ByteCrypterV3[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

ByteCrypterV3.rar
Size

5.7MB
MD5

724540f20ad6e756ec7d9798edb8cc0b
SHA1

a0941c2a9f094a26f512ffd093d33cf680c1ec29
SHA256

06a759515fd83e73af3919a2692e0eb41c639da29724a14e6664837083af15a8
SHA512

62fca2f428ff2e9697c7795981cf4aa4520ce078846e5f74c1ffede334fba7911acc4fb4bee0a1a78da305275e1b5e9cbd3dec031b4bb7afd2e87db588507668
SSDEEP

98304:oHVnUUZBeHfeXokIRmZlzluOF9z1HB7ZHVnUUZBeHfeXokIRmZRhCsGVLi6RW0Jp:YVnpzzXoRmbDn1HB1VnpzzXoRmjIXx1x

Score

3^/10

Malware Config

Signatures

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Byte Crypter V3/ByteCrypter v3 Cracked.exe
unpack001/Byte Crypter V3/Leaf/Ionic.Zip.dll
unpack001/Byte Crypter V3/Leaf/Launcher.exe
unpack001/Byte Crypter V3/Leaf/bc3.exe
unpack001/Byte Crypter V3/Leaf/secur32.dll
unpack001/Byte Crypter V3/Leaf/urlmon.dll
unpack001/Byte Crypter V3/secur32.dll
unpack001/Byte Crypter V3/urlmon.dll

Files

ByteCrypterV3.rar
.rar
Byte Crypter V3/ByteCrypter v3 Cracked.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\thorson\Desktop\Launcher1\Launcher\Launcher\obj\Debug\LUNCHER CRACKING.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 170KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Byte Crypter V3/Leaf/Ionic.Zip.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\DotNetZip\Zip\obj\Debug\Ionic.Zip.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 478KB - Virtual size: 477KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Byte Crypter V3/Leaf/LICENCE.dat
.zip
Byte Crypter V3/Leaf/Launcher.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Byte Crypter V3/Leaf/bc3.exe
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 338KB - Virtual size: 600KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 621KB - Virtual size: 624KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Byte Crypter V3/Leaf/d3dcompiler_47.dll
.dll windows:6 windows x64 arch:x64

2ce80dc262aecd9b9f45ee13d6b30c08

Code Sign

33:00:00:00:34:24:31:40:c9:a0:c1:79:8d:00:00:00:00:00:34
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

27/03/2013, 20:08

Not After

27/06/2014, 20:08

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/01/2013, 22:33

Not After

24/04/2014, 22:33

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:16:11:04:b4:88:38:8c:be:c3:00:00:00:00:00:16
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

30/08/2012, 17:49

Not After

30/11/2013, 17:49

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ab:03:c2:89:51:77:ec:8e:32:be:09:f8:2b:0a:85:88:db:5f:d4:2a:86:a6:ad:00:10:29:d8:39:4f:b2:07
Signer

Actual PE Digest

08:ab:03:c2:89:51:77:ec:8e:32:be:09:f8:2b:0a:85:88:db:5f:d4:2a:86:a6:ad:00:10:29:d8:39:4f:b2:07

Digest Algorithm

sha256

PE Digest Matches

true

31:17:9e:ab:c5:82:ed:f0:dc:03:42:34:e2:18:08:28:16:db:fd:78
Signer

Actual PE Digest

31:17:9e:ab:c5:82:ed:f0:dc:03:42:34:e2:18:08:28:16:db:fd:78

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D3DCompiler_47.pdb

Imports

msvcrt

__dllonexit
_unlock
_lock
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
_strtoui64
sscanf
_isnan
strtoul
_vsnprintf
isxdigit
atof
setlocale
_strdup
_mbstrlen
_vsnwprintf
strnlen
modf
strrchr
strncpy_s
memcpy_s
isalnum
_finite
_clearfp
_controlfp
strcpy_s
malloc
_strnicmp
_fpclass
strncmp
isspace
strstr
strchr
free
sprintf_s
_stricmp
_purecall
memmove
qsort
isalpha
toupper
atoi
isdigit
_onexit
??2@YAPEAX_K@Z
getenv
??3@YAXPEAX@Z
wcsncmp
wcsncpy_s
_wcsicmp
memcpy
memset
fclose
strcat_s
bsearch
_CxxThrowException
memcmp
_snwprintf_s
wcschr
iswdigit
__unDName
fread
fseek
_wfsopen
vsprintf_s
wcstol
_wcsnicmp
_wsplitpath_s
towlower
wcscpy_s
??_U@YAPEAX_K@Z
??_V@YAXPEAX@Z
swprintf_s
wcsncat_s
wcsrchr
_wfullpath
_wmakepath_s
_time64
_chsize
_close
_read
_write
_lseeki64
_get_osfhandle
_open_osfhandle
_wcsdup
wcscat_s
ftell
_mbscmp
_memicmp
_wgetenv
tolower
_wsopen
__CxxFrameHandler3
acos
asin
atan
atan2
ceil
cos
cosh
exp
floor
floorf
fmod
log
pow
sin
sinh
sqrt
strcmp
tan
tanh

advapi32

CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
RegOpenKeyExW
RegQueryValueExA
RegEnumKeyExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExW

kernel32

LocalFree
LocalAlloc
GetVersion
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SetLastError
CreateFileMappingW
UnmapViewOfFile
GetFileSize
CreateFileA
GetSystemInfo
VirtualAlloc
VirtualFree
GetProcAddress
LoadLibraryExW
GetEnvironmentVariableA
GetFullPathNameA
GetFullPathNameW
TlsFree
TlsGetValue
TlsSetValue
TlsAlloc
Sleep
LCMapStringW
GetFileAttributesW
SetFileAttributesW
CopyFileExW
DeleteFileW
GetFileType
DeviceIoControl
ExpandEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
SetFilePointer
FlushViewOfFile
MapViewOfFileEx
GetModuleFileNameA
MapViewOfFile
DisableThreadLibraryCalls
CreateFileW
GetLastError
GetFileSizeEx
ReadFile
CloseHandle
WriteFile
WideCharToMultiByte
FreeLibrary
lstrcmpiA
MultiByteToWideChar
OutputDebugStringA
QueryPerformanceCounter
HeapCreate
HeapDestroy
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetProcessHeap
HeapFree

rpcrt4

UuidCreate

Exports

Exports

D3DAssemble
D3DCompile
D3DCompile2
D3DCompileFromFile
D3DCompressShaders
D3DCreateBlob
D3DCreateFunctionLinkingGraph
D3DCreateLinker
D3DDecompressShaders
D3DDisassemble
D3DDisassemble10Effect
D3DDisassemble11Trace
D3DDisassembleRegion
D3DGetBlobPart
D3DGetDebugInfo
D3DGetInputAndOutputSignatureBlob
D3DGetInputSignatureBlob
D3DGetOutputSignatureBlob
D3DGetTraceInstructionOffsets
D3DLoadModule
D3DPreprocess
D3DReadFileToBlob
D3DReflect
D3DReflectLibrary
D3DReturnFailure1
D3DSetBlobPart
D3DStripShader
D3DWriteBlobToFile
DebugSetMute

Sections

.text
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Byte Crypter V3/Leaf/secur32.dll
.dll windows:10 windows x64 arch:x64

f90c2a389f295606533d615109fb248b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

secur32.pdb

Imports

ntdll

_itow
RtlNtStatusToDosError
RtlInitUnicodeString
iswdigit
memcpy
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlUnicodeStringToAnsiString
RtlFreeHeap
RtlAllocateHeap
RtlCopyUnicodeString
RtlEqualUnicodeString
RtlGetNtProductType
wcsncpy_s
wcschr
RtlFreeUnicodeString
RtlUpcaseUnicodeString
RtlCreateUnicodeString
iswspace
NtClose
NtUnmapViewOfSection
NtMapViewOfSection
NtOpenSection
wcsncmp
memset

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleW
DisableThreadLibraryCalls

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetComputerNameExW

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW

api-ms-win-security-activedirectoryclient-l1-1-0

DsFreeNameResultW
DsUnBindW
DsCrackNamesW
DsBindWithSpnExW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

AcceptSecurityContext
AcquireCredentialsHandleA
AcquireCredentialsHandleW
AddCredentialsA
AddCredentialsW
AddSecurityPackageA
AddSecurityPackageW
ApplyControlToken
ChangeAccountPasswordA
ChangeAccountPasswordW
CloseLsaPerformanceData
CollectLsaPerformanceData
CompleteAuthToken
CredMarshalTargetInfo
CredUnmarshalTargetInfo
DecryptMessage
DeleteSecurityContext
DeleteSecurityPackageA
DeleteSecurityPackageW
EncryptMessage
EnumerateSecurityPackagesA
EnumerateSecurityPackagesW
ExportSecurityContext
FreeContextBuffer
FreeCredentialsHandle
GetComputerObjectNameA
GetComputerObjectNameW
GetSecurityUserInfo
GetUserNameExA
GetUserNameExW
ImpersonateSecurityContext
ImportSecurityContextA
ImportSecurityContextW
InitSecurityInterfaceA
InitSecurityInterfaceW
InitializeSecurityContextA
InitializeSecurityContextW
LsaCallAuthenticationPackage
LsaConnectUntrusted
LsaDeregisterLogonProcess
LsaEnumerateLogonSessions
LsaFreeReturnBuffer
LsaGetLogonSessionData
LsaLogonUser
LsaLookupAuthenticationPackage
LsaRegisterLogonProcess
LsaRegisterPolicyChangeNotification
LsaUnregisterPolicyChangeNotification
MakeSignature
OpenLsaPerformanceData
QueryContextAttributesA
QueryContextAttributesW
QueryCredentialsAttributesA
QueryCredentialsAttributesW
QuerySecurityContextToken
QuerySecurityPackageInfoA
QuerySecurityPackageInfoW
RevertSecurityContext
SaslAcceptSecurityContext
SaslEnumerateProfilesA
SaslEnumerateProfilesW
SaslGetContextOption
SaslGetProfilePackageA
SaslGetProfilePackageW
SaslIdentifyPackageA
SaslIdentifyPackageW
SaslInitializeSecurityContextA
SaslInitializeSecurityContextW
SaslSetContextOption
SealMessage
SeciAllocateAndSetCallFlags
SeciAllocateAndSetIPAddress
SeciFreeCallContext
SecpFreeMemory
SecpTranslateName
SecpTranslateNameEx
SetContextAttributesA
SetContextAttributesW
SetCredentialsAttributesA
SetCredentialsAttributesW
SspiCompareAuthIdentities
SspiCopyAuthIdentity
SspiDecryptAuthIdentity
SspiEncodeAuthIdentityAsStrings
SspiEncodeStringsAsAuthIdentity
SspiEncryptAuthIdentity
SspiExcludePackage
SspiFreeAuthIdentity
SspiGetTargetHostName
SspiIsAuthIdentityEncrypted
SspiLocalFree
SspiMarshalAuthIdentity
SspiPrepareForCredRead
SspiPrepareForCredWrite
SspiUnmarshalAuthIdentity
SspiValidateAuthIdentity
SspiZeroAuthIdentity
TranslateNameA
TranslateNameW
UnsealMessage
VerifySignature

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Byte Crypter V3/Leaf/urlmon.dll
.dll regsvr32 windows:10 windows x64 arch:x64

b61aa4d90cb120f22a553ac804b77315

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

urlmon.pdb

Imports

msvcrt

toupper
wcstol
strstr
strncmp
wcsnlen
_wcslwr_s
towlower
__CxxFrameHandler3
strchr
_snwprintf_s
_scwprintf
_errno
strnlen
realloc
bsearch
_wtol
memmove_s
_i64tow_s
memset
_wtoi
_ui64tow_s
swprintf_s
_ultow_s
isalpha
wcsncmp
swscanf_s
_wcsicmp
_purecall
wcsrchr
_itow_s
rand_s
wcstok_s
_wfopen
wcstoul
strcmp
_onexit
wcschr
wcsstr
__dllonexit
_unlock
_lock
_snwscanf_s
wcscat_s
wcscpy_s
_vsnwprintf
memcmp
memmove
memcpy
__C_specific_handler
_initterm
malloc
fgets
_wcsnicmp
free
_amsg_exit
_XcptFilter
_vsnprintf
memcpy_s
fclose
wcscmp

iertutil

CreateUri
CreateUriFromMultiByteString
GetPropertyFromName
GetPropertyName
IntlPercentEncodeNormalize
IsDWORDProperty
CreateIUriBuilder
IsStringProperty
ord701
ord25
ord901
CreateUriPriv
CreateUriWithFragment
GetIUriPriv
ord791
GetIUriPriv2
GetPortFromUrlScheme
ord656
ord675
ord665
ord651
ord655
ord657
ord667
ord650
ord670
ord664
ord398
ord50
ord793
ord681
ord700
ord795
ord854
ord466
ord134
ord282
ord281
ord820
ord71
ord68
ord64
ord61
ord88
ord706
ord796
ord683
ord86
ord76
ord81
ord74
ord79
ord85
ord690
ord916
ord58
ord209
ord32
ord200
ord201
ord54
ord150
ord158
ord159
ord151
UriFromHostAndScheme
ord56
ord49
ord903
ord902
GetIDNSettingsForIE
PrivateCoInternetCanonicalizeIUri
PrivateCoInternetParseIUri
PrivateCoInternetCombineIUri
FastMimeLookupKnownType
FastMimeSetIsMimeFilterEnabled
ord70
ord63
ord20
FastMimeGetIsMimeFilterEnabled
CreateStringHashN
ord230
ord16
ord45
ord205
ord42
ord43
ord44
ord143
ord135
ord140
ord141
ord142
ord913
ord810
ord172
IUriBuilderInternalCreateDomain
ord166
ord855
ord35
ord870
ord682
ord89
ord57
ord702
ord17
ord325
ord173
ord62
ord72
ord594
ord597
ord654
ord652
ord658
ord672

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
OpenSemaphoreW
EnterCriticalSection
DeleteCriticalSection
CreateEventW
InitializeCriticalSection
WaitForSingleObjectEx
CreateSemaphoreExW
CreateMutexExW
ReleaseMutex
SetEvent
LeaveCriticalSection
WaitForSingleObject
ReleaseSRWLockShared
CreateMutexW
CreateMutexA
AcquireSRWLockExclusive
InitializeCriticalSectionEx
AcquireSRWLockShared
InitializeSRWLock
OpenMutexW
TryEnterCriticalSection
ReleaseSRWLockExclusive
CreateEventExW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathIsRelativeW
PathFindExtensionA
PathRemoveExtensionW
PathUnquoteSpacesW
PathIsUNCServerShareW
PathIsUNCW
PathIsPrefixA
PathRemoveFileSpecW
PathIsPrefixW
PathFileExistsW
PathIsUNCServerW
PathFindFileNameW
PathFindExtensionW
PathIsRootW
PathFileExistsA
PathGetDriveNumberW
PathStripToRootW

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrRChrW
StrChrW
StrCmpNIA
QISearch
StrCmpNIW
StrCmpNICA
StrCmpCA
StrStrIW
StrDupW
StrCmpCW
StrChrNW
StrToIntExW
StrToIntA
StrStrIA
StrChrIW
StrToIntW
StrDupA
StrCmpIW
StrCmpNA
StrCmpICW
StrStrA
StrCmpNW
StrChrA
StrCmpNICW
StrStrW
StrToInt64ExW
StrCmpICA
StrCmpNCW
StrCmpW
StrCmpNCA
StrTrimW

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
LoadLibraryExW
FindResourceExW
FindStringOrdinal
GetProcAddress
LoadLibraryExA
LoadResource
LockResource
GetModuleFileNameA
GetModuleHandleExW
GetModuleFileNameW
GetModuleHandleA
FreeLibrary
SizeofResource
LoadStringA
GetModuleHandleW

api-ms-win-core-com-l1-1-0

CoSetProxyBlanket
CoFreeUnusedLibraries
CoCreateInstance
StringFromGUID2
CoUnmarshalInterface
CoTaskMemRealloc
CLSIDFromString
PropVariantClear
CoCreateGuid
FreePropVariantArray
CLSIDFromProgID
CoUninitialize
StringFromCLSID
CoTaskMemAlloc
CoMarshalInterface
CoGetMarshalSizeMax
CoSwitchCallContext
CoTaskMemFree
CoGetClassObject
CoCreateFreeThreadedMarshaler
CoGetTreatAsClass
CoWaitForMultipleHandles
CoInitializeEx

api-ms-win-eventing-provider-l1-1-0

EventWriteEx
EventProviderEnabled
EventRegister
EventWriteTransfer
EventUnregister
EventSetInformation

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
WideCharToMultiByte
MultiByteToWideChar
CompareStringW

api-ms-win-core-registry-l1-1-0

RegEnumValueA
RegGetValueA
RegSetValueExW
RegCreateKeyExW
RegEnumValueW
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExW
RegQueryValueExA
RegCloseKey
RegOpenKeyExW
RegQueryInfoKeyA
RegGetValueW
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyExA
RegSetValueExA

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpA
lstrcmpW

api-ms-win-core-processthreads-l1-1-0

GetExitCodeThread
GetCurrentThread
GetCurrentProcessId
TerminateThread
ExitThread
OpenThreadToken
OpenProcessToken
GetCurrentThreadId
TlsFree
TlsAlloc
TerminateProcess
TlsSetValue
TlsGetValue
CreateProcessA
GetExitCodeProcess
GetCurrentProcess
CreateThread

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-stringansi-l1-1-0

CharUpperBuffA
CharLowerA
CharPrevA
CharNextA

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
SleepConditionVariableSRW
WakeAllConditionVariable
InitOnceComplete
InitOnceExecuteOnce
Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-0

SetLastError
RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetVersionExA
GetSystemTime
GetWindowsDirectoryA
GetSystemInfo
GetTickCount
GetSystemTimeAsFileTime
GetSystemDirectoryA
GetTickCount64
GetLocalTime

api-ms-win-core-localization-l1-2-0

GetUserGeoID
GetThreadLocale
GetLocaleInfoA
IdnToAscii
IsValidCodePage
IsDBCSLeadByte
FormatMessageW
GetACP
GetCPInfo
IdnToUnicode
FormatMessageA
GetSystemDefaultLCID
GetUserDefaultLCID

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-path-l1-1-0

PathCchCanonicalize
PathCchAddBackslash
PathCchRemoveFileSpec
PathCchRemoveBackslash

api-ms-win-shcore-stream-l1-1-0

SHOpenRegStream2W
SHCreateMemStream
IStream_Read
IStream_ReadStr
IStream_Write
IStream_WriteStr
SHCreateStreamOnFileW

api-ms-win-core-string-l2-1-0

CharPrevW
CharLowerBuffW
CharNextW
CharLowerW

api-ms-win-core-heap-l2-1-0

GlobalAlloc
GlobalFree
LocalFree
LocalAlloc

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
LoadLibraryA

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-file-l1-1-0

ReadFile
SetFileAttributesA
CreateFileA
WriteFile
FileTimeToLocalFileTime
GetLongPathNameW
SetFilePointer
LocalFileTimeToFileTime
GetFileSize
GetFullPathNameW
CreateDirectoryW
GetDriveTypeA
RemoveDirectoryA
FindNextFileA
SetFileTime
DeleteFileA
GetTempFileNameW
CreateDirectoryA
GetDriveTypeW
GetFileAttributesA
QueryDosDeviceW
GetFileInformationByHandle
GetShortPathNameW
CompareFileTime
FindClose
FindFirstFileA
GetFullPathNameA
GetFileTime
GetLongPathNameA
FindFirstFileW
GetFileSizeEx
CreateFileW
GetFileAttributesW
GetFileAttributesExW
DeleteFileW

api-ms-win-core-file-l1-2-2

GetTempPathA

api-ms-win-core-kernel32-legacy-l1-1-0

GetShortPathNameA
CopyFileA
DosDateTimeToFileTime

api-ms-win-core-version-l1-1-0

VerQueryValueW
GetFileVersionInfoSizeExW
GetFileVersionInfoExW

api-ms-win-core-registryuserspecific-l1-1-0

SHRegQueryInfoUSKeyW
SHRegEnumUSValueW
SHRegWriteUSValueW
SHRegDeleteEmptyUSKeyW
SHRegGetUSValueW
SHRegGetBoolUSValueA
SHRegOpenUSKeyW
SHRegQueryUSValueW
SHRegEnumUSKeyW
SHRegGetUSValueA
SHRegCloseUSKey
SHRegDeleteUSValueW
SHRegCreateUSKeyW

api-ms-win-core-registry-l2-1-0

RegQueryValueW
RegQueryValueA

api-ms-win-core-atoms-l1-1-0

DeleteAtom
AddAtomA
FindAtomA
AddAtomW
FindAtomW

api-ms-win-core-url-l1-1-0

UrlGetLocationW
UrlEscapeW
UrlCompareW
PathCreateFromUrlA
UrlGetPartW
UrlCanonicalizeW
ParseURLW
UrlCreateFromPathW
UrlIsW
ParseURLA
UrlCombineW
UrlUnescapeW
PathCreateFromUrlW

api-ms-win-core-privateprofile-l1-1-0

GetPrivateProfileStringW
GetPrivateProfileStringA
GetPrivateProfileIntA
GetPrivateProfileSectionW
GetPrivateProfileIntW
WritePrivateProfileStringW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-shell-changenotify-l1-1-0

SHChangeNotify

api-ms-win-security-base-l1-1-0

CheckTokenMembership
CreateWellKnownSid
GetTokenInformation
DuplicateToken

api-ms-win-core-processenvironment-l1-2-0

SearchPathA

api-ms-win-http-time-l1-1-0

InternetTimeToSystemTimeA
InternetTimeFromSystemTimeW
InternetTimeFromSystemTimeA

api-ms-win-core-file-l1-2-0

GetTempPathW
CreateFile2

ntdll

RtlIpv6StringToAddressExW
RtlIpv4StringToAddressExW
RtlMoveMemory
RtlGetSuiteMask

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolWorkCallbacks
CloseThreadpoolWork
CreateThreadpoolWork
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer
SubmitThreadpoolWork

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

api-ms-win-core-wow64-l1-1-0

IsWow64Process

api-ms-win-shlwapi-winrt-storage-l1-1-1

ord220

api-ms-win-shcore-registry-l1-1-0

SHSetValueA
SHRegGetValueW
SHDeleteKeyW

api-ms-win-core-processthreads-l1-1-2

QueryProtectedPolicy

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-shcore-comhelpers-l1-1-0

IUnknown_QueryService

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsA

api-ms-win-core-datetime-l1-1-0

GetDateFormatW
GetTimeFormatW
GetTimeFormatA

api-ms-win-core-heap-obsolete-l1-1-0

GlobalUnlock
GlobalLock
GlobalSize

api-ms-win-security-systemfunctions-l1-1-0

SystemFunction036

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-shcore-unicodeansi-l1-1-0

SHAnsiToUnicode

api-ms-win-core-memory-l1-1-0

MapViewOfFile
OpenFileMappingW
VirtualProtect
UnmapViewOfFile
CreateFileMappingW

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-security-lsapolicy-l1-1-0

LsaOpenPolicy
LsaFreeMemory
LsaQueryInformationPolicy
LsaClose

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-localization-obsolete-l1-2-0

CompareStringA

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsGetStringRawBuffer
WindowsCreateStringReference

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-sidebyside-l1-1-0

CreateActCtxW
DeactivateActCtx
ReleaseActCtx
ActivateActCtx

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-security-isolatedcontainer-l1-1-0

IsProcessInIsolatedContainer

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-io-l1-1-0

DeviceIoControl

Exports

Exports

AsyncGetClassBits
AsyncInstallDistributionUnit
BindAsyncMoniker
CAuthenticateHostUI_CreateInstance
CDLGetLongPathNameA
CDLGetLongPathNameW
CORPolicyProvider
CoGetClassObjectFromURL
CoInstall
CoInternetCanonicalizeIUri
CoInternetCombineIUri
CoInternetCombineUrl
CoInternetCombineUrlEx
CoInternetCompareUrl
CoInternetCreateSecurityManager
CoInternetCreateZoneManager
CoInternetFeatureSettingsChanged
CoInternetGetMobileBrowserAppCompatMode
CoInternetGetMobileBrowserForceDesktopMode
CoInternetGetProtocolFlags
CoInternetGetSecurityUrl
CoInternetGetSecurityUrlEx
CoInternetGetSession
CoInternetIsFeatureEnabled
CoInternetIsFeatureEnabledForIUri
CoInternetIsFeatureEnabledForUrl
CoInternetIsFeatureZoneElevationEnabled
CoInternetParseIUri
CoInternetParseUrl
CoInternetQueryInfo
CoInternetSetFeatureEnabled
CoInternetSetMobileBrowserAppCompatMode
CoInternetSetMobileBrowserForceDesktopMode
CompareSecurityIds
CompatFlagsFromClsid
CopyBindInfo
CopyStgMedium
CreateAsyncBindCtx
CreateAsyncBindCtxEx
CreateFormatEnumerator
CreateIUriBuilder
CreateURLMoniker
CreateURLMonikerEx
CreateURLMonikerEx2
CreateUri
CreateUriFromMultiByteString
CreateUriPriv
CreateUriWithFragment
DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllRegisterServerEx
DllUnregisterServer
Extract
FaultInIEFeature
FileBearsMarkOfTheWeb
FindMediaType
FindMediaTypeClass
FindMimeFromData
GetAddSitesFileUrl
GetClassFileOrMime
GetClassURL
GetComponentIDFromCLSSPEC
GetIDNFlagsForUri
GetIUriPriv
GetIUriPriv2
GetLabelsFromNamedHost
GetMarkOfTheWeb
GetPortFromUrlScheme
GetPropertyFromName
GetPropertyName
GetSoftwareUpdateInfo
GetUrlmonThreadNotificationHwnd
GetZoneFromAlternateDataStreamEx
HlinkGoBack
HlinkGoForward
HlinkNavigateMoniker
HlinkNavigateString
HlinkSimpleNavigateToMoniker
HlinkSimpleNavigateToString
IECompatLogCSSFix
IEGetUserPrivateNamespaceName
IEInstallScope
IntlPercentEncodeNormalize
IsAsyncMoniker
IsDWORDProperty
IsIntranetAvailable
IsJITInProgress
IsLoggingEnabledA
IsLoggingEnabledW
IsStringProperty
IsValidURL
MkParseDisplayNameEx
ObtainUserAgentString
PrivateCoInstall
QueryAssociations
QueryClsidAssociation
RegisterBindStatusCallback
RegisterFormatEnumerator
RegisterMediaTypeClass
RegisterMediaTypes
RegisterWebPlatformPermanentSecurityManager
ReleaseBindInfo
RestrictHTTP2
RevokeBindStatusCallback
RevokeFormatEnumerator
SetAccessForIEAppContainer
SetSoftwareUpdateAdvertisementState
ShouldDisplayPunycodeForUri
ShouldShowIntranetWarningSecband
ShowTrustAlertDialog
URLDownloadA
URLDownloadToCacheFileA
URLDownloadToCacheFileW
URLDownloadToFileA
URLDownloadToFileW
URLDownloadW
URLOpenBlockingStreamA
URLOpenBlockingStreamW
URLOpenPullStreamA
URLOpenPullStreamW
URLOpenStreamA
URLOpenStreamW
UnregisterWebPlatformPermanentSecurityManager
UrlMkBuildVersion
UrlMkGetSessionOption
UrlMkSetSessionOption
UrlmonCleanupCurrentThread
WriteHitLogging
ZonesReInit

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 244KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.isoapis
Size: 512B - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 324KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Byte Crypter V3/d3dcompiler_47.dll
.dll windows:6 windows x64 arch:x64

2ce80dc262aecd9b9f45ee13d6b30c08

Code Sign

33:00:00:00:34:24:31:40:c9:a0:c1:79:8d:00:00:00:00:00:34
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

27/03/2013, 20:08

Not After

27/06/2014, 20:08

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/01/2013, 22:33

Not After

24/04/2014, 22:33

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:16:11:04:b4:88:38:8c:be:c3:00:00:00:00:00:16
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

30/08/2012, 17:49

Not After

30/11/2013, 17:49

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ab:03:c2:89:51:77:ec:8e:32:be:09:f8:2b:0a:85:88:db:5f:d4:2a:86:a6:ad:00:10:29:d8:39:4f:b2:07
Signer

Actual PE Digest

08:ab:03:c2:89:51:77:ec:8e:32:be:09:f8:2b:0a:85:88:db:5f:d4:2a:86:a6:ad:00:10:29:d8:39:4f:b2:07

Digest Algorithm

sha256

PE Digest Matches

true

31:17:9e:ab:c5:82:ed:f0:dc:03:42:34:e2:18:08:28:16:db:fd:78
Signer

Actual PE Digest

31:17:9e:ab:c5:82:ed:f0:dc:03:42:34:e2:18:08:28:16:db:fd:78

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D3DCompiler_47.pdb

Imports

msvcrt

__dllonexit
_unlock
_lock
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
_strtoui64
sscanf
_isnan
strtoul
_vsnprintf
isxdigit
atof
setlocale
_strdup
_mbstrlen
_vsnwprintf
strnlen
modf
strrchr
strncpy_s
memcpy_s
isalnum
_finite
_clearfp
_controlfp
strcpy_s
malloc
_strnicmp
_fpclass
strncmp
isspace
strstr
strchr
free
sprintf_s
_stricmp
_purecall
memmove
qsort
isalpha
toupper
atoi
isdigit
_onexit
??2@YAPEAX_K@Z
getenv
??3@YAXPEAX@Z
wcsncmp
wcsncpy_s
_wcsicmp
memcpy
memset
fclose
strcat_s
bsearch
_CxxThrowException
memcmp
_snwprintf_s
wcschr
iswdigit
__unDName
fread
fseek
_wfsopen
vsprintf_s
wcstol
_wcsnicmp
_wsplitpath_s
towlower
wcscpy_s
??_U@YAPEAX_K@Z
??_V@YAXPEAX@Z
swprintf_s
wcsncat_s
wcsrchr
_wfullpath
_wmakepath_s
_time64
_chsize
_close
_read
_write
_lseeki64
_get_osfhandle
_open_osfhandle
_wcsdup
wcscat_s
ftell
_mbscmp
_memicmp
_wgetenv
tolower
_wsopen
__CxxFrameHandler3
acos
asin
atan
atan2
ceil
cos
cosh
exp
floor
floorf
fmod
log
pow
sin
sinh
sqrt
strcmp
tan
tanh

advapi32

CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
RegOpenKeyExW
RegQueryValueExA
RegEnumKeyExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExW

kernel32

LocalFree
LocalAlloc
GetVersion
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SetLastError
CreateFileMappingW
UnmapViewOfFile
GetFileSize
CreateFileA
GetSystemInfo
VirtualAlloc
VirtualFree
GetProcAddress
LoadLibraryExW
GetEnvironmentVariableA
GetFullPathNameA
GetFullPathNameW
TlsFree
TlsGetValue
TlsSetValue
TlsAlloc
Sleep
LCMapStringW
GetFileAttributesW
SetFileAttributesW
CopyFileExW
DeleteFileW
GetFileType
DeviceIoControl
ExpandEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
SetFilePointer
FlushViewOfFile
MapViewOfFileEx
GetModuleFileNameA
MapViewOfFile
DisableThreadLibraryCalls
CreateFileW
GetLastError
GetFileSizeEx
ReadFile
CloseHandle
WriteFile
WideCharToMultiByte
FreeLibrary
lstrcmpiA
MultiByteToWideChar
OutputDebugStringA
QueryPerformanceCounter
HeapCreate
HeapDestroy
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetProcessHeap
HeapFree

rpcrt4

UuidCreate

Exports

Exports

D3DAssemble
D3DCompile
D3DCompile2
D3DCompileFromFile
D3DCompressShaders
D3DCreateBlob
D3DCreateFunctionLinkingGraph
D3DCreateLinker
D3DDecompressShaders
D3DDisassemble
D3DDisassemble10Effect
D3DDisassemble11Trace
D3DDisassembleRegion
D3DGetBlobPart
D3DGetDebugInfo
D3DGetInputAndOutputSignatureBlob
D3DGetInputSignatureBlob
D3DGetOutputSignatureBlob
D3DGetTraceInstructionOffsets
D3DLoadModule
D3DPreprocess
D3DReadFileToBlob
D3DReflect
D3DReflectLibrary
D3DReturnFailure1
D3DSetBlobPart
D3DStripShader
D3DWriteBlobToFile
DebugSetMute

Sections

.text
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Byte Crypter V3/secur32.dll
.dll windows:10 windows x64 arch:x64

f90c2a389f295606533d615109fb248b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

secur32.pdb

Imports

ntdll

_itow
RtlNtStatusToDosError
RtlInitUnicodeString
iswdigit
memcpy
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlUnicodeStringToAnsiString
RtlFreeHeap
RtlAllocateHeap
RtlCopyUnicodeString
RtlEqualUnicodeString
RtlGetNtProductType
wcsncpy_s
wcschr
RtlFreeUnicodeString
RtlUpcaseUnicodeString
RtlCreateUnicodeString
iswspace
NtClose
NtUnmapViewOfSection
NtMapViewOfSection
NtOpenSection
wcsncmp
memset

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleW
DisableThreadLibraryCalls

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetComputerNameExW

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW

api-ms-win-security-activedirectoryclient-l1-1-0

DsFreeNameResultW
DsUnBindW
DsCrackNamesW
DsBindWithSpnExW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

AcceptSecurityContext
AcquireCredentialsHandleA
AcquireCredentialsHandleW
AddCredentialsA
AddCredentialsW
AddSecurityPackageA
AddSecurityPackageW
ApplyControlToken
ChangeAccountPasswordA
ChangeAccountPasswordW
CloseLsaPerformanceData
CollectLsaPerformanceData
CompleteAuthToken
CredMarshalTargetInfo
CredUnmarshalTargetInfo
DecryptMessage
DeleteSecurityContext
DeleteSecurityPackageA
DeleteSecurityPackageW
EncryptMessage
EnumerateSecurityPackagesA
EnumerateSecurityPackagesW
ExportSecurityContext
FreeContextBuffer
FreeCredentialsHandle
GetComputerObjectNameA
GetComputerObjectNameW
GetSecurityUserInfo
GetUserNameExA
GetUserNameExW
ImpersonateSecurityContext
ImportSecurityContextA
ImportSecurityContextW
InitSecurityInterfaceA
InitSecurityInterfaceW
InitializeSecurityContextA
InitializeSecurityContextW
LsaCallAuthenticationPackage
LsaConnectUntrusted
LsaDeregisterLogonProcess
LsaEnumerateLogonSessions
LsaFreeReturnBuffer
LsaGetLogonSessionData
LsaLogonUser
LsaLookupAuthenticationPackage
LsaRegisterLogonProcess
LsaRegisterPolicyChangeNotification
LsaUnregisterPolicyChangeNotification
MakeSignature
OpenLsaPerformanceData
QueryContextAttributesA
QueryContextAttributesW
QueryCredentialsAttributesA
QueryCredentialsAttributesW
QuerySecurityContextToken
QuerySecurityPackageInfoA
QuerySecurityPackageInfoW
RevertSecurityContext
SaslAcceptSecurityContext
SaslEnumerateProfilesA
SaslEnumerateProfilesW
SaslGetContextOption
SaslGetProfilePackageA
SaslGetProfilePackageW
SaslIdentifyPackageA
SaslIdentifyPackageW
SaslInitializeSecurityContextA
SaslInitializeSecurityContextW
SaslSetContextOption
SealMessage
SeciAllocateAndSetCallFlags
SeciAllocateAndSetIPAddress
SeciFreeCallContext
SecpFreeMemory
SecpTranslateName
SecpTranslateNameEx
SetContextAttributesA
SetContextAttributesW
SetCredentialsAttributesA
SetCredentialsAttributesW
SspiCompareAuthIdentities
SspiCopyAuthIdentity
SspiDecryptAuthIdentity
SspiEncodeAuthIdentityAsStrings
SspiEncodeStringsAsAuthIdentity
SspiEncryptAuthIdentity
SspiExcludePackage
SspiFreeAuthIdentity
SspiGetTargetHostName
SspiIsAuthIdentityEncrypted
SspiLocalFree
SspiMarshalAuthIdentity
SspiPrepareForCredRead
SspiPrepareForCredWrite
SspiUnmarshalAuthIdentity
SspiValidateAuthIdentity
SspiZeroAuthIdentity
TranslateNameA
TranslateNameW
UnsealMessage
VerifySignature

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Byte Crypter V3/urlmon.dll
.dll regsvr32 windows:10 windows x64 arch:x64

b61aa4d90cb120f22a553ac804b77315

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

urlmon.pdb

Imports

msvcrt

toupper
wcstol
strstr
strncmp
wcsnlen
_wcslwr_s
towlower
__CxxFrameHandler3
strchr
_snwprintf_s
_scwprintf
_errno
strnlen
realloc
bsearch
_wtol
memmove_s
_i64tow_s
memset
_wtoi
_ui64tow_s
swprintf_s
_ultow_s
isalpha
wcsncmp
swscanf_s
_wcsicmp
_purecall
wcsrchr
_itow_s
rand_s
wcstok_s
_wfopen
wcstoul
strcmp
_onexit
wcschr
wcsstr
__dllonexit
_unlock
_lock
_snwscanf_s
wcscat_s
wcscpy_s
_vsnwprintf
memcmp
memmove
memcpy
__C_specific_handler
_initterm
malloc
fgets
_wcsnicmp
free
_amsg_exit
_XcptFilter
_vsnprintf
memcpy_s
fclose
wcscmp

iertutil

CreateUri
CreateUriFromMultiByteString
GetPropertyFromName
GetPropertyName
IntlPercentEncodeNormalize
IsDWORDProperty
CreateIUriBuilder
IsStringProperty
ord701
ord25
ord901
CreateUriPriv
CreateUriWithFragment
GetIUriPriv
ord791
GetIUriPriv2
GetPortFromUrlScheme
ord656
ord675
ord665
ord651
ord655
ord657
ord667
ord650
ord670
ord664
ord398
ord50
ord793
ord681
ord700
ord795
ord854
ord466
ord134
ord282
ord281
ord820
ord71
ord68
ord64
ord61
ord88
ord706
ord796
ord683
ord86
ord76
ord81
ord74
ord79
ord85
ord690
ord916
ord58
ord209
ord32
ord200
ord201
ord54
ord150
ord158
ord159
ord151
UriFromHostAndScheme
ord56
ord49
ord903
ord902
GetIDNSettingsForIE
PrivateCoInternetCanonicalizeIUri
PrivateCoInternetParseIUri
PrivateCoInternetCombineIUri
FastMimeLookupKnownType
FastMimeSetIsMimeFilterEnabled
ord70
ord63
ord20
FastMimeGetIsMimeFilterEnabled
CreateStringHashN
ord230
ord16
ord45
ord205
ord42
ord43
ord44
ord143
ord135
ord140
ord141
ord142
ord913
ord810
ord172
IUriBuilderInternalCreateDomain
ord166
ord855
ord35
ord870
ord682
ord89
ord57
ord702
ord17
ord325
ord173
ord62
ord72
ord594
ord597
ord654
ord652
ord658
ord672

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
OpenSemaphoreW
EnterCriticalSection
DeleteCriticalSection
CreateEventW
InitializeCriticalSection
WaitForSingleObjectEx
CreateSemaphoreExW
CreateMutexExW
ReleaseMutex
SetEvent
LeaveCriticalSection
WaitForSingleObject
ReleaseSRWLockShared
CreateMutexW
CreateMutexA
AcquireSRWLockExclusive
InitializeCriticalSectionEx
AcquireSRWLockShared
InitializeSRWLock
OpenMutexW
TryEnterCriticalSection
ReleaseSRWLockExclusive
CreateEventExW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathIsRelativeW
PathFindExtensionA
PathRemoveExtensionW
PathUnquoteSpacesW
PathIsUNCServerShareW
PathIsUNCW
PathIsPrefixA
PathRemoveFileSpecW
PathIsPrefixW
PathFileExistsW
PathIsUNCServerW
PathFindFileNameW
PathFindExtensionW
PathIsRootW
PathFileExistsA
PathGetDriveNumberW
PathStripToRootW

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrRChrW
StrChrW
StrCmpNIA
QISearch
StrCmpNIW
StrCmpNICA
StrCmpCA
StrStrIW
StrDupW
StrCmpCW
StrChrNW
StrToIntExW
StrToIntA
StrStrIA
StrChrIW
StrToIntW
StrDupA
StrCmpIW
StrCmpNA
StrCmpICW
StrStrA
StrCmpNW
StrChrA
StrCmpNICW
StrStrW
StrToInt64ExW
StrCmpICA
StrCmpNCW
StrCmpW
StrCmpNCA
StrTrimW

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
LoadLibraryExW
FindResourceExW
FindStringOrdinal
GetProcAddress
LoadLibraryExA
LoadResource
LockResource
GetModuleFileNameA
GetModuleHandleExW
GetModuleFileNameW
GetModuleHandleA
FreeLibrary
SizeofResource
LoadStringA
GetModuleHandleW

api-ms-win-core-com-l1-1-0

CoSetProxyBlanket
CoFreeUnusedLibraries
CoCreateInstance
StringFromGUID2
CoUnmarshalInterface
CoTaskMemRealloc
CLSIDFromString
PropVariantClear
CoCreateGuid
FreePropVariantArray
CLSIDFromProgID
CoUninitialize
StringFromCLSID
CoTaskMemAlloc
CoMarshalInterface
CoGetMarshalSizeMax
CoSwitchCallContext
CoTaskMemFree
CoGetClassObject
CoCreateFreeThreadedMarshaler
CoGetTreatAsClass
CoWaitForMultipleHandles
CoInitializeEx

api-ms-win-eventing-provider-l1-1-0

EventWriteEx
EventProviderEnabled
EventRegister
EventWriteTransfer
EventUnregister
EventSetInformation

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
WideCharToMultiByte
MultiByteToWideChar
CompareStringW

api-ms-win-core-registry-l1-1-0

RegEnumValueA
RegGetValueA
RegSetValueExW
RegCreateKeyExW
RegEnumValueW
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExW
RegQueryValueExA
RegCloseKey
RegOpenKeyExW
RegQueryInfoKeyA
RegGetValueW
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyExA
RegSetValueExA

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpA
lstrcmpW

api-ms-win-core-processthreads-l1-1-0

GetExitCodeThread
GetCurrentThread
GetCurrentProcessId
TerminateThread
ExitThread
OpenThreadToken
OpenProcessToken
GetCurrentThreadId
TlsFree
TlsAlloc
TerminateProcess
TlsSetValue
TlsGetValue
CreateProcessA
GetExitCodeProcess
GetCurrentProcess
CreateThread

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-stringansi-l1-1-0

CharUpperBuffA
CharLowerA
CharPrevA
CharNextA

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
SleepConditionVariableSRW
WakeAllConditionVariable
InitOnceComplete
InitOnceExecuteOnce
Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-0

SetLastError
RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetVersionExA
GetSystemTime
GetWindowsDirectoryA
GetSystemInfo
GetTickCount
GetSystemTimeAsFileTime
GetSystemDirectoryA
GetTickCount64
GetLocalTime

api-ms-win-core-localization-l1-2-0

GetUserGeoID
GetThreadLocale
GetLocaleInfoA
IdnToAscii
IsValidCodePage
IsDBCSLeadByte
FormatMessageW
GetACP
GetCPInfo
IdnToUnicode
FormatMessageA
GetSystemDefaultLCID
GetUserDefaultLCID

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-path-l1-1-0

PathCchCanonicalize
PathCchAddBackslash
PathCchRemoveFileSpec
PathCchRemoveBackslash

api-ms-win-shcore-stream-l1-1-0

SHOpenRegStream2W
SHCreateMemStream
IStream_Read
IStream_ReadStr
IStream_Write
IStream_WriteStr
SHCreateStreamOnFileW

api-ms-win-core-string-l2-1-0

CharPrevW
CharLowerBuffW
CharNextW
CharLowerW

api-ms-win-core-heap-l2-1-0

GlobalAlloc
GlobalFree
LocalFree
LocalAlloc

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
LoadLibraryA

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-file-l1-1-0

ReadFile
SetFileAttributesA
CreateFileA
WriteFile
FileTimeToLocalFileTime
GetLongPathNameW
SetFilePointer
LocalFileTimeToFileTime
GetFileSize
GetFullPathNameW
CreateDirectoryW
GetDriveTypeA
RemoveDirectoryA
FindNextFileA
SetFileTime
DeleteFileA
GetTempFileNameW
CreateDirectoryA
GetDriveTypeW
GetFileAttributesA
QueryDosDeviceW
GetFileInformationByHandle
GetShortPathNameW
CompareFileTime
FindClose
FindFirstFileA
GetFullPathNameA
GetFileTime
GetLongPathNameA
FindFirstFileW
GetFileSizeEx
CreateFileW
GetFileAttributesW
GetFileAttributesExW
DeleteFileW

api-ms-win-core-file-l1-2-2

GetTempPathA

api-ms-win-core-kernel32-legacy-l1-1-0

GetShortPathNameA
CopyFileA
DosDateTimeToFileTime

api-ms-win-core-version-l1-1-0

VerQueryValueW
GetFileVersionInfoSizeExW
GetFileVersionInfoExW

api-ms-win-core-registryuserspecific-l1-1-0

SHRegQueryInfoUSKeyW
SHRegEnumUSValueW
SHRegWriteUSValueW
SHRegDeleteEmptyUSKeyW
SHRegGetUSValueW
SHRegGetBoolUSValueA
SHRegOpenUSKeyW
SHRegQueryUSValueW
SHRegEnumUSKeyW
SHRegGetUSValueA
SHRegCloseUSKey
SHRegDeleteUSValueW
SHRegCreateUSKeyW

api-ms-win-core-registry-l2-1-0

RegQueryValueW
RegQueryValueA

api-ms-win-core-atoms-l1-1-0

DeleteAtom
AddAtomA
FindAtomA
AddAtomW
FindAtomW

api-ms-win-core-url-l1-1-0

UrlGetLocationW
UrlEscapeW
UrlCompareW
PathCreateFromUrlA
UrlGetPartW
UrlCanonicalizeW
ParseURLW
UrlCreateFromPathW
UrlIsW
ParseURLA
UrlCombineW
UrlUnescapeW
PathCreateFromUrlW

api-ms-win-core-privateprofile-l1-1-0

GetPrivateProfileStringW
GetPrivateProfileStringA
GetPrivateProfileIntA
GetPrivateProfileSectionW
GetPrivateProfileIntW
WritePrivateProfileStringW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-shell-changenotify-l1-1-0

SHChangeNotify

api-ms-win-security-base-l1-1-0

CheckTokenMembership
CreateWellKnownSid
GetTokenInformation
DuplicateToken

api-ms-win-core-processenvironment-l1-2-0

SearchPathA

api-ms-win-http-time-l1-1-0

InternetTimeToSystemTimeA
InternetTimeFromSystemTimeW
InternetTimeFromSystemTimeA

api-ms-win-core-file-l1-2-0

GetTempPathW
CreateFile2

ntdll

RtlIpv6StringToAddressExW
RtlIpv4StringToAddressExW
RtlMoveMemory
RtlGetSuiteMask

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolWorkCallbacks
CloseThreadpoolWork
CreateThreadpoolWork
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer
SubmitThreadpoolWork

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

api-ms-win-core-wow64-l1-1-0

IsWow64Process

api-ms-win-shlwapi-winrt-storage-l1-1-1

ord220

api-ms-win-shcore-registry-l1-1-0

SHSetValueA
SHRegGetValueW
SHDeleteKeyW

api-ms-win-core-processthreads-l1-1-2

QueryProtectedPolicy

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-shcore-comhelpers-l1-1-0

IUnknown_QueryService

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsA

api-ms-win-core-datetime-l1-1-0

GetDateFormatW
GetTimeFormatW
GetTimeFormatA

api-ms-win-core-heap-obsolete-l1-1-0

GlobalUnlock
GlobalLock
GlobalSize

api-ms-win-security-systemfunctions-l1-1-0

SystemFunction036

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-shcore-unicodeansi-l1-1-0

SHAnsiToUnicode

api-ms-win-core-memory-l1-1-0

MapViewOfFile
OpenFileMappingW
VirtualProtect
UnmapViewOfFile
CreateFileMappingW

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-security-lsapolicy-l1-1-0

LsaOpenPolicy
LsaFreeMemory
LsaQueryInformationPolicy
LsaClose

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-localization-obsolete-l1-2-0

CompareStringA

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsGetStringRawBuffer
WindowsCreateStringReference

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-sidebyside-l1-1-0

CreateActCtxW
DeactivateActCtx
ReleaseActCtx
ActivateActCtx

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-security-isolatedcontainer-l1-1-0

IsProcessInIsolatedContainer

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-io-l1-1-0

DeviceIoControl

Exports

Exports

AsyncGetClassBits
AsyncInstallDistributionUnit
BindAsyncMoniker
CAuthenticateHostUI_CreateInstance
CDLGetLongPathNameA
CDLGetLongPathNameW
CORPolicyProvider
CoGetClassObjectFromURL
CoInstall
CoInternetCanonicalizeIUri
CoInternetCombineIUri
CoInternetCombineUrl
CoInternetCombineUrlEx
CoInternetCompareUrl
CoInternetCreateSecurityManager
CoInternetCreateZoneManager
CoInternetFeatureSettingsChanged
CoInternetGetMobileBrowserAppCompatMode
CoInternetGetMobileBrowserForceDesktopMode
CoInternetGetProtocolFlags
CoInternetGetSecurityUrl
CoInternetGetSecurityUrlEx
CoInternetGetSession
CoInternetIsFeatureEnabled
CoInternetIsFeatureEnabledForIUri
CoInternetIsFeatureEnabledForUrl
CoInternetIsFeatureZoneElevationEnabled
CoInternetParseIUri
CoInternetParseUrl
CoInternetQueryInfo
CoInternetSetFeatureEnabled
CoInternetSetMobileBrowserAppCompatMode
CoInternetSetMobileBrowserForceDesktopMode
CompareSecurityIds
CompatFlagsFromClsid
CopyBindInfo
CopyStgMedium
CreateAsyncBindCtx
CreateAsyncBindCtxEx
CreateFormatEnumerator
CreateIUriBuilder
CreateURLMoniker
CreateURLMonikerEx
CreateURLMonikerEx2
CreateUri
CreateUriFromMultiByteString
CreateUriPriv
CreateUriWithFragment
DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllRegisterServerEx
DllUnregisterServer
Extract
FaultInIEFeature
FileBearsMarkOfTheWeb
FindMediaType
FindMediaTypeClass
FindMimeFromData
GetAddSitesFileUrl
GetClassFileOrMime
GetClassURL
GetComponentIDFromCLSSPEC
GetIDNFlagsForUri
GetIUriPriv
GetIUriPriv2
GetLabelsFromNamedHost
GetMarkOfTheWeb
GetPortFromUrlScheme
GetPropertyFromName
GetPropertyName
GetSoftwareUpdateInfo
GetUrlmonThreadNotificationHwnd
GetZoneFromAlternateDataStreamEx
HlinkGoBack
HlinkGoForward
HlinkNavigateMoniker
HlinkNavigateString
HlinkSimpleNavigateToMoniker
HlinkSimpleNavigateToString
IECompatLogCSSFix
IEGetUserPrivateNamespaceName
IEInstallScope
IntlPercentEncodeNormalize
IsAsyncMoniker
IsDWORDProperty
IsIntranetAvailable
IsJITInProgress
IsLoggingEnabledA
IsLoggingEnabledW
IsStringProperty
IsValidURL
MkParseDisplayNameEx
ObtainUserAgentString
PrivateCoInstall
QueryAssociations
QueryClsidAssociation
RegisterBindStatusCallback
RegisterFormatEnumerator
RegisterMediaTypeClass
RegisterMediaTypes
RegisterWebPlatformPermanentSecurityManager
ReleaseBindInfo
RestrictHTTP2
RevokeBindStatusCallback
RevokeFormatEnumerator
SetAccessForIEAppContainer
SetSoftwareUpdateAdvertisementState
ShouldDisplayPunycodeForUri
ShouldShowIntranetWarningSecband
ShowTrustAlertDialog
URLDownloadA
URLDownloadToCacheFileA
URLDownloadToCacheFileW
URLDownloadToFileA
URLDownloadToFileW
URLDownloadW
URLOpenBlockingStreamA
URLOpenBlockingStreamW
URLOpenPullStreamA
URLOpenPullStreamW
URLOpenStreamA
URLOpenStreamW
UnregisterWebPlatformPermanentSecurityManager
UrlMkBuildVersion
UrlMkGetSessionOption
UrlMkSetSessionOption
UrlmonCleanupCurrentThread
WriteHitLogging
ZonesReInit

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 244KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.isoapis
Size: 512B - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 324KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 11KB - Virtual size: 10KB

.rsrc Size: 170KB - Virtual size: 170KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 478KB - Virtual size: 477KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 50KB - Virtual size: 50KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

Headers

DLL Characteristics

File Characteristics

Sections

Size: 338KB - Virtual size: 600KB

Size: - Virtual size: 8KB

Size: - Virtual size: 8KB

.rsrc Size: 3KB - Virtual size: 8KB

Size: - Virtual size: 3.0MB

.data Size: 621KB - Virtual size: 624KB

2ce80dc262aecd9b9f45ee13d6b30c08

Code Sign

33:00:00:00:34:24:31:40:c9:a0:c1:79:8d:00:00:00:00:00:34Certificate

Extended Key Usages

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0Certificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

33:00:00:00:16:11:04:b4:88:38:8c:be:c3:00:00:00:00:00:16Certificate

Extended Key Usages

61:0c:52:4c:00:00:00:00:00:03Certificate

Key Usages

08:ab:03:c2:89:51:77:ec:8e:32:be:09:f8:2b:0a:85:88:db:5f:d4:2a:86:a6:ad:00:10:29:d8:39:4f:b2:07Signer

31:17:9e:ab:c5:82:ed:f0:dc:03:42:34:e2:18:08:28:16:db:fd:78Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

rpcrt4

Exports

Exports

Sections

.text Size: 3.7MB - Virtual size: 3.7MB

.data Size: 35KB - Virtual size: 69KB

.pdata Size: 117KB - Virtual size: 116KB

.idata Size: 6KB - Virtual size: 6KB

.text
Size: 11KB - Virtual size: 10KB

.rsrc
Size: 170KB - Virtual size: 170KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 478KB - Virtual size: 477KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 50KB - Virtual size: 50KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.rsrc
Size: 3KB - Virtual size: 8KB

.data
Size: 621KB - Virtual size: 624KB

33:00:00:00:34:24:31:40:c9:a0:c1:79:8d:00:00:00:00:00:34
Certificate

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:00:16:11:04:b4:88:38:8c:be:c3:00:00:00:00:00:16
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

08:ab:03:c2:89:51:77:ec:8e:32:be:09:f8:2b:0a:85:88:db:5f:d4:2a:86:a6:ad:00:10:29:d8:39:4f:b2:07
Signer

31:17:9e:ab:c5:82:ed:f0:dc:03:42:34:e2:18:08:28:16:db:fd:78
Signer

.text
Size: 3.7MB - Virtual size: 3.7MB

.data
Size: 35KB - Virtual size: 69KB

.pdata
Size: 117KB - Virtual size: 116KB

.idata
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 68KB - Virtual size: 68KB

.text
Size: 10KB - Virtual size: 9KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 1024B - Virtual size: 648B

.didat
Size: 512B - Virtual size: 96B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 52B