StartAllBack-3[.]8[.]8[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

StartAllBack-3.8.8.zip
Size

1.7MB
MD5

8e072923eabf0cde1870db312b370fd6
SHA1

c1fb2e35fd7e3a53ab75dcf5d3aa1388b511ba03
SHA256

3a536d908ec476955a3387b426007d0955970d9cbe58456d2c447fe502bd4590
SHA512

8156cded48ea00ba8818c0e58a703b49d35a0c2d55225c5f70d1d5dd73aad12f9684fa4f72f9234dbbf7751571ccb01f569c1e6379388466ab3a6e5b90913297
SSDEEP

49152:e/XWL7DG+CAKDc9b+0c4/3eIN28/eUWawTq3sTbNL43:SXk7DFKg967KeIVWHBqcNL0

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/StartAllBack-3.8.8.exe
unpack002/$PLUGINSDIR/registry.dll
unpack002/$TEMP/Start/Orbs/Windows 7.orb
unpack002/$TEMP/Start/StartAllBackX64.dll
unpack002/$TEMP/Start/Styles/Plain8.msstyles
unpack002/$TEMP/Start/Styles/Windows 7.msstyles

NSIS installer 2 IoCs

installer

resource	yara_rule
static1/unpack001/StartAllBack-3.8.8.exe	nsis_installer_1
static1/unpack001/StartAllBack-3.8.8.exe	nsis_installer_2

Files

StartAllBack-3.8.8.zip
.zip
StartAllBack-3.8.8.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Code Sign

33:30:0c:1c:03:b2:50:bf:53:e2:3d:da:31:bd:aa
Certificate

Issuer

CN=diakov.soft

Not Before

10/10/2020, 10:39

Not After

08/01/2021, 21:00

Subject

CN=diakov.soft

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

ef:57:50:85:4a:2b:8d:e7:3a:4d:39:1e:27:77:6a:19:aa:e6:d3:c7
Signer

Actual PE Digest

ef:57:50:85:4a:2b:8d:e7:3a:4d:39:1e:27:77:6a:19:aa:e6:d3:c7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/registry.dll
.dll windows:4 windows x86 arch:x86

421a02aae559045e04759aae146087eb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateProcessA
CreateProcessW
GlobalAlloc
SearchPathA
SearchPathW
GetFileAttributesA
GetFileAttributesW
CreateFileA
CreateFileW
WriteFile
WideCharToMultiByte
GetWindowsDirectoryW
lstrlenA
lstrlenW
MultiByteToWideChar
GlobalFree

user32

FindWindowExA
SetWindowTextA
SetWindowTextW
MessageBoxW
GetDlgItem

advapi32

RegQueryValueExA
RegQueryValueExW
RegOpenKeyExA
RegOpenKeyExW
RegCreateKeyExA
RegCreateKeyExW
RegEnumValueA
RegEnumValueW
RegEnumKeyExA
RegEnumKeyExW
RegCloseKey
RegSetValueExA
RegDeleteValueW
RegDeleteValueA
RegDeleteKeyW
RegDeleteKeyA
RegSetValueExW

Exports

Exports

_Close
_CopyKey
_CopyValue
_CreateKey
_DeleteKey
_DeleteKeyEmpty
_DeleteValue
_Find
_HexToStrA
_HexToStrW
_KeyExists
_MoveKey
_MoveValue
_Open
_Read
_ReadExtra
_RestoreKey
_SaveKey
_StrToHexA
_StrToHexW
_Unload
_Write
_WriteExtra

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 322KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/Start/DarkMagicLoaderX64.exe
.exe windows:6 windows x64 arch:x64

e75f4984b1f4f72162793ec77624ebf2

Code Sign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

20:c1:88:80:ce:b5:61:19:64:5b:f6:7f
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

08/02/2024, 14:45

Not After

10/03/2027, 14:45

Subject

CN=IP Zinukhov Stanislav Igorevich,O=IP Zinukhov Stanislav Igorevich,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:00:05:e5:cf:0f:ff:66:2e:c9:87:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

19/11/2020, 20:32

Not After

19/11/2035, 20:42

Subject

CN=Microsoft Public RSA Timestamping CA 2020,O=Microsoft Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:3e:d9:35:92:f7:b0:19:42:29:00:00:00:00:00:3e
Certificate

Issuer

CN=Microsoft Public RSA Timestamping CA 2020,O=Microsoft Corporation,C=US

Not Before

18/04/2024, 17:59

Not After

17/04/2025, 17:59

Subject

CN=Microsoft Public RSA Time Stamping Authority,OU=Microsoft Ireland Operations Limited+OU=Thales TSS ESN:91A2-966C-63FB,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5f:4b:8e:dc:30:c8:81:b1:5c:b6:7d:92:15:82:0c:cb:34:aa:c3:a0:af:78:73:e4:f2:22:44:1d:f1:09:71:89
Signer

Actual PE Digest

5f:4b:8e:dc:30:c8:81:b1:5c:b6:7d:92:15:82:0c:cb:34:aa:c3:a0:af:78:73:e4:f2:22:44:1d:f1:09:71:89

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-errorhandling-l1-1-0

SetErrorMode

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
LoadLibraryExW

api-ms-win-core-processthreads-l1-1-0

ExitProcess

api-ms-win-downlevel-shlwapi-l1-1-0

StrToIntW

Sections

.text
Size: 512B - Virtual size: 154B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/Start/DarkMagicLoaderX86.exe
.exe windows:6 windows x86 arch:x86

e75f4984b1f4f72162793ec77624ebf2

Code Sign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

20:c1:88:80:ce:b5:61:19:64:5b:f6:7f
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

08/02/2024, 14:45

Not After

10/03/2027, 14:45

Subject

CN=IP Zinukhov Stanislav Igorevich,O=IP Zinukhov Stanislav Igorevich,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:00:05:e5:cf:0f:ff:66:2e:c9:87:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

19/11/2020, 20:32

Not After

19/11/2035, 20:42

Subject

CN=Microsoft Public RSA Timestamping CA 2020,O=Microsoft Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:3e:d9:35:92:f7:b0:19:42:29:00:00:00:00:00:3e
Certificate

Issuer

CN=Microsoft Public RSA Timestamping CA 2020,O=Microsoft Corporation,C=US

Not Before

18/04/2024, 17:59

Not After

17/04/2025, 17:59

Subject

CN=Microsoft Public RSA Time Stamping Authority,OU=Microsoft Ireland Operations Limited+OU=Thales TSS ESN:91A2-966C-63FB,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

2e:ff:16:40:a9:38:0e:35:de:3d:c1:3d:25:87:b0:40:d2:51:15:12:3d:33:99:ef:15:bd:5f:52:a0:1a:1a:6d
Signer

Actual PE Digest

2e:ff:16:40:a9:38:0e:35:de:3d:c1:3d:25:87:b0:40:d2:51:15:12:3d:33:99:ef:15:bd:5f:52:a0:1a:1a:6d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-errorhandling-l1-1-0

SetErrorMode

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
LoadLibraryExW

api-ms-win-core-processthreads-l1-1-0

ExitProcess

api-ms-win-downlevel-shlwapi-l1-1-0

StrToIntW

Sections

.text
Size: 512B - Virtual size: 223B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 612B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/Start/DarkMagicX64.dll
.dll windows:6 windows x64 arch:x64

bd877e61d272cef09455f91622d0cab4

Code Sign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

20:c1:88:80:ce:b5:61:19:64:5b:f6:7f
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

08/02/2024, 14:45

Not After

10/03/2027, 14:45

Subject

CN=IP Zinukhov Stanislav Igorevich,O=IP Zinukhov Stanislav Igorevich,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:00:05:e5:cf:0f:ff:66:2e:c9:87:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

19/11/2020, 20:32

Not After

19/11/2035, 20:42

Subject

CN=Microsoft Public RSA Timestamping CA 2020,O=Microsoft Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:42:9a:c8:6f:a5:1b:a6:7d:06:00:00:00:00:00:42
Certificate

Issuer

CN=Microsoft Public RSA Timestamping CA 2020,O=Microsoft Corporation,C=US

Not Before

18/04/2024, 17:59

Not After

17/04/2025, 17:59

Subject

CN=Microsoft Public RSA Time Stamping Authority,OU=Microsoft Ireland Operations Limited+OU=nShield TSS ESN:451A-05E0-D947,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

53:dc:c8:00:3a:a2:f4:47:92:b6:2b:f8:4a:a9:d8:5a:4d:5d:ac:14:dd:11:2a:86:04:17:83:a0:0f:95:8a:da
Signer

Actual PE Digest

53:dc:c8:00:3a:a2:f4:47:92:b6:2b:f8:4a:a9:d8:5a:4d:5d:ac:14:dd:11:2a:86:04:17:83:a0:0f:95:8a:da

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\StartAllBack\StartIsBack11\Release\DarkMagicX64.pdb

Imports

api-ms-win-core-atoms-l1-1-0

AddAtomW
DeleteAtom
FindAtomW
GlobalFindAtomW

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiA
lstrcmpiW
lstrcmpW
lstrcmpA
lstrlenW

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
SizeofResource
GetModuleHandleW
GetModuleHandleA
LoadLibraryExW
GetModuleHandleExW
GetProcAddress
GetModuleFileNameW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringA

api-ms-win-core-processthreads-l1-1-0

GetProcessIdOfThread
GetCurrentProcessId
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
GetCurrentThread
SetThreadPriority
ResumeThread
GetThreadId
OpenProcessToken
CreateThread

api-ms-win-core-synch-l1-1-0

SetEvent
CreateEventW
WaitForSingleObject
SleepEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
WaitForSingleObjectEx
OpenEventW

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-security-base-l1-1-0

GetTokenInformation
CreateWellKnownSid

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-sidebyside-l1-1-0

GetCurrentActCtx
ActivateActCtx
DeactivateActCtx
FindActCtxSectionStringW

api-ms-win-core-registry-l1-1-0

RegNotifyChangeKeyValue
RegOpenKeyExW
RegGetValueW
RegCreateKeyExW
RegSetValueExW
RegCloseKey

api-ms-win-core-memory-l1-1-0

OpenFileMappingW
CreateFileMappingW
VirtualProtect
MapViewOfFile

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
WakeAllConditionVariable
SleepConditionVariableSRW

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoCreateInstance

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW
K32GetMappedFileNameW

api-ms-win-core-registry-l2-1-0

RegOpenKeyW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindFileNameW
PathRemoveBackslashW
PathAddBackslashW
PathFileExistsW
PathRemoveExtensionW
PathRemoveFileSpecW
PathAppendW

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-kernel32-legacy-l1-1-0

RegisterWaitForSingleObject

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-file-l1-1-0

FindFirstFileW
ReadFile
SetFilePointer
FindClose
CreateFileW
CreateDirectoryW
FindNextFileW

api-ms-win-core-wow64-l1-1-1

IsWow64Process2

api-ms-win-mm-time-l1-1-0

timeGetTime
timeEndPeriod
timeBeginPeriod

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

user32

SystemParametersInfoA
EnableWindow
LoadImageA
SystemParametersInfoForDpi
FillRect
GetDpiForWindow
EndPaint
BeginPaint
SetWindowLongW
WindowFromPoint
GetCursorPos
DrawEdge
GetWindow
RegisterClassExW
IsImmersiveProcess
DeregisterShellHookWindow
DrawTextW
RegisterShellHookWindow
InternalGetWindowText
SetWindowCompositionAttribute
PtInRect
GetMenuItemRect
ord2557
LoadIconW
UnhookWindowsHookEx
SetWindowsHookExW
CallNextHookEx
IsWindowVisible
GetDpiForMonitorInternal
GetDlgItem
EqualRect
MapWindowPoints
GetWindowTextW
AnimateWindow
UpdateWindow
ShowWindow
GetThreadDpiAwarenessContext
GetIconInfo
SetWinEventHook
EnumThreadWindows
GetClassInfoW
EnumChildWindows
UnhookWinEvent
SetWindowLongPtrW
SetClassLongPtrW
RegisterClassW
SetLayeredWindowAttributes
InvalidateRect
DefWindowProcW
GetUpdateRect
FindWindowW
IsWindow
GetParent
GetDesktopWindow
SendMessageW
SendMessageCallbackW
GetWindowThreadProcessId
SendNotifyMessageW
IsMenu
GetSystemMenu
RegisterWindowMessageW
GetClassWord
GetAncestor
GetPropW
GetSysColor
GetWindowLongPtrW
GetClassLongPtrW
MonitorFromWindow
GetCurrentInputMessageSource
GetMenuItemInfoW
GetMenuItemCount
InflateRect
PrintWindow
GetDC
WindowFromDC
ReleaseDC
DestroyIcon
GetSystemMetrics
GetSystemMetricsForDpi
DrawIconEx
GetMenu
GetSubMenu
GetDpiForSystem
CreateIconIndirect
GetCIMSSM
GetGUIThreadInfo
SystemParametersInfoW
GetWindowInfo
OffsetRect
KillTimer
SetPropW
DestroyWindow
CreateWindowExW
GetWindowLongW
IsIconic
UpdateLayeredWindow
SetWindowPos
GetMessageExtraInfo
RemovePropW
GetMenuBarInfo
GetMenuInfo
PostMessageW
GetClientRect
SetMenuInfo
GetWindowRect
FindWindowExW
SetMessageExtraInfo
SetMenuItemInfoW
SetTimer

gdi32

GetStockObject
ExcludeClipRect
DeleteDC
StretchDIBits
GdiAlphaBlend
CreateCompatibleDC
GetObjectW
GetObjectType
DeleteObject
GetLayout
SelectObject
RestoreDC
SaveDC
CreateFontW
CreateFontIndirectW
GetBitmapBits
GetTextExtentExPointW
CreateBitmap
GdiFlush
GetBitmapDimensionEx
SetBitmapDimensionEx
SetBitmapBits
SetLayout
GetTextColor
SetTextColor
GdiDrawStream
CreateDPIScaledDIBSection
GetDCDpiScaleValue
SetBkMode
GetCurrentObject
SetBkColor
ExtTextOutW
GetDCBrushColor
BitBlt
StretchBlt
CreateDIBSection

kernel32

GetApplicationUserModelId
GetCurrentApplicationUserModelId

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf_s
__stdio_common_vsprintf_s

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
calloc
free

api-ms-win-crt-string-l1-1-0

memset
wcscmp
_wcsnicmp
wcsncmp
_wcsicmp
strcmp
wcsncpy_s
wcscat_s
wcscpy_s

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext
NtResumeThread
RtlInitUnicodeString
RtlAdjustPrivilege
NtAlpcSendWaitReceivePort

api-ms-win-crt-private-l1-1-0

_CxxThrowException
wcschr
memcpy
__C_specific_handler
__CxxFrameHandler4
__std_type_info_destroy_list
__std_exception_destroy
__std_exception_copy

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemWindowsDirectoryW

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-shcore-stream-l1-1-0

SHCreateStreamOnFileW

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-crt-utility-l1-1-0

bsearch

api-ms-win-crt-math-l1-1-0

acos
cos
sin

Exports

Exports

Bootstrap
DllCanUnloadNow
DllGetClassObject
InitDarkMagic
IsCompositedTheme
LoadRemote
SetSmallScrollbar
UnroundPtr

Sections

.text
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 656B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/Start/DarkMagicX86.dll
.dll windows:6 windows x86 arch:x86

9b7d050e207219e7012356964d919573

Code Sign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

20:c1:88:80:ce:b5:61:19:64:5b:f6:7f
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

08/02/2024, 14:45

Not After

10/03/2027, 14:45

Subject

CN=IP Zinukhov Stanislav Igorevich,O=IP Zinukhov Stanislav Igorevich,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:00:05:e5:cf:0f:ff:66:2e:c9:87:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

19/11/2020, 20:32

Not After

19/11/2035, 20:42

Subject

CN=Microsoft Public RSA Timestamping CA 2020,O=Microsoft Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:3e:d9:35:92:f7:b0:19:42:29:00:00:00:00:00:3e
Certificate

Issuer

CN=Microsoft Public RSA Timestamping CA 2020,O=Microsoft Corporation,C=US

Not Before

18/04/2024, 17:59

Not After

17/04/2025, 17:59

Subject

CN=Microsoft Public RSA Time Stamping Authority,OU=Microsoft Ireland Operations Limited+OU=Thales TSS ESN:91A2-966C-63FB,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4f:22:b9:fd:67:0b:8b:5c:7d:ce:a5:68:70:73:43:1f:3c:63:94:e0:cd:28:57:cb:33:be:20:c3:ff:d6:8c:31
Signer

Actual PE Digest

4f:22:b9:fd:67:0b:8b:5c:7d:ce:a5:68:70:73:43:1f:3c:63:94:e0:cd:28:57:cb:33:be:20:c3:ff:d6:8c:31

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\StartAllBack\StartIsBack11\Release\DarkMagicX86.pdb

Imports

api-ms-win-core-atoms-l1-1-0

AddAtomW
DeleteAtom
FindAtomW
GlobalFindAtomW

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW
lstrcmpW
lstrcmpA
lstrcmpiA
lstrcmpiW

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleExW
SizeofResource
LoadLibraryExW
GetModuleHandleA
GetModuleHandleW
DisableThreadLibraryCalls
GetModuleFileNameW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringA

api-ms-win-core-processthreads-l1-1-0

SetThreadPriority
GetProcessIdOfThread
OpenProcessToken
TerminateProcess
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
CreateThread
ResumeThread
GetCurrentThreadId
GetThreadId

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
ReleaseSRWLockExclusive
OpenEventW
WaitForSingleObjectEx
SleepEx
SetEvent
WaitForSingleObject
CreateEventW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
SetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-security-base-l1-1-0

GetTokenInformation
CreateWellKnownSid

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-sidebyside-l1-1-0

GetCurrentActCtx
DeactivateActCtx
FindActCtxSectionStringW
ActivateActCtx

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegNotifyChangeKeyValue
RegCloseKey

api-ms-win-core-memory-l1-1-0

VirtualProtect
CreateFileMappingW
MapViewOfFile
OpenFileMappingW

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
WakeAllConditionVariable
SleepConditionVariableSRW

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoCreateInstance

api-ms-win-core-psapi-l1-1-0

K32GetMappedFileNameW
QueryFullProcessImageNameW

api-ms-win-core-registry-l2-1-0

RegOpenKeyW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathAddBackslashW
PathAppendW
PathFindFileNameW
PathRemoveExtensionW
PathRemoveFileSpecW
PathFileExistsW
PathRemoveBackslashW

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-kernel32-legacy-l1-1-0

RegisterWaitForSingleObject

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-file-l1-1-0

CreateDirectoryW
SetFilePointer
ReadFile
CreateFileW
FindClose
FindNextFileW
FindFirstFileW

api-ms-win-core-wow64-l1-1-1

IsWow64Process2

api-ms-win-mm-time-l1-1-0

timeBeginPeriod
timeGetTime
timeEndPeriod

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

user32

SystemParametersInfoA
EnableWindow
LoadImageA
SystemParametersInfoForDpi
FillRect
GetDpiForWindow
EndPaint
BeginPaint
WindowFromPoint
GetCursorPos
DrawEdge
GetWindow
GetDlgItem
IsImmersiveProcess
DeregisterShellHookWindow
DrawTextW
RegisterShellHookWindow
InternalGetWindowText
SetWindowCompositionAttribute
PtInRect
GetMenuItemRect
ord2557
LoadIconW
UnhookWindowsHookEx
SetWindowsHookExW
CallNextHookEx
IsWindowVisible
IsIconic
GetDpiForMonitorInternal
GetSystemMetrics
EqualRect
MapWindowPoints
GetWindowTextW
AnimateWindow
UpdateWindow
ShowWindow
GetThreadDpiAwarenessContext
GetWindowRect
SetWinEventHook
RegisterClassExW
GetClassInfoW
EnumChildWindows
UnhookWinEvent
SetWindowLongW
SetClassLongW
RegisterClassW
SetLayeredWindowAttributes
InvalidateRect
DefWindowProcW
GetUpdateRect
FindWindowW
IsWindow
GetParent
GetDesktopWindow
SendMessageW
SendMessageCallbackW
GetWindowThreadProcessId
SendNotifyMessageW
IsMenu
GetSystemMenu
SetTimer
RegisterWindowMessageW
GetClassWord
GetAncestor
GetPropW
GetSysColor
GetWindowLongW
GetClassLongW
MonitorFromWindow
GetMenuItemInfoW
GetMenuItemCount
InflateRect
GetCurrentInputMessageSource
PrintWindow
WindowFromDC
GetDC
ReleaseDC
DestroyIcon
GetSystemMetricsForDpi
DrawIconEx
SetMenuItemInfoW
GetMenu
GetDpiForSystem
CreateIconIndirect
GetCIMSSM
GetSubMenu
SystemParametersInfoW
GetWindowInfo
OffsetRect
GetGUIThreadInfo
SetPropW
DestroyWindow
CreateWindowExW
GetIconInfo
UpdateLayeredWindow
SetWindowPos
GetMessageExtraInfo
RemovePropW
GetMenuBarInfo
GetMenuInfo
PostMessageW
GetClientRect
SetMenuInfo
EnumThreadWindows
FindWindowExW
SetMessageExtraInfo
KillTimer

gdi32

GetStockObject
ExcludeClipRect
DeleteDC
StretchDIBits
GdiAlphaBlend
CreateCompatibleDC
GetObjectW
GetTextExtentExPointW
GetObjectType
DeleteObject
GetLayout
SelectObject
RestoreDC
SaveDC
CreateFontW
CreateFontIndirectW
GetBitmapBits
CreateBitmap
GdiFlush
GetBitmapDimensionEx
SetBitmapDimensionEx
SetBitmapBits
SetLayout
GetTextColor
SetTextColor
GdiDrawStream
CreateDPIScaledDIBSection
GetDCDpiScaleValue
SetBkMode
GetCurrentObject
SetBkColor
ExtTextOutW
GetDCBrushColor
BitBlt
StretchBlt
CreateDIBSection

kernel32

GetCurrentApplicationUserModelId
GetApplicationUserModelId

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf_s
__stdio_common_vsprintf_s

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table
_register_onexit_function
_initterm_e
_initterm
_cexit
_crt_atexit
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table

api-ms-win-crt-heap-l1-1-0

calloc
_callnewh
free
malloc

api-ms-win-crt-string-l1-1-0

memset
_wcsicmp
wcsncmp
wcsncpy_s
wcscpy_s
wcscat_s
_wcsnicmp

ntdll

RtlInitUnicodeString
NtResumeThread
RtlAdjustPrivilege
NtAlpcSendWaitReceivePort

api-ms-win-crt-private-l1-1-0

memcpy
__std_type_info_destroy_list
_CxxThrowException
wcschr
__std_exception_destroy
__std_exception_copy
_except_handler4_common
__CxxFrameHandler3

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemWindowsDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-shcore-stream-l1-1-0

SHCreateStreamOnFileW

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-crt-utility-l1-1-0

bsearch

api-ms-win-crt-math-l1-1-0

_libm_sse2_acos_precise
_libm_sse2_cos_precise
_libm_sse2_sin_precise

Exports

Exports

InitDarkMagic
LoadRemote

Sections

.text
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 328B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/Start/Orbs/Windows 7.orb
.dll windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 294KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/Start/Orbs/clover.svg
$TEMP/Start/Orbs/e1evenorb-pr.png
.png
$TEMP/Start/Orbs/w8logo.svg
$TEMP/Start/Ribbon/theme-dark/Windows.AddRemovePrograms.svg
.xml
$TEMP/Start/Ribbon/theme-dark/Windows.Computer.Manage.svg
.xml
$TEMP/Start/Ribbon/theme-dark/Windows.CopyToMenu.svg
.xml
$TEMP/Start/Ribbon/theme-dark/Windows.MoveToMenu.svg
.xml
$TEMP/Start/Ribbon/theme-dark/Windows.MultiVerb.cmd.svg
.xml
$TEMP/Start/Ribbon/theme-dark/Windows.MultiVerb.cmdPromptAsAdministrator.svg
.xml
$TEMP/Start/Ribbon/theme-dark/Windows.RibbonPermissionsDialog.svg
.xml
$TEMP/Start/Ribbon/theme-dark/Windows.shareprivate.svg
.xml
$TEMP/Start/Ribbon/theme-dark/accessmedia.svg
$TEMP/Start/Ribbon/theme-dark/easyaccess.svg
.xml
$TEMP/Start/Ribbon/theme-dark/windows.SystemProperties.svg
.xml
$TEMP/Start/Ribbon/theme-dark/windows.folderoptions.svg
$TEMP/Start/Ribbon/theme-dark/windows.help.svg
.xml
$TEMP/Start/Ribbon/theme-dark/windows.hideSelected.svg
.xml
$TEMP/Start/Ribbon/theme-dark/windows.layout.svg
.xml
$TEMP/Start/Ribbon/theme-dark/windows.open.svg
.xml
$TEMP/Start/Ribbon/theme-dark/windows.opencontrolpanel.svg
$TEMP/Start/Ribbon/theme-dark/windows.pastelink.svg
$TEMP/Start/Ribbon/theme-dark/windows.removeproperties.svg
.xml
$TEMP/Start/Ribbon/theme-dark/windows.slideshow.svg
.xml
$TEMP/Start/Ribbon/theme-dark/windows.troubleshoot.svg
$TEMP/Start/Ribbon/theme-light/Windows.AddRemovePrograms.svg
$TEMP/Start/Ribbon/theme-light/Windows.Computer.Manage.svg
$TEMP/Start/Ribbon/theme-light/Windows.CopyToMenu.svg
.xml
$TEMP/Start/Ribbon/theme-light/Windows.MoveToMenu.svg
$TEMP/Start/Ribbon/theme-light/Windows.MultiVerb.cmd.svg
.xml
$TEMP/Start/Ribbon/theme-light/Windows.MultiVerb.cmdPromptAsAdministrator.svg
.xml
$TEMP/Start/Ribbon/theme-light/Windows.RibbonPermissionsDialog.svg
.xml
$TEMP/Start/Ribbon/theme-light/Windows.shareprivate.svg
.xml
$TEMP/Start/Ribbon/theme-light/accessmedia.svg
$TEMP/Start/Ribbon/theme-light/easyaccess.svg
.xml
$TEMP/Start/Ribbon/theme-light/windows.SystemProperties.svg
$TEMP/Start/Ribbon/theme-light/windows.edit.svg
.xml
$TEMP/Start/Ribbon/theme-light/windows.email.svg
.xml
$TEMP/Start/Ribbon/theme-light/windows.folderoptions.svg
$TEMP/Start/Ribbon/theme-light/windows.help.svg
.xml
$TEMP/Start/Ribbon/theme-light/windows.hideSelected.svg
.xml
$TEMP/Start/Ribbon/theme-light/windows.layout.svg
.xml
$TEMP/Start/Ribbon/theme-light/windows.open.svg
$TEMP/Start/Ribbon/theme-light/windows.openControlPanel.svg
$TEMP/Start/Ribbon/theme-light/windows.pastelink.svg
$TEMP/Start/Ribbon/theme-light/windows.removeproperties.svg
.xml
$TEMP/Start/Ribbon/theme-light/windows.slideshow.svg
.xml
$TEMP/Start/Ribbon/theme-light/windows.troubleshoot.svg
$TEMP/Start/StartAllBackCfg.exe
.exe windows:5 windows x64 arch:x64

2ad892f6a22b09b1f23184cc43e2a957

Code Sign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

20:c1:88:80:ce:b5:61:19:64:5b:f6:7f
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

08/02/2024, 14:45

Not After

10/03/2027, 14:45

Subject

CN=IP Zinukhov Stanislav Igorevich,O=IP Zinukhov Stanislav Igorevich,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:00:05:e5:cf:0f:ff:66:2e:c9:87:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

19/11/2020, 20:32

Not After

19/11/2035, 20:42

Subject

CN=Microsoft Public RSA Timestamping CA 2020,O=Microsoft Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:3d:d1:9f:e2:d4:41:cd:e3:40:00:00:00:00:00:3d
Certificate

Issuer

CN=Microsoft Public RSA Timestamping CA 2020,O=Microsoft Corporation,C=US

Not Before

18/04/2024, 17:59

Not After

17/04/2025, 17:59

Subject

CN=Microsoft Public RSA Time Stamping Authority,OU=Microsoft Ireland Operations Limited+OU=Thales TSS ESN:C392-9641-4540,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

c4:53:64:33:03:08:35:f4:cc:b5:cc:aa:07:c9:a0:d2:82:e3:06:d9:64:d2:6d:f0:5a:eb:45:af:fc:20:41:fd
Signer

Actual PE Digest

c4:53:64:33:03:08:35:f4:cc:b5:cc:aa:07:c9:a0:d2:82:e3:06:d9:64:d2:6d:f0:5a:eb:45:af:fc:20:41:fd

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
GetErrorInfo
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
RegSetValueExW
RegSetKeySecurity
RegQueryInfoKeyW
RegFlushKey
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
InitializeSecurityDescriptor
FreeSid
AllocateAndInitializeSid
SetNamedSecurityInfoW
SetEntriesInAclW
RegDeleteTreeW
RegDeleteKeyExW
RegDeleteKeyValueW

user32

MessageBoxA
CharNextW
LoadStringW
SetClassLongPtrW
GetClassLongPtrW
SetWindowLongPtrW
GetWindowLongPtrW
CreateWindowExW
WindowFromPoint
WindowFromDC
WaitMessage
UpdateLayeredWindow
UpdateWindow
UnregisterClassW
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
TrackMouseEvent
SystemParametersInfoW
ShowWindow
ShowScrollBar
ShowOwnedPopups
ShowCaret
SetWindowRgn
SetWindowsHookExW
SetWindowTextW
SetWindowPos
SetWindowPlacement
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRectEmpty
SetRect
SetPropW
SetParent
SetMenuItemInfoW
SetMenu
SetForegroundWindow
SetFocus
SetCursor
SetCapture
SetActiveWindow
SendNotifyMessageW
SendMessageA
SendMessageW
SendDlgItemMessageW
ScrollWindow
ScreenToClient
RemovePropW
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
RegisterClipboardFormatW
RegisterClassW
RedrawWindow
PtInRect
PostQuitMessage
PostMessageW
PeekMessageA
PeekMessageW
OffsetRect
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MessageBoxW
MessageBeep
MapWindowPoints
MapVirtualKeyW
LoadKeyboardLayoutW
LoadImageW
LoadIconW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsIconic
IsDialogMessageA
IsDialogMessageW
IsChild
IsCharAlphaNumericW
InvalidateRect
InsertMenuItemW
InsertMenuW
InflateRect
HideCaret
GetWindowThreadProcessId
GetWindowTextW
GetWindowRect
GetWindowPlacement
GetWindowDC
GetUpdateRect
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetScrollBarInfo
GetPropW
GetParent
GetWindow
GetMessagePos
GetMessageExtraInfo
GetMenuStringW
GetMenuState
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetIconInfo
GetForegroundWindow
GetFocus
GetDlgCtrlID
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassNameW
GetClassInfoExW
GetClassInfoW
GetCapture
GetAncestor
GetActiveWindow
FrameRect
FindWindowExW
FindWindowW
FillRect
ExitWindowsEx
EnumWindows
EnumThreadWindows
EnumChildWindows
EndPaint
EndMenu
EnableWindow
EnableScrollBar
EnableMenuItem
DrawTextExW
DrawTextW
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageA
DispatchMessageW
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
CreatePopupMenu
CreateMenu
CreateIcon
CopyImage
ClientToScreen
ChildWindowFromPoint
CheckMenuItem
CharUpperBuffW
CharUpperW
CharLowerBuffW
CharLowerW
CallWindowProcW
CallNextHookEx
BeginPaint
AdjustWindowRectEx
ActivateKeyboardLayout
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromPoint
MonitorFromWindow
SetProcessDefaultLayout
SwitchToThisWindow
GetShellWindow
GetDpiForWindow

kernel32

Sleep
VirtualFree
VirtualAlloc
HeapFree
HeapAlloc
GetProcessHeap
lstrlenW
lstrcpynW
VirtualQuery
QueryPerformanceCounter
GetTickCount
GetSystemInfo
GetVersion
CompareStringW
IsValidLocale
SetThreadLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetACP
LoadLibraryExW
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetCommandLineW
FreeLibrary
GetLastError
UnhandledExceptionFilter
RtlUnwindEx
RtlUnwind
RaiseException
ExitProcess
ExitThread
SwitchToThread
GetCurrentThreadId
CreateThread
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FindFirstFileW
FindClose
WriteFile
GetStdHandle
CloseHandle
LoadLibraryA
TlsSetValue
TlsGetValue
LocalFree
LocalAlloc
lstrcpyW
lstrcmpiW
lstrcmpW
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQueryEx
UnmapViewOfFile
SuspendThread
SizeofResource
SetThreadPriority
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
RemoveDirectoryW
ReadFile
QueueUserWorkItem
OpenFileMappingW
MulDiv
MoveFileExW
MapViewOfFile
LockResource
LoadResource
LoadLibraryW
GlobalUnlock
GlobalLock
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetWindowsDirectoryW
GetVersionExW
GetThreadPriority
GetThreadLocale
GetTempPathW
GetSystemTime
GetLocalTime
GetFullPathNameW
GetFileAttributesW
GetExitCodeThread
GetExitCodeProcess
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCPInfoExW
GetCPInfo
FreeResource
FormatMessageW
FindResourceW
FindNextFileW
FileTimeToSystemTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExpandEnvironmentStringsW
EnumSystemLocalesW
EnumCalendarInfoW
DeleteFileW
CreateProcessW
CreateFileMappingW
CreateFileW
CreateEventW
CreateDirectoryW
CopyFileW
AddAtomW
GetUserPreferredUILanguages
CheckElevationEnabled
GetSystemWindowsDirectoryW
IsWow64Process2

msimg32

GradientFill
AlphaBlend

gdi32

UnrealizeObject
StretchBlt
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetEnhMetaFileBits
SetDIBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
SelectClipRgn
SaveDC
RoundRect
RestoreDC
Rectangle
RectVisible
RealizePalette
Polyline
Polygon
PolyBezierTo
PolyBezier
PlayEnhMetaFile
Pie
PatBlt
MoveToEx
MaskBlt
LineTo
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsW
GetTextExtentPointW
GetTextExtentPoint32W
GetTextColor
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectW
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetCurrentPositionEx
GetCurrentObject
GetClipBox
GetBrushOrgEx
GetBitmapBits
GdiFlush
FrameRgn
ExtTextOutW
ExtFloodFill
ExcludeClipRect
EndPage
EndDoc
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePenIndirect
CreatePalette
CreateICW
CreateHalftonePalette
CreateFontIndirectW
CreateFontW
CreateDIBitmap
CreateDIBSection
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileW
Chord
BitBlt
ArcTo
Arc
AngleArc
GdiAlphaBlend
SetLayout
GetLayout

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoUninitialize
CoInitializeEx
CoInitialize
IsEqualGUID

comctl32

InitializeFlatSB
FlatSB_SetScrollProp
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollInfo
_TrackMouseEvent
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Remove
ImageList_DrawIndirect
ImageList_DrawEx
ImageList_AddMasked
ImageList_Replace
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
InitCommonControls

shell32

SHFileOperationW
ShellExecuteExW
ShellExecuteW
Shell_NotifyIconW
SHAppBarMessage
SHGetSpecialFolderPathW
SHAddToRecentDocs
SHDefExtractIconW
ord896
ILSaveToStream
ILLoadFromStreamEx

wininet

InternetReadFile
InternetOpenUrlW
InternetOpenW
InternetCloseHandle

comdlg32

ChooseFontW
ChooseColorW

winspool.drv

OpenPrinterW
EnumPrintersW
DocumentPropertiesW
ClosePrinter
GetDefaultPrinterW

shlwapi

PathParseIconLocationW
PathIsNetworkPathW
PathFindFileNameW
PathFileExistsW
PathCanonicalizeW
PathAppendW
PathAddBackslashW
StrCatW
StrDupW
StrCmpNIW
SHLoadIndirectString
SHOpenRegStream2W
StrToInt64ExW

ntdll

RtlAdjustPrivilege

gdiplus

GdipDrawImageRectRectI
GdipDrawImageRectI
GdipFillPath
GdipFillEllipseI
GdipGraphicsClear
GdipDrawPath
GdipSetInterpolationMode
GdipSetPixelOffsetMode
GdipSetSmoothingMode
GdipSetCompositingMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipLoadImageFromFileICM
GdipLoadImageFromFile
GdipSetPenDashStyle
GdipDeletePen
GdipCreatePen1
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipAddPathArcI
GdipClosePathFigure
GdipDeletePath
GdipCreatePath
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc

shcore

GetDpiForMonitor
ord200

uxtheme

ord121
ord120
SetWindowTheme

wtsapi32

WTSTerminateProcess

winmm

PlaySoundW

crypt32

CryptStringToBinaryA

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 165KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 39KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 484B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/Start/StartAllBackLoaderX64.dll
.dll windows:6 windows x64 arch:x64

8d84ac60d65a19835a8dc294d87b31f8

Code Sign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

20:c1:88:80:ce:b5:61:19:64:5b:f6:7f
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

08/02/2024, 14:45

Not After

10/03/2027, 14:45

Subject

CN=IP Zinukhov Stanislav Igorevich,O=IP Zinukhov Stanislav Igorevich,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:00:05:e5:cf:0f:ff:66:2e:c9:87:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

19/11/2020, 20:32

Not After

19/11/2035, 20:42

Subject

CN=Microsoft Public RSA Timestamping CA 2020,O=Microsoft Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:3e:d9:35:92:f7:b0:19:42:29:00:00:00:00:00:3e
Certificate

Issuer

CN=Microsoft Public RSA Timestamping CA 2020,O=Microsoft Corporation,C=US

Not Before

18/04/2024, 17:59

Not After

17/04/2025, 17:59

Subject

CN=Microsoft Public RSA Time Stamping Authority,OU=Microsoft Ireland Operations Limited+OU=Thales TSS ESN:91A2-966C-63FB,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

56:f9:33:40:e4:ae:87:eb:0c:8b:0d:86:54:d3:37:a9:d4:c8:51:dc:77:9d:28:38:41:91:89:1d:98:d3:ad:3f
Signer

Actual PE Digest

56:f9:33:40:e4:ae:87:eb:0c:8b:0d:86:54:d3:37:a9:d4:c8:51:dc:77:9d:28:38:41:91:89:1d:98:d3:ad:3f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\StartAllBack\StartIsBack11\Release\StartAllBackLoaderX64.pdb

Imports

api-ms-win-core-path-l1-1-0

PathCchRemoveFileSpec
PathCchAppend

kernel32

FreeLibrary
OutputDebugStringA
GetModuleFileNameW
WaitForSingleObject
GetVersion
DisableThreadLibraryCalls
CloseHandle
LoadLibraryW
GetProcAddress
CreateProcessW
GetModuleHandleW

user32

IsWindow
GetShellWindow

advapi32

RegDeleteKeyW

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 1024B - Virtual size: 611B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/Start/StartAllBackX64.dll
.dll windows:6 windows x64 arch:x64

72ae2a8cf482858c5c2c9c80cfe8c627

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\StartAllBack\StartIsBack11\Release\StartAllBackX64.pdb

Imports

shlwapi

PathRemoveBlanksW
ord12
ord176
SHOpenRegStream2W
ord172
StrCmpNW
ord16
PathAddBackslashW
PathFindExtensionW
PathParseIconLocationW
StrNCatW
StrCpyNW
StrCmpNIW
ord219
PathRemoveFileSpecW
PathRemoveExtensionW
PathAppendW
StrCSpnA
StrStrIA
HashData
StrStrNIW
ord158
ord215
UrlCreateFromPathW
PathAddExtensionW
StrToInt64ExW
StrChrW
PathCommonPrefixW
GetMenuPosFromID
AssocQueryKeyW
ord10
ord8
AssocQueryStringW
PathIsNetworkPathW
StrTrimW
ord513
ord212
ord512
ord184
ord388
StrCmpIW
ord168
PathIsRootW
PathStripToRootW
PathIsFileSpecW
ord256
PathIsUNCW
PathIsDirectoryW
PathIsRelativeW
StrStrW
SHRegGetValueW
StrToIntW
PathFileExistsW
PathRemoveBackslashW
SHStrDupW
ord174
StrStrIW
UrlIsW
PathCreateFromUrlW
SHGetValueW
StrCmpW
SHCreateStreamOnFileW
PathFindFileNameW
ord487

dwmapi

ord138
ord139
ord140
ord113
ord141
DwmSetWindowAttribute
ord114
ord147
ord162
ord163
ord187
ord164
DwmEnableBlurBehindWindow
DwmGetWindowAttribute
DwmExtendFrameIntoClientArea
DwmUnregisterThumbnail
ord159
DwmQueryThumbnailSourceSize

uxtheme

BufferedPaintUnInit
IsThemePartDefined
GetThemePropertyOrigin
GetThemeTextExtent
GetThemeRect
GetThemeFont
GetThemeBackgroundExtent
GetThemeBackgroundRegion
GetThemeBool
GetThemeMargins
GetBufferedPaintTargetDC
BufferedPaintInit
ord121
ord120
ord139
ord126
ord50
ord16
ord140
ord135
ord49
ord74
ord133
ord132
ord138
GetThemeMetric
GetThemePartSize
BufferedPaintSetAlpha
GetCurrentThemeName
EndBufferedAnimation
DrawThemeBackground
SetWindowTheme
SetWindowThemeAttribute
OpenThemeData
GetThemeBitmap
CloseThemeData
GetThemeInt
GetThemeEnumValue
GetThemeColor
BeginBufferedPaint
EndBufferedPaint
ord47
DrawThemeParentBackground
OpenThemeDataForDpi
DrawThemeTextEx
DrawThemeText
IsThemeBackgroundPartiallyTransparent
GetThemeBackgroundContentRect

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoUninitialize
RoActivateInstance
RoInitialize

ntdll

RtlAdjustPrivilege
RtlInitUnicodeString
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlQueryWnfStateData

msvcrt

strcmp
sqrt
sin
vsprintf_s
??2@YAPEAX_K@Z
wcschr
_wcsnicmp
wcscpy_s
wcscat_s
wcsncmp
malloc
free
_wcsicmp
vswprintf_s
_vsnwprintf
isspace
tolower
isprint
wcsstr
_itow_s
wcstok_s
abort
swscanf_s
__C_specific_handler
wcsrchr
_wtoi
??_U@YAPEAX_K@Z
rand_s
??_V@YAXPEAX@Z
??3@YAXPEAX@Z
atoi
_unlock
__dllonexit
_lock
_XcptFilter
_onexit
??1type_info@@UEAA@XZ
__CxxFrameHandler3
wcscmp
_initterm
memset
memmove
memcpy
memcmp
floor
cos
ceil
acos
wcsncpy_s
bsearch
_amsg_exit

gdi32

GetCharWidth32W
GetGlyphIndicesW
GetLayout
SelectClipRgn
OffsetClipRgn
TextOutW
SetWindowOrgEx
GetBitmapBits
GetTextColor
GetBkColor
SetBkMode
CreateFontW
GetDCDpiScaleValue
GdiDrawStream
GetBkMode
SetBoundsRect
GetBoundsRect
OffsetRgn
SetViewportOrgEx
GetTextExtentPoint32W
CreateDIBSection
GetDeviceCaps
AddFontResourceExW
StretchBlt
GetObjectW
SetBitmapBits
CreateRectRgn
GetClipBox
CreateSolidBrush
CreateCompatibleDC
CreateFontIndirectW
SelectObject
GetTextExtentPointW
DeleteDC
DeleteObject
SetLayout
BitBlt
SetTextColor
SetBkColor
ExtTextOutW
GdiAlphaBlend
ExcludeClipRect
CreateRectRgnIndirect
GetStockObject
GetCurrentObject
CombineRgn
GetRgnBox
GdiFlush
SaveDC
CreateDPIScaledDIBSection
RestoreDC
CreateBitmap

user32

RegisterClassW
CreateWindowExW
SetPropW
DestroyWindow
SetWindowPos
TrackMouseEvent
SendMessageW
GetClientRect
GetWindowRect
GetAncestor
DestroyMenu
FindWindowExW
GetWindowTextW
GetParent
MapWindowPoints
GetPropW
GetDpiForWindow
SetTimer
KillTimer
GetClassWord
RegisterWindowMessageW
SendMessageTimeoutW
GetWindowLongW
GetSystemMetricsForDpi
SetWindowRgn
EqualRect
IsZoomed
SetClassLongPtrW
GetSysColorBrush
InvalidateRect
SystemParametersInfoForDpi
IsWindowVisible
FindWindowW
InflateRect
MonitorFromPoint
GetWindowRgnBox
CallNextHookEx
GetWindowThreadProcessId
SetWindowsHookExW
UnhookWindowsHookEx
SetFocus
GetDoubleClickTime
ShowWindow
EnumChildWindows
RedrawWindow
GetDCEx
ReleaseDC
FillRect
BeginPaint
GetWindowInfo
GetDlgItem
OffsetRect
EndPaint
GetMonitorInfoW
GetClassLongPtrW
GetSysColor
GetSystemMetrics
GetComboBoxInfo
SystemParametersInfoW
DrawFocusRect
GetClassNameW
LoadImageW
SetWinEventHook
RemovePropW
GetGUIThreadInfo
IsChild
MonitorFromWindow
UpdateLayeredWindow
GetWindowRgn
SetRect
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetWindow
LockSetForegroundWindow
GetFocus
IsWindow
SetLayeredWindowAttributes
PeekMessageW
NotifyWinEvent
DispatchMessageW
GetMessagePos
WindowFromPoint
ScreenToClient
ClientToScreen
GetCapture
GetNextDlgGroupItem
CreatePopupMenu
InsertMenuW
LoadMenuW
GetMenuStringW
GetSubMenu
CheckMenuRadioItem
GetMenuItemCount
CheckMenuItem
TrackPopupMenu
ReleaseCapture
PtInRect
DragDetect
SetCapture
SetMenuItemBitmaps
DrawTextW
GetPointerDevices
UnhookWinEvent
IsCharAlphaNumericA
DestroyIcon
CreateIconIndirect
SetCursor
RegisterClassExW
PostQuitMessage
SetThreadDpiAwarenessContext
GetCursorPos
SetWindowTextW
MsgWaitForMultipleObjectsEx
EnumDisplayDevicesW
EnumDisplayMonitors
SetActiveWindow
GetForegroundWindow
SetMenuDefaultItem
CreateDialogParamW
GetDlgItemTextW
SetDlgItemTextW
IntersectRect
SendDlgItemMessageW
EndDialog
DialogBoxParamW
GetActiveWindow
TranslateMessage
GetMenuItemID
GetMenuDefaultItem
GetAsyncKeyState
GetDC
GetShellWindow
ExitWindowsEx
GetMenuState
DeleteMenu
SetMenuItemInfoW
EnableWindow
IsCharAlphaNumericW
IsCharAlphaW
CharNextW
WindowFromDC
CharLowerW
EnumThreadWindows
SetSysColors
IsRectEmpty
UnregisterClassW
MonitorFromRect
FrameRect
IsIconic
ShowWindowAsync
SwitchToThisWindow
InternalGetWindowText
ModifyMenuW
DrawEdge
DrawTextExW
PrintWindow
TrackPopupMenuEx
SetForegroundWindow
GetDesktopWindow
CopyIcon
SetRectEmpty
IsWindowEnabled
GetLayeredWindowAttributes
GetLastActivePopup
SendNotifyMessageW
GetSystemMenu
DeregisterShellHookWindow
EnumWindows
UnionRect
CalculatePopupWindowPosition
GetMessageExtraInfo
SetMessageExtraInfo
SendMessageCallbackW
CharUpperW
GetScrollInfo
SetScrollPos
GetScrollPos
SetScrollInfo
GetWindowPlacement
CheckDlgButton
IsDlgButtonChecked
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetCursorInfo
SubtractRect
RemoveMenu
GetDlgCtrlID
GetIconInfoExW
AllowSetForegroundWindow
RegisterPointerDeviceNotifications
GetIconInfo
CopyImage
SetCursorPos
SetWindowLongW
SetWindowPlacement
PostThreadMessageW
RegisterHotKey
EndTask
CallWindowProcW
GetDpiForSystem
DrawIconEx
GetMenuItemInfoW
RegisterClipboardFormatW
ChildWindowFromPointEx
AppendMenuW
InsertMenuItemW
IsMenu
GetMessageW
GetCurrentInputMessageSource
GetCIMSSM
DefWindowProcW
GetWindowLongPtrW
SetWindowLongPtrW
PostMessageW
LoadStringW
GetKeyState
wsprintfW
wsprintfA
LoadCursorW
SetWindowCompositionAttribute
GetWindowBand
ord2509
ord2510
SetWindowBand
IsInDesktopWindowBand
ord2574
ord2569
ord2573
IsTopLevelWindow
GhostWindowFromHungWindow
ord2524
HungWindowFromGhostWindow
ord2572
ord2005
GetWindowDC
GetDpiForMonitorInternal

kernel32

CompareFileTime
SetFileAttributesW
GetFileAttributesW
RemoveDirectoryW
CreateDirectoryW
lstrcmpiA
SetUnhandledExceptionFilter
GetLastError
CreateProcessW
CreateTimerQueueTimer
DeleteTimerQueueTimer
FindCloseChangeNotification
FindFirstChangeNotificationW
FindNextChangeNotification
MoveFileW
lstrcpynW
TlsSetValue
TlsAlloc
FindPackagesByPackageFamily
TlsGetValue
MoveFileExW
ParseApplicationUserModelId
QueueUserAPC
PackageFamilyNameFromFullName
GetUserPreferredUILanguages
CreateMutexW
FormatMessageW
QueueUserWorkItem
GlobalFree
GlobalAlloc
GetSystemFirmwareTable
CreateFileA
Sleep
LoadLibraryW
GetModuleFileNameW
ExpandEnvironmentStringsW
SubmitThreadpoolWork
GetCurrentThread
GetThreadPriority
DeleteCriticalSection
CloseThreadpoolWork
WaitForThreadpoolWorkCallbacks
CreateThreadpoolWork
GetModuleHandleExW
SetErrorMode
FreeLibrary
DeleteAtom
AddAtomW
FindAtomW
DeactivateActCtx
DeleteFileW
OpenThread
CreateThreadpool
SetThreadpoolThreadMinimum
SetThreadpoolThreadMaximum
GetWindowsDirectoryW
GetModuleHandleA
OpenProcess
QueryFullProcessImageNameW
CloseThreadpool
TrySubmitThreadpoolCallback
ReleaseMutex
UnmapViewOfFile
MapViewOfFile
GetPrivateProfileStringW
GetPrivateProfileIntW
lstrcmpA
ResolveDelayLoadedAPI
GetProcessId
GetApplicationUserModelId
LocalAlloc
ExitThread
LocalFree
GetTickCount64
GlobalLock
GlobalUnlock
QueryPerformanceCounter
QueryPerformanceFrequency
ResetEvent
UnregisterWait
GetTempPathW
GetVersionExW
DisableThreadLibraryCalls
GetCurrentActCtx
GlobalAddAtomW
GetUserDefaultUILanguage
GetComputerNameExW
lstrcpynA
RtlVirtualUnwind
RtlLookupFunctionEntry
LCMapStringW
ActivateActCtx
GetTickCount
SetThreadPriority
CreateThread
WaitForSingleObject
UnregisterWaitEx
CreateEventW
RegisterWaitForSingleObject
GetCurrentProcessId
ProcessIdToSessionId
VirtualLock
TerminateProcess
GetLocalTime
EnumDateFormatsExEx
GetDynamicTimeZoneInformation
GetTimeFormatEx
RtlCaptureContext
UnhandledExceptionFilter
IsProcessorFeaturePresent
DelayLoadFailureHook
WaitForSingleObjectEx
SleepEx
IsWow64Process2
FindFirstFileW
FindNextFileW
FindClose
GetCurrentApplicationUserModelId
GetPackagesByPackageFamily
OutputDebugStringA
GetSystemWindowsDirectoryW
GetVolumeNameForVolumeMountPointW
lstrlenW
CreateFileW
DeviceIoControl
CloseHandle
lstrcpyA
lstrlenA
lstrcatA
GetSystemTimeAsFileTime
FileTimeToSystemTime
lstrcpyW
lstrcmpiW
RaiseException
VirtualProtect
GetFileAttributesExW
DebugBreak
OpenEventW
SetEvent
GetCurrentProcess
GetProcAddress
GetModuleHandleW
MulDiv
InitOnceExecuteOnce
GetCurrentThreadId
LoadLibraryExW
InitOnceBeginInitialize
InitOnceComplete
lstrcmpW
FindResourceW
LoadResource
SizeofResource
CompareStringOrdinal
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetSystemTime
SystemTimeToTzSpecificLocalTimeEx
GetDateFormatEx

advapi32

GetUserNameW
RegQueryValueW
RegEnumKeyExW
RegDeleteTreeW
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegDeleteKeyValueW
RegOpenKeyExW
RegNotifyChangeKeyValue
RegCreateKeyExW
EnumDynamicTimeZoneInformation
RegEnumKeyW
RegOpenKeyW
GetSidSubAuthority
RegGetValueW
RegSetKeyValueW
RegCreateKeyW
RegQueryInfoKeyW
RegCreateKeyExA
RegQueryValueExA
RegDeleteValueA
RegSetValueExA
RegCloseKey
RegQueryValueA
RegOpenKeyExA

shell32

ord196
SHFileOperationW
ord62
ord645
ord644
ord88
SHParseDisplayName
ord98
SHGetDesktopFolder
SHGetFolderLocation
ord17
ord727
ord23
SHBindToParent
ord193
SHCreateItemWithParent
ord155
ord152
ord16
ord18
ord25
ord190
ord256
SHCreateDataObject
SHCreateDefaultContextMenu
AssocCreateForClasses
SHCreateShellItemArrayFromIDLists
SHGetStockIconInfo
ord6
SHCreateShellItemArrayFromDataObject
SHAssocEnumHandlers
SHGetKnownFolderPath
ord100
SHBindToObject
SHCreateItemFromParsingName
SHAppBarMessage
ord67
ShellExecuteExW
ord846
ord27
ord21
ord68
SHGetKnownFolderIDList
ord22
ord132
ord2
ord4
ord134
SHGetFileInfoW
SHGetIDListFromObject
Shell_NotifyIconW
ShellExecuteW
SHGetFolderPathW
SHCreateItemInKnownFolder
SHGetPropertyStoreForWindow
Shell_NotifyIconGetRect
SHCreateItemFromIDList
SHCreateDefaultExtractIcon
SHChangeNotify
SHGetNameFromIDList
ord162
Shell_GetCachedImageIndexW
SHOpenFolderAndSelectItems
SHGetSpecialFolderPathW

ole32

CoAllowSetForegroundWindow
CLSIDFromString
CoGetInterfaceAndReleaseStream
CreateStreamOnHGlobal
CoInitializeEx
StringFromGUID2
CoCreateFreeThreadedMarshaler
ReleaseStgMedium
CoUninitialize
CoInitialize
RevokeDragDrop
RegisterDragDrop
CoCreateInstance
PropVariantClear
CoTaskMemAlloc
CoTaskMemFree
CoWaitForMultipleHandles
CoCreateGuid
CoMarshalInterThreadInterfaceInStream

Exports

Exports

DllCanUnloadNow
DllGetClassObject
GlassControls
LoadSVG
LoadSVGOrb
PickGlyphDlg
Startup
UninstallW
Uninstall_AllUsersW

Sections

.text
Size: 627KB - Virtual size: 627KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 154KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/Start/Styles/Plain8.msstyles
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 110B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/Start/Styles/Windows 7.msstyles
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 375KB - Virtual size: 375KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 110B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/Start/UpdateCheck.exe
.exe windows:6 windows x64 arch:x64

a6767e5af8f68e41ed27add84b9aaad2

Code Sign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

20:c1:88:80:ce:b5:61:19:64:5b:f6:7f
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

08/02/2024, 14:45

Not After

10/03/2027, 14:45

Subject

CN=IP Zinukhov Stanislav Igorevich,O=IP Zinukhov Stanislav Igorevich,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:00:05:e5:cf:0f:ff:66:2e:c9:87:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

19/11/2020, 20:32

Not After

19/11/2035, 20:42

Subject

CN=Microsoft Public RSA Timestamping CA 2020,O=Microsoft Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:42:9a:c8:6f:a5:1b:a6:7d:06:00:00:00:00:00:42
Certificate

Issuer

CN=Microsoft Public RSA Timestamping CA 2020,O=Microsoft Corporation,C=US

Not Before

18/04/2024, 17:59

Not After

17/04/2025, 17:59

Subject

CN=Microsoft Public RSA Time Stamping Authority,OU=Microsoft Ireland Operations Limited+OU=nShield TSS ESN:451A-05E0-D947,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

d0:e2:ad:42:ac:78:02:ad:ff:15:e8:d7:61:ea:00:d9:d2:96:49:67:3a:06:67:60:30:a4:56:81:84:a7:07:51
Signer

Actual PE Digest

d0:e2:ad:42:ac:78:02:ad:ff:15:e8:d7:61:ea:00:d9:d2:96:49:67:3a:06:67:60:30:a4:56:81:84:a7:07:51

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\StartAllBack\StartIsBack11\Release\UpdateCheck.pdb

Imports

winhttp

WinHttpQueryHeaders
WinHttpReadData
WinHttpConnect
WinHttpReceiveResponse
WinHttpOpen
WinHttpOpenRequest
WinHttpCloseHandle
WinHttpSendRequest
WinHttpCrackUrl

shlwapi

PathFileExistsW
StrStrIW
ord12
StrTrimW
StrToIntW
SHStrDupW
PathFindFileNameW
ord487

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsCreateString
WindowsDeleteString
WindowsReplaceString
WindowsGetStringRawBuffer

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoActivateInstance
RoGetActivationFactory
RoUninitialize

xmllite

CreateXmlReader

api-ms-win-core-path-l1-1-0

PathCchAppend
PathCchRemoveFileSpec

wintrust

WinVerifyTrust

msvcrt

_wcmdln
exit
_cexit
_amsg_exit
_XcptFilter
__C_specific_handler
__wgetmainargs
??1type_info@@UEAA@XZ
wcscpy_s
??3@YAXPEAX@Z
memset
_vsnwprintf
malloc
free
vswprintf_s
__setusermatherr
_commode
_fmode
__set_app_type
?terminate@@YAXXZ
_initterm
_exit

wer

WerStoreGetFirstReportKey
WerpDeleteReport
WerStoreOpen
WerStoreClose
WerStoreQueryReportMetadataV2
WerStoreGetNextReportKey

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

comctl32

ord345
ord344

kernel32

Sleep
GetLastError
RaiseException
LoadLibraryW
GetVersionExW
ExitProcess
DebugBreak
CreateDirectoryW
WriteFile
WaitForSingleObject
CreateFileW
CreateEventW
GetCurrentThreadId
GetModuleFileNameW
lstrcmpiW
OutputDebugStringW
GetCommandLineW
lstrlenW
CreateMutexW
GetProcAddress
GetUserPreferredUILanguages
OpenProcess
DeleteFileW
CloseHandle
MoveFileExW
WTSGetActiveConsoleSessionId
CreateProcessW
GetSystemWindowsDirectoryW
GetStartupInfoW
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
GetModuleHandleW

user32

DestroyWindow
CreateWindowExW
GetSystemMetrics
DispatchMessageW
wvsprintfW
PeekMessageW
wsprintfW
SystemParametersInfoW
DefWindowProcW

advapi32

RegSetKeyValueW
RegCreateKeyW
RegGetValueW
RegCreateKeyExW
RegDeleteKeyValueW
RegDeleteKeyW
RegCloseKey
RegOpenKeyW

shell32

SHGetKnownFolderPath
ShellExecuteW

ole32

CoRevokeClassObject
CoRegisterClassObject
CoTaskMemFree
CoCreateInstance

oleaut32

SysAllocString

Exports

Exports

_invalid_parameter_noinfo_noreturn

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Сохранить текущие настройки в файл.cmd
Тихая установка.cmd

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 44KB

.rsrc Size: 41KB - Virtual size: 40KB

2017f2acbdaa42ab3e4adeb8b4c37e7b

Code Sign

33:30:0c:1c:03:b2:50:bf:53:e2:3d:da:31:bd:aaCertificate

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

ef:57:50:85:4a:2b:8d:e7:3a:4d:39:1e:27:77:6a:19:aa:e6:d3:c7Signer

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 784B

.data Size: 512B - Virtual size: 100B

.reloc Size: 1024B - Virtual size: 520B

421a02aae559045e04759aae146087eb

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 18KB - Virtual size: 17KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 322KB

.reloc Size: 2KB - Virtual size: 1KB

e75f4984b1f4f72162793ec77624ebf2

Code Sign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47Certificate

Extended Key Usages

Key Usages

20:c1:88:80:ce:b5:61:19:64:5b:f6:7fCertificate

Extended Key Usages

Key Usages

33:00:00:00:05:e5:cf:0f:ff:66:2e:c9:87:00:00:00:00:00:05Certificate

Extended Key Usages

Key Usages

33:00:00:00:3e:d9:35:92:f7:b0:19:42:29:00:00:00:00:00:3eCertificate

Extended Key Usages

Key Usages

5f:4b:8e:dc:30:c8:81:b1:5c:b6:7d:92:15:82:0c:cb:34:aa:c3:a0:af:78:73:e4:f2:22:44:1d:f1:09:71:89Signer

Headers

DLL Characteristics

File Characteristics

Imports

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 44KB

.rsrc
Size: 41KB - Virtual size: 40KB

33:30:0c:1c:03:b2:50:bf:53:e2:3d:da:31:bd:aa
Certificate

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

ef:57:50:85:4a:2b:8d:e7:3a:4d:39:1e:27:77:6a:19:aa:e6:d3:c7
Signer

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B

.text
Size: 18KB - Virtual size: 17KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 322KB

.reloc
Size: 2KB - Virtual size: 1KB

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

20:c1:88:80:ce:b5:61:19:64:5b:f6:7f
Certificate

33:00:00:00:05:e5:cf:0f:ff:66:2e:c9:87:00:00:00:00:00:05
Certificate

33:00:00:00:3e:d9:35:92:f7:b0:19:42:29:00:00:00:00:00:3e
Certificate

5f:4b:8e:dc:30:c8:81:b1:5c:b6:7d:92:15:82:0c:cb:34:aa:c3:a0:af:78:73:e4:f2:22:44:1d:f1:09:71:89
Signer

.text
Size: 512B - Virtual size: 154B

.rdata
Size: 1024B - Virtual size: 904B

.pdata
Size: 512B - Virtual size: 60B

.rsrc
Size: 512B - Virtual size: 480B

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

20:c1:88:80:ce:b5:61:19:64:5b:f6:7f
Certificate

33:00:00:00:05:e5:cf:0f:ff:66:2e:c9:87:00:00:00:00:00:05
Certificate

33:00:00:00:3e:d9:35:92:f7:b0:19:42:29:00:00:00:00:00:3e
Certificate

2e:ff:16:40:a9:38:0e:35:de:3d:c1:3d:25:87:b0:40:d2:51:15:12:3d:33:99:ef:15:bd:5f:52:a0:1a:1a:6d
Signer

.text
Size: 512B - Virtual size: 223B

.idata
Size: 1024B - Virtual size: 612B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 28B

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

20:c1:88:80:ce:b5:61:19:64:5b:f6:7f
Certificate

33:00:00:00:05:e5:cf:0f:ff:66:2e:c9:87:00:00:00:00:00:05
Certificate

33:00:00:00:42:9a:c8:6f:a5:1b:a6:7d:06:00:00:00:00:00:42
Certificate

53:dc:c8:00:3a:a2:f4:47:92:b6:2b:f8:4a:a9:d8:5a:4d:5d:ac:14:dd:11:2a:86:04:17:83:a0:0f:95:8a:da
Signer