CliWrap.pdb
Static task
static1
1 signatures
General
-
Target
elw-2.0-Release.zip
-
Size
734KB
-
MD5
8204e51aa5763e57a023068c8669fcdd
-
SHA1
15ad81da2aa5d581c4d878908b90a07b39680e5c
-
SHA256
91a127c5f71a09962dc0ec3abcd53ab69dbd6dc80b236d620a64ecbf13106fb9
-
SHA512
3a6735f3275794304a8c5ab42bf89cf07833d8168a94782198224319306406c14a248af400cbfb50738b2d22256f22fd1b07c6ab4352843013cb076f85e1ea57
-
SSDEEP
12288:T+F1RtaQu0aif8bTSEKP4AP6MvzJHEwfbXXKSeq2fc4GLstjOtZza8qrC:T+TRteRH/APhbXXKRhLjE+8qe
Score
3/10
Malware Config
Signatures
-
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.
resource unpack001/Release/CliWrap.dll unpack001/Release/ELW.exe
Files
-
elw-2.0-Release.zip.zip
-
Release/CliWrap.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
Imports
mscoree
_CorDllMain
Sections
.text Size: 185KB - Virtual size: 184KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Release/CliWrap.xml.xml
-
Release/ELW.application
-
Release/ELW.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
C:\Users\mabarca\Desktop\elw\obj\Release\ELW.pdb
Imports
mscoree
_CorExeMain
Sections
.text Size: 32KB - Virtual size: 32KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 840B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Release/ELW.exe.config.xml
-
Release/ELW.exe.manifest
-
Release/ELW.pdb
-
Release/Microsoft.Bcl.AsyncInterfaces.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Code Sign
33:00:00:03:04:c1:03:19:7e:c6:05:e4:04:00:00:00:00:03:04Certificate
IssuerCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before04/08/2022, 20:23Not After03/08/2023, 20:23SubjectCN=.NET,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0e:90:d2:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before08/07/2011, 20:59Not After08/07/2026, 21:09SubjectCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
dd:e4:54:0c:99:60:4b:1c:d7:75:bb:9f:7d:c3:a0:52:66:42:53:8a:ea:76:a1:ad:88:a1:38:83:d6:18:e7:a0Signer
Actual PE Digestdd:e4:54:0c:99:60:4b:1c:d7:75:bb:9f:7d:c3:a0:52:66:42:53:8a:ea:76:a1:ad:88:a1:38:83:d6:18:e7:a0Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
/_/artifacts/obj/Microsoft.Bcl.AsyncInterfaces/Release/net462/Microsoft.Bcl.AsyncInterfaces.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 13KB - Virtual size: 12KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Release/Microsoft.Bcl.AsyncInterfaces.xml.xml
-
Release/Newtonsoft.Json.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Code Sign
06:ce:e1:31:be:6d:55:c8:07:f7:c0:c7:fb:44:e6:20Certificate
IssuerCN=DigiCert CS RSA4096 Root G5,O=DigiCert\, Inc.,C=USNot Before15/01/2021, 00:00Not After14/01/2046, 23:59SubjectCN=DigiCert CS RSA4096 Root G5,O=DigiCert\, Inc.,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0a:de:32:e9:50:9b:44:aa:34:b1:da:f1:bc:0e:c8:73Certificate
IssuerCN=DigiCert CS RSA4096 Root G5,O=DigiCert\, Inc.,C=USNot Before15/07/2021, 00:00Not After14/07/2031, 23:59SubjectCN=.NET Foundation Projects Code Signing CA2,O=.NET Foundation,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0c:d1:40:7a:5a:bd:ed:43:d5:c1:73:12:1d:38:c5:29Certificate
IssuerCN=.NET Foundation Projects Code Signing CA2,O=.NET Foundation,C=USNot Before13/08/2021, 00:00Not After29/10/2024, 23:59SubjectSERIALNUMBER=603 389 068,CN=Json.NET (.NET Foundation),O=Json.NET (.NET Foundation),L=Redmond,ST=Washington,C=US,1.3.6.1.4.1.311.60.2.1.2=#130a57617368696e67746f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6eExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate
IssuerCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USNot Before21/09/2022, 00:00Not After21/11/2033, 23:59SubjectCN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before23/03/2022, 00:00Not After22/03/2037, 23:59SubjectCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before01/08/2022, 00:00Not After09/11/2031, 23:59SubjectCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
38:27:11:d0:35:02:fc:58:64:ae:1e:6c:cb:c5:eb:67:eb:5d:dc:c8:86:9e:e4:59:cc:0d:02:0e:5f:d1:fc:9bSigner
Actual PE Digest38:27:11:d0:35:02:fc:58:64:ae:1e:6c:cb:c5:eb:67:eb:5d:dc:c8:86:9e:e4:59:cc:0d:02:0e:5f:d1:fc:9bDigest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
/_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 681KB - Virtual size: 680KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Release/Newtonsoft.Json.xml.xml
-
Release/System.Buffers.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Code Sign
33:00:00:01:52:9b:40:9f:50:56:99:75:88:00:00:00:00:01:52Certificate
IssuerCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before02/05/2019, 21:37Not After02/05/2020, 21:37SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0e:90:d2:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before08/07/2011, 20:59Not After08/07/2026, 21:09SubjectCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
d4:65:dc:35:86:93:2f:fb:0d:d0:c1:ac:2f:31:92:bd:28:75:14:21:57:3f:3b:7d:55:33:05:32:59:3d:d4:62Signer
Actual PE Digestd4:65:dc:35:86:93:2f:fb:0d:d0:c1:ac:2f:31:92:bd:28:75:14:21:57:3f:3b:7d:55:33:05:32:59:3d:d4:62Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
E:\A\_work\156\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Buffers\netfx\System.Buffers.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Release/System.Buffers.xml
-
Release/System.Diagnostics.EventLog.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Code Sign
33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51Certificate
IssuerCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before02/05/2019, 21:37Not After02/05/2020, 21:37SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0e:90:d2:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before08/07/2011, 20:59Not After08/07/2026, 21:09SubjectCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
2f:99:79:21:52:33:d1:ae:0f:fb:78:f8:cf:ee:33:91:c0:20:59:ab:62:00:36:ba:f2:07:3c:6d:c4:73:d0:eeSigner
Actual PE Digest2f:99:79:21:52:33:d1:ae:0f:fb:78:f8:cf:ee:33:91:c0:20:59:ab:62:00:36:ba:f2:07:3c:6d:c4:73:d0:eeDigest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
/_/artifacts/obj/System.Diagnostics.EventLog/net461-Release/System.Diagnostics.EventLog.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Release/System.Diagnostics.EventLog.xml
-
Release/System.Diagnostics.PerformanceCounter.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Code Sign
33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51Certificate
IssuerCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before02/05/2019, 21:37Not After02/05/2020, 21:37SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0e:90:d2:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before08/07/2011, 20:59Not After08/07/2026, 21:09SubjectCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
f7:de:1d:e9:e2:fc:90:50:19:11:06:11:8b:1c:38:d5:30:29:34:c2:57:08:72:17:1e:b0:9e:36:e9:e4:98:85Signer
Actual PE Digestf7:de:1d:e9:e2:fc:90:50:19:11:06:11:8b:1c:38:d5:30:29:34:c2:57:08:72:17:1e:b0:9e:36:e9:e4:98:85Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
/_/artifacts/obj/System.Diagnostics.PerformanceCounter/net461-Release/System.Diagnostics.PerformanceCounter.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 25KB - Virtual size: 24KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Release/System.Diagnostics.PerformanceCounter.xml
-
Release/System.Memory.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Code Sign
33:00:00:02:52:8b:33:aa:f8:95:f3:39:db:00:00:00:00:02:52Certificate
IssuerCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before02/09/2021, 18:32Not After01/09/2022, 18:32SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0e:90:d2:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before08/07/2011, 20:59Not After08/07/2026, 21:09SubjectCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
a4:6c:07:cf:a9:38:ad:dd:05:7b:ae:24:e4:ad:78:9e:fa:07:82:fb:e0:b3:ea:d5:f5:bc:8e:78:ff:71:9b:27Signer
Actual PE Digesta4:6c:07:cf:a9:38:ad:dd:05:7b:ae:24:e4:ad:78:9e:fa:07:82:fb:e0:b3:ea:d5:f5:bc:8e:78:ff:71:9b:27Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
D:\a\_work\1\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Memory\netfx\System.Memory.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 126KB - Virtual size: 126KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Release/System.Memory.xml
-
Release/System.Numerics.Vectors.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Code Sign
33:00:00:00:c2:a0:09:c5:37:76:e9:f6:cd:00:00:00:00:00:c2Certificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before07/09/2016, 17:58Not After07/09/2018, 17:58SubjectCN=Microsoft Time-Stamp Service,OU=AOC+OU=Thales TSS ESN:C3B0-0F6A-4111,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
33:00:00:01:79:7c:2e:57:4e:52:e1:ca:d6:00:01:00:00:01:79Certificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before11/08/2017, 20:11Not After11/08/2018, 20:11SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31/08/2010, 22:19Not After31/08/2020, 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:00:c4:e9:89:f8:7a:81:50:e9:ff:00:00:00:00:00:c4Certificate
IssuerCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before11/08/2017, 20:20Not After11/08/2018, 20:20SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0e:90:d2:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before08/07/2011, 20:59Not After08/07/2026, 21:09SubjectCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
99:0e:22:c8:fb:bc:e4:62:63:f1:99:41:db:03:50:70:a9:f7:d6:99:5f:43:9a:3b:2d:d5:4b:9c:fc:3d:7c:e6Signer
Actual PE Digest99:0e:22:c8:fb:bc:e4:62:63:f1:99:41:db:03:50:70:a9:f7:d6:99:5f:43:9a:3b:2d:d5:4b:9c:fc:3d:7c:e6Digest Algorithmsha256PE Digest Matchestrue12:57:a0:40:75:36:a1:51:f8:dd:f2:97:bc:f9:16:a8:2c:bd:f3:8dSigner
Actual PE Digest12:57:a0:40:75:36:a1:51:f8:dd:f2:97:bc:f9:16:a8:2c:bd:f3:8dDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
E:\A\_work\39\s\corefx\bin/obj/AnyOS.AnyCPU.Release/System.Numerics.Vectors/net46\System.Numerics.Vectors.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 93KB - Virtual size: 93KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Release/System.Numerics.Vectors.xml
-
Release/System.Runtime.CompilerServices.Unsafe.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Code Sign
33:00:00:01:52:9b:40:9f:50:56:99:75:88:00:00:00:00:01:52Certificate
IssuerCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before02/05/2019, 21:37Not After02/05/2020, 21:37SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0e:90:d2:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before08/07/2011, 20:59Not After08/07/2026, 21:09SubjectCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
10:84:6c:5c:c9:e6:39:56:a6:5f:23:06:01:58:8b:e1:ae:37:c4:fe:71:62:f4:b5:f7:ae:87:52:ec:0c:f4:30Signer
Actual PE Digest10:84:6c:5c:c9:e6:39:56:a6:5f:23:06:01:58:8b:e1:ae:37:c4:fe:71:62:f4:b5:f7:ae:87:52:ec:0c:f4:30Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
mscoree
_CorDllMain
Sections
.text Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Release/System.Runtime.CompilerServices.Unsafe.xml
-
Release/System.Security.Principal.Windows.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Code Sign
33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51Certificate
IssuerCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before02/05/2019, 21:37Not After02/05/2020, 21:37SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0e:90:d2:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before08/07/2011, 20:59Not After08/07/2026, 21:09SubjectCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
66:14:6a:1c:ea:9c:3d:ac:d8:5a:fb:65:4e:52:79:df:9d:05:29:ea:6b:fd:f3:7b:a3:29:c0:13:11:0a:76:daSigner
Actual PE Digest66:14:6a:1c:ea:9c:3d:ac:d8:5a:fb:65:4e:52:79:df:9d:05:29:ea:6b:fd:f3:7b:a3:29:c0:13:11:0a:76:daDigest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
/_/artifacts/obj/System.Security.Principal.Windows/net461-Windows_NT-Release/System.Security.Principal.Windows.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Release/System.Security.Principal.Windows.xml
-
Release/System.Threading.Tasks.Extensions.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Code Sign
33:00:00:01:52:9b:40:9f:50:56:99:75:88:00:00:00:00:01:52Certificate
IssuerCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before02/05/2019, 21:37Not After02/05/2020, 21:37SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0e:90:d2:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before08/07/2011, 20:59Not After08/07/2026, 21:09SubjectCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
da:fb:83:40:c8:c2:8e:cb:07:b8:6a:f1:de:5f:60:bf:04:02:39:30:51:4d:e3:8a:90:db:7a:5d:d3:4f:71:f0Signer
Actual PE Digestda:fb:83:40:c8:c2:8e:cb:07:b8:6a:f1:de:5f:60:bf:04:02:39:30:51:4d:e3:8a:90:db:7a:5d:d3:4f:71:f0Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
E:\A\_work\156\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Threading.Tasks.Extensions\netfx\System.Threading.Tasks.Extensions.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 14KB - Virtual size: 13KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Release/System.Threading.Tasks.Extensions.xml
-
Release/System.ValueTuple.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Code Sign
33:00:00:00:c0:de:2c:3d:07:94:e4:49:79:00:00:00:00:00:c0Certificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before07/09/2016, 17:58Not After07/09/2018, 17:58SubjectCN=Microsoft Time-Stamp Service,OU=AOC+OU=nCipher DSE ESN:7AB5-2DF2-DA3F,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
33:00:00:01:79:7c:2e:57:4e:52:e1:ca:d6:00:01:00:00:01:79Certificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before11/08/2017, 20:11Not After11/08/2018, 20:11SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31/08/2010, 22:19Not After31/08/2020, 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:00:c4:e9:89:f8:7a:81:50:e9:ff:00:00:00:00:00:c4Certificate
IssuerCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before11/08/2017, 20:20Not After11/08/2018, 20:20SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0e:90:d2:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before08/07/2011, 20:59Not After08/07/2026, 21:09SubjectCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
d4:37:69:30:cf:c4:bf:17:93:07:4e:1a:10:f5:a8:79:e8:8f:5f:58:7c:25:a7:a1:5a:95:50:d7:24:03:73:42Signer
Actual PE Digestd4:37:69:30:cf:c4:bf:17:93:07:4e:1a:10:f5:a8:79:e8:8f:5f:58:7c:25:a7:a1:5a:95:50:d7:24:03:73:42Digest Algorithmsha256PE Digest Matchestrue78:b3:c4:5e:5b:a3:f6:32:6e:9b:44:3e:33:4f:0e:39:8c:1c:4a:00Signer
Actual PE Digest78:b3:c4:5e:5b:a3:f6:32:6e:9b:44:3e:33:4f:0e:39:8c:1c:4a:00Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
E:\A\_work\39\s\corefx\bin/obj/AnyOS.AnyCPU.Release/System.ValueTuple/net47\System.ValueTuple.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Release/System.ValueTuple.xml.xml
-
Release/app.publish/ELW.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Code Sign
1d:95:d0:60:6e:b2:61:97:4b:22:f0:30:5e:79:05:2bCertificate
IssuerCN=mabarca-pc\\mabarcaNot Before16/01/2024, 20:27Not After16/01/2025, 02:27SubjectCN=mabarca-pc\\mabarca92:4f:ba:6e:9b:4c:64:e2:17:99:ee:55:a2:80:ef:b8:b9:ef:ce:50:70:2a:41:64:41:8e:b9:ef:f5:b8:ab:83Signer
Actual PE Digest92:4f:ba:6e:9b:4c:64:e2:17:99:ee:55:a2:80:ef:b8:b9:ef:ce:50:70:2a:41:64:41:8e:b9:ef:f5:b8:ab:83Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
C:\Users\mabarca\Desktop\elw\obj\Release\ELW.pdb
Imports
mscoree
_CorExeMain
Sections
.text Size: 32KB - Virtual size: 32KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 840B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ