Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc
Overview
overview
10Static
static
30f2a5ad669...3N.exe
windows7-x64
100f2a5ad669...3N.exe
windows10-2004-x64
10$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$TEMP/Imag...ng.dll
windows7-x64
1$TEMP/Imag...ng.dll
windows10-2004-x64
1$TEMP/Imag...64.dll
windows7-x64
1$TEMP/Imag...64.dll
windows10-2004-x64
1$TEMP/Imag...ew.exe
windows7-x64
6$TEMP/Imag...ew.exe
windows10-2004-x64
6$TEMP/Imag...64.exe
windows7-x64
6$TEMP/Imag...64.exe
windows10-2004-x64
6Static task
static1
2 signatures
Behavioral task
behavioral1
Sample
0f2a5ad669150d956034f1da43a65461ee4830d6bc7612228cb2b9aa53c4b873N.exe
Resource
win7-20240903-en
windows7-x64
15 signatures
150 seconds
Behavioral task
behavioral2
Sample
0f2a5ad669150d956034f1da43a65461ee4830d6bc7612228cb2b9aa53c4b873N.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
15 signatures
150 seconds
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240704-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral5
Sample
$TEMP/Image for Windows/ifwlang.dll
Resource
win7-20240903-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral6
Sample
$TEMP/Image for Windows/ifwlang.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral7
Sample
$TEMP/Image for Windows/ifwlang64.dll
Resource
win7-20240903-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral8
Sample
$TEMP/Image for Windows/ifwlang64.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral9
Sample
$TEMP/Image for Windows/imagew.exe
Resource
win7-20240903-en
windows7-x64
6 signatures
150 seconds
Behavioral task
behavioral10
Sample
$TEMP/Image for Windows/imagew.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
5 signatures
150 seconds
Behavioral task
behavioral11
Sample
$TEMP/Image for Windows/imagew64.exe
Resource
win7-20240903-en
windows7-x64
5 signatures
150 seconds
Behavioral task
behavioral12
Sample
$TEMP/Image for Windows/imagew64.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
4 signatures
150 seconds
General
-
Target
0f2a5ad669150d956034f1da43a65461ee4830d6bc7612228cb2b9aa53c4b873N.exe
-
Size
2.5MB
-
MD5
e8909167b2ea4081314283224e1d57b0
-
SHA1
a17b43d3e0105193fe55acfdc9a788f61e812737
-
SHA256
0f2a5ad669150d956034f1da43a65461ee4830d6bc7612228cb2b9aa53c4b873
-
SHA512
f5e6aaff331069f7e310988df43501123991c5064e37271fce86cb3cdd7434b6dd976b0f7ecb1acf3022fba7dcb20fdc32b536bfda6467b6f3b78b3992626008
-
SSDEEP
49152:VnQ0IhIQ1Qwd5mk6s6Fxzi5wdsCSRkgoHZ2QXrEODKWE/ESiAr1AIp10:VQ0qVEs6wwtgkR24ECKtcSLr1AI10
Score
3/10
Malware Config
Signatures
-
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.
resource 0f2a5ad669150d956034f1da43a65461ee4830d6bc7612228cb2b9aa53c4b873N.exe unpack001/$PLUGINSDIR/System.dll -
NSIS installer 2 IoCs
resource yara_rule sample nsis_installer_1 sample nsis_installer_2
Files
-
0f2a5ad669150d956034f1da43a65461ee4830d6bc7612228cb2b9aa53c4b873N.exe.exe windows:4 windows x86 arch:x86
7c2c71dfce9a27650634dc8b1ca03bf0
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
SetEnvironmentVariableA
CreateFileA
GetFileSize
GetModuleFileNameA
ReadFile
GetCurrentProcess
CopyFileA
Sleep
GetTickCount
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
lstrlenA
GetVersion
SetErrorMode
lstrcpynA
ExitProcess
SetFileAttributesA
GlobalLock
CreateThread
GetLastError
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
WriteFile
lstrcpyA
MoveFileExA
lstrcatA
GetSystemDirectoryA
GetProcAddress
GetExitCodeProcess
WaitForSingleObject
CompareFileTime
SetFileTime
GetFileAttributesA
SetCurrentDirectoryA
MoveFileA
GetFullPathNameA
GetShortPathNameA
SearchPathA
CloseHandle
lstrcmpiA
GlobalUnlock
GetDiskFreeSpaceA
lstrcmpA
DeleteFileA
FindFirstFileA
FindNextFileA
FindClose
SetFilePointer
GetPrivateProfileStringA
WritePrivateProfileStringA
MulDiv
MultiByteToWideChar
FreeLibrary
LoadLibraryExA
GetModuleHandleA
GlobalAlloc
GlobalFree
ExpandEnvironmentStringsA
user32
GetSystemMenu
SetClassLongA
EnableMenuItem
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
ScreenToClient
GetWindowRect
GetDlgItem
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
EndDialog
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
LoadImageA
CreateDialogParamA
SetTimer
SetWindowTextA
SetForegroundWindow
ShowWindow
SetWindowLongA
SendMessageTimeoutA
FindWindowExA
IsWindow
AppendMenuA
TrackPopupMenu
CreatePopupMenu
DrawTextA
EndPaint
DestroyWindow
wsprintfA
PostQuitMessage
gdi32
SelectObject
SetTextColor
SetBkMode
CreateFontIndirectA
CreateBrushIndirect
DeleteObject
GetDeviceCaps
SetBkColor
shell32
SHGetSpecialFolderLocation
ShellExecuteExA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
SHFileOperationA
advapi32
AdjustTokenPrivileges
RegCreateKeyExA
RegOpenKeyExA
SetFileSecurityA
OpenProcessToken
LookupPrivilegeValueA
RegEnumValueA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegEnumKeyA
comctl32
ImageList_Create
ImageList_AddMasked
ord17
ImageList_Destroy
ole32
OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance
Sections
.text Size: 24KB - Virtual size: 24KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 106KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ndata Size: - Virtual size: 36KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 31KB - Virtual size: 30KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/System.dll.dll windows:4 windows x86 arch:x86
8c8a576201f68de1a3f26fc723b9f30f
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
MultiByteToWideChar
GlobalFree
GlobalSize
lstrcpynA
lstrcpyA
GetProcAddress
VirtualFree
FreeLibrary
lstrlenA
LoadLibraryA
GetModuleHandleA
GlobalAlloc
WideCharToMultiByte
VirtualAlloc
VirtualProtect
GetLastError
user32
wsprintfA
ole32
StringFromGUID2
CLSIDFromString
Exports
Exports
Sections
.text Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 867B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 104B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1024B - Virtual size: 636B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$TEMP/Image for Windows/ifw.ini
-
$TEMP/Image for Windows/ifwlang.dll.dll windows:6 windows x86 arch:x86
Code Sign
08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before29/04/2021, 00:00Not After28/04/2036, 23:59SubjectCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
07:34:c0:22:c3:98:4a:03:25:bd:ac:4f:ea:e2:63:10Certificate
IssuerCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USNot Before07/07/2022, 00:00Not After30/07/2025, 23:59SubjectSERIALNUMBER=C27039-2001,CN=TeraByte\, Inc.,O=TeraByte\, Inc.,L=Las Vegas,ST=Nevada,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13064e6576616461,1.3.6.1.4.1.311.60.2.1.3=#13025553Extended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate
IssuerCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USNot Before14/07/2023, 00:00Not After13/10/2034, 23:59SubjectCN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before23/03/2022, 00:00Not After22/03/2037, 23:59SubjectCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before01/08/2022, 00:00Not After09/11/2031, 23:59SubjectCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
31:1f:dd:91:20:cd:00:d6:31:ab:3a:e8:20:7c:60:df:c3:23:3b:3b:f4:4b:68:0e:e3:20:c1:b6:fd:62:f6:79Signer
Actual PE Digest31:1f:dd:91:20:cd:00:d6:31:ab:3a:e8:20:7c:60:df:c3:23:3b:3b:f4:4b:68:0e:e3:20:c1:b6:fd:62:f6:79Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rdata Size: 512B - Virtual size: 112B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1.5MB - Virtual size: 1.5MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$TEMP/Image for Windows/ifwlang64.dll.dll windows:6 windows x64 arch:x64
Code Sign
08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before29/04/2021, 00:00Not After28/04/2036, 23:59SubjectCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
07:34:c0:22:c3:98:4a:03:25:bd:ac:4f:ea:e2:63:10Certificate
IssuerCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USNot Before07/07/2022, 00:00Not After30/07/2025, 23:59SubjectSERIALNUMBER=C27039-2001,CN=TeraByte\, Inc.,O=TeraByte\, Inc.,L=Las Vegas,ST=Nevada,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13064e6576616461,1.3.6.1.4.1.311.60.2.1.3=#13025553Extended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate
IssuerCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USNot Before14/07/2023, 00:00Not After13/10/2034, 23:59SubjectCN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before23/03/2022, 00:00Not After22/03/2037, 23:59SubjectCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before01/08/2022, 00:00Not After09/11/2031, 23:59SubjectCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
76:ab:72:cd:9c:ce:58:eb:75:fb:4b:3a:b3:0f:4a:03:0a:d5:67:6b:cb:cc:66:26:8e:8e:fd:f0:9e:bf:97:a4Signer
Actual PE Digest76:ab:72:cd:9c:ce:58:eb:75:fb:4b:3a:b3:0f:4a:03:0a:d5:67:6b:cb:cc:66:26:8e:8e:fd:f0:9e:bf:97:a4Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Sections
.rdata Size: 512B - Virtual size: 112B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1.5MB - Virtual size: 1.5MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$TEMP/Image for Windows/imagew.exe.exe windows:6 windows x86 arch:x86
e1434ffd59ab4636a69be302f22f58de
Code Sign
08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before29/04/2021, 00:00Not After28/04/2036, 23:59SubjectCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
07:34:c0:22:c3:98:4a:03:25:bd:ac:4f:ea:e2:63:10Certificate
IssuerCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USNot Before07/07/2022, 00:00Not After30/07/2025, 23:59SubjectSERIALNUMBER=C27039-2001,CN=TeraByte\, Inc.,O=TeraByte\, Inc.,L=Las Vegas,ST=Nevada,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13064e6576616461,1.3.6.1.4.1.311.60.2.1.3=#13025553Extended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate
IssuerCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USNot Before14/07/2023, 00:00Not After13/10/2034, 23:59SubjectCN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before23/03/2022, 00:00Not After22/03/2037, 23:59SubjectCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before01/08/2022, 00:00Not After09/11/2031, 23:59SubjectCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
c6:00:f3:f3:4e:ef:f7:92:a4:84:33:39:87:e4:72:bd:28:e4:aa:dd:d8:e9:a0:31:82:ac:4c:82:c7:89:42:81Signer
Actual PE Digestc6:00:f3:f3:4e:ef:f7:92:a4:84:33:39:87:e4:72:bd:28:e4:aa:dd:d8:e9:a0:31:82:ac:4c:82:c7:89:42:81Digest Algorithmsha256PE Digest MatchesfalseHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
V:\image2\win32\en_gui\ReleaseUnicode\imagew.pdb
Imports
mpr
WNetCloseEnum
comctl32
ImageList_GetIcon
ImageList_Destroy
ImageList_ReplaceIcon
ImageList_Draw
InitCommonControlsEx
ImageList_GetImageCount
ImageList_AddMasked
ImageList_Create
ImageList_LoadImageW
ws2_32
__WSAFDIsSet
getservbyname
getservbyport
gethostbyaddr
ntohs
listen
inet_ntoa
getsockopt
ioctlsocket
accept
getsockname
setsockopt
sendto
recvfrom
htonl
closesocket
connect
htons
inet_addr
recv
bind
select
send
shutdown
socket
WSAStringToAddressW
WSASetLastError
WSAGetLastError
WSACleanup
WSAStartup
gethostbyname
kernel32
LocalFree
GetTickCount
FileTimeToLocalFileTime
FindClose
GetLogicalDrives
FileTimeToSystemTime
ReadFile
WriteFile
EnterCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
QueryPerformanceFrequency
HeapAlloc
HeapFree
GetProcessHeap
ReleaseMutex
GetExitCodeProcess
GetCurrentThreadId
GetPriorityClass
GetLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
ResetEvent
GetSystemTime
FlushFileBuffers
SetEndOfFile
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
LoadLibraryA
VirtualUnlock
MultiByteToWideChar
WideCharToMultiByte
QueryDosDeviceW
GetOverlappedResult
lstrlenW
CreateFileA
GetDiskFreeSpaceW
GetVolumeInformationW
InitializeCriticalSection
DeleteCriticalSection
GetFileSize
LocalAlloc
LocalLock
LocalUnlock
GetFullPathNameW
SetHandleInformation
CreatePipe
RemoveDirectoryW
CreateDirectoryW
MoveFileW
SetFileAttributesW
GlobalMemoryStatus
VirtualLock
GetConsoleMode
GetConsoleOutputCP
GetStdHandle
ExitProcess
FindFirstFileExW
GetFileType
FreeLibraryAndExitThread
ResumeThread
ExitThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RaiseException
RtlUnwind
CreateThread
GetSystemDirectoryA
GetSystemTimeAsFileTime
IsDebuggerPresent
WaitForSingleObjectEx
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetProcessWorkingSetSize
GetProcessWorkingSetSize
GetCurrentThread
GetCurrentProcess
UnmapViewOfFile
MapViewOfFile
OpenProcess
WaitForMultipleObjects
ReleaseSemaphore
WaitForSingleObject
SetEvent
Sleep
DeviceIoControl
FreeLibrary
GetCurrentProcessId
SetErrorMode
CloseHandle
VirtualQuery
VirtualFree
VirtualAlloc
SetLastError
GetLastError
SetFilePointer
IsValidLocale
GetUserDefaultLCID
HeapReAlloc
SetStdHandle
GetTimeZoneInformation
GetACP
GetOEMCP
HeapSize
MulDiv
GetCommandLineA
GetCommandLineW
GetFileSizeEx
GetModuleHandleA
user32
OemToCharW
WinHelpW
GetDesktopWindow
DrawIcon
EnableMenuItem
GetSystemMenu
GetDialogBaseUnits
CheckDlgButton
DialogBoxIndirectParamW
GetSystemMetrics
UpdateWindow
SendNotifyMessageW
SetMenuItemInfoW
AppendMenuW
TrackPopupMenu
DrawIconEx
IsRectEmpty
InflateRect
GetSysColorBrush
ScreenToClient
GetCursorPos
MessageBeep
GetWindowRect
GetScrollRange
GetScrollPos
GetMenuItemCount
KillTimer
SetTimer
GetAsyncKeyState
GetKeyState
GetActiveWindow
SetFocus
GetDlgCtrlID
GetDlgItemInt
GetMenuItemInfoW
CreatePopupMenu
DestroyMenu
DrawFrameControl
GetDlgItem
GetDC
ReleaseDC
BeginPaint
EndPaint
InvalidateRect
SetDlgItemInt
EndDialog
IsIconic
IsWindowVisible
SetWindowPos
IsChild
IsWindow
WaitMessage
ExitWindowsEx
IsWindowEnabled
GetClientRect
GetSysColor
SetForegroundWindow
DrawFocusRect
FillRect
PtInRect
GetParent
GetComboBoxInfo
ShowWindow
OffsetRect
DestroyIcon
CopyImage
CreateIconIndirect
GetIconInfo
TranslateMessage
PostQuitMessage
DestroyWindow
GetFocus
SetCursor
gdi32
Rectangle
DeleteObject
CreateSolidBrush
Polygon
CreateCompatibleBitmap
CreateDIBSection
CreateDCW
BitBlt
LineTo
SelectObject
GetStockObject
GetDeviceCaps
DeleteDC
CreateHatchBrush
CreateCompatibleDC
MoveToEx
SetTextColor
SetBkMode
SetBkColor
CreatePen
StretchBlt
advapi32
OpenProcessToken
StartServiceW
QueryServiceStatus
OpenServiceW
DeleteService
CreateServiceW
ControlService
ReportEventW
RegisterEventSourceW
DeregisterEventSource
OpenSCManagerW
EnumServicesStatusW
CloseServiceHandle
LogonUserW
CryptGenRandom
CryptReleaseContext
LookupAccountSidW
GetTokenInformation
OpenThreadToken
RegCloseKey
LookupPrivilegeValueW
AdjustTokenPrivileges
shell32
DragFinish
DragAcceptFiles
ole32
CoTaskMemFree
CLSIDFromString
CoSetProxyBlanket
CoInitializeEx
CoUninitialize
CoCreateInstance
oleaut32
VariantInit
VariantClear
SysFreeString
VariantCopy
VariantChangeType
SysAllocString
VariantTimeToSystemTime
ntdll
RtlNtStatusToDosError
Sections
.text Size: 1.9MB - Virtual size: 1.9MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 340KB - Virtual size: 339KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 20KB - Virtual size: 73KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1.5MB - Virtual size: 1.5MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$TEMP/Image for Windows/imagew64.exe.exe windows:6 windows x64 arch:x64
98f6caeab06b85c2ff3544fe7cd17b42
Code Sign
08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before29/04/2021, 00:00Not After28/04/2036, 23:59SubjectCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
07:34:c0:22:c3:98:4a:03:25:bd:ac:4f:ea:e2:63:10Certificate
IssuerCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USNot Before07/07/2022, 00:00Not After30/07/2025, 23:59SubjectSERIALNUMBER=C27039-2001,CN=TeraByte\, Inc.,O=TeraByte\, Inc.,L=Las Vegas,ST=Nevada,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13064e6576616461,1.3.6.1.4.1.311.60.2.1.3=#13025553Extended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate
IssuerCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USNot Before14/07/2023, 00:00Not After13/10/2034, 23:59SubjectCN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before23/03/2022, 00:00Not After22/03/2037, 23:59SubjectCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before01/08/2022, 00:00Not After09/11/2031, 23:59SubjectCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
c7:19:61:c8:6e:d7:fe:8c:1d:8d:22:1c:04:da:e7:83:20:92:5c:cd:34:27:54:8f:22:63:da:03:3a:d3:5b:1dSigner
Actual PE Digestc7:19:61:c8:6e:d7:fe:8c:1d:8d:22:1c:04:da:e7:83:20:92:5c:cd:34:27:54:8f:22:63:da:03:3a:d3:5b:1dDigest Algorithmsha256PE Digest MatchesfalseHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
V:\image2\win32\en_gui\x64\ReleaseUnicode\imagew.pdb
Imports
mpr
WNetGetUserW
WNetCloseEnum
WNetEnumResourceW
WNetOpenEnumW
WNetCancelConnection2W
WNetAddConnection3W
WNetGetConnectionW
comctl32
ImageList_Create
ImageList_Destroy
ImageList_LoadImageW
ImageList_GetIcon
ImageList_AddMasked
ImageList_GetImageCount
InitCommonControlsEx
ImageList_Draw
ImageList_ReplaceIcon
ws2_32
__WSAFDIsSet
getservbyname
getservbyport
gethostbyaddr
ntohs
listen
inet_ntoa
getsockopt
ioctlsocket
accept
WSAIoctl
getsockname
setsockopt
sendto
recvfrom
htonl
bind
closesocket
recv
inet_addr
select
connect
htons
send
shutdown
WSAStringToAddressW
WSAAddressToStringW
WSASetLastError
WSAGetLastError
WSACleanup
WSAStartup
gethostbyname
socket
kernel32
GetLogicalDrives
FileTimeToSystemTime
GetDateFormatW
GetTimeFormatW
ReadFile
WriteFile
EnterCriticalSection
LeaveCriticalSection
GetComputerNameW
GetEnvironmentVariableW
SetCurrentDirectoryW
GetCurrentDirectoryW
QueryPerformanceCounter
QueryPerformanceFrequency
HeapAlloc
HeapFree
GetProcessHeap
ReleaseMutex
CreateMutexW
GetExitCodeProcess
GetCurrentThreadId
CreateProcessW
GetPriorityClass
GetLocalTime
GetSystemDirectoryW
GetModuleFileNameW
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
ExpandEnvironmentStringsW
OutputDebugStringW
ResetEvent
GetSystemTime
GetWindowsDirectoryW
DeleteFileW
FlushFileBuffers
GetFileAttributesW
SetEndOfFile
SetFilePointer
SetLastError
FormatMessageW
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
GetDiskFreeSpaceExW
WideCharToMultiByte
QueryDosDeviceW
GetOverlappedResult
lstrlenW
GetDiskFreeSpaceW
GetVolumeInformationW
InitializeCriticalSection
DeleteCriticalSection
GetFileSize
LocalAlloc
LocalLock
LocalUnlock
GetFullPathNameW
RemoveDirectoryW
CreateDirectoryW
MoveFileW
SetFileAttributesW
GlobalMemoryStatus
FindNextFileW
SetStdHandle
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
CompareStringW
ReadConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
GetStdHandle
ExitProcess
FindFirstFileExW
GetFileType
SetEnvironmentVariableW
GetFileAttributesExW
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
ExitThread
EncodePointer
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RaiseException
RtlPcToFileHeader
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwindEx
CreateThread
LoadLibraryA
GetSystemDirectoryA
InitializeSListHead
GetSystemTimeAsFileTime
GetStartupInfoW
IsDebuggerPresent
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FindFirstFileW
FindClose
FileTimeToLocalFileTime
GetTickCount
LocalFree
MulDiv
VirtualUnlock
VirtualLock
VirtualFree
VirtualAlloc
SetProcessWorkingSetSize
GetProcessWorkingSetSize
GetModuleHandleW
GetCurrentThread
GetCurrentProcess
SearchPathW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetVersionExW
OpenProcess
CreateSemaphoreW
WaitForMultipleObjects
ReleaseSemaphore
GetLastError
GetLocaleInfoW
lstrcpynW
CreateEventW
WaitForSingleObject
SetEvent
Sleep
DeviceIoControl
CreateFileW
LoadLibraryW
GetProcAddress
FreeLibrary
GetCurrentProcessId
SetErrorMode
GetDriveTypeW
CloseHandle
GetTimeZoneInformation
GetCPInfo
GetStringTypeW
IsValidCodePage
GetACP
GetOEMCP
HeapSize
HeapQueryInformation
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetConsoleCtrlHandler
GetFileSizeEx
WriteConsoleW
MultiByteToWideChar
RtlUnwind
user32
SystemParametersInfoW
LoadIconW
FindWindowW
IsRectEmpty
InflateRect
GetSysColorBrush
ScreenToClient
GetCursorPos
MessageBeep
GetWindowRect
GetWindowTextLengthW
GetScrollRange
GetScrollPos
CreatePopupMenu
IsWindowEnabled
KillTimer
SetTimer
GetKeyState
GetActiveWindow
SetFocus
DefDlgProcW
GetDlgCtrlID
SendDlgItemMessageW
GetDlgItemInt
TrackPopupMenu
EndDialog
DialogBoxParamW
CreateDialogParamW
IsIconic
IsWindowVisible
SetWindowPos
IsChild
IsWindow
CreateWindowExW
RegisterClassW
WaitMessage
PostMessageW
ExitWindowsEx
PeekMessageW
RegisterWindowMessageW
LoadStringW
IsDialogMessageW
LoadCursorW
SetCursor
MessageBoxW
GetAsyncKeyState
AppendMenuW
SetMenuItemInfoW
SendNotifyMessageW
UpdateWindow
DrawIconEx
GetSystemMetrics
DialogBoxIndirectParamW
CheckDlgButton
GetDialogBaseUnits
DrawFrameControl
SendMessageW
DefWindowProcW
GetSystemMenu
EnableMenuItem
DrawIcon
GetDesktopWindow
WinHelpW
OemToCharW
DestroyMenu
GetMenuItemCount
GetMenuItemInfoW
SetDlgItemInt
GetWindowTextW
CallWindowProcW
GetDlgItem
DrawTextW
GetDC
ReleaseDC
BeginPaint
EndPaint
InvalidateRect
SetPropW
GetPropW
RemovePropW
GetClientRect
GetSysColor
DrawFocusRect
FillRect
PtInRect
GetWindowLongW
GetWindowLongPtrW
SetWindowLongPtrW
GetParent
GetComboBoxInfo
SetWindowTextW
SetForegroundWindow
EnableWindow
GetFocus
GetDlgItemTextW
SetDlgItemTextW
CreateDialogIndirectParamW
DestroyWindow
PostQuitMessage
DispatchMessageW
TranslateMessage
GetMessageW
GetIconInfo
CreateIconIndirect
CopyImage
LoadImageW
DestroyIcon
SetWindowLongW
OffsetRect
ShowWindow
gdi32
GetTextMetricsW
BitBlt
CreateDCW
CreateDIBSection
CreateCompatibleBitmap
Polygon
StretchBlt
Rectangle
GetTextExtentPoint32W
GetStockObject
GetDeviceCaps
DeleteDC
CreateHatchBrush
CreateFontIndirectW
CreateCompatibleDC
GetObjectW
ExtTextOutW
SetBkMode
SetBkColor
SelectObject
LineTo
DeleteObject
CreateSolidBrush
CreatePen
SetTextColor
MoveToEx
comdlg32
GetOpenFileNameW
GetSaveFileNameW
advapi32
EnumServicesStatusW
StartServiceW
QueryServiceStatus
OpenServiceW
DeleteService
CreateServiceW
ControlService
CryptGenRandom
RegQueryValueExW
RegOpenKeyExW
OpenThreadToken
RegDeleteValueW
RegCreateKeyExW
RegCloseKey
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
GetTokenInformation
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
OpenSCManagerW
RegSetValueExW
CloseServiceHandle
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteKeyW
RegUnLoadKeyW
RegLoadKeyW
RegOpenKeyW
RegCreateKeyW
RegEnumValueW
LogonUserW
LookupAccountSidW
shell32
ShellExecuteW
SHGetFileInfoW
DragAcceptFiles
DragFinish
DragQueryFileW
ole32
CoTaskMemFree
CoCreateInstance
CoSetProxyBlanket
CoInitializeEx
CoUninitialize
CLSIDFromString
oleaut32
VariantChangeType
VariantCopy
VariantTimeToSystemTime
SysAllocStringByteLen
SysStringByteLen
VariantClear
CreateErrorInfo
SysFreeString
SysAllocString
VariantInit
GetErrorInfo
SetErrorInfo
ntdll
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlNtStatusToDosError
Sections
.text Size: 2.5MB - Virtual size: 2.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
RT_CODE Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 562KB - Virtual size: 562KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 31KB - Virtual size: 91KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 129KB - Virtual size: 128KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.gehcont Size: 512B - Virtual size: 40B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1.5MB - Virtual size: 1.5MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ