5dc8b08c7e1b11abf2b6b311cd7e411db16a7c3827879c6f93bd0dac7a71d321

Sharing

Copy URL

Twitter E-mail

General

Target

5dc8b08c7e1b11abf2b6b311cd7e411db16a7c3827879c6f93bd0dac7a71d321
Size

43.1MB
MD5

dbf5f56998705c37076b6cae5d0bfb4d
SHA1

e6ab3c595ac703afd94618d1ca1b8ebce623b21f
SHA256

5dc8b08c7e1b11abf2b6b311cd7e411db16a7c3827879c6f93bd0dac7a71d321
SHA512

ea13ef92249c731b6c08d5848a738301b19549c376a0d8cadee91ec71ed7072af0989db309895fc398a874b75fa0e3540fd5da0bcc8fbbbc59dd3a938968b9ba
SSDEEP

786432:YXPO37kcKF2LCUU7sIUT3ME0vkLpYOVdFVaglFpfTUMixExMOGwXcD7:fLkcKF24sBT3L0vkLGgLVaglDYKMOdXO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

unpack001/python311.dll

resource
unpack001/python311.dll

Files

5dc8b08c7e1b11abf2b6b311cd7e411db16a7c3827879c6f93bd0dac7a71d321
.zip
advanced_ip_scanner_en_us.qm
advanced_ip_scanner_uk_ua.qm
details_panel_en_us.tpl
details_panel_uk_ua.tpl
printsupport/windowsprintersupport.dll
.dll windows:5 windows x86 arch:x86

5a343a6336de594caabed2cbc2b9ded4

Code Sign

68:90:0a:61:97:43:2a:80:73:df:0c:2c:bf:54:d7:65
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

13-01-2020 00:00

Not After

11-01-2023 23:59

Subject

SERIALNUMBER=597325,CN=Famatech Corp.,O=Famatech Corp.,L=Road Town,C=VG,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#1309526f616420546f776e,1.3.6.1.4.1.311.60.2.1.2=#1307546f72746f6c61,1.3.6.1.4.1.311.60.2.1.3=#13025647

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04-03-2014 00:00

Not After

03-03-2024 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

ca:e9:0c:c3:d9:1d:28:a2:80:59:74:d5:79:4d:31:09:f0:d0:cb:6c:15:b0:8e:34:f4:d2:46:b7:24:43:73:9c
Signer

Actual PE Digest

ca:e9:0c:c3:d9:1d:28:a2:80:59:74:d5:79:4d:31:09:f0:d0:cb:6c:15:b0:8e:34:f4:d2:46:b7:24:43:73:9c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Build\Qt\5.6.3\build32\qtbase\plugins\printsupport\windowsprintersupport.pdb

Imports

winspool.drv

GetPrinterW
DocumentPropertiesW
ClosePrinter
ord203
OpenPrinterW
DeviceCapabilitiesW
EnumPrintersW

gdi32

GetDeviceCaps
DeleteDC
CreateDCW
ResetDCW

qt5printsupport

?newPage@QWin32PrintEngine@@UAE_NXZ
?qt_metacall@QPlatformPrinterSupportPlugin@@UAEHW4Call@QMetaObject@@HPAPAX@Z
?supportsMultipleCopies@QPlatformPrintDevice@@UBE_NXZ
?supportsCustomPageSizes@QPlatformPrintDevice@@UBE_NXZ
?supportsCollateCopies@QPlatformPrintDevice@@UBE_NXZ
?supportedResolutions@QPlatformPrintDevice@@UBE?AV?$QList@H@@XZ
?supportedPageSizes@QPlatformPrintDevice@@UBE?AV?$QList@VQPageSize@@@@XZ
?supportedPageSize@QPlatformPrintDevice@@UBE?AVQPageSize@@W4PageSizeId@2@@Z
?supportedPageSize@QPlatformPrintDevice@@UBE?AVQPageSize@@ABVQString@@@Z
?supportedPageSize@QPlatformPrintDevice@@UBE?AVQPageSize@@ABVQSizeF@@W4Unit@2@@Z
?supportedPageSize@QPlatformPrintDevice@@UBE?AVQPageSize@@ABVQSize@@@Z
?supportedPageSize@QPlatformPrintDevice@@UBE?AVQPageSize@@ABV2@@Z
?supportedOutputBins@QPlatformPrintDevice@@UBE?AV?$QList@UOutputBin@QPrint@@@@XZ
?supportedMimeTypes@QPlatformPrintDevice@@UBE?AV?$QList@VQMimeType@@@@XZ
?supportedInputSlots@QPlatformPrintDevice@@UBE?AV?$QList@UInputSlot@QPrint@@@@XZ
?supportedDuplexModes@QPlatformPrintDevice@@UBE?AV?$QList@W4DuplexMode@QPrint@@@@XZ
?supportedColorModes@QPlatformPrintDevice@@UBE?AV?$QList@W4ColorMode@QPrint@@@@XZ
?name@QPlatformPrintDevice@@UBE?AVQString@@XZ
?minimumPhysicalPageSize@QPlatformPrintDevice@@UBE?AVQSize@@XZ
?maximumPhysicalPageSize@QPlatformPrintDevice@@UBE?AVQSize@@XZ
?makeAndModel@QPlatformPrintDevice@@UBE?AVQString@@XZ
?location@QPlatformPrintDevice@@UBE?AVQString@@XZ
?loadMimeTypes@QPlatformPrintDevice@@MBEXXZ
?isValidPageLayout@QPlatformPrintDevice@@UBE_NABVQPageLayout@@H@Z
?isRemote@QPlatformPrintDevice@@UBE_NXZ
?id@QPlatformPrintDevice@@UBE?AVQString@@XZ
?createPageSize@QPlatformPrintDevice@@SA?AVQPageSize@@HABVQSize@@ABVQString@@@Z
?defaultOutputBin@QPlatformPrintDevice@@UBE?AUOutputBin@QPrint@@XZ
?defaultInputSlot@QPlatformPrintDevice@@UBE?AUInputSlot@QPrint@@XZ
??1QPlatformPrintDevice@@UAE@XZ
??0QPlatformPrintDevice@@QAE@ABVQString@@@Z
?updateState@QWin32PrintEngine@@UAEXABVQPaintEngineState@@@Z
?type@QWin32PrintEngine@@UBE?AW4Type@QPaintEngine@@XZ
?setProperty@QWin32PrintEngine@@UAEXW4PrintEnginePropertyKey@QPrintEngine@@ABVQVariant@@@Z
?property@QWin32PrintEngine@@UBE?AVQVariant@@W4PrintEnginePropertyKey@QPrintEngine@@@Z
?printerState@QWin32PrintEngine@@UBE?AW4PrinterState@QPrinter@@XZ
??0QPlatformPrinterSupportPlugin@@QAE@PAVQObject@@@Z
?metric@QWin32PrintEngine@@UBEHW4PaintDeviceMetric@QPaintDevice@@@Z
?end@QWin32PrintEngine@@UAE_NXZ
?drawTiledPixmap@QWin32PrintEngine@@UAEXABVQRectF@@ABVQPixmap@@ABVQPointF@@@Z
?drawTextItem@QWin32PrintEngine@@UAEXABVQPointF@@ABVQTextItem@@@Z
?drawPolygon@QWin32PrintEngine@@UAEXPBVQPointF@@HW4PolygonDrawMode@QPaintEngine@@@Z
?drawPixmap@QWin32PrintEngine@@UAEXABVQRectF@@ABVQPixmap@@0@Z
?drawPath@QWin32PrintEngine@@UAEXABVQPainterPath@@@Z
?createDefaultPrintDevice@QPlatformPrinterSupport@@UAE?AVQPrintDevice@@XZ
?begin@QWin32PrintEngine@@UAE_NPAVQPaintDevice@@@Z
?abort@QWin32PrintEngine@@UAE_NXZ
??1QWin32PrintEngine@@UAE@XZ
??0QWin32PrintEngine@@QAE@W4PrinterMode@QPrinter@@@Z
?createPrintDevice@QPlatformPrinterSupport@@KA?AVQPrintDevice@@PAVQPlatformPrintDevice@@@Z
??1QPlatformPrinterSupport@@UAE@XZ
??0QPlatformPrinterSupport@@QAE@XZ
?staticMetaObject@QPlatformPrinterSupportPlugin@@2UQMetaObject@@B
??1QPlatformPrinterSupportPlugin@@UAE@XZ
?qt_metacast@QPlatformPrinterSupportPlugin@@UAEPAXPBD@Z

qt5gui

?drawRects@QPaintEngine@@UAEXPBVQRect@@H@Z
?drawRects@QPaintEngine@@UAEXPBVQRectF@@H@Z
??0QPageSize@@QAE@XZ
??0QPageSize@@QAE@ABV0@@Z
??4QPageSize@@QAEAAV0@ABV0@@Z
??1QPageSize@@QAE@XZ
?id@QPageSize@@QBE?AW4PageSizeId@1@XZ
?windowsId@QPageSize@@QBEHXZ
?drawPolygon@QPaintEngine@@UAEXPBVQPoint@@HW4PolygonDrawMode@1@@Z
?qt_pointMultiplier@@YANW4Unit@QPageLayout@@@Z
?drawPoints@QPaintEngine@@UAEXPBVQPoint@@H@Z
?drawLines@QPaintEngine@@UAEXPBVQLineF@@H@Z
?drawLines@QPaintEngine@@UAEXPBVQLine@@H@Z
?drawImage@QPaintEngine@@UAEXABVQRectF@@ABVQImage@@0V?$QFlags@W4ImageConversionFlag@Qt@@@@@Z
?drawEllipse@QPaintEngine@@UAEXABVQRectF@@@Z
?drawEllipse@QPaintEngine@@UAEXABVQRect@@@Z
?coordinateOffset@QPaintEngine@@UBE?AVQPoint@@XZ
?size@QPageSize@@QBE?AVQSizeF@@W4Unit@1@@Z
?drawPoints@QPaintEngine@@UAEXPBVQPointF@@H@Z

qt5core

?disconnectNotify@QObject@@MAEXABVQMetaMethod@@@Z
?eventFilter@QObject@@UAE_NPAV1@PAVQEvent@@@Z
?shared_null@QListData@@2UData@1@B
?QStringList_contains@QtPrivate@@YA_NPBVQStringList@@ABVQString@@W4CaseSensitivity@Qt@@@Z
?end@QListData@@QBEPAPAXXZ
?begin@QListData@@QBEPAPAXXZ
?append@QListData@@QAEPAPAXXZ
?dispose@QListData@@SAXPAUData@1@@Z
?dispose@QListData@@QAEXXZ
?detach_grow@QListData@@QAEPAUData@1@PAHH@Z
?detach@QListData@@QAEPAUData@1@H@Z
?height@QSizeF@@QBENXZ
?width@QSizeF@@QBENXZ
?height@QSize@@QBEHXZ
?width@QSize@@QBEHXZ
??0QSize@@QAE@HH@Z
??8@YA_NABVQString@@0@Z
?fromWCharArray@QString@@SA?AV1@PB_WH@Z
?utf16@QString@@QBEPBGXZ
?isEmpty@QString@@QBE_NXZ
??4QString@@QAEAAV0@$$QAV0@@Z
??0QString@@QAE@$$QAV0@@Z
??4QString@@QAEAAV0@ABV0@@Z
??1QString@@QAE@XZ
??0QString@@QAE@ABV0@@Z
??0QString@@QAE@XZ
?constData@QByteArray@@QBEPBDXZ
?size@QByteArray@@QBEHXZ
??0QByteArray@@QAE@$$QAV0@@Z
??4QByteArray@@QAEAAV0@PBD@Z
??4QByteArray@@QAEAAV0@ABV0@@Z
??1QByteArray@@QAE@XZ
??0QByteArray@@QAE@ABV0@@Z
??0QByteArray@@QAE@XZ
?sharedNull@QArrayData@@SAPAU1@XZ
?deallocate@QArrayData@@SAXPAU1@II@Z
?allocate@QArrayData@@SAPAU1@IIIV?$QFlags@W4AllocationOption@QArrayData@@@@@Z
?data@QArrayData@@QBEPBXXZ
?data@QArrayData@@QAEPAXXZ
?customEvent@QObject@@MAEXPAVQEvent@@@Z
?connectNotify@QObject@@MAEXABVQMetaMethod@@@Z
?childEvent@QObject@@MAEXPAVQChildEvent@@@Z
?getAndRef@ExternalRefCountData@QtSharedPointer@@SAPAU12@PBVQObject@@@Z
?dynamicMetaObject@QObjectData@@QBEPAUQMetaObject@@XZ
?compare@QString@@SAHABV1@VQLatin1String@@W4CaseSensitivity@Qt@@@Z
?timerEvent@QObject@@MAEXPAVQTimerEvent@@@Z
?event@QObject@@UAE_NPAVQEvent@@@Z

kernel32

InitializeSListHead
GetCurrentThreadId
GetCurrentProcess
TerminateProcess
CloseHandle
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
SetUnhandledExceptionFilter
GetCurrentProcessId
QueryPerformanceCounter
GetLastError
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetProcAddress
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection

vcruntime140

__std_type_info_destroy_list
_except_handler4_common
_CxxThrowException
__std_exception_destroy
__std_exception_copy
memset
memcmp
memcpy

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
free

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_seh_filter_dll
_execute_onexit_table
_crt_atexit
_cexit
_initterm
_initterm_e
_register_onexit_function

Exports

Exports

qt_plugin_instance
qt_plugin_query_metadata

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qtmetad
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
python311.dll
.dll windows:4 windows x64 arch:x64

a3f79e931392ecdfd2d2b05a7e5dbc71

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

bcrypt

BCryptCloseAlgorithmProvider
BCryptGenRandom
BCryptOpenAlgorithmProvider

kernel32

AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateEventW
CreateFileA
CreateFileMappingA
CreateProcessW
CreateSemaphoreA
CreateThread
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
ExitThread
FindResourceA
FormatMessageA
FreeResource
GetCommandLineW
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetFileSize
GetHandleInformation
GetLastError
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
GetProcessAffinityMask
GetProcessHeap
GetSystemTimeAsFileTime
GetTempPathW
GetThreadContext
GetThreadPriority
GetTickCount64
HeapAlloc
HeapFree
InitializeCriticalSection
IsDBCSLeadByteEx
IsDebuggerPresent
K32EnumProcessModules
K32GetModuleFileNameExA
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LoadResource
LocalFree
LockResource
MapViewOfFile
MultiByteToWideChar
OpenProcess
OutputDebugStringA
QueueUserAPC
RaiseException
ReleaseSemaphore
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
SetEvent
SetLastError
SetProcessAffinityMask
SetThreadContext
SetThreadPriority
SizeofResource
Sleep
SuspendThread
TerminateThread
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnmapViewOfFile
VirtualAllocEx
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteProcessMemory
__C_specific_handler

msvcrt

___lc_codepage_func
___mb_cur_max_func
__iob_func
_amsg_exit
_beginthreadex
_chsize
_errno
_endthreadex
_fstat64
_initterm
_localtime64
_lock
_lseeki64
fread
free
freopen
fseek
ftell
memchr
memcmp
memcpy
memmove
memset
printf
srand
_mkdir
_mktime64
_stat64
_stricmp
_time64
_ultoa
_unlock
_utime64
_setjmp
_wcsicmp
_wfopen
abort
calloc
exit
fclose
fflush
fopen
fprintf
fputc
fputs
fwrite
getenv
iswctype
localeconv
longjmp
malloc
mbstowcs
rand
realloc
remove
setlocale
setvbuf
signal
strchr
strcmp
strcoll
strcpy
strerror
strftime
strlen
strncmp
strncpy
strtoul
strxfrm
towlower
towupper
vfprintf
wcscat_s
wcscoll
wcscpy_s
wcsftime
wcslen
wcsxfrm
_write
_strnicmp
_strdup
_read
_fileno
_fdopen
_chmod

ntdll

NtClose
NtCreateSection
NtMapViewOfSection
NtOpenFile
NtReadVirtualMemory
NtSetInformationFile
NtWriteFile
RtlInitUnicodeString

shell32

CommandLineToArgvW
ShellExecuteExA

shlwapi

PathRemoveFileSpecA
StrStrIA

userenv

CreateEnvironmentBlock

Exports

Exports

PyAIter_Check
PyArg_Parse
PyArg_ParseTuple
PyArg_ParseTupleAndKeywords
PyArg_UnpackTuple
PyArg_VaParse
PyArg_VaParseTupleAndKeywords
PyArg_ValidateKeywordArguments
PyAsyncGen_New
PyAsyncGen_Type
PyBaseObject_Type
PyBool_FromLong
PyBool_Type
PyBuffer_FillContiguousStrides
PyBuffer_FillInfo
PyBuffer_FromContiguous
PyBuffer_GetPointer
PyBuffer_IsContiguous
PyBuffer_Release
PyBuffer_SizeFromFormat
PyBuffer_ToContiguous
PyByteArrayIter_Type
PyByteArray_AsString
PyByteArray_Concat
PyByteArray_FromObject
PyByteArray_FromStringAndSize
PyByteArray_Resize
PyByteArray_Size
PyByteArray_Type
PyBytesIter_Type
PyBytes_AsString
PyBytes_AsStringAndSize
PyBytes_Concat
PyBytes_ConcatAndDel
PyBytes_DecodeEscape
PyBytes_FromFormat
PyBytes_FromFormatV
PyBytes_FromObject
PyBytes_FromString
PyBytes_FromStringAndSize
PyBytes_Repr
PyBytes_Size
PyBytes_Type
PyCFunction_Call
PyCFunction_GetFlags
PyCFunction_GetFunction
PyCFunction_GetSelf
PyCFunction_New
PyCFunction_NewEx
PyCFunction_Type
PyCMethod_New
PyCMethod_Type
PyCallIter_New
PyCallIter_Type
PyCallable_Check
PyCapsule_GetContext
PyCapsule_GetDestructor
PyCapsule_GetName
PyCapsule_GetPointer
PyCapsule_Import
PyCapsule_IsValid
PyCapsule_New
PyCapsule_SetContext
PyCapsule_SetDestructor
PyCapsule_SetName
PyCapsule_SetPointer
PyCapsule_Type
PyCell_Get
PyCell_New
PyCell_Set
PyCell_Type
PyClassMethodDescr_Type
PyClassMethod_New
PyClassMethod_Type
PyCode_Addr2Line
PyCode_Addr2Location
PyCode_GetCellvars
PyCode_GetCode
PyCode_GetFreevars
PyCode_GetVarnames
PyCode_New
PyCode_NewEmpty
PyCode_NewWithPosOnlyArgs
PyCode_Optimize
PyCode_Type
PyCodec_BackslashReplaceErrors
PyCodec_Decode
PyCodec_Decoder
PyCodec_Encode
PyCodec_Encoder
PyCodec_IgnoreErrors
PyCodec_IncrementalDecoder
PyCodec_IncrementalEncoder
PyCodec_KnownEncoding
PyCodec_LookupError
PyCodec_NameReplaceErrors
PyCodec_Register
PyCodec_RegisterError
PyCodec_ReplaceErrors
PyCodec_StreamReader
PyCodec_StreamWriter
PyCodec_StrictErrors
PyCodec_Unregister
PyCodec_XMLCharRefReplaceErrors
PyCompile_OpcodeStackEffect
PyCompile_OpcodeStackEffectWithJump
PyComplex_AsCComplex
PyComplex_FromCComplex
PyComplex_FromDoubles
PyComplex_ImagAsDouble
PyComplex_RealAsDouble
PyComplex_Type
PyConfig_Clear
PyConfig_InitIsolatedConfig
PyConfig_InitPythonConfig
PyConfig_Read
PyConfig_SetArgv
PyConfig_SetBytesArgv
PyConfig_SetBytesString
PyConfig_SetString
PyConfig_SetWideStringList
PyContextToken_Type
PyContextVar_Get
PyContextVar_New
PyContextVar_Reset
PyContextVar_Set
PyContextVar_Type
PyContext_Copy
PyContext_CopyCurrent
PyContext_Enter
PyContext_Exit
PyContext_New
PyContext_Type
PyCoro_New
PyCoro_Type
PyDescr_IsData
PyDescr_NewClassMethod
PyDescr_NewGetSet
PyDescr_NewMember
PyDescr_NewMethod
PyDescr_NewWrapper
PyDictItems_Type
PyDictIterItem_Type
PyDictIterKey_Type
PyDictIterValue_Type
PyDictKeys_Type
PyDictProxy_New
PyDictProxy_Type
PyDictRevIterItem_Type
PyDictRevIterKey_Type
PyDictRevIterValue_Type
PyDictValues_Type
PyDict_Clear
PyDict_Contains
PyDict_Copy
PyDict_DelItem
PyDict_DelItemString
PyDict_GetItem
PyDict_GetItemString
PyDict_GetItemWithError
PyDict_Items
PyDict_Keys
PyDict_Merge
PyDict_MergeFromSeq2
PyDict_New
PyDict_Next
PyDict_SetDefault
PyDict_SetItem
PyDict_SetItemString
PyDict_Size
PyDict_Type
PyDict_Update
PyDict_Values
PyEllipsis_Type
PyEnum_Type
PyErr_BadArgument
PyErr_BadInternalCall
PyErr_CheckSignals
PyErr_Clear
PyErr_Display
PyErr_ExceptionMatches
PyErr_Fetch
PyErr_Format
PyErr_FormatV
PyErr_GetExcInfo
PyErr_GetHandledException
PyErr_GivenExceptionMatches
PyErr_NewException
PyErr_NewExceptionWithDoc
PyErr_NoMemory
PyErr_NormalizeException
PyErr_Occurred
PyErr_Print
PyErr_PrintEx
PyErr_ProgramText
PyErr_ProgramTextObject
PyErr_RangedSyntaxLocationObject
PyErr_ResourceWarning
PyErr_Restore
PyErr_SetExcFromWindowsErr
PyErr_SetExcFromWindowsErrWithFilename
PyErr_SetExcFromWindowsErrWithFilenameObject
PyErr_SetExcFromWindowsErrWithFilenameObjects
PyErr_SetExcInfo
PyErr_SetFromErrno
PyErr_SetFromErrnoWithFilename
PyErr_SetFromErrnoWithFilenameObject
PyErr_SetFromErrnoWithFilenameObjects
PyErr_SetFromWindowsErr
PyErr_SetFromWindowsErrWithFilename
PyErr_SetHandledException
PyErr_SetImportError
PyErr_SetImportErrorSubclass
PyErr_SetInterrupt
PyErr_SetInterruptEx
PyErr_SetNone
PyErr_SetObject
PyErr_SetString
PyErr_SyntaxLocation
PyErr_SyntaxLocationEx
PyErr_SyntaxLocationObject
PyErr_WarnEx
PyErr_WarnExplicit
PyErr_WarnExplicitFormat
PyErr_WarnExplicitObject
PyErr_WarnFormat
PyErr_WriteUnraisable
PyEval_AcquireLock
PyEval_AcquireThread
PyEval_CallFunction
PyEval_CallMethod
PyEval_CallObjectWithKeywords
PyEval_EvalCode
PyEval_EvalCodeEx
PyEval_EvalFrame
PyEval_EvalFrameEx
PyEval_GetBuiltins
PyEval_GetFrame
PyEval_GetFuncDesc
PyEval_GetFuncName
PyEval_GetGlobals
PyEval_GetLocals
PyEval_InitThreads
PyEval_MergeCompilerFlags
PyEval_ReleaseLock
PyEval_ReleaseThread
PyEval_RestoreThread
PyEval_SaveThread
PyEval_SetProfile
PyEval_SetTrace
PyEval_ThreadsInitialized
PyExc_ArithmeticError
PyExc_AssertionError
PyExc_AttributeError
PyExc_BaseException
PyExc_BaseExceptionGroup
PyExc_BlockingIOError
PyExc_BrokenPipeError
PyExc_BufferError
PyExc_BytesWarning
PyExc_ChildProcessError
PyExc_ConnectionAbortedError
PyExc_ConnectionError
PyExc_ConnectionRefusedError
PyExc_ConnectionResetError
PyExc_DeprecationWarning
PyExc_EOFError
PyExc_EncodingWarning
PyExc_EnvironmentError
PyExc_Exception
PyExc_FileExistsError
PyExc_FileNotFoundError
PyExc_FloatingPointError
PyExc_FutureWarning
PyExc_GeneratorExit
PyExc_IOError
PyExc_ImportError
PyExc_ImportWarning
PyExc_IndentationError
PyExc_IndexError
PyExc_InterruptedError
PyExc_IsADirectoryError
PyExc_KeyError
PyExc_KeyboardInterrupt
PyExc_LookupError
PyExc_MemoryError
PyExc_ModuleNotFoundError
PyExc_NameError
PyExc_NotADirectoryError
PyExc_NotImplementedError
PyExc_OSError
PyExc_OverflowError
PyExc_PendingDeprecationWarning
PyExc_PermissionError
PyExc_ProcessLookupError
PyExc_RecursionError
PyExc_ReferenceError
PyExc_ResourceWarning
PyExc_RuntimeError
PyExc_RuntimeWarning
PyExc_StopAsyncIteration
PyExc_StopIteration
PyExc_SyntaxError
PyExc_SyntaxWarning
PyExc_SystemError
PyExc_SystemExit
PyExc_TabError
PyExc_TimeoutError
PyExc_TypeError
PyExc_UnboundLocalError
PyExc_UnicodeDecodeError
PyExc_UnicodeEncodeError
PyExc_UnicodeError
PyExc_UnicodeTranslateError
PyExc_UnicodeWarning
PyExc_UserWarning
PyExc_ValueError
PyExc_Warning
PyExc_WindowsError
PyExc_ZeroDivisionError
PyExceptionClass_Name
PyException_GetCause
PyException_GetContext
PyException_GetTraceback
PyException_SetCause
PyException_SetContext
PyException_SetTraceback
PyFile_FromFd
PyFile_GetLine
PyFile_NewStdPrinter
PyFile_OpenCode
PyFile_OpenCodeObject
PyFile_SetOpenCodeHook
PyFile_WriteObject
PyFile_WriteString
PyFilter_Type
PyFloat_AsDouble
PyFloat_FromDouble
PyFloat_FromString
PyFloat_GetInfo
PyFloat_GetMax
PyFloat_GetMin
PyFloat_Pack2
PyFloat_Pack4
PyFloat_Pack8
PyFloat_Type
PyFloat_Unpack2
PyFloat_Unpack4
PyFloat_Unpack8
PyFrame_FastToLocals
PyFrame_FastToLocalsWithError
PyFrame_GetBack
PyFrame_GetBuiltins
PyFrame_GetCode
PyFrame_GetGenerator
PyFrame_GetGlobals
PyFrame_GetLasti
PyFrame_GetLineNumber
PyFrame_GetLocals
PyFrame_LocalsToFast
PyFrame_New
PyFrame_Type
PyFrozenSet_New
PyFrozenSet_Type
PyFunction_GetAnnotations
PyFunction_GetClosure
PyFunction_GetCode
PyFunction_GetDefaults
PyFunction_GetGlobals
PyFunction_GetKwDefaults
PyFunction_GetModule
PyFunction_New
PyFunction_NewWithQualName
PyFunction_SetAnnotations
PyFunction_SetClosure
PyFunction_SetDefaults
PyFunction_SetKwDefaults
PyFunction_Type
PyGC_Collect
PyGC_Disable
PyGC_Enable
PyGC_IsEnabled
PyGILState_Check
PyGILState_Ensure
PyGILState_GetThisThreadState
PyGILState_Release
PyGen_New
PyGen_NewWithQualName
PyGen_Type
PyGetSetDescr_Type
PyHash_GetFuncDef
PyImport_AddModule
PyImport_AddModuleObject
PyImport_AppendInittab
PyImport_ExecCodeModule
PyImport_ExecCodeModuleEx
PyImport_ExecCodeModuleObject
PyImport_ExecCodeModuleWithPathnames
PyImport_ExtendInittab
PyImport_FrozenModules
PyImport_GetImporter
PyImport_GetMagicNumber
PyImport_GetMagicTag
PyImport_GetModule
PyImport_GetModuleDict
PyImport_Import
PyImport_ImportFrozenModule
PyImport_ImportFrozenModuleObject
PyImport_ImportModule
PyImport_ImportModuleLevel
PyImport_ImportModuleLevelObject
PyImport_ImportModuleNoBlock
PyImport_Inittab
PyImport_ReloadModule
PyIndex_Check
PyInstanceMethod_Function
PyInstanceMethod_New
PyInstanceMethod_Type
PyInterpreterState_Clear
PyInterpreterState_Delete
PyInterpreterState_Get
PyInterpreterState_GetDict
PyInterpreterState_GetID
PyInterpreterState_Head
PyInterpreterState_Main
PyInterpreterState_New
PyInterpreterState_Next
PyInterpreterState_ThreadHead
PyIter_Check
PyIter_Next
PyIter_Send
PyListIter_Type
PyListRevIter_Type
PyList_Append
PyList_AsTuple
PyList_GetItem
PyList_GetSlice
PyList_Insert
PyList_New
PyList_Reverse
PyList_SetItem
PyList_SetSlice
PyList_Size
PyList_Sort
PyList_Type
PyLongRangeIter_Type
PyLong_AsDouble
PyLong_AsLong
PyLong_AsLongAndOverflow
PyLong_AsLongLong
PyLong_AsLongLongAndOverflow
PyLong_AsSize_t
PyLong_AsSsize_t
PyLong_AsUnsignedLong
PyLong_AsUnsignedLongLong
PyLong_AsUnsignedLongLongMask
PyLong_AsUnsignedLongMask
PyLong_AsVoidPtr
PyLong_FromDouble
PyLong_FromLong
PyLong_FromLongLong
PyLong_FromSize_t
PyLong_FromSsize_t
PyLong_FromString
PyLong_FromUnicodeObject
PyLong_FromUnsignedLong
PyLong_FromUnsignedLongLong
PyLong_FromVoidPtr
PyLong_GetInfo
PyLong_Type
PyMap_Type
PyMapping_Check
PyMapping_GetItemString
PyMapping_HasKey
PyMapping_HasKeyString
PyMapping_Items
PyMapping_Keys
PyMapping_Length
PyMapping_SetItemString
PyMapping_Size
PyMapping_Values
PyMarshal_ReadLastObjectFromFile
PyMarshal_ReadLongFromFile
PyMarshal_ReadObjectFromFile
PyMarshal_ReadObjectFromString
PyMarshal_ReadShortFromFile
PyMarshal_WriteLongToFile
PyMarshal_WriteObjectToFile
PyMarshal_WriteObjectToString
PyMem_Calloc
PyMem_Free
PyMem_GetAllocator
PyMem_Malloc
PyMem_RawCalloc
PyMem_RawFree
PyMem_RawMalloc
PyMem_RawRealloc
PyMem_Realloc
PyMem_SetAllocator
PyMem_SetupDebugHooks

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39.6MB - Virtual size: 39.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
python311x.dll
.dll windows:6 windows x64 arch:x64

5714829f48aacde8f83e3e5f0ead1f49

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2013 12:00

Not After

15-01-2038 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:1f:14:1b:8b:30:0d:25:f3:14:eb:23:0c:d0:d1:dd
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

17-01-2022 00:00

Not After

15-01-2025 23:59

Subject

CN=Python Software Foundation,O=Python Software Foundation,L=Beaverton,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6e:e8:28:a8:2a:da:b9:2f:99:5e:c2:4a:f6:4e:80:81:a9:c7:bb:19:3e:f0:bd:f7:de:d2:fd:97:eb:8f:a3:e9
Signer

Actual PE Digest

6e:e8:28:a8:2a:da:b9:2f:99:5e:c2:4a:f6:4e:80:81:a9:c7:bb:19:3e:f0:bd:f7:de:d2:fd:97:eb:8f:a3:e9

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\1\b\bin\amd64\python311.pdb

Imports

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

ws2_32

getsockopt
send
WSAGetLastError

api-ms-win-core-path-l1-1-0

PathCchSkipRoot
PathCchCombineEx
PathCchFindExtension

bcrypt

BCryptGenRandom

advapi32

RegEnumKeyExW
RegDeleteKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegQueryValueW
RegFlushKey
RegCreateKeyExW
RegSaveKeyW
RegSetValueExW
RegLoadKeyW
RegCreateKeyW
RegConnectRegistryW
RegDeleteValueW
RegEnumValueW
GetUserNameW
RegQueryValueExW
RegOpenKeyExW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
RegCloseKey
RegSetValueW

kernel32

HeapAlloc
GetProcessHeap
IsDebuggerPresent
InitializeSListHead
GetCurrentProcessId
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
TlsGetValue
TlsFree
GetCurrentThread
GetModuleFileNameW
CompareStringOrdinal
GetFileAttributesW
GetLocaleInfoA
GetACP
RemoveVectoredExceptionHandler
SetErrorMode
RaiseException
AddVectoredExceptionHandler
GetCurrentProcess
SetEndOfFile
UnmapViewOfFile
DuplicateHandle
GetLastError
FlushViewOfFile
CloseHandle
GetSystemInfo
SetFilePointerEx
CreateFileMappingA
GetFileSize
OpenFileMappingA
MapViewOfFile
CreateDirectoryW
GetFileInformationByHandleEx
FindFirstFileW
Process32First
SetHandleInformation
GetConsoleScreenBufferInfo
SetLastError
GetHandleInformation
GetFullPathNameW
FindNextFileW
GetStdHandle
DeviceIoControl
TerminateProcess
RemoveDirectoryW
GetFinalPathNameByHandleW
SetFileTime
SetEnvironmentVariableW
CreatePipe
CreateHardLinkW
FindClose
GetVolumePathNameW
CreateFileW
OpenProcess
SetFileAttributesW
CreateToolhelp32Snapshot
GetFileInformationByHandle
GetFileAttributesExW
GetDiskFreeSpaceExW
DeleteFileW
Process32Next
LoadLibraryW
GetActiveProcessorCount
GetCurrentDirectoryW
SetCurrentDirectoryW
GetProcAddress
MoveFileExW
GetModuleHandleW
CreateSymbolicLinkW
GetSystemTimeAsFileTime
GetFileType
GetProcessTimes
GenerateConsoleCtrlEvent
SetEvent
CreateEventA
WaitForMultipleObjects
WaitForSingleObject
Sleep
GetTimeZoneInformation
TlsAlloc
SetWaitableTimerEx
ResetEvent
GetThreadTimes
CreateWaitableTimerExW
MultiByteToWideChar
GetConsoleMode
ReadConsoleW
WaitForSingleObjectEx
WriteConsoleW
GetNumberOfConsoleInputEvents
WideCharToMultiByte
GetStringTypeW
ReadFile
CancelIo
SetNamedPipeHandleState
WaitNamedPipeA
CreateNamedPipeA
WriteFile
InitializeProcThreadAttributeList
PeekNamedPipe
OpenFileMappingW
GetModuleHandleA
GetVersion
LCMapStringEx
UpdateProcThreadAttribute
CreateFileA
DeleteProcThreadAttributeList
GetOverlappedResult
ExitProcess
CreateProcessW
CreateFileMappingW
VirtualQuery
ConnectNamedPipe
GetExitCodeProcess
VirtualFree
VirtualAlloc
ExpandEnvironmentStringsW
GetErrorMode
EnterCriticalSection
ReleaseSemaphore
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
CreateSemaphoreA
FormatMessageW
FreeLibrary
LoadLibraryExW
LocalFree
GetConsoleOutputCP
GetConsoleCP
OutputDebugStringW
GetSystemTimeAdjustment
GetTickCount64
QueryPerformanceFrequency
QueryPerformanceCounter
GetVersionExW
TlsSetValue
HeapFree
GetCurrentThreadId

vcruntime140

memchr
memcmp
memmove
memcpy
wcschr
wcsrchr
strchr
strrchr
__C_specific_handler
__std_type_info_destroy_list
memset

api-ms-win-crt-stdio-l1-1-0

_open_osfhandle
__stdio_common_vfprintf
_wfopen
setvbuf
__stdio_common_vswprintf
fclose
__stdio_common_vsprintf
_setmode
rewind
__acrt_iob_func
_commit
_locking
_wopen
_kbhit
getc
ungetc
_lseeki64
ftell
fflush
feof
fgets
_get_osfhandle
_chsize_s
fputs
_isatty
_fileno
_lseek
_dup2
ferror
_close
fputc
fwrite
_open
_read
_dup
_write
fread
clearerr
puts

api-ms-win-crt-environment-l1-1-0

getenv
_wputenv_s
_wgetcwd
_wgetenv
__p__wenviron
_wputenv

api-ms-win-crt-locale-l1-1-0

localeconv
setlocale

api-ms-win-crt-string-l1-1-0

wcscmp
wcsncmp
strcmp
wcsnlen
wcsncpy_s
strncmp
isalnum
wcscat_s
tolower
toupper
strcspn
wcscoll
isxdigit
wcstok_s
wcsxfrm
isdigit
_stricmp
strncpy
_wcsicmp
wcscpy_s

api-ms-win-crt-runtime-l1-1-0

_cexit
__fpe_flt_rounds
_getpid
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_set_abort_behavior
signal
_exit
_initterm
raise
abort
_initialize_onexit_table
_beginthreadex
__sys_errlist
__sys_nerr
_endthreadex
_wsystem
exit
_errno
strerror
_execute_onexit_table
_set_thread_local_invalid_parameter_handler

api-ms-win-crt-convert-l1-1-0

mbstowcs
wcstol
strtoul
strtol
wcstombs

api-ms-win-crt-math-l1-1-0

exp2
tanh
erfc
sqrt
cbrt
cosh
erf
pow
log10
frexp
fmod
floor
tan
atan
atan2
_fdclass
_dclass
nextafter
exp
fabs
acosh
log1p
log
acos
expm1
_fdopen
atanh
asin
copysign
ldexp
hypot
asinh
modf
sin
round
sinh
cos
ceil

api-ms-win-crt-time-l1-1-0

__timezone
_tzset
strftime
clock
_time64
_mktime64
__daylight
_gmtime64_s
_localtime64_s

api-ms-win-crt-process-l1-1-0

_wexecv
_wspawnv
_wexecve
_cwait
_wspawnve

api-ms-win-crt-heap-l1-1-0

free
malloc
_heapmin
realloc
calloc

api-ms-win-crt-conio-l1-1-0

_putwch
_ungetwch
_getwche
_getche
_getch
_ungetch
_putch
_getwch

api-ms-win-crt-filesystem-l1-1-0

_umask
_wstat64i32

Exports

Exports

PyAIter_Check
PyArg_Parse
PyArg_ParseTuple
PyArg_ParseTupleAndKeywords
PyArg_UnpackTuple
PyArg_VaParse
PyArg_VaParseTupleAndKeywords
PyArg_ValidateKeywordArguments
PyAsyncGen_New
PyAsyncGen_Type
PyBaseObject_Type
PyBool_FromLong
PyBool_Type
PyBuffer_FillContiguousStrides
PyBuffer_FillInfo
PyBuffer_FromContiguous
PyBuffer_GetPointer
PyBuffer_IsContiguous
PyBuffer_Release
PyBuffer_SizeFromFormat
PyBuffer_ToContiguous
PyByteArrayIter_Type
PyByteArray_AsString
PyByteArray_Concat
PyByteArray_FromObject
PyByteArray_FromStringAndSize
PyByteArray_Resize
PyByteArray_Size
PyByteArray_Type
PyBytesIter_Type
PyBytes_AsString
PyBytes_AsStringAndSize
PyBytes_Concat
PyBytes_ConcatAndDel
PyBytes_DecodeEscape
PyBytes_FromFormat
PyBytes_FromFormatV
PyBytes_FromObject
PyBytes_FromString
PyBytes_FromStringAndSize
PyBytes_Repr
PyBytes_Size
PyBytes_Type
PyCFunction_Call
PyCFunction_GetFlags
PyCFunction_GetFunction
PyCFunction_GetSelf
PyCFunction_New
PyCFunction_NewEx
PyCFunction_Type
PyCMethod_New
PyCMethod_Type
PyCallIter_New
PyCallIter_Type
PyCallable_Check
PyCapsule_GetContext
PyCapsule_GetDestructor
PyCapsule_GetName
PyCapsule_GetPointer
PyCapsule_Import
PyCapsule_IsValid
PyCapsule_New
PyCapsule_SetContext
PyCapsule_SetDestructor
PyCapsule_SetName
PyCapsule_SetPointer
PyCapsule_Type
PyCell_Get
PyCell_New
PyCell_Set
PyCell_Type
PyClassMethodDescr_Type
PyClassMethod_New
PyClassMethod_Type
PyCode_Addr2Line
PyCode_Addr2Location
PyCode_GetCellvars
PyCode_GetCode
PyCode_GetFreevars
PyCode_GetVarnames
PyCode_New
PyCode_NewEmpty
PyCode_NewWithPosOnlyArgs
PyCode_Optimize
PyCode_Type
PyCodec_BackslashReplaceErrors
PyCodec_Decode
PyCodec_Decoder
PyCodec_Encode
PyCodec_Encoder
PyCodec_IgnoreErrors
PyCodec_IncrementalDecoder
PyCodec_IncrementalEncoder
PyCodec_KnownEncoding
PyCodec_LookupError
PyCodec_NameReplaceErrors
PyCodec_Register
PyCodec_RegisterError
PyCodec_ReplaceErrors
PyCodec_StreamReader
PyCodec_StreamWriter
PyCodec_StrictErrors
PyCodec_Unregister
PyCodec_XMLCharRefReplaceErrors
PyCompile_OpcodeStackEffect
PyCompile_OpcodeStackEffectWithJump
PyComplex_AsCComplex
PyComplex_FromCComplex
PyComplex_FromDoubles
PyComplex_ImagAsDouble
PyComplex_RealAsDouble
PyComplex_Type
PyConfig_Clear
PyConfig_InitIsolatedConfig
PyConfig_InitPythonConfig
PyConfig_Read
PyConfig_SetArgv
PyConfig_SetBytesArgv
PyConfig_SetBytesString
PyConfig_SetString
PyConfig_SetWideStringList
PyContextToken_Type
PyContextVar_Get
PyContextVar_New
PyContextVar_Reset
PyContextVar_Set
PyContextVar_Type
PyContext_Copy
PyContext_CopyCurrent
PyContext_Enter
PyContext_Exit
PyContext_New
PyContext_Type
PyCoro_New
PyCoro_Type
PyDescr_IsData
PyDescr_NewClassMethod
PyDescr_NewGetSet
PyDescr_NewMember
PyDescr_NewMethod
PyDescr_NewWrapper
PyDictItems_Type
PyDictIterItem_Type
PyDictIterKey_Type
PyDictIterValue_Type
PyDictKeys_Type
PyDictProxy_New
PyDictProxy_Type
PyDictRevIterItem_Type
PyDictRevIterKey_Type
PyDictRevIterValue_Type
PyDictValues_Type
PyDict_Clear
PyDict_Contains
PyDict_Copy
PyDict_DelItem
PyDict_DelItemString
PyDict_GetItem
PyDict_GetItemString
PyDict_GetItemWithError
PyDict_Items
PyDict_Keys
PyDict_Merge
PyDict_MergeFromSeq2
PyDict_New
PyDict_Next
PyDict_SetDefault
PyDict_SetItem
PyDict_SetItemString
PyDict_Size
PyDict_Type
PyDict_Update
PyDict_Values
PyEllipsis_Type
PyEnum_Type
PyErr_BadArgument
PyErr_BadInternalCall
PyErr_CheckSignals
PyErr_Clear
PyErr_Display
PyErr_ExceptionMatches
PyErr_Fetch
PyErr_Format
PyErr_FormatV
PyErr_GetExcInfo
PyErr_GetHandledException
PyErr_GivenExceptionMatches
PyErr_NewException
PyErr_NewExceptionWithDoc
PyErr_NoMemory
PyErr_NormalizeException
PyErr_Occurred
PyErr_Print
PyErr_PrintEx
PyErr_ProgramText
PyErr_ProgramTextObject
PyErr_RangedSyntaxLocationObject
PyErr_ResourceWarning
PyErr_Restore
PyErr_SetExcFromWindowsErr
PyErr_SetExcFromWindowsErrWithFilename
PyErr_SetExcFromWindowsErrWithFilenameObject
PyErr_SetExcFromWindowsErrWithFilenameObjects
PyErr_SetExcInfo
PyErr_SetFromErrno
PyErr_SetFromErrnoWithFilename
PyErr_SetFromErrnoWithFilenameObject
PyErr_SetFromErrnoWithFilenameObjects
PyErr_SetFromWindowsErr
PyErr_SetFromWindowsErrWithFilename
PyErr_SetHandledException
PyErr_SetImportError
PyErr_SetImportErrorSubclass
PyErr_SetInterrupt
PyErr_SetInterruptEx
PyErr_SetNone
PyErr_SetObject
PyErr_SetString
PyErr_SyntaxLocation
PyErr_SyntaxLocationEx
PyErr_SyntaxLocationObject
PyErr_WarnEx
PyErr_WarnExplicit
PyErr_WarnExplicitFormat
PyErr_WarnExplicitObject
PyErr_WarnFormat
PyErr_WriteUnraisable
PyEval_AcquireLock
PyEval_AcquireThread
PyEval_CallFunction
PyEval_CallMethod
PyEval_CallObjectWithKeywords
PyEval_EvalCode
PyEval_EvalCodeEx
PyEval_EvalFrame
PyEval_EvalFrameEx
PyEval_GetBuiltins
PyEval_GetFrame
PyEval_GetFuncDesc
PyEval_GetFuncName
PyEval_GetGlobals
PyEval_GetLocals
PyEval_InitThreads
PyEval_MergeCompilerFlags
PyEval_ReleaseLock
PyEval_ReleaseThread
PyEval_RestoreThread
PyEval_SaveThread
PyEval_SetProfile
PyEval_SetTrace
PyEval_ThreadsInitialized
PyExc_ArithmeticError
PyExc_AssertionError
PyExc_AttributeError
PyExc_BaseException
PyExc_BaseExceptionGroup
PyExc_BlockingIOError
PyExc_BrokenPipeError
PyExc_BufferError
PyExc_BytesWarning
PyExc_ChildProcessError
PyExc_ConnectionAbortedError
PyExc_ConnectionError
PyExc_ConnectionRefusedError
PyExc_ConnectionResetError
PyExc_DeprecationWarning
PyExc_EOFError
PyExc_EncodingWarning
PyExc_EnvironmentError
PyExc_Exception
PyExc_FileExistsError
PyExc_FileNotFoundError
PyExc_FloatingPointError
PyExc_FutureWarning
PyExc_GeneratorExit
PyExc_IOError
PyExc_ImportError
PyExc_ImportWarning
PyExc_IndentationError
PyExc_IndexError
PyExc_InterruptedError
PyExc_IsADirectoryError
PyExc_KeyError
PyExc_KeyboardInterrupt
PyExc_LookupError
PyExc_MemoryError
PyExc_ModuleNotFoundError
PyExc_NameError
PyExc_NotADirectoryError
PyExc_NotImplementedError
PyExc_OSError
PyExc_OverflowError
PyExc_PendingDeprecationWarning
PyExc_PermissionError
PyExc_ProcessLookupError
PyExc_RecursionError
PyExc_ReferenceError
PyExc_ResourceWarning
PyExc_RuntimeError
PyExc_RuntimeWarning
PyExc_StopAsyncIteration
PyExc_StopIteration
PyExc_SyntaxError
PyExc_SyntaxWarning
PyExc_SystemError
PyExc_SystemExit
PyExc_TabError
PyExc_TimeoutError
PyExc_TypeError
PyExc_UnboundLocalError
PyExc_UnicodeDecodeError
PyExc_UnicodeEncodeError
PyExc_UnicodeError
PyExc_UnicodeTranslateError
PyExc_UnicodeWarning
PyExc_UserWarning
PyExc_ValueError
PyExc_Warning
PyExc_WindowsError
PyExc_ZeroDivisionError
PyExceptionClass_Name
PyException_GetCause
PyException_GetContext
PyException_GetTraceback
PyException_SetCause
PyException_SetContext
PyException_SetTraceback
PyFile_FromFd
PyFile_GetLine
PyFile_NewStdPrinter
PyFile_OpenCode
PyFile_OpenCodeObject
PyFile_SetOpenCodeHook
PyFile_WriteObject
PyFile_WriteString
PyFilter_Type
PyFloat_AsDouble
PyFloat_FromDouble
PyFloat_FromString
PyFloat_GetInfo
PyFloat_GetMax
PyFloat_GetMin
PyFloat_Pack2
PyFloat_Pack4
PyFloat_Pack8
PyFloat_Type
PyFloat_Unpack2
PyFloat_Unpack4
PyFloat_Unpack8
PyFrame_FastToLocals
PyFrame_FastToLocalsWithError
PyFrame_GetBack
PyFrame_GetBuiltins
PyFrame_GetCode
PyFrame_GetGenerator
PyFrame_GetGlobals
PyFrame_GetLasti
PyFrame_GetLineNumber
PyFrame_GetLocals
PyFrame_LocalsToFast
PyFrame_New
PyFrame_Type
PyFrozenSet_New
PyFrozenSet_Type
PyFunction_GetAnnotations
PyFunction_GetClosure
PyFunction_GetCode
PyFunction_GetDefaults
PyFunction_GetGlobals
PyFunction_GetKwDefaults
PyFunction_GetModule
PyFunction_New
PyFunction_NewWithQualName
PyFunction_SetAnnotations
PyFunction_SetClosure
PyFunction_SetDefaults
PyFunction_SetKwDefaults
PyFunction_Type
PyGC_Collect
PyGC_Disable
PyGC_Enable
PyGC_IsEnabled
PyGILState_Check
PyGILState_Ensure
PyGILState_GetThisThreadState
PyGILState_Release
PyGen_New
PyGen_NewWithQualName
PyGen_Type
PyGetSetDescr_Type
PyHash_GetFuncDef
PyImport_AddModule
PyImport_AddModuleObject
PyImport_AppendInittab
PyImport_ExecCodeModule
PyImport_ExecCodeModuleEx
PyImport_ExecCodeModuleObject
PyImport_ExecCodeModuleWithPathnames
PyImport_ExtendInittab
PyImport_FrozenModules
PyImport_GetImporter
PyImport_GetMagicNumber
PyImport_GetMagicTag
PyImport_GetModule
PyImport_GetModuleDict
PyImport_Import
PyImport_ImportFrozenModule
PyImport_ImportFrozenModuleObject
PyImport_ImportModule
PyImport_ImportModuleLevel
PyImport_ImportModuleLevelObject
PyImport_ImportModuleNoBlock
PyImport_Inittab
PyImport_ReloadModule
PyIndex_Check
PyInstanceMethod_Function
PyInstanceMethod_New
PyInstanceMethod_Type
PyInterpreterState_Clear
PyInterpreterState_Delete
PyInterpreterState_Get
PyInterpreterState_GetDict
PyInterpreterState_GetID
PyInterpreterState_Head
PyInterpreterState_Main
PyInterpreterState_New
PyInterpreterState_Next
PyInterpreterState_ThreadHead
PyIter_Check
PyIter_Next
PyIter_Send
PyListIter_Type
PyListRevIter_Type
PyList_Append
PyList_AsTuple
PyList_GetItem
PyList_GetSlice
PyList_Insert
PyList_New
PyList_Reverse
PyList_SetItem
PyList_SetSlice
PyList_Size
PyList_Sort
PyList_Type
PyLongRangeIter_Type
PyLong_AsDouble
PyLong_AsLong
PyLong_AsLongAndOverflow
PyLong_AsLongLong
PyLong_AsLongLongAndOverflow
PyLong_AsSize_t
PyLong_AsSsize_t
PyLong_AsUnsignedLong
PyLong_AsUnsignedLongLong
PyLong_AsUnsignedLongLongMask
PyLong_AsUnsignedLongMask
PyLong_AsVoidPtr
PyLong_FromDouble
PyLong_FromLong
PyLong_FromLongLong
PyLong_FromSize_t
PyLong_FromSsize_t
PyLong_FromString
PyLong_FromUnicodeObject
PyLong_FromUnsignedLong
PyLong_FromUnsignedLongLong
PyLong_FromVoidPtr
PyLong_GetInfo
PyLong_Type
PyMap_Type
PyMapping_Check
PyMapping_GetItemString
PyMapping_HasKey
PyMapping_HasKeyString
PyMapping_Items
PyMapping_Keys
PyMapping_Length
PyMapping_SetItemString
PyMapping_Size
PyMapping_Values
PyMarshal_ReadLastObjectFromFile
PyMarshal_ReadLongFromFile
PyMarshal_ReadObjectFromFile
PyMarshal_ReadObjectFromString
PyMarshal_ReadShortFromFile
PyMarshal_WriteLongToFile
PyMarshal_WriteObjectToFile
PyMarshal_WriteObjectToString
PyMem_Calloc
PyMem_Free
PyMem_GetAllocator
PyMem_Malloc
PyMem_RawCalloc
PyMem_RawFree
PyMem_RawMalloc
PyMem_RawRealloc
PyMem_Realloc
PyMem_SetAllocator
PyMem_SetupDebugHooks

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.0MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PyRuntim
Size: 163KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
service_probes
setup.exe
.exe windows:6 windows x64 arch:x64

8e1e0d6c8ffe7f2996ab45c2c82ccb07

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2013 12:00

Not After

15-01-2038 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:1f:14:1b:8b:30:0d:25:f3:14:eb:23:0c:d0:d1:dd
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

17-01-2022 00:00

Not After

15-01-2025 23:59

Subject

CN=Python Software Foundation,O=Python Software Foundation,L=Beaverton,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

da:49:71:bc:26:7d:52:81:4f:ce:85:f1:3c:20:0f:6f:53:c3:90:01:23:22:59:7b:df:38:c4:4d:82:c7:d4:de
Signer

Actual PE Digest

da:49:71:bc:26:7d:52:81:4f:ce:85:f1:3c:20:0f:6f:53:c3:90:01:23:22:59:7b:df:38:c4:4d:82:c7:d4:de

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\1\b\bin\amd64\pythonw.pdb

Imports

python311

Py_Main

vcruntime140

__C_specific_handler
__current_exception
__current_exception_context
memset
memcpy

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_register_onexit_function
_crt_atexit
terminate
_configure_wide_argv
_register_thread_local_exe_atexit_callback
_initialize_wide_environment
_set_app_type
_seh_filter_exe
__p___argc
__p___wargv
_c_exit
_cexit
_get_wide_winmain_command_line
_exit
exit
_initterm_e
_initterm

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode

kernel32

GetStartupInfoW
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
IsDebuggerPresent
GetSystemTimeAsFileTime
GetModuleHandleW

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vcruntime140.dll
.dll windows:6 windows x86 arch:x86

6a84b7445ccacd5d29ac27de2745f356

Code Sign

33:00:00:01:14:96:9a:0d:f8:95:e4:71:49:00:00:00:00:01:14
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-08-2018 20:20

Not After

23-11-2019 20:20

Subject

CN=Microsoft Time-Stamp Service,OU=Microsoft America Operations+OU=Thales TSS ESN:C3B0-0F6A-4111,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:b1:dd:ed:ba:54:e9:65:b8:5f:00:01:00:00:01:b1
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12-07-2018 20:11

Not After

26-07-2019 20:11

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:03:5e:25:1c:99:1f:a3:1e:b8:00:00:00:00:01:03
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12-07-2018 20:08

Not After

26-07-2019 20:08

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7c:83:07:f2:ab:ac:ee:45:72:8a:94:b8:52:1c:71:d9:cf:2a:02:0f:3d:2a:40:23:c8:ae:be:94:e0:2b:de:b2
Signer

Actual PE Digest

7c:83:07:f2:ab:ac:ee:45:72:8a:94:b8:52:1c:71:d9:cf:2a:02:0f:3d:2a:40:23:c8:ae:be:94:e0:2b:de:b2

Digest Algorithm

sha256

PE Digest Matches

true

69:f0:3a:b3:d3:e2:76:74:1b:68:d7:40:21:2e:c8:f1:01:72:80:8a
Signer

Actual PE Digest

69:f0:3a:b3:d3:e2:76:74:1b:68:d7:40:21:2e:c8:f1:01:72:80:8a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\agent\_work\2\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

abort
terminate

api-ms-win-crt-heap-l1-1-0

calloc
malloc
free

api-ms-win-crt-string-l1-1-0

strcpy_s
wcsncmp

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s

api-ms-win-crt-convert-l1-1-0

atol

kernel32

DeleteCriticalSection
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
GetModuleHandleW
GetModuleFileNameW
LoadLibraryExW
GetProcAddress
FreeLibrary
RtlUnwind
VirtualQuery
EncodePointer
InterlockedPushEntrySList
InterlockedFlushSList
RaiseException
EnterCriticalSection
LeaveCriticalSection
TlsSetValue
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsFree

Exports

Exports

_CreateFrameInfo
_CxxThrowException
_EH_prolog
_FindAndUnlinkFrame
_IsExceptionObjectToBeDestroyed
_NLG_Dispatch2
_NLG_Return
_NLG_Return2
_SetWinRTOutOfMemoryExceptionCallback
__AdjustPointer
__BuildCatchObject
__BuildCatchObjectHelper
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxFrameHandler2
__CxxFrameHandler3
__CxxLongjmpUnwind
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__FrameUnwindFilter
__GetPlatformExceptionInfo
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__TypeMatch
__current_exception
__current_exception_context
__intrinsic_setjmp
__processing_throw
__report_gsfailure
__std_exception_copy
__std_exception_destroy
__std_terminate
__std_type_info_compare
__std_type_info_destroy_list
__std_type_info_hash
__std_type_info_name
__telemetry_main_invoke_trigger
__telemetry_main_return_trigger
__unDName
__unDNameEx
__uncaught_exception
__uncaught_exceptions
__vcrt_GetModuleFileNameW
__vcrt_GetModuleHandleW
__vcrt_InitializeCriticalSectionEx
__vcrt_LoadLibraryExW
_chkesp
_except_handler2
_except_handler3
_except_handler4_common
_get_purecall_handler
_get_unexpected
_global_unwind2
_is_exception_typeof
_local_unwind2
_local_unwind4
_longjmpex
_purecall
_seh_longjmp_unwind
_seh_longjmp_unwind4
_set_purecall_handler
_set_se_translator
_setjmp3
longjmp
memchr
memcmp
memcpy
memmove
memset
set_unexpected
strchr
strrchr
strstr
unexpected
wcschr
wcsrchr
wcsstr

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5a343a6336de594caabed2cbc2b9ded4

Code Sign

68:90:0a:61:97:43:2a:80:73:df:0c:2c:bf:54:d7:65Certificate

Extended Key Usages

Key Usages

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49Certificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

ca:e9:0c:c3:d9:1d:28:a2:80:59:74:d5:79:4d:31:09:f0:d0:cb:6c:15:b0:8e:34:f4:d2:46:b7:24:43:73:9cSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winspool.drv

gdi32

qt5printsupport

qt5gui

qt5core

kernel32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 1024B - Virtual size: 1KB

.qtmetad Size: 512B - Virtual size: 284B

.rsrc Size: 1024B - Virtual size: 856B

.reloc Size: 2KB - Virtual size: 1KB

a3f79e931392ecdfd2d2b05a7e5dbc71

Headers

DLL Characteristics

File Characteristics

Imports

bcrypt

kernel32

msvcrt

ntdll

shell32

shlwapi

userenv

Exports

Exports

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.data Size: 8KB - Virtual size: 7KB

.rdata Size: 84KB - Virtual size: 84KB

.pdata Size: 51KB - Virtual size: 51KB

.xdata Size: 71KB - Virtual size: 71KB

.bss Size: - Virtual size: 3KB

.edata Size: 99KB - Virtual size: 99KB

.idata Size: 7KB - Virtual size: 6KB

.CRT Size: 512B - Virtual size: 96B

.tls Size: 512B - Virtual size: 16B

.rsrc Size: 39.6MB - Virtual size: 39.6MB

.reloc Size: 6KB - Virtual size: 6KB

5714829f48aacde8f83e3e5f0ead1f49

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5cCertificate

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

07:1f:14:1b:8b:30:0d:25:f3:14:eb:23:0c:d0:d1:ddCertificate

Extended Key Usages

Key Usages

68:90:0a:61:97:43:2a:80:73:df:0c:2c:bf:54:d7:65
Certificate

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

ca:e9:0c:c3:d9:1d:28:a2:80:59:74:d5:79:4d:31:09:f0:d0:cb:6c:15:b0:8e:34:f4:d2:46:b7:24:43:73:9c
Signer

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 1024B - Virtual size: 1KB

.qtmetad
Size: 512B - Virtual size: 284B

.rsrc
Size: 1024B - Virtual size: 856B

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 8KB - Virtual size: 7KB

.rdata
Size: 84KB - Virtual size: 84KB

.pdata
Size: 51KB - Virtual size: 51KB

.xdata
Size: 71KB - Virtual size: 71KB

.bss
Size: - Virtual size: 3KB

.edata
Size: 99KB - Virtual size: 99KB

.idata
Size: 7KB - Virtual size: 6KB

.CRT
Size: 512B - Virtual size: 96B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 39.6MB - Virtual size: 39.6MB

.reloc
Size: 6KB - Virtual size: 6KB

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

07:1f:14:1b:8b:30:0d:25:f3:14:eb:23:0c:d0:d1:dd
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

6e:e8:28:a8:2a:da:b9:2f:99:5e:c2:4a:f6:4e:80:81:a9:c7:bb:19:3e:f0:bd:f7:de:d2:fd:97:eb:8f:a3:e9
Signer

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 1.8MB - Virtual size: 1.8MB

.data
Size: 1.0MB - Virtual size: 1.3MB

.pdata
Size: 140KB - Virtual size: 140KB

PyRuntim
Size: 163KB - Virtual size: 162KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 81KB - Virtual size: 80KB

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

07:1f:14:1b:8b:30:0d:25:f3:14:eb:23:0c:d0:d1:dd
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

da:49:71:bc:26:7d:52:81:4f:ce:85:f1:3c:20:0f:6f:53:c3:90:01:23:22:59:7b:df:38:c4:4d:82:c7:d4:de
Signer