f9d60cdf400e209a3184c76e1ac382fd56dc6cb0ed48788cbb18201dea087fa7

Sharing

Copy URL

Twitter E-mail

General

Target

f9d60cdf400e209a3184c76e1ac382fd56dc6cb0ed48788cbb18201dea087fa7
Size

4.1MB
MD5

5fcd5e01a2a00e665cb8361f9b545a88
SHA1

b02a09dd52776de20ca921f0bb3c64e811e302fc
SHA256

f9d60cdf400e209a3184c76e1ac382fd56dc6cb0ed48788cbb18201dea087fa7
SHA512

a9b462525f65c40229817cb0bf33aace2181ccec8306574a5937128678b3f9a4e9e7263d8f3f01ce0ca962a5806fb025089c6cf46ab782bccec20a0c3204f74f
SSDEEP

98304:HPSaWxjnXZYzdv4jioi838vFy9GWA0tzlgyD2RNHgDKrV:HPhWxrAdv4Gg99GWAmlRD2RNHok

Score

1^/10

Malware Config

Signatures

Files

f9d60cdf400e209a3184c76e1ac382fd56dc6cb0ed48788cbb18201dea087fa7
.zip
新建文件夹/SecurityCore_x86.dll
.dll windows:5 windows x86 arch:x86

c778e97ae2254ea7ddef70573b59a0e0

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:f9:80:67:6d:7d:7e:8d:5e:b0:42:d2:df:47:78:48
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

23/03/2023, 00:00

Not After

22/03/2026, 23:59

Subject

CN=Sangfor Technologies Inc.,O=Sangfor Technologies Inc.,L=Shenzhen,ST=Guangdong Province,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

36:05:26:d2:cb:6a:17:cb:68:85:ea:44:d0:84:bb:eb:8b:92:41:f9:62:31:d1:1f:b6:3e:9b:8a:a6:f7:0b:00
Signer

Actual PE Digest

36:05:26:d2:cb:6a:17:cb:68:85:ea:44:d0:84:bb:eb:8b:92:41:f9:62:31:d1:1f:b6:3e:9b:8a:a6:f7:0b:00

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\qianliu-agent\workspace\0\zb_gitlab\16700\program\__build\build\app\bin\Release\SecurityCore_x86.pdb

Imports

ws2_32

shutdown
gethostname
WSAStartup
WSACleanup
getaddrinfo
freeaddrinfo
send
WSACloseEvent
WSACreateEvent
inet_ntoa
WSAEnumNetworkEvents
WSAEventSelect
getnameinfo
gethostbyname
ioctlsocket
sendto
recvfrom
listen
htonl
accept
select
__WSAFDIsSet
inet_pton
WSAIoctl
WSASetLastError
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
recv
WSAGetLastError
closesocket
WSAWaitForMultipleEvents
WSASetEvent
WSAResetEvent

crypt32

CertFreeCertificateContext
CertCloseStore
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertOpenSystemStoreA
CertEnumCertificatesInStore

ole32

CoCreateGuid
CoTaskMemFree
CoTaskMemAlloc

wtsapi32

WTSQueryUserToken
WTSFreeMemory
WTSEnumerateSessionsW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

psapi

EnumProcesses
GetProcessMemoryInfo

kernel32

HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
GetCurrentProcessId
RaiseException
GetCurrentThreadId
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
WaitForSingleObject
CloseHandle
CreateEventW
OutputDebugStringA
LockResource
Sleep
LoadResource
SizeofResource
FindClose
GetSystemTimeAsFileTime
GetTickCount
FindResourceW
FindResourceExW
DeleteFileA
FindFirstFileA
FindNextFileA
WideCharToMultiByte
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleFileNameA
DisableThreadLibraryCalls
CreateThread
CreateMutexA
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
InterlockedExchangeAdd
InterlockedCompareExchange
GlobalFree
LocalFree
VirtualAlloc
VirtualFree
HeapCreate
GetProcessTimes
OpenProcess
GetCurrentProcess
GetExitCodeProcess
GetEnvironmentStringsW
FreeEnvironmentStringsW
SwitchToThread
GetCurrentThread
TerminateThread
GetExitCodeThread
SetLastError
GetOverlappedResult
SetErrorMode
ReadProcessMemory
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
ResetEvent
ReleaseSemaphore
ReleaseMutex
LockFileEx
UnlockFileEx
WriteFile
ReadFile
FlushFileBuffers
GetSystemInfo
GetNativeSystemInfo
SystemTimeToFileTime
FileTimeToLocalFileTime
GetStartupInfoW
ConnectNamedPipe
DisconnectNamedPipe
MapViewOfFile
UnmapViewOfFile
TlsAlloc
TlsGetValue
DecodePointer
TlsFree
WaitForSingleObjectEx
CreateSemaphoreA
CreateFileMappingA
OpenFileMappingA
GetLogicalDriveStringsW
LoadLibraryW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
CreateProcessW
GetEnvironmentVariableA
GetEnvironmentVariableW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetSystemDirectoryW
GetTempPathW
GetSystemWow64DirectoryW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetDiskFreeSpaceW
GetDiskFreeSpaceExW
CreateDirectoryW
GetFullPathNameW
QueryDosDeviceW
CreateFileA
CreateFileW
GetFileAttributesW
GetFileAttributesExW
DeleteFileW
FindFirstFileW
FindNextFileW
SearchPathW
CopyFileW
OpenEventA
CreateNamedPipeW
IsBadWritePtr
IsBadStringPtrW
QueryPerformanceCounter
QueryPerformanceFrequency
ProcessIdToSessionId
WTSGetActiveConsoleSessionId
MultiByteToWideChar
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
Module32FirstW
Module32NextW
MoveFileExA
lstrcmpiW
IsBadReadPtr
GetFileSize
CreateFileMappingW
GetProcessHandleCount
DuplicateHandle
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
FormatMessageW
InitializeCriticalSectionEx
SleepEx
GetSystemDirectoryA
CompareFileTime
WaitForMultipleObjects
GetFileType
GetStdHandle
PeekNamedPipe
VerSetConditionMask
VerifyVersionInfoW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
GetModuleHandleExA
FormatMessageA
CreateFiber
DeleteFiber
SwitchToFiber
ConvertThreadToFiber
ConvertFiberToThread
GetSystemTime
InitializeSListHead
OutputDebugStringW
EncodePointer
CompareStringW
HeapDestroy
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
TlsSetValue
SetUnhandledExceptionFilter
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
LoadLibraryExW
ExitThread
ResumeThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
SetStdHandle
RemoveDirectoryW
SetFilePointerEx
SetConsoleCtrlHandler
ExitProcess
GetConsoleCP
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetACP
GetTimeZoneInformation
GetFullPathNameA
SetEndOfFile
FindFirstFileExA
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
SetEnvironmentVariableA
WriteConsoleW
OpenMutexA
CreateEventA
FileTimeToSystemTime
MoveFileExW

user32

GetClassNameW
GetParent
GetForegroundWindow
IsWindow
InternalGetWindowText
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA
SendMessageA
UnregisterClassW

shell32

SHGetSpecialFolderLocation
SHGetFolderLocation
SHBrowseForFolderW
SHGetSpecialFolderPathA
SHGetPathFromIDListW

advapi32

EnumServicesStatusExA
DeleteService
ControlService
CloseServiceHandle
ChangeServiceConfig2A
ChangeServiceConfigW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
CheckTokenMembership
DuplicateTokenEx
CreateProcessAsUserW
ImpersonateLoggedOnUser
LookupPrivilegeValueA
LookupAccountSidW
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetSecurityDescriptorSacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
GetLengthSid
FreeSid
AllocateAndInitializeSid
AdjustTokenPrivileges
SetTokenInformation
GetTokenInformation
OpenThreadToken
OpenProcessToken
RevertToSelf
EnumServicesStatusExW
LockServiceDatabase
OpenSCManagerA
OpenSCManagerW
OpenServiceA
OpenServiceW
QueryServiceConfigW
QueryServiceStatus
QueryServiceStatusEx
StartServiceA
StartServiceW
UnlockServiceDatabase
SetEntriesInAclW
GetNamedSecurityInfoW
SetNamedSecurityInfoW
DeregisterEventSource
RegisterEventSourceA
ReportEventA
EnumDependentServicesA
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom

shlwapi

StrStrIW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueA

wintrust

WinVerifyTrust

bcrypt

BCryptGenRandom

Exports

Exports

SpinHeaderLock
curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_header
curl_easy_init
curl_easy_nextheader
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_easy_upkeep
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_global_sslset
curl_maprintf
curl_mfprintf
curl_mime_addpart
curl_mime_data
curl_mime_data_cb
curl_mime_encoder
curl_mime_filedata
curl_mime_filename
curl_mime_free
curl_mime_headers
curl_mime_init
curl_mime_name
curl_mime_subparts
curl_mime_type
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_poll
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_multi_wait
curl_multi_wakeup
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape
curl_url
curl_url_cleanup
curl_url_dup
curl_url_get
curl_url_set
curl_url_strerror

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 625KB - Virtual size: 624KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
新建文件夹/WinDivert64.sys
.sys windows:10 windows x64 arch:x64

505c54af7fa8f0482014ca4fe5cdd53d

Code Sign

f4:8b:a9:cb:78:dd:96:f2:dc:60:2f:ef:35:68:c9:2a
Certificate

Issuer

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

13/10/2017, 00:00

Not After

12/10/2020, 23:59

Subject

SERIALNUMBER=8313827,CN=Cloudveil Technology Inc.,O=Cloudveil Technology Inc.,POSTALCODE=67107,STREET=100 Ave C,L=Moundridge,ST=Kansas,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13064b616e736173,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/12/2014, 00:00

Not After

02/12/2029, 23:59

Subject

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:31:94:79:a3:18:f5:52:2d:06:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/06/2019, 18:34

Not After

03/06/2020, 18:34

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

22:28:bf:92:4d:da:52:a7:8d:1d:5e:42:49:58:10:79:54:b9:1b:20:4d:70:75:56:77:34:96:94:0a:13:9c:2e
Signer

Actual PE Digest

22:28:bf:92:4d:da:52:a7:8d:1d:5e:42:49:58:10:79:54:b9:1b:20:4d:70:75:56:77:34:96:94:0a:13:9c:2e

Digest Algorithm

sha256

PE Digest Matches

true

22:28:bf:92:4d:da:52:a7:8d:1d:5e:42:49:58:10:79:54:b9:1b:20:4d:70:75:56:77:34:96:94:0a:13:9c:2e
Signer

Actual PE Digest

22:28:bf:92:4d:da:52:a7:8d:1d:5e:42:49:58:10:79:54:b9:1b:20:4d:70:75:56:77:34:96:94:0a:13:9c:2e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\WinDivert\install\MSVC\amd64\WinDivert64.pdb

Imports

ntoskrnl.exe

ExFreePoolWithTag
MmBuildMdlForNonPagedPool
MmMapLockedPagesSpecifyCache
IoAllocateErrorLogEntry
IoAllocateMdl
IoFreeMdl
IoGetCurrentProcess
IoWriteErrorLogEntry
RtlCopyUnicodeString
ObfReferenceObject
ObfDereferenceObject
KeBugCheckEx
IoGetRequestorProcess
PsGetProcessId
ExUuidCreate
ExAllocatePoolWithTag
KeReleaseInStackQueuedSpinLock
KeAcquireInStackQueuedSpinLock
RtlGetVersion
RtlIntegerToUnicodeString

hal

KeQueryPerformanceCounter

ndis.sys

NdisAllocateNetBufferPool
NdisFreeNetBufferPool
NdisAllocateNetBufferListPool
NdisFreeNetBufferListPool
NdisGetDataBuffer
NdisAdvanceNetBufferDataStart
NdisRetreatNetBufferDataStart

fwpkclnt.sys

FwpsAllocateNetBufferAndNetBufferList0
FwpmFilterDeleteByKey0
FwpmFilterAdd0
FwpmCalloutDeleteByKey0
FwpmCalloutAdd0
FwpmSubLayerDeleteByKey0
FwpmSubLayerAdd0
FwpmTransactionAbort0
FwpmTransactionCommit0
FwpmTransactionBegin0
FwpmEngineClose0
FwpmEngineOpen0
FwpsQueryPacketInjectionState0
FwpsInjectNetworkReceiveAsync0
FwpsInjectForwardAsync0
FwpsInjectNetworkSendAsync0
FwpsCalloutRegister0
FwpsCalloutUnregisterByKey0
FwpsFlowAssociateContext0
FwpsFlowRemoveContext0
FwpsInjectionHandleCreate0
FwpsInjectionHandleDestroy0
FwpsFreeNetBufferList0

wdfldr.sys

WdfVersionBind
WdfVersionBindClass
WdfVersionUnbindClass
WdfVersionUnbind

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
新建文件夹/WinDivert64w10.bkf
.sys windows:10 windows x64 arch:x64

505c54af7fa8f0482014ca4fe5cdd53d

Code Sign

f4:8b:a9:cb:78:dd:96:f2:dc:60:2f:ef:35:68:c9:2a
Certificate

Issuer

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

13/10/2017, 00:00

Not After

12/10/2020, 23:59

Subject

SERIALNUMBER=8313827,CN=Cloudveil Technology Inc.,O=Cloudveil Technology Inc.,POSTALCODE=67107,STREET=100 Ave C,L=Moundridge,ST=Kansas,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13064b616e736173,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/12/2014, 00:00

Not After

02/12/2029, 23:59

Subject

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:31:94:79:a3:18:f5:52:2d:06:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/06/2019, 18:34

Not After

03/06/2020, 18:34

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

22:28:bf:92:4d:da:52:a7:8d:1d:5e:42:49:58:10:79:54:b9:1b:20:4d:70:75:56:77:34:96:94:0a:13:9c:2e
Signer

Actual PE Digest

22:28:bf:92:4d:da:52:a7:8d:1d:5e:42:49:58:10:79:54:b9:1b:20:4d:70:75:56:77:34:96:94:0a:13:9c:2e

Digest Algorithm

sha256

PE Digest Matches

true

22:28:bf:92:4d:da:52:a7:8d:1d:5e:42:49:58:10:79:54:b9:1b:20:4d:70:75:56:77:34:96:94:0a:13:9c:2e
Signer

Actual PE Digest

22:28:bf:92:4d:da:52:a7:8d:1d:5e:42:49:58:10:79:54:b9:1b:20:4d:70:75:56:77:34:96:94:0a:13:9c:2e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\WinDivert\install\MSVC\amd64\WinDivert64.pdb

Imports

ntoskrnl.exe

ExFreePoolWithTag
MmBuildMdlForNonPagedPool
MmMapLockedPagesSpecifyCache
IoAllocateErrorLogEntry
IoAllocateMdl
IoFreeMdl
IoGetCurrentProcess
IoWriteErrorLogEntry
RtlCopyUnicodeString
ObfReferenceObject
ObfDereferenceObject
KeBugCheckEx
IoGetRequestorProcess
PsGetProcessId
ExUuidCreate
ExAllocatePoolWithTag
KeReleaseInStackQueuedSpinLock
KeAcquireInStackQueuedSpinLock
RtlGetVersion
RtlIntegerToUnicodeString

hal

KeQueryPerformanceCounter

ndis.sys

NdisAllocateNetBufferPool
NdisFreeNetBufferPool
NdisAllocateNetBufferListPool
NdisFreeNetBufferListPool
NdisGetDataBuffer
NdisAdvanceNetBufferDataStart
NdisRetreatNetBufferDataStart

fwpkclnt.sys

FwpsAllocateNetBufferAndNetBufferList0
FwpmFilterDeleteByKey0
FwpmFilterAdd0
FwpmCalloutDeleteByKey0
FwpmCalloutAdd0
FwpmSubLayerDeleteByKey0
FwpmSubLayerAdd0
FwpmTransactionAbort0
FwpmTransactionCommit0
FwpmTransactionBegin0
FwpmEngineClose0
FwpmEngineOpen0
FwpsQueryPacketInjectionState0
FwpsInjectNetworkReceiveAsync0
FwpsInjectForwardAsync0
FwpsInjectNetworkSendAsync0
FwpsCalloutRegister0
FwpsCalloutUnregisterByKey0
FwpsFlowAssociateContext0
FwpsFlowRemoveContext0
FwpsInjectionHandleCreate0
FwpsInjectionHandleDestroy0
FwpsFreeNetBufferList0

wdfldr.sys

WdfVersionBind
WdfVersionBindClass
WdfVersionUnbindClass
WdfVersionUnbind

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
新建文件夹/inst_ca.exe
.exe windows:6 windows x86 arch:x86

8c2537a65e378996a578c2bccf0c86d3

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:f9:80:67:6d:7d:7e:8d:5e:b0:42:d2:df:47:78:48
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

23/03/2023, 00:00

Not After

22/03/2026, 23:59

Subject

CN=Sangfor Technologies Inc.,O=Sangfor Technologies Inc.,L=Shenzhen,ST=Guangdong Province,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:8a:51:0b:af:ad:6c:6a:2a:fb:fd:e7:68:9f:fd:ac:7c:67:17:87:9d:98:b3:12:6d:22:01:76:9f:27:a8:45
Signer

Actual PE Digest

7b:8a:51:0b:af:ad:6c:6a:2a:fb:fd:e7:68:9f:fd:ac:7c:67:17:87:9d:98:b3:12:6d:22:01:76:9f:27:a8:45

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\code\byodclientwin\byodclientwin\Release\ByodProxyInstCa.pdb

Imports

kernel32

Process32FirstW
OpenProcess
Process32NextW
ProcessIdToSessionId
GetCurrentProcessId
Process32First
Process32Next
DeleteFileA
GetModuleFileNameA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetModuleFileNameW
GetTempFileNameW
DeleteFileW
CopyFileA
lstrcpyA
lstrcatA
IsWow64Process
CreateToolhelp32Snapshot
GetCommandLineW
GetCommandLineA
LocalFree
SetLastError
MultiByteToWideChar
WideCharToMultiByte
LoadLibraryA
FreeLibrary
GetModuleHandleA
GetProcAddress
GetExitCodeProcess
TerminateProcess
CreateProcessA
GetCurrentProcess
SetThreadLocale
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetTimeZoneInformation
SetFilePointerEx
GetFileSizeEx
GetConsoleCP
ReadConsoleW
GetConsoleMode
ReadFile
GetFileAttributesExW
SetStdHandle
GetFullPathNameW
GetCurrentDirectoryW
WriteConsoleW
FlushFileBuffers
GetStringTypeW
SetThreadUILanguage
GetSystemDefaultLangID
Sleep
VerifyVersionInfoW
VerSetConditionMask
GetLocalTime
WaitForSingleObject
CloseHandle
DecodePointer
RaiseException
DeleteCriticalSection
InitializeCriticalSectionEx
GetLastError
GetEnvironmentStringsW
SetEnvironmentVariableW
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
CreateFileW
FindClose
FindFirstFileW
FindNextFileW
AddVectoredExceptionHandler
RemoveVectoredExceptionHandler
GetProcessId
LoadLibraryW
WritePrivateProfileStringW
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
MoveFileExW
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SetEndOfFile
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
FreeEnvironmentStringsW

advapi32

RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegQueryValueExA
RegSetValueExA
ImpersonateLoggedOnUser
RevertToSelf

shell32

ShellExecuteExW
CommandLineToArgvW
SHCreateDirectoryExA
SHGetFolderPathA
ord165

shlwapi

PathRemoveFileSpecA
PathFileExistsA
PathRemoveFileSpecW
StrCpyW
StrCatW
PathAppendW
PathFileExistsW
StrRStrIW
PathFindFileNameW

wtsapi32

WTSQueryUserToken
WTSFreeMemory
WTSEnumerateSessionsA

dbghelp

MiniDumpWriteDump

crypt32

CertFreeCertificateContext
CertGetNameStringA
CryptStringToBinaryA
CertCreateCertificateContext
CertDuplicateCertificateContext
CertDeleteCertificateFromStore
CertOpenStore
CertEnumCertificatesInStore
CertCompareCertificate
CertCompareCertificateName
CertVerifyTimeValidity
CertAddCertificateContextToStore
CertCloseStore

ntdll

RtlUnwind

Sections

.text
Size: 178KB - Virtual size: 178KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
新建文件夹/libeaio_stub.dll
.dll windows:5 windows x86 arch:x86

f433a7ae3710b529a2b414560b70f544

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:f9:80:67:6d:7d:7e:8d:5e:b0:42:d2:df:47:78:48
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

23/03/2023, 00:00

Not After

22/03/2026, 23:59

Subject

CN=Sangfor Technologies Inc.,O=Sangfor Technologies Inc.,L=Shenzhen,ST=Guangdong Province,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a0:dc:d0:52:d2:0c:0d:e6:02:96:aa:93:c9:10:2a:9d:7a:e3:d6:bd:7a:a5:86:93:62:bb:e4:05:3d:87:6c:cd
Signer

Actual PE Digest

a0:dc:d0:52:d2:0c:0d:e6:02:96:aa:93:c9:10:2a:9d:7a:e3:d6:bd:7a:a5:86:93:62:bb:e4:05:3d:87:6c:cd

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\qianliu-agent\workspace\0\zb_gitlab\16700\program\__build\build\app\bin\Release\libeaio_stub.pdb

Imports

kernel32

GetCurrentProcessId
GetCurrentThreadId
SetLastError
GetEnvironmentVariableW
SetEnvironmentVariableW
Sleep
LockFileEx
UnlockFileEx
ReadFile
CloseHandle
CreateFileA
ReleaseMutex
WaitForSingleObject
CreateMutexA
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
HeapCreate
HeapDestroy
FlushFileBuffers
GetProcessHeap
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
OpenFileMappingA
MultiByteToWideChar
WideCharToMultiByte
GetSystemTimeAsFileTime
SystemTimeToFileTime
GetTickCount
GetModuleHandleW
QueryPerformanceCounter
QueryPerformanceFrequency
DisableThreadLibraryCalls
SetCurrentDirectoryA
SetCurrentDirectoryW
GetCurrentDirectoryW
SetDllDirectoryA
SetDllDirectoryW
GetDllDirectoryW
WaitForSingleObjectEx
HeapFree
HeapAlloc
LoadLibraryW
GetLastError
GetProcAddress
LocalFree
FreeLibrary
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
FormatMessageW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
InitializeCriticalSectionAndSpinCount
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
RaiseException
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetTempPathW
SetStdHandle
GetFileType
CreateThread
ExitThread
ResumeThread
FreeLibraryAndExitThread
GetModuleFileNameA
GetModuleFileNameW
GetCurrentThread
GetACP
GetStdHandle
HeapReAlloc
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
GetFileAttributesExW
CreateFileW
WriteFile
GetConsoleCP
GetConsoleMode
ReadConsoleW
SetFilePointerEx
FindClose
FindFirstFileExA
FindFirstFileExW
FindNextFileA
FindNextFileW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetConsoleCtrlHandler
SetEndOfFile
WriteConsoleW
OutputDebugStringA
OutputDebugStringW
HeapSize

advapi32

RegisterEventSourceA
DeregisterEventSource
ConvertStringSecurityDescriptorToSecurityDescriptorA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
ReportEventA

Exports

Exports

??0EaioException@@QAE@XZ
??1EaioException@@QAE@XZ
??4EaioException@@QAEAAV0@ABV0@@Z
?eaio_atomic64_add_and_fetch@@YG_JPC_J_J@Z
?eaio_atomic64_cmp_and_swap@@YG_JPC_J_J1@Z
?eaio_atomic64_get@@YG_JPC_J@Z
?eaio_atomic64_set@@YG_JPC_J_J@Z
?eaio_bstimer_heap_count@@YGIXZ
?eaio_bstimer_loop@@YGXXZ
?eaio_escapeshellarg@@YGPADPBDPADK@Z
?eaio_timer_heap_count@@YAIXZ
?eaio_timer_loop@@YAXXZ
?sfe_l3_host_addr_cmp@@YGHPBUl3_addr_st@@0@Z
_device_path_to_ntpath@16
_eaio_aes_decrypt@12
_eaio_aes_encrypt@12
_eaio_aes_set_decrypt_key@12
_eaio_aes_set_encrypt_key@12
_eaio_atomic32_add_and_fetch@8
_eaio_atomic32_cmp_and_swap@12
_eaio_atomic32_get@4
_eaio_atomic32_set@8
_eaio_atomic_cmp_and_swap_ptr@12
_eaio_autolog_cache_switch@4
_eaio_autolog_fflush@0
_eaio_autolog_finit@0
_eaio_autolog_init@8
_eaio_autolog_reset_logbuf@0
_eaio_base32_decode@16
_eaio_base32_encode@16
_eaio_base64_decode@16
_eaio_base64_decode_ex@16
_eaio_base64_encode@16
_eaio_base64_encode_ex@16
_eaio_binsearch@20
_eaio_binsearch_lower_bound@20
_eaio_bstimer_get_userdata@4
_eaio_bstimer_init@0
_eaio_bstimer_poll_once@0
_eaio_bstimer_start@12
_eaio_bstimer_stop@4
_eaio_cbuf_add@8
_eaio_cbuf_del@8
_eaio_cbuf_free_size@4
_eaio_cbuf_get@12
_eaio_cbuf_get_full@12
_eaio_cbuf_init@12
_eaio_cbuf_peek@12
_eaio_cbuf_put@12
_eaio_cbuf_put_full@12
_eaio_cbuf_size@4
_eaio_change_ipcproxy_addrport@20
_eaio_check_os_endian@0
_eaio_closedir@4
_eaio_cls_bit@12
_eaio_cmd_free@4
_eaio_cmd_parse@8
_eaio_cmd_parse_w@8
_eaio_cond_broadcast@4
_eaio_cond_destroy@4
_eaio_cond_init@4
_eaio_cond_signal@4
_eaio_cond_timedwait@16
_eaio_cond_wait@8
_eaio_contain_val@12
_eaio_cpu_count@0
_eaio_crc32_calc@8
_eaio_crc32_calc_continue@12
_eaio_crc64_calc@8
_eaio_current_dir_get@8
_eaio_current_dir_set@4
_eaio_d3_des_decrypt@16
_eaio_d3_des_encrypt@16
_eaio_des3_decrypt@12
_eaio_des3_encrypt@12
_eaio_des3_set_2keys@12
_eaio_des3_set_3keys@16
_eaio_des_decrypt@12
_eaio_des_encrypt@12
_eaio_des_set_key@8
_eaio_dev_get_id_crc32@0
_eaio_dev_get_id_md5@8
_eaio_dev_get_imei@8
_eaio_dev_get_info@8
_eaio_dev_get_mixed_id@8
_eaio_dev_reset_crc@4
_eaio_device_dev_path_to_dos_path@12
_eaio_device_dos_path_to_dev_path@8
_eaio_device_dos_path_to_nt_path@8
_eaio_device_free@4
_eaio_device_is_dos_prefix@4
_eaio_device_nt_path_to_dos_path@12
_eaio_device_symlink_to_device_path@12
_eaio_dirutils_listdir@12
_eaio_dirutils_mkdir@8
_eaio_dirutils_path_transform@12
_eaio_dirutils_rmdir@4
_eaio_dirwalk_create2@16
_eaio_dirwalk_create@12
_eaio_dirwalk_destroy@4
_eaio_dirwalk_read@8
_eaio_dll_close@4
_eaio_dll_get_addr@12
_eaio_dll_open@8
_eaio_dstable_tls_alloc@4
_eaio_environment_add@12
_eaio_environment_add_w@12
_eaio_environment_del@4
_eaio_environment_del_w@4
_eaio_environment_get@12
_eaio_environment_get_w@12
_eaio_environment_set@8
_eaio_environment_set_w@8
_eaio_environment_subval_exist@12
_eaio_environment_subval_exist_w@12
_eaio_escape_shell_arg@4
_eaio_escape_shell_arg_w@4
_eaio_event_destroy@4
_eaio_event_init@12
_eaio_event_reset@4
_eaio_event_set@4
_eaio_event_timedwait@12
_eaio_event_wait@4
_eaio_fifo_clear@4
_eaio_fifo_init@4
_eaio_fifo_pick@16
_eaio_fifo_pop@12
_eaio_fifo_push@12
_eaio_fifo_saved_element@4
_eaio_fifo_uninit@4
_eaio_file_add_user_full_ctrl@8
_eaio_file_add_user_full_ctrl_w@8
_eaio_file_close@4
_eaio_file_copy@8
_eaio_file_copy_w@8
_eaio_file_flush@4
_eaio_file_flush_w@4
_eaio_file_link@8
_eaio_file_link_w@8
_eaio_file_open@8
_eaio_file_open_w@8
_eaio_file_rename@8
_eaio_file_rename_w@8
_eaio_file_size@4
_eaio_file_size_w@4
_eaio_file_stat@8
_eaio_file_stat_w@8
_eaio_file_unlink@4
_eaio_file_unlink_w@4
_eaio_filetime_to_timet@12
_eaio_flock_acquire@4
_eaio_flock_acquire_timeout@12
_eaio_flock_destroy@4
_eaio_flock_init@8
_eaio_flock_is_locked@4
_eaio_flock_release@4
_eaio_flush_dns_cache@0
_eaio_free_@4
_eaio_free_appident_elem@4
_eaio_get_appident_info@12
_eaio_get_current_process_session_id@0
_eaio_get_ipaddr_by_host@12
_eaio_get_ipcproxy_addrport@20
_eaio_get_ipcproxy_connectaddr@12
_eaio_get_ipcproxy_localport@0
_eaio_get_os_platform@4
_eaio_get_root_dir@0
_eaio_get_root_dir_w@0
_eaio_get_sys_cpu_ticks@4
_eaio_get_val_idx@4
_eaio_getfile_information@8
_eaio_gettimeofday@8
_eaio_glock_acquire@4
_eaio_glock_acquire_timeout@12
_eaio_glock_destroy@4
_eaio_glock_init@8
_eaio_glock_release@4
_eaio_hash_set_clear@4
_eaio_hash_set_find@12
_eaio_hash_set_init@8
_eaio_hash_set_insert@12
_eaio_hash_set_maxn@4
_eaio_hash_set_remove@12
_eaio_hash_set_size@4
_eaio_hash_set_unit@4
_eaio_heap_create@8
_eaio_heap_destroy@4
_eaio_heap_mem_alloc@12
_eaio_heap_mem_destroy@4
_eaio_heap_mem_free@12
_eaio_heap_mem_init@8
_eaio_heap_pop@8
_eaio_heap_push@8
_eaio_hex_decode@12
_eaio_hex_decode_ex@12
_eaio_hex_encode@16
_eaio_hex_encode_ex@16
_eaio_hex_encode_lower@16
_eaio_home_dir@8
_eaio_hostname@8
_eaio_i18n_gettext@4
_eaio_i18n_load_resource@8
_eaio_impersonate_logged_user@4
_eaio_impersonate_logged_user_by_session@4
_eaio_ini_file_del@8
_eaio_ini_file_foreach@12
_eaio_ini_file_free@4
_eaio_ini_file_get@12
_eaio_ini_file_get_cstr@16
_eaio_ini_file_get_int@16
_eaio_ini_file_get_long@16
_eaio_ini_file_get_uint@16
_eaio_ini_file_get_ulong@16
_eaio_ini_file_load@4
_eaio_ini_file_load_ex@8
_eaio_ini_file_load_with_sk@8
_eaio_ini_file_load_with_sk_ex@12
_eaio_ini_file_save@12
_eaio_ini_file_save_directio@12
_eaio_ini_file_save_retry@16
_eaio_ini_file_save_with_sk@20
_eaio_ini_file_section_foreach@16
_eaio_ini_file_set@16
_eaio_ini_file_set_int@16
_eaio_ini_file_set_long@16
_eaio_ini_file_set_uint@16
_eaio_ini_file_set_ulong@16
_eaio_ini_file_unset@12
_eaio_is_run_as_admin@0
_eaio_is_virtual_evn@4
_eaio_jhash2@12
_eaio_jhash@12
_eaio_jhash_1word@8
_eaio_jhash_2words@12
_eaio_jhash_3words@16
_eaio_keepalive_create@12
_eaio_keepalive_destory@4
_eaio_keepalive_get_id@4
_eaio_keepalive_get_name@4
_eaio_keepalive_get_tick@4
_eaio_keepalive_get_timeout@4
_eaio_keepalive_is_alive@4
_eaio_keepalive_mgr_abnormal_obj@4
_eaio_keepalive_mgr_add@8
_eaio_keepalive_mgr_create@0
_eaio_keepalive_mgr_destory@4
_eaio_keepalive_mgr_hs_foreach@12
_eaio_keepalive_mgr_is_alive@4
_eaio_keepalive_update@4
_eaio_l3_addr_and_mask@12
_eaio_l3_addr_binary_search@12
_eaio_l3_addr_cmp@8
_eaio_l3_addr_dec@4
_eaio_l3_addr_in_range2@12
_eaio_l3_addr_in_range@8
_eaio_l3_addr_inc@4
_eaio_l3_addr_ntoh2@4
_eaio_l3_addr_ntoh@8
_eaio_l3_addr_or_not_mask@12
_eaio_l3_addr_prefix_equal@12
_eaio_l3_addr_to_string@12
_eaio_l3_gen_addr_all_zero_one@12
_eaio_l3_get_ipv4_mask@8
_eaio_l3_get_ipv6_mask@8
_eaio_l3_get_mask_prefix@8
_eaio_l3_get_range_from_mask@12
_eaio_l3_get_string_mask@8
_eaio_l3_ipv4_addr_mask_equal@12
_eaio_l3_ipv4_to_ipv6_compatible@4
_eaio_l3_ipv4_to_ipv6_mapping@4
_eaio_l3_ipv6_to_ipv4_special@4
_eaio_l3_is_addr_all_set@4
_eaio_l3_is_addr_close_to@8
_eaio_l3_is_addr_zero@4
_eaio_l3_is_ipv6_addr_compatible@4
_eaio_l3_is_ipv6_addr_mapping@4
_eaio_l3_is_mask_valid@4
_eaio_l3_is_range_equal@8
_eaio_l3_mask_to_string@12
_eaio_l3_net_addr_binary_search@12
_eaio_l3_print_addr@4
_eaio_l3_print_mask@4
_eaio_l3_range_sort@12
_eaio_l3_range_to_string@12
_eaio_l3_range_trim@8
_eaio_l3_set_range@12
_eaio_l3_string_to_addr@8
_eaio_l3_string_to_mask@8
_eaio_l3_string_to_range@8
_eaio_l3_string_type@4
_eaio_log_dir@8
_eaio_log_get_tick_count@0
_eaio_log_is_regestered@0
_eaio_log_level_get@0
_eaio_log_level_set@4
_eaio_log_output_register@4
_eaio_log_output_unregister@4
_eaio_log_voutput@12
_eaio_malloc_@4
_eaio_mclock@0
_eaio_md5_bin2str@8
_eaio_md5_calc@12
_eaio_md5_file@8
_eaio_md5_filew@8
_eaio_md5_final@8
_eaio_md5_init@4
_eaio_md5_str2bin@8
_eaio_md5_update@12
_eaio_memcmp@12
_eaio_memcpy@12
_eaio_memmov@12
_eaio_memset@12
_eaio_msleep@8
_eaio_mstr_ctrl_add_pattern@16
_eaio_mstr_ctrl_compile@4
_eaio_mstr_ctrl_create@4
_eaio_mstr_ctrl_destroy@4
_eaio_mstr_search@24
_eaio_mstr_state_reset@4
_eaio_murmur_hash64@12
_eaio_mutex_destroy@4
_eaio_mutex_init@4
_eaio_mutex_lock@4
_eaio_mutex_trylock@4
_eaio_mutex_unlock@4
_eaio_oa_hash_clear@4
_eaio_oa_hash_count@4
_eaio_oa_hash_create@4
_eaio_oa_hash_delete@12
_eaio_oa_hash_destroy@4
_eaio_oa_hash_insert@16
_eaio_oa_hash_psl_dbg@4
_eaio_oa_hash_search@16
_eaio_oa_hash_size@4
_eaio_oa_hash_traverse@12
_eaio_opendir@4
_eaio_os_is_64bit@0
_eaio_page_size@0
_eaio_path_absolute@12
_eaio_path_absolute_to@16
_eaio_path_absolute_w@12
_eaio_path_del_file_a@4
_eaio_path_del_file_u@4
_eaio_path_del_file_w@4
_eaio_path_directory@12
_eaio_path_directory_w@12
_eaio_path_format_a@4
_eaio_path_format_u@4
_eaio_path_format_w@4
_eaio_path_get_cur_proc_a@8
_eaio_path_get_cur_proc_u@8
_eaio_path_get_cur_proc_w@8
_eaio_path_get_ext_a@4
_eaio_path_get_ext_u@4
_eaio_path_get_ext_w@4
_eaio_path_get_name_a@4
_eaio_path_get_name_u@4
_eaio_path_get_name_w@4
_eaio_path_is_absolute@4
_eaio_path_is_dir_a@4
_eaio_path_is_dir_u@4
_eaio_path_is_dir_w@4
_eaio_path_is_exist_a@4
_eaio_path_is_exist_u@4
_eaio_path_is_exist_w@4
_eaio_path_relative@12
_eaio_path_relative_to@16
_eaio_path_remove_ext_a@4
_eaio_path_remove_ext_u@4
_eaio_path_remove_ext_w@4
_eaio_path_remove_name_a@4
_eaio_path_remove_name_u@4
_eaio_path_remove_name_w@4
_eaio_path_translate@12
_eaio_pipe_bread@12
_eaio_pipe_bwrite@12
_eaio_pipe_close@4
_eaio_pipe_connect@4
_eaio_pipe_create@12
_eaio_pipe_create_pair@8
_eaio_pipe_read@12
_eaio_pipe_wait@12
_eaio_pipe_write@12
_eaio_plist_add@8
_eaio_plist_del@12
_eaio_plist_head_init@4
_eaio_privilege_elevate_token@8
_eaio_privilege_set_attr@12
_eaio_privilege_set_attr_ex@16
_eaio_proc_chain_free@4
_eaio_proc_chain_verifier@8
_eaio_proc_get_cur_proc_chain@4
_eaio_proc_print_chain_info@4
_eaio_process_create@8
_eaio_process_create_by_token@8
_eaio_process_create_by_token_ex@8
_eaio_process_create_w@8
_eaio_process_get_cmd@8
_eaio_process_get_cmd_w@8
_eaio_process_get_info@16
_eaio_process_get_memory_usage@12
_eaio_process_get_path@12
_eaio_process_get_path_w@12
_eaio_process_get_pid@0
_eaio_process_get_proc_cpu_ticks@8
_eaio_process_is_child@8
_eaio_process_is_exist@4
_eaio_process_kill@8
_eaio_process_path_and_pid_is_exist@12
_eaio_process_path_is_exist@12
_eaio_process_path_is_exist_w@12
_eaio_process_resume@4
_eaio_process_suspend@4
_eaio_process_wait@16
_eaio_ralloc_@8
_eaio_rand_by_time@0
_eaio_rbtree_count@4
_eaio_rbtree_create@12
_eaio_rbtree_delete@12
_eaio_rbtree_destroy@4
_eaio_rbtree_first@4
_eaio_rbtree_get_cursor@12
_eaio_rbtree_insert@16
_eaio_rbtree_last@4
_eaio_rbtree_lower_bound@12
_eaio_rbtree_next@4
_eaio_rbtree_prev@4
_eaio_rbtree_search@16
_eaio_rbtree_size@4
_eaio_rbtree_upper_bound@12
_eaio_rbtree_walk@12
_eaio_rc4_crypt@16
_eaio_rc4_key_init@12
_eaio_readdir@4
_eaio_reg_del_key_w@8
_eaio_reg_del_value_w@12
_eaio_reg_query_binary_a@20
_eaio_reg_query_binary_w@20
_eaio_reg_query_dword_a@20
_eaio_reg_query_dword_w@20
_eaio_reg_query_string_a@24
_eaio_reg_query_string_w@24
_eaio_reg_set_binary_a@20
_eaio_reg_set_binary_w@20
_eaio_reg_set_dword_a@16
_eaio_reg_set_dword_w@16
_eaio_reg_set_expand_string_w@20
_eaio_reg_set_qword_a@20
_eaio_reg_set_qword_w@20
_eaio_reg_set_string_a@20
_eaio_reg_set_string_w@20
_eaio_remove_product_config@4
_eaio_req_query_qword_a@24
_eaio_req_query_qword_w@24
_eaio_rewinddir@4
_eaio_rundown_completed@4
_eaio_rundown_protection_acquire@4
_eaio_rundown_protection_init@4
_eaio_rundown_protection_reinit@4
_eaio_rundown_protection_release@4
_eaio_rundown_release_wait@4
_eaio_rwlock_destroy@4
_eaio_rwlock_exclusive_acquire@4
_eaio_rwlock_exclusive_release@4
_eaio_rwlock_exclusive_try_acquire@4
_eaio_rwlock_init@4
_eaio_rwlock_shared_acquire@4
_eaio_rwlock_shared_release@4
_eaio_rwlock_shared_try_acquire@4
_eaio_secure_create_wellknown_sa@4
_eaio_secure_desc_init_helper1@24
_eaio_secure_desc_init_helper2@28
_eaio_secure_desc_init_helper@20
_eaio_secure_free_acl@4
_eaio_secure_free_sid@4
_eaio_secure_free_wellknown_sa@4
_eaio_semaphore_destroy@4
_eaio_semaphore_init@4
_eaio_semaphore_post@8
_eaio_semaphore_value@4
_eaio_semaphore_wait@12
_eaio_service_enum_procinfo@12
_eaio_service_enum_procinfo_w@12
_eaio_service_free@4
_eaio_service_is_exist@4
_eaio_service_is_exist_w@4
_eaio_service_is_running@4
_eaio_service_is_running_w@4
_eaio_service_is_wow64@4
_eaio_service_is_wow64_w@4
_eaio_service_query_id@8
_eaio_service_query_id_w@8
_eaio_service_query_image_path@12
_eaio_service_query_image_path_w@12
_eaio_service_query_start_type@8
_eaio_service_query_start_type_w@8
_eaio_service_query_state@8
_eaio_service_query_state_w@8
_eaio_service_remove@4
_eaio_service_remove_w@4

Sections

.text
Size: 629KB - Virtual size: 629KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
新建文件夹/libeaio_stub9.dll
.dll windows:5 windows x86 arch:x86

f433a7ae3710b529a2b414560b70f544

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:f9:80:67:6d:7d:7e:8d:5e:b0:42:d2:df:47:78:48
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

23/03/2023, 00:00

Not After

22/03/2026, 23:59

Subject

CN=Sangfor Technologies Inc.,O=Sangfor Technologies Inc.,L=Shenzhen,ST=Guangdong Province,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a0:dc:d0:52:d2:0c:0d:e6:02:96:aa:93:c9:10:2a:9d:7a:e3:d6:bd:7a:a5:86:93:62:bb:e4:05:3d:87:6c:cd
Signer

Actual PE Digest

a0:dc:d0:52:d2:0c:0d:e6:02:96:aa:93:c9:10:2a:9d:7a:e3:d6:bd:7a:a5:86:93:62:bb:e4:05:3d:87:6c:cd

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\qianliu-agent\workspace\0\zb_gitlab\16700\program\__build\build\app\bin\Release\libeaio_stub.pdb

Imports

kernel32

GetCurrentProcessId
GetCurrentThreadId
SetLastError
GetEnvironmentVariableW
SetEnvironmentVariableW
Sleep
LockFileEx
UnlockFileEx
ReadFile
CloseHandle
CreateFileA
ReleaseMutex
WaitForSingleObject
CreateMutexA
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
HeapCreate
HeapDestroy
FlushFileBuffers
GetProcessHeap
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
OpenFileMappingA
MultiByteToWideChar
WideCharToMultiByte
GetSystemTimeAsFileTime
SystemTimeToFileTime
GetTickCount
GetModuleHandleW
QueryPerformanceCounter
QueryPerformanceFrequency
DisableThreadLibraryCalls
SetCurrentDirectoryA
SetCurrentDirectoryW
GetCurrentDirectoryW
SetDllDirectoryA
SetDllDirectoryW
GetDllDirectoryW
WaitForSingleObjectEx
HeapFree
HeapAlloc
LoadLibraryW
GetLastError
GetProcAddress
LocalFree
FreeLibrary
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
FormatMessageW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
InitializeCriticalSectionAndSpinCount
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
RaiseException
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetTempPathW
SetStdHandle
GetFileType
CreateThread
ExitThread
ResumeThread
FreeLibraryAndExitThread
GetModuleFileNameA
GetModuleFileNameW
GetCurrentThread
GetACP
GetStdHandle
HeapReAlloc
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
GetFileAttributesExW
CreateFileW
WriteFile
GetConsoleCP
GetConsoleMode
ReadConsoleW
SetFilePointerEx
FindClose
FindFirstFileExA
FindFirstFileExW
FindNextFileA
FindNextFileW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetConsoleCtrlHandler
SetEndOfFile
WriteConsoleW
OutputDebugStringA
OutputDebugStringW
HeapSize

advapi32

RegisterEventSourceA
DeregisterEventSource
ConvertStringSecurityDescriptorToSecurityDescriptorA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
ReportEventA

Exports

Exports

??0EaioException@@QAE@XZ
??1EaioException@@QAE@XZ
??4EaioException@@QAEAAV0@ABV0@@Z
?eaio_atomic64_add_and_fetch@@YG_JPC_J_J@Z
?eaio_atomic64_cmp_and_swap@@YG_JPC_J_J1@Z
?eaio_atomic64_get@@YG_JPC_J@Z
?eaio_atomic64_set@@YG_JPC_J_J@Z
?eaio_bstimer_heap_count@@YGIXZ
?eaio_bstimer_loop@@YGXXZ
?eaio_escapeshellarg@@YGPADPBDPADK@Z
?eaio_timer_heap_count@@YAIXZ
?eaio_timer_loop@@YAXXZ
?sfe_l3_host_addr_cmp@@YGHPBUl3_addr_st@@0@Z
_device_path_to_ntpath@16
_eaio_aes_decrypt@12
_eaio_aes_encrypt@12
_eaio_aes_set_decrypt_key@12
_eaio_aes_set_encrypt_key@12
_eaio_atomic32_add_and_fetch@8
_eaio_atomic32_cmp_and_swap@12
_eaio_atomic32_get@4
_eaio_atomic32_set@8
_eaio_atomic_cmp_and_swap_ptr@12
_eaio_autolog_cache_switch@4
_eaio_autolog_fflush@0
_eaio_autolog_finit@0
_eaio_autolog_init@8
_eaio_autolog_reset_logbuf@0
_eaio_base32_decode@16
_eaio_base32_encode@16
_eaio_base64_decode@16
_eaio_base64_decode_ex@16
_eaio_base64_encode@16
_eaio_base64_encode_ex@16
_eaio_binsearch@20
_eaio_binsearch_lower_bound@20
_eaio_bstimer_get_userdata@4
_eaio_bstimer_init@0
_eaio_bstimer_poll_once@0
_eaio_bstimer_start@12
_eaio_bstimer_stop@4
_eaio_cbuf_add@8
_eaio_cbuf_del@8
_eaio_cbuf_free_size@4
_eaio_cbuf_get@12
_eaio_cbuf_get_full@12
_eaio_cbuf_init@12
_eaio_cbuf_peek@12
_eaio_cbuf_put@12
_eaio_cbuf_put_full@12
_eaio_cbuf_size@4
_eaio_change_ipcproxy_addrport@20
_eaio_check_os_endian@0
_eaio_closedir@4
_eaio_cls_bit@12
_eaio_cmd_free@4
_eaio_cmd_parse@8
_eaio_cmd_parse_w@8
_eaio_cond_broadcast@4
_eaio_cond_destroy@4
_eaio_cond_init@4
_eaio_cond_signal@4
_eaio_cond_timedwait@16
_eaio_cond_wait@8
_eaio_contain_val@12
_eaio_cpu_count@0
_eaio_crc32_calc@8
_eaio_crc32_calc_continue@12
_eaio_crc64_calc@8
_eaio_current_dir_get@8
_eaio_current_dir_set@4
_eaio_d3_des_decrypt@16
_eaio_d3_des_encrypt@16
_eaio_des3_decrypt@12
_eaio_des3_encrypt@12
_eaio_des3_set_2keys@12
_eaio_des3_set_3keys@16
_eaio_des_decrypt@12
_eaio_des_encrypt@12
_eaio_des_set_key@8
_eaio_dev_get_id_crc32@0
_eaio_dev_get_id_md5@8
_eaio_dev_get_imei@8
_eaio_dev_get_info@8
_eaio_dev_get_mixed_id@8
_eaio_dev_reset_crc@4
_eaio_device_dev_path_to_dos_path@12
_eaio_device_dos_path_to_dev_path@8
_eaio_device_dos_path_to_nt_path@8
_eaio_device_free@4
_eaio_device_is_dos_prefix@4
_eaio_device_nt_path_to_dos_path@12
_eaio_device_symlink_to_device_path@12
_eaio_dirutils_listdir@12
_eaio_dirutils_mkdir@8
_eaio_dirutils_path_transform@12
_eaio_dirutils_rmdir@4
_eaio_dirwalk_create2@16
_eaio_dirwalk_create@12
_eaio_dirwalk_destroy@4
_eaio_dirwalk_read@8
_eaio_dll_close@4
_eaio_dll_get_addr@12
_eaio_dll_open@8
_eaio_dstable_tls_alloc@4
_eaio_environment_add@12
_eaio_environment_add_w@12
_eaio_environment_del@4
_eaio_environment_del_w@4
_eaio_environment_get@12
_eaio_environment_get_w@12
_eaio_environment_set@8
_eaio_environment_set_w@8
_eaio_environment_subval_exist@12
_eaio_environment_subval_exist_w@12
_eaio_escape_shell_arg@4
_eaio_escape_shell_arg_w@4
_eaio_event_destroy@4
_eaio_event_init@12
_eaio_event_reset@4
_eaio_event_set@4
_eaio_event_timedwait@12
_eaio_event_wait@4
_eaio_fifo_clear@4
_eaio_fifo_init@4
_eaio_fifo_pick@16
_eaio_fifo_pop@12
_eaio_fifo_push@12
_eaio_fifo_saved_element@4
_eaio_fifo_uninit@4
_eaio_file_add_user_full_ctrl@8
_eaio_file_add_user_full_ctrl_w@8
_eaio_file_close@4
_eaio_file_copy@8
_eaio_file_copy_w@8
_eaio_file_flush@4
_eaio_file_flush_w@4
_eaio_file_link@8
_eaio_file_link_w@8
_eaio_file_open@8
_eaio_file_open_w@8
_eaio_file_rename@8
_eaio_file_rename_w@8
_eaio_file_size@4
_eaio_file_size_w@4
_eaio_file_stat@8
_eaio_file_stat_w@8
_eaio_file_unlink@4
_eaio_file_unlink_w@4
_eaio_filetime_to_timet@12
_eaio_flock_acquire@4
_eaio_flock_acquire_timeout@12
_eaio_flock_destroy@4
_eaio_flock_init@8
_eaio_flock_is_locked@4
_eaio_flock_release@4
_eaio_flush_dns_cache@0
_eaio_free_@4
_eaio_free_appident_elem@4
_eaio_get_appident_info@12
_eaio_get_current_process_session_id@0
_eaio_get_ipaddr_by_host@12
_eaio_get_ipcproxy_addrport@20
_eaio_get_ipcproxy_connectaddr@12
_eaio_get_ipcproxy_localport@0
_eaio_get_os_platform@4
_eaio_get_root_dir@0
_eaio_get_root_dir_w@0
_eaio_get_sys_cpu_ticks@4
_eaio_get_val_idx@4
_eaio_getfile_information@8
_eaio_gettimeofday@8
_eaio_glock_acquire@4
_eaio_glock_acquire_timeout@12
_eaio_glock_destroy@4
_eaio_glock_init@8
_eaio_glock_release@4
_eaio_hash_set_clear@4
_eaio_hash_set_find@12
_eaio_hash_set_init@8
_eaio_hash_set_insert@12
_eaio_hash_set_maxn@4
_eaio_hash_set_remove@12
_eaio_hash_set_size@4
_eaio_hash_set_unit@4
_eaio_heap_create@8
_eaio_heap_destroy@4
_eaio_heap_mem_alloc@12
_eaio_heap_mem_destroy@4
_eaio_heap_mem_free@12
_eaio_heap_mem_init@8
_eaio_heap_pop@8
_eaio_heap_push@8
_eaio_hex_decode@12
_eaio_hex_decode_ex@12
_eaio_hex_encode@16
_eaio_hex_encode_ex@16
_eaio_hex_encode_lower@16
_eaio_home_dir@8
_eaio_hostname@8
_eaio_i18n_gettext@4
_eaio_i18n_load_resource@8
_eaio_impersonate_logged_user@4
_eaio_impersonate_logged_user_by_session@4
_eaio_ini_file_del@8
_eaio_ini_file_foreach@12
_eaio_ini_file_free@4
_eaio_ini_file_get@12
_eaio_ini_file_get_cstr@16
_eaio_ini_file_get_int@16
_eaio_ini_file_get_long@16
_eaio_ini_file_get_uint@16
_eaio_ini_file_get_ulong@16
_eaio_ini_file_load@4
_eaio_ini_file_load_ex@8
_eaio_ini_file_load_with_sk@8
_eaio_ini_file_load_with_sk_ex@12
_eaio_ini_file_save@12
_eaio_ini_file_save_directio@12
_eaio_ini_file_save_retry@16
_eaio_ini_file_save_with_sk@20
_eaio_ini_file_section_foreach@16
_eaio_ini_file_set@16
_eaio_ini_file_set_int@16
_eaio_ini_file_set_long@16
_eaio_ini_file_set_uint@16
_eaio_ini_file_set_ulong@16
_eaio_ini_file_unset@12
_eaio_is_run_as_admin@0
_eaio_is_virtual_evn@4
_eaio_jhash2@12
_eaio_jhash@12
_eaio_jhash_1word@8
_eaio_jhash_2words@12
_eaio_jhash_3words@16
_eaio_keepalive_create@12
_eaio_keepalive_destory@4
_eaio_keepalive_get_id@4
_eaio_keepalive_get_name@4
_eaio_keepalive_get_tick@4
_eaio_keepalive_get_timeout@4
_eaio_keepalive_is_alive@4
_eaio_keepalive_mgr_abnormal_obj@4
_eaio_keepalive_mgr_add@8
_eaio_keepalive_mgr_create@0
_eaio_keepalive_mgr_destory@4
_eaio_keepalive_mgr_hs_foreach@12
_eaio_keepalive_mgr_is_alive@4
_eaio_keepalive_update@4
_eaio_l3_addr_and_mask@12
_eaio_l3_addr_binary_search@12
_eaio_l3_addr_cmp@8
_eaio_l3_addr_dec@4
_eaio_l3_addr_in_range2@12
_eaio_l3_addr_in_range@8
_eaio_l3_addr_inc@4
_eaio_l3_addr_ntoh2@4
_eaio_l3_addr_ntoh@8
_eaio_l3_addr_or_not_mask@12
_eaio_l3_addr_prefix_equal@12
_eaio_l3_addr_to_string@12
_eaio_l3_gen_addr_all_zero_one@12
_eaio_l3_get_ipv4_mask@8
_eaio_l3_get_ipv6_mask@8
_eaio_l3_get_mask_prefix@8
_eaio_l3_get_range_from_mask@12
_eaio_l3_get_string_mask@8
_eaio_l3_ipv4_addr_mask_equal@12
_eaio_l3_ipv4_to_ipv6_compatible@4
_eaio_l3_ipv4_to_ipv6_mapping@4
_eaio_l3_ipv6_to_ipv4_special@4
_eaio_l3_is_addr_all_set@4
_eaio_l3_is_addr_close_to@8
_eaio_l3_is_addr_zero@4
_eaio_l3_is_ipv6_addr_compatible@4
_eaio_l3_is_ipv6_addr_mapping@4
_eaio_l3_is_mask_valid@4
_eaio_l3_is_range_equal@8
_eaio_l3_mask_to_string@12
_eaio_l3_net_addr_binary_search@12
_eaio_l3_print_addr@4
_eaio_l3_print_mask@4
_eaio_l3_range_sort@12
_eaio_l3_range_to_string@12
_eaio_l3_range_trim@8
_eaio_l3_set_range@12
_eaio_l3_string_to_addr@8
_eaio_l3_string_to_mask@8
_eaio_l3_string_to_range@8
_eaio_l3_string_type@4
_eaio_log_dir@8
_eaio_log_get_tick_count@0
_eaio_log_is_regestered@0
_eaio_log_level_get@0
_eaio_log_level_set@4
_eaio_log_output_register@4
_eaio_log_output_unregister@4
_eaio_log_voutput@12
_eaio_malloc_@4
_eaio_mclock@0
_eaio_md5_bin2str@8
_eaio_md5_calc@12
_eaio_md5_file@8
_eaio_md5_filew@8
_eaio_md5_final@8
_eaio_md5_init@4
_eaio_md5_str2bin@8
_eaio_md5_update@12
_eaio_memcmp@12
_eaio_memcpy@12
_eaio_memmov@12
_eaio_memset@12
_eaio_msleep@8
_eaio_mstr_ctrl_add_pattern@16
_eaio_mstr_ctrl_compile@4
_eaio_mstr_ctrl_create@4
_eaio_mstr_ctrl_destroy@4
_eaio_mstr_search@24
_eaio_mstr_state_reset@4
_eaio_murmur_hash64@12
_eaio_mutex_destroy@4
_eaio_mutex_init@4
_eaio_mutex_lock@4
_eaio_mutex_trylock@4
_eaio_mutex_unlock@4
_eaio_oa_hash_clear@4
_eaio_oa_hash_count@4
_eaio_oa_hash_create@4
_eaio_oa_hash_delete@12
_eaio_oa_hash_destroy@4
_eaio_oa_hash_insert@16
_eaio_oa_hash_psl_dbg@4
_eaio_oa_hash_search@16
_eaio_oa_hash_size@4
_eaio_oa_hash_traverse@12
_eaio_opendir@4
_eaio_os_is_64bit@0
_eaio_page_size@0
_eaio_path_absolute@12
_eaio_path_absolute_to@16
_eaio_path_absolute_w@12
_eaio_path_del_file_a@4
_eaio_path_del_file_u@4
_eaio_path_del_file_w@4
_eaio_path_directory@12
_eaio_path_directory_w@12
_eaio_path_format_a@4
_eaio_path_format_u@4
_eaio_path_format_w@4
_eaio_path_get_cur_proc_a@8
_eaio_path_get_cur_proc_u@8
_eaio_path_get_cur_proc_w@8
_eaio_path_get_ext_a@4
_eaio_path_get_ext_u@4
_eaio_path_get_ext_w@4
_eaio_path_get_name_a@4
_eaio_path_get_name_u@4
_eaio_path_get_name_w@4
_eaio_path_is_absolute@4
_eaio_path_is_dir_a@4
_eaio_path_is_dir_u@4
_eaio_path_is_dir_w@4
_eaio_path_is_exist_a@4
_eaio_path_is_exist_u@4
_eaio_path_is_exist_w@4
_eaio_path_relative@12
_eaio_path_relative_to@16
_eaio_path_remove_ext_a@4
_eaio_path_remove_ext_u@4
_eaio_path_remove_ext_w@4
_eaio_path_remove_name_a@4
_eaio_path_remove_name_u@4
_eaio_path_remove_name_w@4
_eaio_path_translate@12
_eaio_pipe_bread@12
_eaio_pipe_bwrite@12
_eaio_pipe_close@4
_eaio_pipe_connect@4
_eaio_pipe_create@12
_eaio_pipe_create_pair@8
_eaio_pipe_read@12
_eaio_pipe_wait@12
_eaio_pipe_write@12
_eaio_plist_add@8
_eaio_plist_del@12
_eaio_plist_head_init@4
_eaio_privilege_elevate_token@8
_eaio_privilege_set_attr@12
_eaio_privilege_set_attr_ex@16
_eaio_proc_chain_free@4
_eaio_proc_chain_verifier@8
_eaio_proc_get_cur_proc_chain@4
_eaio_proc_print_chain_info@4
_eaio_process_create@8
_eaio_process_create_by_token@8
_eaio_process_create_by_token_ex@8
_eaio_process_create_w@8
_eaio_process_get_cmd@8
_eaio_process_get_cmd_w@8
_eaio_process_get_info@16
_eaio_process_get_memory_usage@12
_eaio_process_get_path@12
_eaio_process_get_path_w@12
_eaio_process_get_pid@0
_eaio_process_get_proc_cpu_ticks@8
_eaio_process_is_child@8
_eaio_process_is_exist@4
_eaio_process_kill@8
_eaio_process_path_and_pid_is_exist@12
_eaio_process_path_is_exist@12
_eaio_process_path_is_exist_w@12
_eaio_process_resume@4
_eaio_process_suspend@4
_eaio_process_wait@16
_eaio_ralloc_@8
_eaio_rand_by_time@0
_eaio_rbtree_count@4
_eaio_rbtree_create@12
_eaio_rbtree_delete@12
_eaio_rbtree_destroy@4
_eaio_rbtree_first@4
_eaio_rbtree_get_cursor@12
_eaio_rbtree_insert@16
_eaio_rbtree_last@4
_eaio_rbtree_lower_bound@12
_eaio_rbtree_next@4
_eaio_rbtree_prev@4
_eaio_rbtree_search@16
_eaio_rbtree_size@4
_eaio_rbtree_upper_bound@12
_eaio_rbtree_walk@12
_eaio_rc4_crypt@16
_eaio_rc4_key_init@12
_eaio_readdir@4
_eaio_reg_del_key_w@8
_eaio_reg_del_value_w@12
_eaio_reg_query_binary_a@20
_eaio_reg_query_binary_w@20
_eaio_reg_query_dword_a@20
_eaio_reg_query_dword_w@20
_eaio_reg_query_string_a@24
_eaio_reg_query_string_w@24
_eaio_reg_set_binary_a@20
_eaio_reg_set_binary_w@20
_eaio_reg_set_dword_a@16
_eaio_reg_set_dword_w@16
_eaio_reg_set_expand_string_w@20
_eaio_reg_set_qword_a@20
_eaio_reg_set_qword_w@20
_eaio_reg_set_string_a@20
_eaio_reg_set_string_w@20
_eaio_remove_product_config@4
_eaio_req_query_qword_a@24
_eaio_req_query_qword_w@24
_eaio_rewinddir@4
_eaio_rundown_completed@4
_eaio_rundown_protection_acquire@4
_eaio_rundown_protection_init@4
_eaio_rundown_protection_reinit@4
_eaio_rundown_protection_release@4
_eaio_rundown_release_wait@4
_eaio_rwlock_destroy@4
_eaio_rwlock_exclusive_acquire@4
_eaio_rwlock_exclusive_release@4
_eaio_rwlock_exclusive_try_acquire@4
_eaio_rwlock_init@4
_eaio_rwlock_shared_acquire@4
_eaio_rwlock_shared_release@4
_eaio_rwlock_shared_try_acquire@4
_eaio_secure_create_wellknown_sa@4
_eaio_secure_desc_init_helper1@24
_eaio_secure_desc_init_helper2@28
_eaio_secure_desc_init_helper@20
_eaio_secure_free_acl@4
_eaio_secure_free_sid@4
_eaio_secure_free_wellknown_sa@4
_eaio_semaphore_destroy@4
_eaio_semaphore_init@4
_eaio_semaphore_post@8
_eaio_semaphore_value@4
_eaio_semaphore_wait@12
_eaio_service_enum_procinfo@12
_eaio_service_enum_procinfo_w@12
_eaio_service_free@4
_eaio_service_is_exist@4
_eaio_service_is_exist_w@4
_eaio_service_is_running@4
_eaio_service_is_running_w@4
_eaio_service_is_wow64@4
_eaio_service_is_wow64_w@4
_eaio_service_query_id@8
_eaio_service_query_id_w@8
_eaio_service_query_image_path@12
_eaio_service_query_image_path_w@12
_eaio_service_query_start_type@8
_eaio_service_query_start_type_w@8
_eaio_service_query_state@8
_eaio_service_query_state_w@8
_eaio_service_remove@4
_eaio_service_remove_w@4

Sections

.text
Size: 629KB - Virtual size: 629KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
新建文件夹/netproxy_instca.exe
.exe windows:5 windows x86 arch:x86

b951b1dabe4addbf948ce24c0dc2bade

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:f9:80:67:6d:7d:7e:8d:5e:b0:42:d2:df:47:78:48
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

23/03/2023, 00:00

Not After

22/03/2026, 23:59

Subject

CN=Sangfor Technologies Inc.,O=Sangfor Technologies Inc.,L=Shenzhen,ST=Guangdong Province,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4c:6a:a1:b8:65:82:31:6e:78:57:fd:a9:28:cf:4d:1f:88:f2:17:77:d5:4d:61:29:5c:49:41:f3:f4:73:af:5c
Signer

Actual PE Digest

4c:6a:a1:b8:65:82:31:6e:78:57:fd:a9:28:cf:4d:1f:88:f2:17:77:d5:4d:61:29:5c:49:41:f3:f4:73:af:5c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\qianliu-agent\workspace\0\zb_gitlab\16813\program\ac\Windows\Ingress\OutPut\Release\netproxy_instca.pdb

Imports

kernel32

Process32NextW
ProcessIdToSessionId
GetCurrentProcessId
Process32First
Process32Next
GetModuleFileNameA
CreateDirectoryA
SetFileAttributesA
GetModuleFileNameW
GetTempFileNameW
DeleteFileW
CopyFileA
lstrcpyA
lstrcatA
IsWow64Process
CompareStringW
CompareStringA
Process32FirstW
CreateToolhelp32Snapshot
lstrlenA
LocalFree
SetLastError
MultiByteToWideChar
WideCharToMultiByte
LoadLibraryA
FreeLibrary
GetProcAddress
GetModuleHandleA
GetExitCodeProcess
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CreateFileA
InitializeCriticalSectionAndSpinCount
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
TerminateProcess
CreateProcessA
GetCurrentProcess
SetThreadLocale
SetThreadUILanguage
GetSystemDefaultLangID
Sleep
GetLocalTime
VerifyVersionInfoW
VerSetConditionMask
WaitForSingleObject
CloseHandle
GetLastError
OpenProcess
HeapAlloc
HeapFree
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileA
GetFileAttributesA
MoveFileA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
DeleteFileA
HeapReAlloc
SetEndOfFile
GetProcessHeap
GetCommandLineA
GetStartupInfoA
RaiseException
RtlUnwind
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualFree
VirtualAlloc
HeapCreate
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
SetHandleCount
GetFileType
GetFullPathNameA
GetCurrentDirectoryA
ReadFile
GetConsoleCP
GetConsoleMode
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetTimeZoneInformation
SetStdHandle
SetFilePointer
FreeEnvironmentStringsA
SetEnvironmentVariableA

user32

MessageBoxA

advapi32

RegCloseKey
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
ImpersonateLoggedOnUser
RevertToSelf

shell32

ShellExecuteExW
CommandLineToArgvW
SHGetFolderPathA
SHGetSpecialFolderPathA

shlwapi

StrCatW
StrRChrA
StrRChrW
PathFileExistsA
StrRStrIW
PathFileExistsW
StrStrIA
StrCpyW

wtsapi32

WTSQueryUserToken
WTSFreeMemory
WTSEnumerateSessionsA

crypt32

CertGetNameStringA
CryptStringToBinaryA
CertCreateCertificateContext
CertDuplicateCertificateContext
CertDeleteCertificateFromStore
CertOpenStore
CertEnumCertificatesInStore
CertCompareCertificate
CertCloseStore
CertCompareCertificateName
CertVerifyTimeValidity
CertFreeCertificateContext
CertAddCertificateContextToStore

Sections

.text
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
新建文件夹/printerhook32.dll
.dll windows:5 windows x86 arch:x86

c2752fa5939ba09f164901cd84a38c27

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:f9:80:67:6d:7d:7e:8d:5e:b0:42:d2:df:47:78:48
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

23/03/2023, 00:00

Not After

22/03/2026, 23:59

Subject

CN=Sangfor Technologies Inc.,O=Sangfor Technologies Inc.,L=Shenzhen,ST=Guangdong Province,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fe:7a:ae:f3:d1:17:10:d0:31:d8:46:47:99:ba:f6:e3:e3:a1:7b:80:26:59:fc:0b:14:6a:02:ca:d4:7f:c0:a9
Signer

Actual PE Digest

fe:7a:ae:f3:d1:17:10:d0:31:d8:46:47:99:ba:f6:e3:e3:a1:7b:80:26:59:fc:0b:14:6a:02:ca:d4:7f:c0:a9

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\qianliu-agent\workspace\0\zb_gitlab\16813\program\ac\Windows\nacclient\__build\build\bin\release\printerhook32.pdb

Imports

kernel32

DisableThreadLibraryCalls
CloseHandle
LoadLibraryW
GetModuleFileNameW
CreateToolhelp32Snapshot
Module32FirstW
Module32NextW
DecodePointer
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
RaiseException
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
FreeLibrary
GetProcAddress
SetLastError
GetModuleHandleW
WriteConsoleW
WaitForSingleObjectEx
OutputDebugStringA
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
WriteFile
SetStdHandle
GetStringTypeW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
CreateThread
ExitThread
ResumeThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
GetCurrentThread
GetACP
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FindClose
FindFirstFileExA
FindFirstFileExW
FindNextFileA
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
GetStdHandle
GetFileType
SetConsoleCtrlHandler
CreateFileW

user32

SetWindowsHookExW
UnregisterClassW
CallNextHookEx
UnhookWindowsHookEx

shlwapi

StrStrIW

wintrust

WinVerifyTrust

Exports

Exports

InstallPrinterHook
unInstallPrinterHook

Sections

.text
Size: 244KB - Virtual size: 244KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
新建文件夹/sfwget.exe
.exe windows:4 windows x86 arch:x86

6c83c796e9451331dab6bccffe120dee

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27/04/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

Issuer

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

30/05/2020, 10:48

Subject

CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

08:93:8e:06:3f:2c:05:9f:fc:f5:54:22:39:a4:83:65
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/03/2020, 00:00

Not After

22/03/2023, 12:00

Subject

CN=Sangfor Technologies Inc.,OU=research and development department,O=Sangfor Technologies Inc.,L=Shenzhen,ST=Guangdong Province,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:37:b3:4f:a0:45:c0:00:bc:cd:99:99:6e:1e:eb:29
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/03/2020, 00:00

Not After

22/03/2023, 12:00

Subject

CN=Sangfor Technologies Inc.,OU=research and development department,O=Sangfor Technologies Inc.,L=Shenzhen,ST=Guangdong Province,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6e:51:26:28:98:80:34:83:4c:6c:8c:ea:17:74:38:57:67:1e:b2:58:d4:0a:05:97:3a:c4:27:ec:f7:08:be:c2
Signer

Actual PE Digest

6e:51:26:28:98:80:34:83:4c:6c:8c:ea:17:74:38:57:67:1e:b2:58:d4:0a:05:97:3a:c4:27:ec:f7:08:be:c2

Digest Algorithm

sha256

PE Digest Matches

true

90:71:64:b5:4a:ce:ec:4f:72:90:39:bb:40:78:08:d3:77:6a:29:2b
Signer

Actual PE Digest

90:71:64:b5:4a:ce:ec:4f:72:90:39:bb:40:78:08:d3:77:6a:29:2b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptAcquireContextA
CryptAcquireContextW
CryptCreateHash
CryptDecrypt
CryptDestroyHash
CryptDestroyKey
CryptEnumProvidersW
CryptExportKey
CryptGenRandom
CryptGetProvParam
CryptGetUserKey
CryptReleaseContext
CryptSetHashParam
CryptSignHashW
DeregisterEventSource
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegisterEventSourceW
ReportEventW

crypt32

CertCloseStore
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenStore

kernel32

AddVectoredExceptionHandler
CloseHandle
ConvertFiberToThread
ConvertThreadToFiber
CreateDirectoryA
CreateEventA
CreateFiber
CreateFileA
CreateFileMappingA
CreateFileW
CreatePipe
CreateProcessA
CreateSemaphoreA
CreateThread
DeleteCriticalSection
DeleteFiber
DeleteFileA
DuplicateHandle
EnterCriticalSection
ExpandEnvironmentStringsA
FindClose
FindFirstFileA
FindFirstFileW
FindFirstVolumeW
FindNextFileW
FindNextVolumeW
FindVolumeClose
FormatMessageA
FormatMessageW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetConsoleMode
GetConsoleOutputCP
GetConsoleScreenBufferInfo
GetConsoleWindow
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDiskFreeSpaceExW
GetEnvironmentVariableW
GetFileAttributesA
GetFileInformationByHandle
GetFileSize
GetFileSizeEx
GetFileType
GetHandleInformation
GetLastError
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetNamedPipeInfo
GetNumberOfConsoleInputEvents
GetPriorityClass
GetProcAddress
GetProcessAffinityMask
GetStartupInfoA
GetStdHandle
GetSystemDirectoryA
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathA
GetThreadContext
GetThreadLocale
GetThreadPriority
GetTickCount
GetVersion
GetVolumeInformationW
GlobalMemoryStatus
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
IsDBCSLeadByteEx
IsDebuggerPresent
IsValidCodePage
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalAlloc
LocalFree
LockFileEx
MapViewOfFile
MultiByteToWideChar
OpenFileMappingA
OutputDebugStringA
PeekConsoleInputA
PeekNamedPipe
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadConsoleA
ReadConsoleW
ReadFile
ReleaseSemaphore
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
SetConsoleCtrlHandler
SetConsoleMode
SetConsoleTitleA
SetEndOfFile
SetEvent
SetFilePointer
SetFilePointerEx
SetFileTime
SetLastError
SetProcessAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SleepEx
SuspendThread
SwitchToFiber
SystemTimeToFileTime
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
UnlockFile
UnmapViewOfFile
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteFile

msvcrt

___mb_cur_max_func
__argv
__doserrno
__getmainargs
__initenv
__lconv_init
__mb_cur_max
__p__acmdln
__p__fmode
__pioinfo
__set_app_type
__setusermatherr
_access
_amsg_exit
_beginthreadex
_cexit
_chmod
_chmod
_close
_close
_dup
_dup2
_endthreadex
_environ
_errno
_exit
_fdopen
_filelengthi64
_fileno
_fileno
_fstat
_get_osfhandle
_getch
_getmaxstdio
_getmbcp
_getpid
_initterm
_iob
_isctype
_isatty
_lock
_lseek
_lseeki64
_mkdir
_onexit
_open_osfhandle
_open
_pipe
_putenv
_read
_setjmp3
_setmaxstdio
_setmode
_setmode
_snwprintf
_stat
_strdup
_stricmp
_strnicmp
_sys_errlist
_sys_nerr
_telli64
_ultoa
_unlink
_unlock
_tzset
_vsnprintf
_vsnwprintf
_wfopen
_wopen
_write
_write
abort
atoi
bsearch
clearerr
clock
calloc
exit
fclose
feof
ferror
fflush
fgetc
fgetpos
fgets
fopen
fprintf
fputc
fputs
fread
free
gmtime
fseek
fsetpos
ftell
fwprintf
fwrite
getc
getenv
gmtime
isalnum
isalpha
iscntrl
isgraph
islower
isprint
ispunct
isspace
isupper
iswctype
isxdigit
localeconv
localtime
localtime
longjmp
malloc
memchr
memcmp
memcpy
memmove
memset
perror
printf
putc
puts
qsort
raise
rand
realloc
rename
rewind
setbuf
setlocale
setvbuf
signal
sprintf
srand
sscanf
strcat
strchr
strcmp
strcpy
strcspn
strerror
strftime
strlen
strncat
strncmp
strncpy
strrchr
strpbrk
strspn
strstr
strtok
strtol
strtoul
time
time
tmpfile
tolower
toupper
towlower
towupper
ungetc
vfprintf
wcscat
wcscmp
wcscpy
wcslen
wcsstr
wcstombs

ole32

CoCreateInstance
CoInitializeEx
CoUninitialize

shell32

SHGetSpecialFolderPathA

user32

DispatchMessageA
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA
MessageBoxW
MsgWaitForMultipleObjects
PeekMessageA
TranslateMessage

ws2_32

WSAAddressToStringA
WSACleanup
WSAEnumNetworkEvents
WSAEventSelect
WSAGetLastError
WSASetLastError
WSASocketA
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostbyname
getnameinfo
getpeername
getsockname
getsockopt
htonl
htons
inet_addr
ioctlsocket
listen
ntohs
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 836KB - Virtual size: 836KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/14
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c778e97ae2254ea7ddef70573b59a0e0

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

09:f9:80:67:6d:7d:7e:8d:5e:b0:42:d2:df:47:78:48Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

36:05:26:d2:cb:6a:17:cb:68:85:ea:44:d0:84:bb:eb:8b:92:41:f9:62:31:d1:1f:b6:3e:9b:8a:a6:f7:0b:00Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

crypt32

ole32

wtsapi32

userenv

psapi

kernel32

user32

shell32

advapi32

shlwapi

version

wintrust

bcrypt

Exports

Exports

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 625KB - Virtual size: 624KB

.data Size: 24KB - Virtual size: 48KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 110KB - Virtual size: 110KB

505c54af7fa8f0482014ca4fe5cdd53d

Code Sign

f4:8b:a9:cb:78:dd:96:f2:dc:60:2f:ef:35:68:c9:2aCertificate

Extended Key Usages

Key Usages

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1Certificate

Extended Key Usages

Key Usages

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

33:00:00:00:31:94:79:a3:18:f5:52:2d:06:00:00:00:00:00:31Certificate

Extended Key Usages

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0dCertificate

Key Usages

22:28:bf:92:4d:da:52:a7:8d:1d:5e:42:49:58:10:79:54:b9:1b:20:4d:70:75:56:77:34:96:94:0a:13:9c:2eSigner

22:28:bf:92:4d:da:52:a7:8d:1d:5e:42:49:58:10:79:54:b9:1b:20:4d:70:75:56:77:34:96:94:0a:13:9c:2eSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

ndis.sys

fwpkclnt.sys

wdfldr.sys

Sections

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

09:f9:80:67:6d:7d:7e:8d:5e:b0:42:d2:df:47:78:48
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

36:05:26:d2:cb:6a:17:cb:68:85:ea:44:d0:84:bb:eb:8b:92:41:f9:62:31:d1:1f:b6:3e:9b:8a:a6:f7:0b:00
Signer

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 625KB - Virtual size: 624KB

.data
Size: 24KB - Virtual size: 48KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 110KB - Virtual size: 110KB

f4:8b:a9:cb:78:dd:96:f2:dc:60:2f:ef:35:68:c9:2a
Certificate

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

33:00:00:00:31:94:79:a3:18:f5:52:2d:06:00:00:00:00:00:31
Certificate

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

22:28:bf:92:4d:da:52:a7:8d:1d:5e:42:49:58:10:79:54:b9:1b:20:4d:70:75:56:77:34:96:94:0a:13:9c:2e
Signer

22:28:bf:92:4d:da:52:a7:8d:1d:5e:42:49:58:10:79:54:b9:1b:20:4d:70:75:56:77:34:96:94:0a:13:9c:2e
Signer

.text
Size: 44KB - Virtual size: 44KB

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 512B - Virtual size: 16KB

.pdata
Size: 2KB - Virtual size: 1KB

.gfids
Size: 512B - Virtual size: 4B

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 420B

f4:8b:a9:cb:78:dd:96:f2:dc:60:2f:ef:35:68:c9:2a
Certificate

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

33:00:00:00:31:94:79:a3:18:f5:52:2d:06:00:00:00:00:00:31
Certificate

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

22:28:bf:92:4d:da:52:a7:8d:1d:5e:42:49:58:10:79:54:b9:1b:20:4d:70:75:56:77:34:96:94:0a:13:9c:2e
Signer

22:28:bf:92:4d:da:52:a7:8d:1d:5e:42:49:58:10:79:54:b9:1b:20:4d:70:75:56:77:34:96:94:0a:13:9c:2e
Signer

.text
Size: 44KB - Virtual size: 44KB

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 512B - Virtual size: 16KB

.pdata
Size: 2KB - Virtual size: 1KB

.gfids
Size: 512B - Virtual size: 4B

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 420B

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

09:f9:80:67:6d:7d:7e:8d:5e:b0:42:d2:df:47:78:48
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

7b:8a:51:0b:af:ad:6c:6a:2a:fb:fd:e7:68:9f:fd:ac:7c:67:17:87:9d:98:b3:12:6d:22:01:76:9f:27:a8:45
Signer