rsrc/0/CERTIFICATE/MSFLIGHTROOT2014
.rsrc/0/CERTIFICATE/MSROOT
.rsrc/0/CERTIFICATE/MSROOTCERT
.rsrc/0/CERTIFICATE/MSROOTCERT2010
.rsrc/0/MSTESTROOT/1
.rsrc/0/MSTESTROOT/2
.rsrc/0/RCDATA/DXCAPTUREREPL)
.dll windows:10 windows x64 arch:x64

c79fe6f974e9ae7752eb418e774e6a0d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

DXCaptureReplay.pdb

Imports

api-ms-win-core-version-l1-1-0

GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW

api-ms-win-core-libraryloader-l1-2-0

LockResource
LoadResource
GetModuleFileNameA
GetModuleHandleExW
LoadLibraryExW
GetModuleFileNameW
SizeofResource
GetProcAddress
GetModuleHandleW
FreeLibrary

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
OpenMutexW
OpenEventW
ResetEvent
CreateSemaphoreExW
ReleaseSemaphore
ReleaseSRWLockShared
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
CreateEventW
InitializeCriticalSectionEx
CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
LeaveCriticalSection
DeleteCriticalSection
ReleaseMutex
AcquireSRWLockShared
ReleaseSRWLockExclusive
CreateMutexW
WaitForSingleObject
EnterCriticalSection
InitializeSRWLock
SetEvent

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap
HeapReAlloc

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-processthreads-l1-1-0

TlsFree
GetExitCodeThread
GetCurrentProcessId
CreateThread
GetCurrentThreadId
ProcessIdToSessionId
TerminateProcess
TlsGetValue
TlsSetValue
GetCurrentProcess
OpenProcessToken
TlsAlloc

api-ms-win-core-localization-l1-2-0

GetLocaleInfoEx
GetCPInfo
FormatMessageA
LCMapStringEx
FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW
OutputDebugStringA

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

xmllite

CreateXmlReader

rpcrt4

UuidCreate

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
MapViewOfFile
VirtualAlloc
FlushViewOfFile
OpenFileMappingW
VirtualFree
CreateFileMappingW

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-memory-l1-1-1

GetWriteWatch
ResetWriteWatch

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoTaskMemFree
CoCreateGuid
CoCreateInstance
CoInitializeEx
CLSIDFromString
StringFromCLSID

api-ms-win-core-interlocked-l1-1-0

InterlockedPopEntrySList
InterlockedFlushSList
InitializeSListHead
InterlockedPushEntrySList

api-ms-win-core-file-l1-1-0

FindClose
CreateDirectoryW
FindFirstFileW
FlushFileBuffers
WriteFile
ReadFile
SetFilePointerEx
GetFileSizeEx
CreateFileW

api-ms-win-core-synch-l1-2-0

Sleep
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
SleepConditionVariableSRW
InitOnceExecuteOnce

api-ms-win-core-namedpipe-l1-1-0

CreateNamedPipeW
WaitNamedPipeW

api-ms-win-security-appcontainer-l1-1-0

GetAppContainerNamedObjectPath

api-ms-win-core-io-l1-1-1

CancelSynchronousIo

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW

api-ms-win-core-job-l2-1-0

OpenJobObjectW

api-ms-win-core-job-l1-1-0

IsProcessInJob

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventWriteTransfer
EventUnregister

dwrite

DWriteCreateFactory

api-ms-win-core-threadpool-l1-2-0

DisassociateCurrentThreadFromCallback
CloseThreadpoolWork
CloseThreadpoolWait
CreateThreadpoolTimer
SetThreadpoolTimer
FreeLibraryWhenCallbackReturns
SetThreadpoolWait
SubmitThreadpoolWork
CloseThreadpoolTimer
CreateThreadpoolWork
CreateThreadpoolWait

d2d1

ord1

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemTimeAsFileTime
GetSystemInfo
GlobalMemoryStatusEx
GetTickCount
GetTickCount64

api-ms-win-core-file-l1-2-0

CreateFile2
GetTempPathW

api-ms-win-core-libraryloader-l1-2-1

FindResourceW
LoadLibraryW

dxgi

CreateDXGIFactory1
CreateDXGIFactory
DXGIGetDebugInterface1
CreateDXGIFactory2

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-shcore-stream-l1-1-0

SHCreateStreamOnFileEx

api-ms-win-security-base-l1-1-0

AddMandatoryAce
AllocateAndInitializeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
FreeSid
InitializeAcl
GetTokenInformation
SetSecurityDescriptorSacl

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-security-provider-l1-1-0

SetEntriesInAclW

api-ms-win-crt-string-l1-1-0

memset
__strncnt
wcsncmp
strnlen
wcsnlen
strcspn

api-ms-win-crt-locale-l1-1-0

_lock_locales
_unlock_locales

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o___std_type_info_destroy_list
_o___stdio_common_vfprintf
_o___stdio_common_vfwprintf
_o___stdio_common_vsnprintf_s
_o___stdio_common_vsprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vswprintf_s
_o__aligned_free
_o__aligned_malloc
_o__callnewh
_o__calloc_base
_o__cexit
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__free_base
_o__fseeki64
_o__fsopen
_o__get_stream_buffer_pointers
_o__Getdays
_o__Getmonths
_o__Gettnames
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__lock_file
_o__malloc_base
_o__purecall
_o__realloc_base
_o__register_onexit_function
_o__seh_filter_dll
_o___std_exception_copy
_o__Strftime
_o__unlock_file
_o__W_Getdays
_o__W_Getmonths
_o__W_Gettnames
_o__wcsdup
_o__Wcsftime
_o__wcsicmp
_o__wfopen
_o__wfopen_s
_o__wtof
_o__wtoi
_o__wtoi64
_o_abort
_o_atof
_o_atoi
_o_calloc
_o_ceil
_o_ceilf
_o_fclose
_o_fflush
_o_fgetc
_o_fgetpos
_o_floor
_o_floorf
_o_fmodf
_o_fopen
_o_fopen_s
_o_fputc
_o_fread
_o_free
_o_frexp
_o_fseek
_o_fsetpos
_o_fwrite
_o_islower
_o_isspace
_o_isupper
_o_iswgraph
_o_ldexp
_o_localeconv
_o_log2
_o_malloc
_o_pow
_o_powf
_o_realloc
_o_setlocale
_o_setvbuf
_o_strtod
_o_strtof
_o_terminate
_o_tolower
_o_towlower
_o_ungetc
_o_wcscat_s
_o_wcstoul
_o_wcstoull
__uncaught_exception
__current_exception
__current_exception_context
__C_specific_handler_noexcept
_CxxThrowException
_o____mb_cur_max_func
_o____lc_locale_name_func
_o____lc_collate_cp_func
_o____lc_codepage_func
wcsstr
__C_specific_handler
__std_type_info_compare
strchr
__CxxFrameHandler3
_o___std_exception_destroy
memchr
memcmp
memcpy
_o___pctype_func
memmove

api-ms-win-core-string-l1-1-0

CompareStringEx
WideCharToMultiByte
GetStringTypeW
MultiByteToWideChar

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

cryptsp

CryptHashData
CryptDestroyHash
CryptReleaseContext
CryptAcquireContextW
CryptGetHashParam
CryptCreateHash

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-rtcore-ntuser-window-l1-1-0

PostQuitMessage
DefWindowProcW
SetWindowPos
DispatchMessageW
CreateWindowExW
ShowWindow
SetWindowTextW
GetWindowLongPtrW
SetWindowLongPtrW
RegisterClassExW
GetClientRect
TranslateMessage
PeekMessageW
DestroyWindow

Exports

Exports

CheckForWindowClosure
CreateDXGIFactory1Generated
CreateDXGIFactory2Generated
CreateDXGIFactoryGenerated
CreatePMCommsPUGA
CreateUtilityWindow
CustomEventGenerated
D2D1CreateDeviceContextGenerated
D2D1CreateDeviceGenerated
D2D1CreateFactoryGenerated
D3D10CreateDevice1Generated
D3D10CreateDeviceAndSwapChain1Generated
D3D10CreateDeviceAndSwapChainGenerated
D3D10CreateDeviceGenerated
D3D11CreateDeviceAndSwapChainGenerated
D3D11CreateDeviceGenerated
D3D11On12CreateDeviceGenerated
D3D12CreateDeviceGenerated
D3D12EnableExperimentalFeaturesGenerated
D3D12FenceEventCompletionGenerated
D3D12GetDebugInterfaceGenerated
D3DCreateCaptureRecreationHelperGenerated
D3DPERF_BeginEventGenerated
D3DPERF_EndEventGenerated
D3DPERF_SetMarkerGenerated
D3DPERF_SetRegionGenerated
DImageLoadGraphFromStringGenerated
DXGIGetDebugInterface1Generated
GetRealPtrPtrCreateDXGIFactory
GetRealPtrPtrCreateDXGIFactory1
GetRealPtrPtrCreateDXGIFactory2
GetRealPtrPtrCustomEvent
GetRealPtrPtrD2D1CreateDevice
GetRealPtrPtrD2D1CreateDeviceContext
GetRealPtrPtrD2D1CreateFactory
GetRealPtrPtrD3D10CreateDevice
GetRealPtrPtrD3D10CreateDevice1
GetRealPtrPtrD3D10CreateDeviceAndSwapChain
GetRealPtrPtrD3D10CreateDeviceAndSwapChain1
GetRealPtrPtrD3D11CreateDevice
GetRealPtrPtrD3D11CreateDeviceAndSwapChain
GetRealPtrPtrD3D11On12CreateDevice
GetRealPtrPtrD3D12CreateDevice
GetRealPtrPtrD3D12EnableExperimentalFeatures
GetRealPtrPtrD3D12FenceEventCompletion
GetRealPtrPtrD3D12GetDebugInterface
GetRealPtrPtrD3DCreateCaptureRecreationHelper
GetRealPtrPtrD3DPERF_BeginEvent
GetRealPtrPtrD3DPERF_EndEvent
GetRealPtrPtrD3DPERF_SetMarker
GetRealPtrPtrD3DPERF_SetRegion
GetRealPtrPtrDImageLoadGraphFromString
GetRealPtrPtrDXGIGetDebugInterface1
GetReflectionLayer
LazyAttachToInProc
LazyAttachToMonitor
ReleaseCaptureSessionContext

Sections

.text
Size: 22.3MB - Virtual size: 22.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 480KB - Virtual size: 478KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc/0/RCDATA/MSHTM
.dll windows:10 windows x64 arch:x64

5abfe6d5ef04240d4993a65f23869582

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

mshtml.pdb

Imports

msvcrt

_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
_lock
_unlock
__dllonexit
_onexit
__CxxFrameHandler3
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_XcptFilter
_amsg_exit
_initterm
tanf
_statusfp
_beginthreadex
fwprintf
_flushall
fclose
rand_s
fflush
??1exception@@UEAA@XZ
__CxxFrameHandler4
malloc
free
realloc
strtoul
strpbrk
bsearch_s
modf
wcstod
wcstok_s
towlower
_wtoi64
_aligned_free
_aligned_malloc
_stricmp
iswgraph
_itoa_s
swprintf_s
bsearch
_finite
_wtoi
_isnan
_ui64tow_s
_wcstoui64
_wtof
iswalnum
iswdigit
iswalpha
_wcslwr_s
_i64tow_s
wcscat_s
_ultow_s
__C_specific_handler
qsort
wcscpy_s
_vsnprintf
_wcsupr
_wcslwr
tolower
wcsncpy_s
strstr
strchr
strncmp
wcsrchr
_wcsupr_s
_itow_s
abort
wcstol
wcsncmp
_wtol
_wcsnicmp
memmove_s
memcpy_s
_errno
wcstoul
strnlen
wcscspn
wcstombs_s
towupper
iswlower
strrchr
_strnicmp
isalpha
isxdigit
isdigit
wcsncat_s
_fpclass
_mbsicmp
_mbscspn
_mbsspn
_mbsstr
isspace
_mbschr
_ismbcdigit
strncpy_s
_mbscmp
iswcntrl
_ultoa_s
swscanf_s
_wcsrev
wcsspn
exit
fprintf
_fileno
_isatty
fwrite
atof
atoi
strtol
qsort_s
rand
_ltow
_ltow_s
_clearfp
memmove
memcpy
memcmp
wcsstr
_controlfp_s
iswascii
calloc
_resetstkoflw
_wcsicmp
wcsnlen
memset
powf
sin
sinf
sqrt
sqrtf
strcmp
tan
wcspbrk
wcschr
_vsnwprintf
__iob_func
iswspace
iswpunct
_purecall
_HUGE
_CxxThrowException
_setjmp
acosf
asinf
atan2
atan2f
ceil
ceilf
cos
cosf
floor
floorf
fmod
fmodf
wcscmp

kernel32

HeapFree
GetModuleFileNameA
DebugBreak
GetProcAddress
IsDebuggerPresent
OutputDebugStringW
SetLastError
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
OpenSemaphoreW
QueryPerformanceCounter
GetProfileIntA
GlobalFree
GetTickCount
PowerSetRequest
PowerClearRequest
PowerCreateRequest
LoadLibraryExW
MulDiv
GetTickCount64
GetSystemTimeAsFileTime
CreateMutexExW
CreateSemaphoreExW
CreateThreadpoolTimer
WideCharToMultiByte
GlobalSize
GlobalLock
GlobalUnlock
IsDBCSLeadByteEx
MultiByteToWideChar
OpenProcess
GetCPInfo
GetSystemInfo
GetSystemDefaultLocaleName
GetUserDefaultLocaleName
GlobalMemoryStatusEx
CreateThreadpoolWork
GetProcessHeap
CloseThreadpoolWork
SubmitThreadpoolWork
GetFullPathNameW
SetFilePointer
WriteFile
ReadFile
GlobalAlloc
GetTempPath2W
GetTempFileNameW
CreateFileW
GetFileSize
DeleteFileW
GetSystemTime
SystemTimeToFileTime
FindFirstFileW
FindClose
CopyFileW
GetFileType
WaitForMultipleObjectsEx
CreateEventExW
QueryPerformanceFrequency
Sleep
ResolveLocaleName
GetLocaleInfoEx
GetUserGeoID
GetGeoInfoW
IsValidLocaleName
GetEnvironmentVariableW
SetEnvironmentVariableW
InitializeCriticalSectionAndSpinCount
CreateMutexW
GetFileAttributesW
InitOnceExecuteOnce
CompareStringEx
GetSystemTimeAdjustment
GetVersionExW
TrySubmitThreadpoolCallback
InitializeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
LoadLibraryW
ResumeThread
GetUserDefaultLCID
GetLocalTime
GetACP
LocaleNameToLCID
LCIDToLocaleName
GetUserDefaultUILanguage
IsValidCodePage
GetExitCodeThread
ResetEvent
lstrcmpiA
lstrcmpA
InitOnceInitialize
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
QueryDepthSList
CompareFileTime
GetTempPathW
TerminateThread
GetActiveProcessorCount
GetFileTime
DeleteFiber
SwitchToFiber
CreateFiber
ConvertThreadToFiber
ConvertFiberToThread
CompareStringOrdinal
SetEndOfFile
CreateFileMappingW
FlushViewOfFile
lstrcmpW
GetLocaleInfoW
GetDiskFreeSpaceW
FileTimeToSystemTime
CompareStringW
LCMapStringW
GetFileSizeEx
ExpandEnvironmentStringsW
GetSystemDirectoryW
GetCurrentThread
lstrcmpiW
VerSetConditionMask
VerifyVersionInfoW
SetThreadPreferredUILanguages
GetCommandLineW
GlobalDeleteAtom
GlobalAddAtomW
GlobalFindAtomW
HeapSetInformation
GetStringTypeExA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
SleepConditionVariableSRW
HeapAlloc
FormatMessageW
WaitForSingleObjectEx
InitializeCriticalSectionEx
ReleaseSemaphore
GetLastError
ReleaseMutex
RaiseException
InitializeSRWLock
ReleaseSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockShared
AcquireSRWLockExclusive
FlsSetValue
HeapDestroy
MapViewOfFile
OpenFileMappingW
GetCurrentProcessId
HeapCreate
FlsAlloc
InitializeCriticalSection
TlsAlloc
AddAtomW
TlsSetValue
TlsGetValue
GetModuleFileNameW
LocalFree
LocalAlloc
FindAtomW
DeleteAtom
UnmapViewOfFile
TlsFree
FlsFree
RaiseFailFastException
GetModuleHandleW
DeleteCriticalSection
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
SetEvent
FreeLibrary
CreateThread
CreateEventW
GetModuleHandleExW
FreeLibraryAndExitThread
CloseHandle
WaitForSingleObject
GetCurrentProcess
WerSetFlags
WerGetFlags
ActivateActCtx
DeactivateActCtx
CreateActCtxW
ReleaseActCtx
QueueUserWorkItem
GlobalFlags
FindResourceExA
LocalSize
GlobalReAlloc
WTSGetActiveConsoleSessionId
LCMapStringEx
ResolveDelayLoadedAPI
DelayLoadFailureHook
WaitForThreadpoolWorkCallbacks

api-ms-win-downlevel-advapi32-l1-1-0

RegDeleteTreeW
EventWriteEx
OpenProcessToken
RegGetValueW
EventUnregister
EventRegister
EventActivityIdControl
RegEnumKeyExW
RegCreateKeyExW
RegQueryValueExW
EventWrite
RegOpenKeyExW
EventWriteTransfer
RegQueryInfoKeyW
RegCloseKey
RegOpenKeyExA
OpenThreadToken
DuplicateTokenEx
RegSetValueExW
CreateProcessAsUserW
GetTokenInformation

api-ms-win-downlevel-version-l1-1-0

VerQueryValueW
GetFileVersionInfoExW
GetFileVersionInfoSizeExW

api-ms-win-downlevel-shlwapi-l1-1-0

StrCmpICW
StrCmpNIW
UrlApplySchemeW
StrStrIW
IsInternetESCEnabled
PathCreateFromUrlW
PathQuoteSpacesW
UrlCombineW
StrStrA
StrCpyNW
UrlEscapeW
UrlUnescapeW
UrlCanonicalizeW
PathGetArgsW
StrCmpNIA
StrDupW
StrCmpNICW
StrCmpNCW
StrCmpICA
StrCmpNICA
PathRemoveFileSpecW
StrCmpCW
PathIsRelativeW
PathRemoveBlanksW
StrToIntExW
HashData
UrlIsW
UrlCreateFromPathW
PathUnquoteSpacesW
QISearch
StrToInt64ExW
StrChrW
PathStripPathW
PathSearchAndQualifyW
StrCmpW
StrChrNIW
StrChrA
StrStrW
StrCmpNW
PathIsFileSpecW
ParseURLW
PathFileExistsW
StrTrimW
PathFindExtensionW
UrlGetLocationW
PathIsURLW
SHLoadIndirectString
StrPBrkW
PathGetCharTypeW
StrCmpCA
IsCharSpaceW
StrStrIA
UrlGetPartW
PathGetDriveNumberW
PathFindFileNameW
StrToIntW
GetAcceptLanguagesW
PathIsUNCW
StrCSpnW
StrCmpIW

api-ms-win-downlevel-user32-l1-1-0

CharLowerBuffW
CharLowerW
IsCharAlphaNumericW
IsCharAlphaW
CharUpperW
CharLowerA
LoadStringW
CharNextW

gdi32

SetGraphicsMode
CreateDIBSection
ExtTextOutW
SetTextAlign
GetTextColor
GetBkColor
SetStretchBltMode
StretchDIBits
SetDIBits
GetCurrentObject
GetClipRgn
ExtSelectClipRgn
SetBrushOrgEx
CreatePatternBrush
CreateBitmap
Ellipse
Polyline
Polygon
LineTo
MoveToEx
PatBlt
CreatePen
SetDCPenColor
ExtCreatePen
UnrealizeObject
SetBkMode
CreateHatchBrush
SetDCBrushColor
SetROP2
GetFontUnicodeRanges
GetGlyphOutlineW
GetCharWidthW
GetFontData
GetOutlineTextMetricsW
AddFontMemResourceEx
GetTextFaceW
RemoveFontMemResourceEx
StretchBlt
GdiFlush
Rectangle
CreateSolidBrush
GetTextCharsetInfo
TranslateCharsetInfo
ExtEscape
SetWorldTransform
CloseEnhMetaFile
GetEnhMetaFileW
EqualRgn
ExtCreateRegion
GetRegionData
OffsetViewportOrgEx
RealizePalette
SelectPalette
GetPaletteEntries
DeleteObject
SelectObject
GetObjectType
GetDeviceCaps
CreateRectRgn
BitBlt
GetPixel
CreateCompatibleBitmap
CreateCompatibleDC
CreateRectRgnIndirect
GetRandomRgn
OffsetRgn
GetClipBox
SetViewportOrgEx
CombineRgn
GetRgnBox
RestoreDC
SaveDC
GetViewportOrgEx
CreatePolygonRgn
EnumFontFamiliesExW
EnumFontsW
CreateFontIndirectW
GetTextCharset
SelectClipRgn
DeleteMetaFile
CreateMetaFileW
SetMapMode
SetWindowOrgEx
SetWindowExtEx
CloseMetaFile
SetViewportExtEx
PlayMetaFile
GetWindowOrgEx
GetWindowExtEx
LPtoDP
SetTextColor
SetBkColor
GetStockObject
IntersectClipRect
CreateEnhMetaFileW
DeleteDC
GetTextMetricsW
GetTextExtentPoint32W
GetObjectW
GetDIBits
GetNearestPaletteIndex
EnumObjects
GetEnhMetaFileHeader
GetDIBColorTable
SetDIBColorTable
SetMetaFileBitsEx
SetEnhMetaFileBits
GetEnhMetaFilePaletteEntries
PlayEnhMetaFile
DeleteEnhMetaFile
AbortDoc
StartPage
EndPage
CreateICW
CreateDCW
StartDocW
EndDoc

user32

CheckMenuRadioItem
CreatePopupMenu
AppendMenuW
GetMenuStringW
ToUnicodeEx
SubtractRect
UnionRect
MsgWaitForMultipleObjects
GetCaretBlinkTime
GetComboBoxInfo
DrawFocusRect
SendMessageA
ScrollDC
GetLayeredWindowAttributes
CreateCaret
DestroyCaret
SetCaretPos
GetLastInputInfo
EnumDisplaySettingsW
DisplayConfigGetDeviceInfo
GetDisplayConfigBufferSizes
RegisterClassW
GetWindowTextW
FindWindowW
GetLastActivePopup
DrawFrameControl
ShowCaret
HideCaret
GetCaretPos
GetKeyboardLayout
InsertMenuItemW
GetMenuItemInfoW
SetWindowsHookExW
PostThreadMessageW
FindWindowExW
MoveWindow
GetSysColorBrush
IsDlgButtonChecked
RemoveMenu
CallWindowProcW
RemovePropW
GetUpdateRect
CallNextHookEx
QueryDisplayConfig
IsWindowVisible
CopyRect
InflateRect
GetUpdateRgn
InvalidateRgn
GetWindowDC
LockWindowUpdate
DestroyIcon
AdjustWindowRectEx
GetWindowLongA
SetWindowLongA
GetShellWindow
GetKeyboardLayoutList
OpenClipboard
EmptyClipboard
CloseClipboard
SetClipboardData
RegisterClipboardFormatA
GetClassInfoExW
UnregisterClassW
GetDpiForSystem
LoadBitmapW
TrackPopupMenu
RegisterPowerSettingNotification
UnregisterPowerSettingNotification
SetRect
GetKeyboardLayoutNameW
DestroyCursor
GetIconInfo
ChildWindowFromPoint
MessageBeep
UpdateLayeredWindow
GetClassInfoW
SetCursorPos
SetRectEmpty
GetWindowRgn
EndDeferWindowPos
BeginDeferWindowPos
DeferWindowPos
InSendMessageEx
InSendMessage
SetMenuItemInfoW
ShowCursor
TrackPopupMenuEx
DestroyAcceleratorTable
TranslateAcceleratorW
AttachThreadInput
IsClipboardFormatAvailable
GetClipboardFormatNameW
GetWindowPlacement
GetWindowLongPtrA
GetTopWindow
BringWindowToTop
GetSystemMenu
UnhookWindowsHookEx
UnregisterClassA
IsWindowEnabled
LoadIconW
SendDlgItemMessageW
LoadImageW
GetWindow
SetWindowLongPtrW
DefWindowProcW
PostMessageW
GetParent
SetActiveWindow
GetWindowLongPtrW
GetKeyState
GetWindowThreadProcessId
GetDCEx
ReleaseDC
RegisterClipboardFormatW
RegisterWindowMessageW
GetDoubleClickTime
IsWindow
DestroyWindow
GetClientRect
FillRect
AllowSetForegroundWindow
GetClassNameW
IsWinEventHookInstalled
NotifyWinEvent
SetTimer
GetDesktopWindow
TranslateMessage
MessageBoxW
DialogBoxParamW
SetWindowTextW
EndDialog
GetFocus
ValidateRect
SetCursor
LoadCursorW
SendMessageW
KillTimer
EnumChildWindows
IsIconic
GetAncestor
GetSystemMetrics
GetMessageExtraInfo
GetCursorInfo
ChildWindowFromPointEx
ScreenToClient
GetCursorPos
WindowFromPoint
IsChild
MapWindowPoints
GetAsyncKeyState
GetMenuState
InsertMenuW
DeleteMenu
LoadMenuW
GetSubMenu
EnableMenuItem
DestroyMenu
GetCapture
ReleaseCapture
IsWindowUnicode
UpdateWindow
EnableWindow
SendMessageTimeoutW
EnumWindows
GetSysColor
GetForegroundWindow
WinHelpW
SetDlgItemTextW
CheckDlgButton
GetDlgItemTextW
ShowWindow
SetWindowPos
SetForegroundWindow
SetFocus
ClientToScreen
SystemParametersInfoW
MonitorFromWindow
GetActiveWindow
GetWindowRect
GetMessagePos
PtInRect
GetKeyboardState
MapVirtualKeyExW
ToAsciiEx
IsRectEmpty
IntersectRect
LoadAcceleratorsW
CopyAcceleratorTableW
VkKeyScanW
GetMenuItemCount
GetMenuItemID
CheckMenuItem
MonitorFromRect
GetMonitorInfoW
GetMessageW
DispatchMessageW
PeekMessageW
MsgWaitForMultipleObjectsEx
PostQuitMessage
MonitorFromPoint
GetDC
RedrawWindow
CreateAcceleratorTableW
OffsetRect
EqualRect
SetWindowRgn
SetPropW
SetParent
CreateWindowExW
SetLayeredWindowAttributes
SetCapture
GetWindowLongW
SetWindowLongW
ValidateRgn
GetCursor
LoadCursorA
GetPropW
InvalidateRect
GetDlgItem
BeginPaint
EndPaint
WindowFromDC
GetMessageTime
WaitMessage
RegisterClassExW

iertutil

ord25
ord21
ord690
CreateIUriBuilder
ord209
ord700
ord174
ord681
ord764
ord56
ord58
ord775
ord793
ord19
ord18
ord32
GetIUriPriv
ord916
ord682
ord398
ord96
ord820
ord26
CreateUriWithFragment
ord688
ord791
ord606
ord139
ord325
ord792
ord49
ord656
ord661
ord665
ord651
ord796
ord657
ord667
ord650
ord678
ord660
ord677
ord658
ord662
ord652
ord663
ord654
ord54
ord110
ord151
ord111
ord17
ord44
ord30
ord134
IntlPercentEncodeNormalize
ord466
ord597
ord594
ord177
ord603
ord779
ord781
ord774
ord765
ord138
ord607
ord281
ord282
ord35
ord42
GetPortFromUrlScheme
ord210
CreateUri
ord701
ord655
ord600
ord605
ord679
ord82
ord50

ntdll

RtlDllShutdownInProgress
NtClose
NtQuerySystemInformation

diagnosticdatasettings

TelIsTelemetryTypeAllowed

rpcrt4

RpcAsyncInitializeHandle
Ndr64AsyncClientCall
NdrClientCall3
RpcBindingBind
RpcBindingCreateW
RpcAsyncCancelCall
RpcAsyncCompleteCall
I_RpcExceptionFilter
UuidCreate
RpcBindingFree

api-ms-win-core-path-l1-1-0

PathCchAddBackslash
PathCchAppend
PathCchCombine
PathCchCanonicalize

sspicli

GetUserNameExW

api-ms-win-core-quirks-l1-1-0

QuirkIsEnabled

api-ms-win-core-file-l1-1-0

GetFileAttributesExW
FileTimeToLocalFileTime
CreateDirectoryW
GetLongPathNameW
GetFullPathNameA
SetFilePointerEx
GetDiskFreeSpaceExW

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-sysinfo-l1-1-0

GetLogicalProcessorInformation
GetVersionExA
GetSystemWindowsDirectoryW

api-ms-win-core-libraryloader-l1-2-0

LoadResource
SizeofResource
LockResource
FindResourceExW
LoadLibraryExA

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsA
GetCurrentDirectoryW
SearchPathW
GetStdHandle

api-ms-win-core-localization-l1-2-0

GetUserPreferredUILanguages
GetThreadUILanguage
IsDBCSLeadByte
GetSystemDefaultLCID
GetThreadPreferredUILanguages
GetUserDefaultLangID

api-ms-win-core-string-l1-1-0

GetStringTypeW

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualProtect
VirtualAlloc
VirtualFree

api-ms-win-core-processenvironment-l1-2-0

SearchPathA

api-ms-win-core-errorhandling-l1-1-0

SetErrorMode

api-ms-win-core-com-l1-1-0

CoGetStandardMarshal
CoGetPSClsid
ProgIDFromCLSID
IIDFromString

api-ms-win-core-handle-l1-1-0

DuplicateHandle

api-ms-win-core-memory-l1-1-1

ResetWriteWatch
VirtualUnlock
GetWriteWatch

api-ms-win-core-string-l2-1-0

CharPrevW
IsCharLowerW
IsCharUpperW

api-ms-win-core-processthreads-l1-1-0

SwitchToThread
ProcessIdToSessionId
GetProcessTimes
GetProcessId
GetProcessIdOfThread
SuspendThread
OpenThread
SetThreadPriority

api-ms-win-core-synch-l1-1-0

TryEnterCriticalSection
OpenEventW

api-ms-win-core-heap-l1-1-0

HeapUnlock
HeapReAlloc
HeapLock
HeapSize

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo
GetNativeSystemInfo

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW

api-ms-win-core-heap-l2-1-0

LocalReAlloc

api-ms-win-core-threadpool-l1-2-0

CreateThreadpool
CloseThreadpool
SetThreadpoolThreadMaximum

api-ms-win-power-base-l1-1-0

CallNtPowerInformation

api-ms-win-core-realtime-l1-1-0

QueryProcessCycleTime
QueryThreadCycleTime

api-ms-win-core-psapi-l1-1-0

K32GetProcessMemoryInfo

api-ms-win-core-interlocked-l1-1-0

InterlockedFlushSList

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

api-ms-win-core-datetime-l1-1-2

GetDurationFormatEx

api-ms-win-core-registry-l1-1-0

RegEnumValueW
RegDeleteValueW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadsFromDll

winhttp

WinHttpGetIEProxyConfigForCurrentUser

api-ms-win-core-wow64-l1-1-0

IsWow64Process

wkscli

NetGetJoinInformation

netutils

NetApiBufferFree

api-ms-win-core-processthreads-l1-1-1

GetThreadContext

api-ms-win-core-console-l2-1-0

GetConsoleScreenBufferInfo
SetConsoleTextAttribute

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureStackBackTrace

kernelbase

EnumUILanguagesW
lstrlenW
lstrlenA
StrToIntA
OpenGlobalizationUserSettingsKey
GetSystemDefaultUILanguage
GetNumberFormatW

Exports

Exports

ClearPhishingFilterData
ConvertAndEscapePostData
CreateCoreWebView
CreateHTMLPropertyPage
DllCanUnloadNow
DllEnumClassObjects
DllGetClassObject
GetColorValueFromString
GetWebPlatformObject
IEIsXMLNSRegistered
IERegisterXMLNS
InitializeLocalHtmlEngine
MatchExactGetIDsOfNames
PrintHTML
RunHTMLApplication
ShowHTMLDialog
ShowHTMLDialogEx
ShowModalDialog
ShowModelessHTMLDialog
TravelLogCreateInstance
TravelLogStgCreateInstance
UninitializeLocalHtmlEngine

Sections

.text
Size: 16.1MB - Virtual size: 16.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.8MB - Virtual size: 4.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 180KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 904KB - Virtual size: 901KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 532KB - Virtual size: 529KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc/0/RCDATA/WINDOWSCODEC
.dll windows:10 windows x64 arch:x64

203ec2bd63b945048eff1d161cb5f778

Code Sign

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:ed
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-12-2020 21:29

Not After

02-12-2021 21:29

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:9f:0b:21:1e:b2:a2:ed:0b:18:21:4f:59:70:a8:85:39:77:5f:32:cb:94:4b:66:95:66:b1:3f:6a:48:01:e7
Signer

Actual PE Digest

51:9f:0b:21:1e:b2:a2:ed:0b:18:21:4f:59:70:a8:85:39:77:5f:32:cb:94:4b:66:95:66:b1:3f:6a:48:01:e7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

WindowsCodecsRaw.pdb

Imports

msvcp_win

?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ

api-ms-win-crt-string-l1-1-0

strcmp
memset
strncmp

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__gmtime64_s
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__localtime64_s
_o__mktime64
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__strdup
_o__stricmp
_o__strnicmp
_o__swab
memmove
_o_atoi
_o_calloc
_o_ceilf
_o_cosf
_o_expf
_o_fclose
_o_floorf
_o_fopen_s
_o_fread
_o_free
_o_fseek
_o_ftell
_o_isdigit
_o_isspace
_o_log
_o_logf
_o_malloc
_o_pow
_o_powf
_o_qsort
_o_sqrt
_o_sqrtf
_o_strcat_s
_o_strcpy_s
_o_strftime
_o_strncpy_s
_o_terminate
_o_tolower
_o_toupper
_o_wmemcpy_s
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
_o__execute_onexit_table
_o___stdio_common_vswprintf_s
_o__errno
_o___stdio_common_vswprintf
_o___stdio_common_vsscanf
_o___stdio_common_vsprintf_s
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vsnprintf_s
_o__aligned_malloc
_o__aligned_free
_o___stdio_common_vfscanf
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o___acrt_iob_func
__C_specific_handler
__std_terminate
__CxxFrameHandler4
__C_specific_handler_noexcept
memchr
memcmp
memcpy

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockShared
ReleaseSRWLockExclusive
InitializeSRWLock
AcquireSRWLockShared
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
AcquireSRWLockExclusive

api-ms-win-core-com-l1-1-0

CoCreateInstance
CreateStreamOnHGlobal
PropVariantCopy
CoTaskMemAlloc
PropVariantClear

api-ms-win-core-libraryloader-l1-2-0

LoadResource
LockResource
GetModuleHandleW
SizeofResource
DisableThreadLibraryCalls
FindResourceExW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

propsys

PropVariantChangeType
PropVariantCompareEx
PSCreateMemoryPropertyStore

oleaut32

VariantInit
SystemTimeToVariantTime

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
RaiseException
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-1

GetCurrentProcessorNumber
IsProcessorFeaturePresent

api-ms-win-shcore-obsolete-l1-1-0

SHStrDupW

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
HeapDestroy
GetProcessHeap
HeapReAlloc
HeapSize

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-shlwapi-obsolete-l1-1-0

QISearch

api-ms-win-ntuser-rectangle-l1-1-0

IntersectRect

mscms

CreateMultiProfileTransform
DeleteColorTransform
CloseColorProfile
TranslateBitmapBits
OpenColorProfileW

kernel32

CreateFileA
UnmapViewOfFile
GetFileSizeEx
OutputDebugStringA
CloseHandle
DebugBreak
CreateMutexExW
GetProcAddress
CreateThreadpoolTimer
SetThreadpoolTimer
OpenSemaphoreW
WaitForSingleObjectEx
CloseThreadpoolTimer
OutputDebugStringW
FormatMessageW
ReleaseMutex
WaitForSingleObject
WaitForThreadpoolTimerCallbacks
InitializeCriticalSectionEx
GetModuleHandleExW
ReleaseSemaphore
SetLastError
CreateSemaphoreExW
GetModuleFileNameA
CreateThreadpoolWork
SubmitThreadpoolWork
GetActiveProcessorCount
WaitForThreadpoolWorkCallbacks
CloseThreadpoolWork
MapViewOfFile
CreateFileMappingW
QueryPerformanceFrequency
GetSystemInfo

gdi32

CombineRgn
DeleteObject
GetRegionData
CreateRectRgn
GetRgnBox

advapi32

CryptAcquireContextW
CryptGenRandom
CryptReleaseContext

ws2_32

ntohs
htonl

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 788KB - Virtual size: 786KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27.5MB - Virtual size: 27.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc/0/REGISTRY/101
.rsrc/0/REGISTRY/102
.rsrc/0/REGISTRY/103
.rsrc/0/REGISTRY/104
.rsrc/0/REGISTRY/106
.rsrc/1033/DIALOG/105
.rsrc/1033/DIALOG/106
.rsrc/1033/DIALOG/111
.rsrc/1033/GROUP_ICON/103
.rsrc/1033/ICON/1.ico
.rsrc/1033/ICON/2.ico
.rsrc/1033/ICON/3.ico
.rsrc/1033/ICON/4.ico
.rsrc/1033/MANIFEST/1
.xml
.rsrc/1033/TYPELIB/1
.text
CERTIFICATE

Sharing

General

Malware Config

Signatures

Files

Code Sign

76:53:fe:ac:75:46:48:93:f5:e5:d7:4a:48:3a:4e:f8Certificate

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

05:b7:f8:3d:95:63:79:cd:f5:c3:13:82Certificate

Extended Key Usages

Key Usages

e1:42:a3:c6:78:e6:09:da:77:5c:d1:a0:22:ce:52:d1:27:05:35:7eSigner

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 3KB - Virtual size: 3KB

.rsrc Size: 99.5MB - Virtual size: 99.5MB

b420b5b5c9e6f405aac5339dd81b87c2

Code Sign

33:00:00:03:3b:65:5f:ae:fa:db:75:e9:d6:00:00:00:00:03:3bCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

af:52:52:94:4b:fb:ac:84:e7:78:02:f5:0d:7c:77:f6:98:ca:c8:61:bf:0d:55:58:f1:a9:b9:b8:a3:40:43:a9Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

rpcrt4

ntdll

kernel32

advapi32

Exports

Exports

Sections

.text Size: 11.1MB - Virtual size: 11.1MB

.rdata Size: 3.8MB - Virtual size: 3.8MB

.data Size: 268KB - Virtual size: 370KB

.pdata Size: 432KB - Virtual size: 431KB

.rsrc Size: 480KB - Virtual size: 479KB

.reloc Size: 100KB - Virtual size: 98KB

86d0adb9b2e1f27df0110b9b7b25c534

Code Sign

33:00:00:01:23:30:43:8d:24:48:3c:a0:d7:00:00:00:00:01:23Certificate

Extended Key Usages

33:00:00:01:e3:7d:a3:1f:82:84:dc:e4:a1:00:02:00:00:01:e3Certificate

Extended Key Usages

61:04:35:45:00:00:00:00:00:3fCertificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

33:00:00:02:c2:81:3c:ef:6a:1e:09:24:01:00:00:00:00:02:c2Certificate

Extended Key Usages

61:0c:52:4c:00:00:00:00:00:03Certificate

Key Usages

37:f3:1c:0d:4a:57:0a:76:d7:ca:28:84:9e:a6:83:49:b6:53:b1:b9:6f:bb:2c:45:e1:78:05:de:d0:55:a7:02Signer

f3:ae:96:e5:82:55:56:9f:cd:72:ad:28:21:e8:37:d6:f4:e5:b7:bdSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

kernel32

advapi32

crypt32

76:53:fe:ac:75:46:48:93:f5:e5:d7:4a:48:3a:4e:f8
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

05:b7:f8:3d:95:63:79:cd:f5:c3:13:82
Certificate

e1:42:a3:c6:78:e6:09:da:77:5c:d1:a0:22:ce:52:d1:27:05:35:7e
Signer

.text
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 99.5MB - Virtual size: 99.5MB

33:00:00:03:3b:65:5f:ae:fa:db:75:e9:d6:00:00:00:00:03:3b
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

af:52:52:94:4b:fb:ac:84:e7:78:02:f5:0d:7c:77:f6:98:ca:c8:61:bf:0d:55:58:f1:a9:b9:b8:a3:40:43:a9
Signer

.text
Size: 11.1MB - Virtual size: 11.1MB

.rdata
Size: 3.8MB - Virtual size: 3.8MB

.data
Size: 268KB - Virtual size: 370KB

.pdata
Size: 432KB - Virtual size: 431KB

.rsrc
Size: 480KB - Virtual size: 479KB

.reloc
Size: 100KB - Virtual size: 98KB

33:00:00:01:23:30:43:8d:24:48:3c:a0:d7:00:00:00:00:01:23
Certificate

33:00:00:01:e3:7d:a3:1f:82:84:dc:e4:a1:00:02:00:00:01:e3
Certificate

61:04:35:45:00:00:00:00:00:3f
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:02:c2:81:3c:ef:6a:1e:09:24:01:00:00:00:00:02:c2
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

37:f3:1c:0d:4a:57:0a:76:d7:ca:28:84:9e:a6:83:49:b6:53:b1:b9:6f:bb:2c:45:e1:78:05:de:d0:55:a7:02
Signer

f3:ae:96:e5:82:55:56:9f:cd:72:ad:28:21:e8:37:d6:f4:e5:b7:bd
Signer

.text
Size: 406KB - Virtual size: 406KB

.rdata
Size: 148KB - Virtual size: 148KB

.data
Size: 11KB - Virtual size: 16KB

.pdata
Size: 20KB - Virtual size: 20KB

.rsrc
Size: 1024B - Virtual size: 960B

.reloc
Size: 3KB - Virtual size: 3KB