TitanAgent_for_All_x86_64[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

TitanAgent_for_All_x86_64.exe
Size

12.4MB
MD5

db6458f916dc27495c5f6e7cffd9d7dd
SHA1

04d475841fdc96d4c782a2d2b8c7951acf040bb7
SHA256

a1e2e862ad2728023156216d4a7d14e2ee165aa138393baba84971af28900b98
SHA512

d4f98aa4b12cccb66f5b6aaccc7f8ac936040afc1df990133b2cfc94c0451833730de4748867c9f8ce65212cd4e505af1bd7c40b1f764141f3d02e8db757a713
SSDEEP

393216:Jijw841C5vSFp1bC4lqZgLCzfVWLQkfNPa2d:QjwuviwZ26tw

Score

3^/10

Malware Config

Signatures

Unsigned PE 9 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/ExecCmd.dll
unpack001/$PLUGINSDIR/LangDLL.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/killer.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$PLUGINSDIR/nsExec.dll
unpack001/$PLUGINSDIR/nsJSON.dll
unpack001/$PLUGINSDIR/nsis_agent.dll
unpack001/$PLUGINSDIR/textreplace.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

TitanAgent_for_All_x86_64.exe
.exe windows:4 windows x86 arch:x86

3abe302b6d9a1256e6a915429af4ffd2

Code Sign

03:0d:13:85:df:b4:ab:83:0e:eb:84:dc:e8:4f:01:38
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-07-2020 00:00

Not After

14-09-2023 12:00

Subject

CN=北京升鑫网络科技有限公司,O=北京升鑫网络科技有限公司,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11-02-2011 12:00

Not After

10-02-2026 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ab:4b:8a:d4:e1:3e:b1:e8:ef:66:df:00:dc:97:8c
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

06-07-2020 00:00

Not After

14-09-2023 12:00

Subject

CN=北京升鑫网络科技有限公司,O=北京升鑫网络科技有限公司,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9c:cc:8d:44:be:91:3e:a4:8f:6e:79:b8:5a:2b:a6:7f:6c:3c:b2:38:bf:2a:4d:49:02:e5:51:c9:6e:7d:c3:2d
Signer

Actual PE Digest

9c:cc:8d:44:be:91:3e:a4:8f:6e:79:b8:5a:2b:a6:7f:6c:3c:b2:38:bf:2a:4d:49:02:e5:51:c9:6e:7d:c3:2d

Digest Algorithm

sha256

PE Digest Matches

true

76:d1:f3:31:b3:b6:c6:cd:33:ac:7d:67:02:b2:ad:46:0f:47:f2:cc
Signer

Actual PE Digest

76:d1:f3:31:b3:b6:c6:cd:33:ac:7d:67:02:b2:ad:46:0f:47:f2:cc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetEnvironmentVariableA
Sleep
GetTickCount
GetCommandLineA
lstrlenA
GetVersion
SetErrorMode
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GetWindowsDirectoryA
SetCurrentDirectoryA
GetLastError
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
ReadFile
WriteFile
lstrcpyA
MoveFileExA
lstrcatA
GetSystemDirectoryA
GetProcAddress
GetExitCodeProcess
WaitForSingleObject
CompareFileTime
SetFileAttributesA
GetFileAttributesA
GetShortPathNameA
MoveFileA
GetFullPathNameA
SetFileTime
SearchPathA
CloseHandle
lstrcmpiA
CreateThread
GlobalLock
lstrcmpA
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
GetPrivateProfileStringA
FindClose
MultiByteToWideChar
FreeLibrary
MulDiv
WritePrivateProfileStringA
LoadLibraryExA
GetModuleHandleA
GlobalAlloc
GlobalFree
ExpandEnvironmentStringsA

user32

ScreenToClient
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
PostQuitMessage
GetWindowRect
EnableMenuItem
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndDialog
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
GetDC
CreateDialogParamA
SetTimer
GetDlgItem
SetWindowLongA
SetForegroundWindow
LoadImageA
IsWindow
SendMessageTimeoutA
FindWindowExA
OpenClipboard
TrackPopupMenu
AppendMenuA
EndPaint
DestroyWindow
wsprintfA
ShowWindow
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
ShellExecuteExA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
SHFileOperationA

advapi32

AdjustTokenPrivileges
RegCreateKeyExA
RegOpenKeyExA
SetFileSecurityA
OpenProcessToken
LookupPrivilegeValueA
RegEnumValueA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 152KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ExecCmd.dll
.dll windows:4 windows x86 arch:x86

bf44c9fb48bb8c36b3e2527e7252350d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FreeLibrary
OpenProcess
CloseHandle
GetProcAddress
LoadLibraryA
GetVersionExA
GlobalFree
TerminateProcess
GetExitCodeProcess
WaitForSingleObject
Sleep
CreateProcessA
GlobalAlloc
GetExitCodeThread
lstrcpyA
lstrcpynA
CreateThread
lstrcatA
GetEnvironmentVariableA
lstrcmpiA

user32

SendMessageA
EnumWindows
WaitForInputIdle
wsprintfA
GetWindowThreadProcessId

Exports

Exports

exec
wait

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 802B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 142B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LangDLL.dll
.dll windows:4 windows x86 arch:x86

274b99a815ba574d8c9e1712916d8b30

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
GlobalAlloc
lstrcmpA
GetModuleHandleA
lstrlenA
MulDiv
lstrcpynA
GetACP
lstrcpyA

user32

SetDlgItemTextA
SendDlgItemMessageA
EndDialog
DialogBoxParamA
SetWindowTextA
LoadIconA
GetDC
ShowWindow
SendMessageA

gdi32

DeleteObject
CreateFontIndirectA
GetDeviceCaps

Exports

Exports

LangDialog

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 697B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 362B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

8c8a576201f68de1a3f26fc723b9f30f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GlobalFree
GlobalSize
lstrcpynA
lstrcpyA
GetProcAddress
VirtualFree
FreeLibrary
lstrlenA
LoadLibraryA
GetModuleHandleA
GlobalAlloc
WideCharToMultiByte
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/killer.dll
.dll windows:5 windows x86 arch:x86

1e610ae5b22b178828e96c6a76ffe702

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateToolhelp32Snapshot
Process32First
GetCurrentProcessId
lstrcmpiA
CloseHandle
TerminateProcess
Process32Next
lstrcpynA
GetCurrentProcess
GlobalFree
OpenProcess
GlobalAlloc
IsProcessorFeaturePresent

user32

wsprintfA

advapi32

OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA

Exports

Exports

IsProcessRunning
KillProcess

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 724B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

ddbd50fe6279559edf7d1f1d89b42c2c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesA
lstrcpyA
MulDiv
lstrlenA
HeapFree
GetCurrentDirectoryA
lstrcmpiA
GetProcessHeap
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
SetCurrentDirectoryA
HeapAlloc

user32

DestroyWindow
CallWindowProcA
SetCursor
LoadCursorA
GetPropA
CharPrevA
DrawFocusRect
GetWindowLongA
DrawTextA
GetClientRect
GetDlgItem
GetSysColor
SetWindowLongA
SetWindowPos
CreateDialogParamA
MapDialogRect
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
CharNextA
SendMessageA
MapWindowPoints
RemovePropA
GetWindowTextA

gdi32

SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 620B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

46f8b6973f33717335c0f6d8087de67b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
lstrlenA
GetExitCodeProcess
WaitForSingleObject
Sleep
TerminateProcess
GlobalReAlloc
GlobalUnlock
GlobalSize
lstrcpynA
ReadFile
PeekNamedPipe
GetTickCount
lstrcpyA
CreateProcessA
GetStartupInfoA
GetProcAddress
GetVersion
DeleteFileA
lstrcmpiA
GetCurrentProcess
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateFileA
CopyFileA
GetTempFileNameA
GlobalFree
GlobalAlloc
GetModuleFileNameA
ExitProcess
GetCommandLineA
CreatePipe
GlobalLock
lstrcatA

user32

SendMessageA
OemToCharBuffA
FindWindowExA
CharNextA
wsprintfA
CharPrevA

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 458B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsJSON.dll
.dll windows:6 windows x86 arch:x86

67cfa491a15c2e6ae037612d4a7ef727

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

HttpQueryInfoA
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetSetOptionA
InternetQueryDataAvailable
InternetReadFile
InternetConnectA
InternetCloseHandle
InternetOpenA
InternetCrackUrlA

kernel32

lstrlenA
LocalFree
GetModuleHandleA
CreateProcessA
CreateThread
GetExitCodeProcess
WaitForSingleObject
CreatePipe
SetHandleInformation
lstrcpynA
lstrcatA
CreateFileA
GetFileSize
ReadFile
WriteFile
CloseHandle
GetLastError
SetLastError
GlobalAlloc
GlobalReAlloc
GlobalFree
lstrcmpA
lstrcmpiA
lstrcpyA
WideCharToMultiByte
lstrlenW
MultiByteToWideChar
FormatMessageA

user32

wsprintfA
wsprintfW
IsCharAlphaNumericA
TranslateMessage
DispatchMessageA
PeekMessageA
PostMessageA
MsgWaitForMultipleObjectsEx

Exports

Exports

Delete
Get
Quote
Serialize
Set
Sort
Wait

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsis_agent.dll
.dll windows:5 windows x86 arch:x86

eb96c698bca2b9e11a941e5e4351f89d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\jenkens_slave\workspace\vendor-v3.4.0.10\win-release\titan_agent\titan_client-installer\dist\Win32\Release_ansi\nsis_agent.pdb

Imports

iphlpapi

GetAdaptersInfo

crypt32

CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertOpenStore
CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext

kernel32

GetLocalTime
LocalAlloc
LocalSize
LocalFree
lstrcpynA
GlobalAlloc
GlobalFree
InterlockedDecrement
InitializeCriticalSectionAndSpinCount
RaiseException
DeleteCriticalSection
DeleteFileW
GetModuleFileNameW
GetCurrentDirectoryW
FindClose
VerSetConditionMask
SleepEx
VerifyVersionInfoW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleW
PeekNamedPipe
LoadLibraryW
ReadFile
GetStdHandle
GetFileType
ExpandEnvironmentStringsA
GetModuleHandleA
GetSystemInfo
GetWindowsDirectoryA
QueryPerformanceCounter
GlobalMemoryStatusEx
FlushConsoleInputBuffer
SetEndOfFile
GetFullPathNameW
SetEnvironmentVariableA
WriteConsoleW
OutputDebugStringW
LCMapStringW
CompareStringW
GetTimeFormatW
lstrlenA
AttachConsole
OutputDebugStringA
GetProcessHeap
HeapFree
HeapAlloc
lstrcmpA
MultiByteToWideChar
WideCharToMultiByte
TlsFree
GetCurrentProcessId
CloseHandle
TlsAlloc
DuplicateHandle
GetCurrentThreadId
GetThreadPriority
WaitForMultipleObjects
InterlockedExchangeAdd
SetLastError
InterlockedExchange
GetSystemDirectoryA
CreateEventA
Sleep
TlsSetValue
GetCurrentThread
SetEvent
InterlockedCompareExchange
WaitForSingleObject
GetCurrentProcess
TlsGetValue
SetThreadContext
GetThreadContext
GetModuleFileNameA
LoadLibraryA
GetProcAddress
GetLastError
FormatMessageA
FreeLibrary
GetDateFormatW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
GetStringTypeW
GetFileAttributesExW
CreateFileW
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
FindFirstFileExW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSize
MoveFileExW
GetConsoleCP
FlushFileBuffers
CreatePipe
GetExitCodeProcess
WriteFile
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
ReadConsoleW
GetStartupInfoW
SetConsoleMode
ReadConsoleInputA
GetConsoleMode
SetConsoleCtrlHandler
FileTimeToSystemTime
GetFileInformationByHandle
FileTimeToLocalFileTime
SetFilePointerEx
GetCommandLineA
GetTimeZoneInformation
LoadLibraryExW
ExitThread
CreateThread
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
IsDebuggerPresent
CreateProcessA
GetTempPathA
AreFileApisANSI
ExitProcess
RtlUnwind
HeapReAlloc

user32

GetUserObjectInformationW
GetDesktopWindow
GetProcessWindowStation
MessageBoxW

advapi32

CryptReleaseContext
OpenServiceA
CloseServiceHandle
DeleteService
ChangeServiceConfig2A
CreateServiceA
StartServiceA
QueryServiceStatusEx
OpenSCManagerA
ControlService
CryptGetUserKey
CryptDestroyHash
CryptDecrypt
CryptDestroyKey
CryptEnumProvidersA
CryptCreateHash
CryptGetProvParam
CryptAcquireContextA
CryptSignHashA
CryptExportKey
CryptSetHashParam
ReportEventW
DeregisterEventSource
RegisterEventSourceW
RegEnumKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

VariantInit
SysFreeString
SysAllocString
VariantClear

ws2_32

WSAIoctl
connect
htons
ntohs
getsockname
setsockopt
recv
bind
socket
WSASetLastError
closesocket
getsockopt
WSAStartup
WSACleanup
getaddrinfo
freeaddrinfo
__WSAFDIsSet
select
send
sendto
recvfrom
accept
listen
ioctlsocket
gethostbyname
gethostbyaddr
getservbyname
getservbyport
htonl
inet_addr
inet_ntoa
gethostname
shutdown
getpeername
WSAGetLastError

wldap32

ord41
ord26
ord79
ord166
ord14
ord132
ord46
ord141
ord301
ord27
ord144
ord126
ord215
ord146
ord118
ord207

Exports

Exports

cat_file
close_conf
download_to_file
exec_lua
exec_lua_files
get_proxypwd
info_log
ip_list
load_conf
read_conf
set_log_path
set_socks5_proxy
sys_service
task_scheduler
task_scheduler_xp
url_decode
url_mask
url_param

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 440KB - Virtual size: 439KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 45KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/textreplace.dll
.dll windows:4 windows x86 arch:x86

c9b875d3f7604775d782afcb308d92df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
lstrcpynA
GlobalFree
CloseHandle
GlobalAlloc
GetFileSize
SetFilePointer
ReadFile
CreateFileA
WriteFile
SetFileAttributesA
GetFileAttributesA
CopyFileA
lstrcmpiA

user32

CharUpperA

Exports

Exports

_FillReadBuffer
_FindInFile
_FreeReadBuffer
_ReplaceInFile
_Unload

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 669B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_62_
.exe windows:5 windows x64 arch:x64

db51ebb6e3f91aeca3ac073582d6a91a

Code Sign

03:0d:13:85:df:b4:ab:83:0e:eb:84:dc:e8:4f:01:38
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-07-2020 00:00

Not After

14-09-2023 12:00

Subject

CN=北京升鑫网络科技有限公司,O=北京升鑫网络科技有限公司,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11-02-2011 12:00

Not After

10-02-2026 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ab:4b:8a:d4:e1:3e:b1:e8:ef:66:df:00:dc:97:8c
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

06-07-2020 00:00

Not After

14-09-2023 12:00

Subject

CN=北京升鑫网络科技有限公司,O=北京升鑫网络科技有限公司,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

21:14:7a:2f:ab:e5:5e:74:7b:1d:51:67:41:3b:d5:6f:cb:55:da:d2:07:30:bd:89:dc:7f:a7:fd:03:81:31:d5
Signer

Actual PE Digest

21:14:7a:2f:ab:e5:5e:74:7b:1d:51:67:41:3b:d5:6f:cb:55:da:d2:07:30:bd:89:dc:7f:a7:fd:03:81:31:d5

Digest Algorithm

sha256

PE Digest Matches

true

e4:dd:1d:3b:15:8c:e3:95:aa:f8:ba:b9:bb:97:73:5e:60:bc:96:50
Signer

Actual PE Digest

e4:dd:1d:3b:15:8c:e3:95:aa:f8:ba:b9:bb:97:73:5e:60:bc:96:50

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\jenkens_slave\workspace\vendor-v3.4.0.10\win-release\titan_agent\titan-agent\build\windows\dist\x64\Release\TitanAgent.pdb

Imports

psapi

GetPerformanceInfo
EnumProcesses
GetModuleFileNameExW
GetProcessMemoryInfo
GetModuleBaseNameW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

TlsAlloc
TlsFree
ResumeThread
GetThreadContext
SetThreadContext
GetCurrentThread
SetThreadPriority
CreateEventW
WaitForMultipleObjects
GetThreadPriority
GetProcessAffinityMask
GlobalMemoryStatusEx
GetDiskFreeSpaceExW
GetWindowsDirectoryA
GetProcessId
GetStdHandle
VirtualFree
VirtualAlloc
ReleaseMutex
GetSystemDirectoryA
WaitNamedPipeA
SetNamedPipeHandleState
OpenFileMappingA
GetOverlappedResult
CancelIo
GetFileType
VerSetConditionMask
SleepEx
VerifyVersionInfoW
PeekNamedPipe
GetFileAttributesExA
FlushConsoleInputBuffer
RtlVirtualUnwind
GetDriveTypeA
GetProcessTimes
QueryDosDeviceW
lstrlenA
DeviceIoControl
DebugBreak
IsBadWritePtr
CreateWaitableTimerW
OpenEventA
ResetEvent
TlsSetValue
WaitForMultipleObjectsEx
SetWaitableTimer
TlsGetValue
QueryPerformanceFrequency
GetFileInformationByHandle
SetEnvironmentVariableA
GetEnvironmentVariableA
WaitForSingleObject
SetUnhandledExceptionFilter
GetLongPathNameW
AssignProcessToJobObject
CreateProcessW
lstrcpyA
lstrcpyW
GetModuleFileNameA
RemoveDirectoryW
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryA
GetFileAttributesW
MultiByteToWideChar
GetLogicalDriveStringsW
MoveFileA
AreFileApisANSI
SetFileAttributesW
MoveFileW
CopyFileW
WideCharToMultiByte
CreateDirectoryW
ReadFile
WriteFile
SetFilePointer
GetFileSize
CreateFileA
OpenFileMappingW
CreateFileMappingW
CreateSemaphoreW
UnmapViewOfFile
MapViewOfFile
ExpandEnvironmentStringsW
GetSystemInfo
GetComputerNameExW
FileTimeToSystemTime
GetSystemTimeAsFileTime
GetComputerNameW
GetLocaleInfoA
LocalFree
Module32NextW
CreateToolhelp32Snapshot
Module32FirstW
FormatMessageA
GetEnvironmentStrings
lstrcatW
lstrcmpiW
FindClose
lstrlenW
lstrcpynW
FindFirstFileW
GetProcessHeap
HeapFree
FindNextFileA
FindFirstFileA
lstrcmpW
InitializeSListHead
VirtualProtect
GetVersionExW
FreeLibraryAndExitThread
GetThreadTimes
FreeEnvironmentStringsW
GetEnvironmentStringsW
ReadConsoleW
GetConsoleCP
GetOEMCP
ProcessIdToSessionId
GetCurrentDirectoryA
LocalSize
LocalAlloc
GetFileSizeEx
FreeEnvironmentStringsA
SetHandleInformation
FileTimeToLocalFileTime
FileTimeToDosDateTime
VirtualQueryEx
CreatePipe
GetStartupInfoA
CreateProcessA
GetACP
IsValidCodePage
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetStartupInfoW
UnhandledExceptionFilter
RtlCaptureContext
FatalAppExitA
GetCPInfo
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
GetSystemDefaultUILanguage
HeapAlloc
DuplicateHandle
GetModuleHandleA
ReleaseSemaphore
CreateSemaphoreA
GetTickCount
DeleteCriticalSection
DecodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
GetModuleHandleW
GetModuleFileNameW
Sleep
CopyFileA
RemoveDirectoryA
GetProcAddress
lstrcmpA
GetPrivateProfileStringW
GetPrivateProfileSectionNamesW
GlobalFree
GlobalAlloc
CreateNamedPipeW
ConnectNamedPipe
OpenThread
GetNativeSystemInfo
CreateIoCompletionPort
ReadDirectoryChangesW
GetQueuedCompletionStatus
WriteConsoleW
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
GetExitCodeProcess
GetSystemDirectoryW
SetLastError
DeleteFileA
GetSystemTime
GetTempPathA
OutputDebugStringA
GetFileAttributesExW
GetDiskFreeSpaceA
CreateFileMappingA
LoadLibraryA
GetDiskFreeSpaceW
LockFileEx
HeapSize
GetTempPathW
FlushFileBuffers
HeapValidate
CreateFileW
LoadLibraryW
GetCurrentProcess
FreeLibrary
GetCurrentProcessId
QueryInformationJobObject
TerminateProcess
OpenProcess
CreateJobObjectW
DeleteFileW
ExpandEnvironmentStringsA
GetCurrentThreadId
GetLastError
WaitForSingleObjectEx
CloseHandle
GetLocalTime
CreateEventA
SetEvent
ReadProcessMemory
HeapCreate
GetFileAttributesA
HeapDestroy
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
RtlLookupFunctionEntry
RtlPcToFileHeader
SetConsoleMode
ReadConsoleInputA
FormatMessageW
UnlockFileEx
OutputDebugStringW
LockFile
FlushViewOfFile
UnlockFile
QueryPerformanceCounter
SystemTimeToFileTime
SetEndOfFile
TryEnterCriticalSection
HeapCompact
CreateMutexW
HeapReAlloc
GetFullPathNameA
GetFullPathNameW
CreateThread
EnterCriticalSection
LeaveCriticalSection
TerminateThread
InitializeCriticalSection
FindNextFileW
GetStringTypeW
EncodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
LocalFileTimeToFileTime
SetFileTime
FindFirstFileExW
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
ExitProcess
GetModuleHandleExW
SetConsoleCtrlHandler
GetCommandLineW
ExitThread
LoadLibraryExW
RtlUnwindEx
SetEnvironmentVariableW
SetStdHandle
SetFilePointerEx
GetTimeZoneInformation
MoveFileExW
GetConsoleMode
InterlockedPopEntrySList

user32

SetWindowPos
CreateWindowExA
wsprintfA
IntersectRect
GetWindowRect
SetFocus
GetClientRect
GetWindowLongPtrW
SetWindowRgn
WinHelpA
OffsetRect
GetProcessWindowStation
GetDesktopWindow
MessageBoxW
GetUserObjectInformationW
MessageBoxA
CharNextW
CharNextA
GetSystemMetrics
wsprintfW
GetMessageW
PostThreadMessageW
DispatchMessageW
ShowWindow
GetActiveWindow
TranslateMessage
GetWindowThreadProcessId
IsWindow
GetWindowTextW
GetWindowLongW
EnumWindows
GetParent
RegisterClassA
DefWindowProcW
CallWindowProcW
MapWindowPoints
IsWindowVisible
EqualRect

gdi32

SetMapMode
CreateRectRgnIndirect
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
SetWindowOrgEx
DeleteObject

advapi32

GetSecurityInfo
LookupAccountSidW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LsaLookupSids
LsaOpenPolicy
GetAclInformation
GetFileSecurityW
GetAce
LsaClose
GetSecurityDescriptorSacl
LsaFreeMemory
GetSecurityDescriptorDacl
GetSidSubAuthority
CryptAcquireContextW
CryptDeriveKey
CryptSetKeyParam
GetSidSubAuthorityCount
RegQueryInfoKeyA
CryptImportKey
CryptEncrypt
CryptHashData
LookupAccountNameW
ConvertSidToStringSidW
QueryServiceConfig2W
QueryServiceConfigW
EnumServicesStatusExW
OpenEventLogW
ReadEventLogW
CloseEventLog
RegCreateKeyExW
AddAccessAllowedAceEx
RegSaveKeyW
InitializeAcl
RegSetKeySecurity
RegLoadKeyW
RegUnLoadKeyW
RegCreateKeyExA
RegSetValueExW
CryptGetUserKey
CryptDestroyHash
CryptDecrypt
CryptDestroyKey
CryptEnumProvidersA
CryptCreateHash
CryptGetProvParam
CryptAcquireContextA
CryptSignHashA
CryptReleaseContext
CryptExportKey
CryptSetHashParam
RegEnumValueW
RegEnumValueA
RegEnumKeyExA
GetLengthSid
DuplicateTokenEx
ConvertStringSidToSidW
SetTokenInformation
CreateProcessAsUserA
RegEnumKeyExW
RegQueryInfoKeyW
SetEntriesInAclW
SetNamedSecurityInfoW
FreeSid
AllocateAndInitializeSid
EqualSid
GetTokenInformation
RegOpenKeyExW
RegQueryValueExW
ControlService
ReportEventW
QueryServiceStatusEx
SetServiceStatus
StartServiceW
ChangeServiceConfig2W
DeregisterEventSource
RegisterServiceCtrlHandlerExW
OpenServiceW
StartServiceCtrlDispatcherW
OpenSCManagerW
DeleteService
CloseServiceHandle
RegisterEventSourceW
CreateServiceW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

shell32

SHGetFolderPathW
SHGetFolderPathA

ole32

CoLockObjectExternal
StringFromIID
CoTaskMemAlloc
OleRegGetUserType
CreateOleAdviseHolder
CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance
CoInitializeEx
CoUninitialize
CoRegisterClassObject
CoRevokeClassObject
ProgIDFromCLSID
CoTaskMemFree
StringFromCLSID
MkParseDisplayName
CreateBindCtx
CLSIDFromString
CoInitialize
CLSIDFromProgID

oleaut32

LoadTypeLibEx
GetActiveObject
UnRegisterTypeLi
SafeArrayDestroy
SafeArrayGetElement
SysStringLen
SysAllocStringLen
DispGetIDsOfNames
LHashValOfNameSys
VariantCopyInd
SafeArrayCreateVector
VariantTimeToSystemTime
SafeArrayAccessData
SafeArrayCreate
SystemTimeToVariantTime
SafeArrayGetDim
SafeArrayUnaccessData
SysFreeString
VariantChangeType
VariantInit
VariantCopy
VariantClear
SysAllocString
SafeArrayPutElement
LoadRegTypeLi

shlwapi

SHDeleteKeyA
PathAppendA
ord437
PathFileExistsA
PathFileExistsW
PathRemoveFileSpecA

iphlpapi

GetAdaptersInfo
GetPerAdapterInfo
GetIfTable
GetIpNetTable
GetUdpTable
GetTcpTable
GetIpAddrTable

ws2_32

recvfrom
connect
WSACleanup
WSAStartup
accept
listen
send
__WSAFDIsSet
bind
recv
setsockopt
select
WSASetLastError
getsockname
WSAGetLastError
closesocket
gethostbyname
ntohl
htonl
gethostname
ioctlsocket
inet_addr
shutdown
inet_ntoa
freeaddrinfo
getaddrinfo
WSAIoctl
getpeername
getservbyport
getservbyname
sendto
gethostbyaddr
getsockopt
htons
ntohs
socket

wldap32

ord26
ord79
ord166
ord41
ord207
ord146
ord215
ord126
ord144
ord118
ord14
ord27
ord301
ord141
ord46
ord132

crypt32

CertFreeCertificateChain
CertFreeCertificateContext
CertOpenStore
CertFindCertificateInStore
CertCloseStore
CertGetCertificateContextProperty
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CryptMsgClose
CryptQueryObject
CryptMsgUpdate
CertGetCertificateChain
CryptMsgGetParam
CryptMsgOpenToDecode
CertGetNameStringW
CryptVerifyMessageSignature

imagehlp

SymCleanup
SymGetModuleInfoW64
ImageEnumerateCertificates
SymInitialize
SymUnloadModule64
SymFromAddr
StackWalk64
ImageGetCertificateData

pdh

PdhOpenQueryW
PdhAddCounterW
PdhGetRawCounterValue
PdhCloseQuery
PdhCollectQueryData
PdhComputeCounterStatistics

msi

ord70
ord111
ord113
ord45

dbghelp

SymLoadModuleEx

netapi32

NetUserGetLocalGroups
NetLocalGroupEnum
NetUserEnum
NetUserGetGroups
NetGroupEnum
NetGroupGetUsers
NetApiBufferFree
NetUserGetInfo
NetUserModalsGet
NetLocalGroupGetMembers
NetUserChangePassword

esent

JetMove
JetEndSession
JetCloseTable
JetDetachDatabase
JetSetSystemParameter
JetCreateInstance
JetGetDatabaseFileInfo
JetBeginSession
JetGetSystemParameter
JetOpenDatabase
JetInit
JetCloseDatabase
JetTerm
JetAttachDatabase
JetGetTableColumnInfo
JetRetrieveColumn
JetOpenTable

wtsapi32

WTSFreeMemory
WTSEnumerateProcessesW

ntdll

RtlConvertSidToUnicodeString
RtlGetVersion
NtQueryInformationProcess
NtDuplicateObject
NtQueryInformationToken
NtOpenSymbolicLinkObject
NtQuerySystemInformation
NtReadVirtualMemory
NtFreeVirtualMemory
NtOpenProcessToken
NtQuerySymbolicLinkObject
NtClose
NtQueryVirtualMemory
NtQueryObject
NtAllocateVirtualMemory

winsta

WinStationQueryInformationW

Exports

Exports

?foo@link_static_warning_inhibit@boost@@YAXXZ
UTF8ToHtml
UTF8Toisolat1
__docbDefaultSAXHandler
__htmlDefaultSAXHandler
__oldXMLWDcompatibility
__xmlBufferAllocScheme
__xmlDefaultBufferSize
__xmlDefaultSAXHandler
__xmlDefaultSAXLocator
__xmlDeregisterNodeDefaultValue
__xmlDoValidityCheckingDefaultValue
__xmlErrEncoding
__xmlGenericError
__xmlGenericErrorContext
__xmlGetWarningsDefaultValue
__xmlIndentTreeOutput
__xmlKeepBlanksDefaultValue
__xmlLastError
__xmlLineNumbersDefaultValue
__xmlLoadExtDtdDefaultValue
__xmlOutputBufferCreateFilenameValue
__xmlParserDebugEntities
__xmlParserInputBufferCreateFilenameValue
__xmlParserVersion
__xmlPedanticParserDefaultValue
__xmlRaiseError
__xmlRegisterNodeDefaultValue
__xmlSaveNoEmptyTags
__xmlSimpleError
__xmlStructuredError
__xmlStructuredErrorContext
__xmlSubstituteEntitiesDefaultValue
__xmlTreeIndentString
docbDefaultSAXHandlerInit
emptyExp
forbiddenExp
htmlAttrAllowed
htmlAutoCloseTag
htmlCreateFileParserCtxt
htmlCreateMemoryParserCtxt
htmlCreatePushParserCtxt
htmlCtxtReadDoc
htmlCtxtReadFd
htmlCtxtReadFile
htmlCtxtReadIO
htmlCtxtReadMemory
htmlCtxtReset
htmlCtxtUseOptions
htmlDefaultSAXHandlerInit
htmlDocContentDumpFormatOutput
htmlDocContentDumpOutput
htmlDocDump
htmlDocDumpMemory
htmlDocDumpMemoryFormat
htmlElementAllowedHere
htmlElementStatusHere
htmlEncodeEntities
htmlEntityLookup
htmlEntityValueLookup
htmlFreeParserCtxt
htmlGetMetaEncoding
htmlHandleOmittedElem
htmlInitAutoClose
htmlIsAutoClosed
htmlIsBooleanAttr
htmlIsScriptAttribute
htmlNewDoc
htmlNewDocNoDtD
htmlNewParserCtxt
htmlNodeDump
htmlNodeDumpFile
htmlNodeDumpFileFormat
htmlNodeDumpFormatOutput
htmlNodeDumpOutput
htmlNodeStatus
htmlParseCharRef
htmlParseChunk
htmlParseDoc
htmlParseDocument
htmlParseElement
htmlParseEntityRef
htmlParseFile
htmlReadDoc
htmlReadFd
htmlReadFile
htmlReadIO
htmlReadMemory
htmlSAXParseDoc
htmlSAXParseFile
htmlSaveFile
htmlSaveFileEnc
htmlSaveFileFormat
htmlSetMetaEncoding
htmlTagLookup
initGenericErrorDefaultFunc
initdocbDefaultSAXHandler
inithtmlDefaultSAXHandler
initxmlDefaultSAXHandler
inputPop
inputPush
isolat1ToUTF8
namePop
namePush
nodePop
nodePush
valuePop
valuePush
xmlACatalogAdd
xmlACatalogDump
xmlACatalogRemove
xmlACatalogResolve
xmlACatalogResolvePublic
xmlACatalogResolveSystem
xmlACatalogResolveURI
xmlAddAttributeDecl
xmlAddChild
xmlAddChildList
xmlAddDocEntity
xmlAddDtdEntity
xmlAddElementDecl
xmlAddEncodingAlias
xmlAddID
xmlAddNextSibling
xmlAddNotationDecl
xmlAddPrevSibling
xmlAddRef
xmlAddSibling
xmlAllocOutputBuffer
xmlAllocParserInputBuffer
xmlAttrSerializeTxtContent
xmlAutomataCompile
xmlAutomataGetInitState
xmlAutomataIsDeterminist
xmlAutomataNewAllTrans
xmlAutomataNewCountTrans
xmlAutomataNewCountTrans2
xmlAutomataNewCountedTrans
xmlAutomataNewCounter
xmlAutomataNewCounterTrans
xmlAutomataNewEpsilon
xmlAutomataNewNegTrans
xmlAutomataNewOnceTrans
xmlAutomataNewOnceTrans2
xmlAutomataNewState
xmlAutomataNewTransition
xmlAutomataNewTransition2
xmlAutomataSetFinalState
xmlBoolToText
xmlBufContent
xmlBufEnd
xmlBufGetNodeContent
xmlBufNodeDump
xmlBufShrink
xmlBufUse
xmlBufferAdd
xmlBufferAddHead
xmlBufferCCat
xmlBufferCat
xmlBufferContent
xmlBufferCreate
xmlBufferCreateSize
xmlBufferCreateStatic
xmlBufferDetach
xmlBufferDump
xmlBufferEmpty
xmlBufferFree
xmlBufferGrow
xmlBufferLength
xmlBufferResize
xmlBufferSetAllocationScheme
xmlBufferShrink
xmlBufferWriteCHAR
xmlBufferWriteChar
xmlBufferWriteQuotedString
xmlBuildQName
xmlBuildRelativeURI
xmlBuildURI
xmlByteConsumed
xmlCanonicPath
xmlCatalogAdd
xmlCatalogAddLocal
xmlCatalogCleanup
xmlCatalogConvert
xmlCatalogDump
xmlCatalogFreeLocal
xmlCatalogGetDefaults
xmlCatalogGetPublic
xmlCatalogGetSystem
xmlCatalogIsEmpty
xmlCatalogLocalResolve
xmlCatalogLocalResolveURI
xmlCatalogRemove
xmlCatalogResolve
xmlCatalogResolvePublic
xmlCatalogResolveSystem
xmlCatalogResolveURI
xmlCatalogSetDebug
xmlCatalogSetDefaultPrefer
xmlCatalogSetDefaults
xmlCharEncCloseFunc
xmlCharEncFirstLine
xmlCharEncInFunc
xmlCharEncOutFunc
xmlCharInRange
xmlCharStrdup
xmlCharStrndup
xmlCheckFilename
xmlCheckHTTPInput
xmlCheckLanguageID
xmlCheckUTF8
xmlCheckVersion
xmlChildElementCount
xmlCleanupCharEncodingHandlers
xmlCleanupEncodingAliases
xmlCleanupGlobals
xmlCleanupInputCallbacks
xmlCleanupMemory
xmlCleanupOutputCallbacks
xmlCleanupParser
xmlCleanupThreads
xmlClearNodeInfoSeq
xmlClearParserCtxt
xmlConvertSGMLCatalog
xmlCopyAttributeTable
xmlCopyChar
xmlCopyCharMultiByte
xmlCopyDoc
xmlCopyDocElementContent
xmlCopyDtd
xmlCopyElementContent
xmlCopyElementTable
xmlCopyEntitiesTable
xmlCopyEnumeration
xmlCopyError
xmlCopyNamespace
xmlCopyNamespaceList
xmlCopyNode
xmlCopyNodeList
xmlCopyNotationTable
xmlCopyProp
xmlCopyPropList
xmlCreateDocParserCtxt
xmlCreateEntitiesTable
xmlCreateEntityParserCtxt
xmlCreateEnumeration
xmlCreateFileParserCtxt
xmlCreateIOParserCtxt
xmlCreateIntSubset
xmlCreateMemoryParserCtxt
xmlCreatePushParserCtxt
xmlCreateURI
xmlCreateURLParserCtxt
xmlCtxtGetLastError
xmlCtxtReadDoc
xmlCtxtReadFd
xmlCtxtReadFile
xmlCtxtReadIO
xmlCtxtReadMemory
xmlCtxtReset
xmlCtxtResetLastError
xmlCtxtResetPush
xmlCtxtUseOptions
xmlCurrentChar
xmlDOMWrapAdoptNode
xmlDOMWrapCloneNode
xmlDOMWrapFreeCtxt
xmlDOMWrapNewCtxt
xmlDOMWrapReconcileNamespaces
xmlDOMWrapRemoveNode
xmlDebugCheckDocument
xmlDebugDumpAttr
xmlDebugDumpAttrList
xmlDebugDumpDTD
xmlDebugDumpDocument
xmlDebugDumpDocumentHead
xmlDebugDumpEntities
xmlDebugDumpNode
xmlDebugDumpNodeList
xmlDebugDumpOneNode
xmlDebugDumpString
xmlDefaultSAXHandlerInit
xmlDelEncodingAlias
xmlDeregisterNodeDefault
xmlDetectCharEncoding
xmlDictCleanup
xmlDictCreate
xmlDictCreateSub
xmlDictExists
xmlDictFree
xmlDictGetUsage
xmlDictLookup
xmlDictOwns
xmlDictQLookup
xmlDictReference
xmlDictSetLimit
xmlDictSize
xmlDocCopyNode
xmlDocCopyNodeList
xmlDocDump
xmlDocDumpFormatMemory
xmlDocDumpFormatMemoryEnc
xmlDocDumpMemory
xmlDocDumpMemoryEnc
xmlDocFormatDump
xmlDocGetRootElement
xmlDocSetRootElement
xmlDumpAttributeDecl
xmlDumpAttributeTable
xmlDumpElementDecl
xmlDumpElementTable
xmlDumpEntitiesTable
xmlDumpEntityDecl
xmlDumpNotationDecl
xmlDumpNotationTable
xmlElemDump
xmlEncodeEntitiesReentrant
xmlEncodeSpecialChars
xmlErrMemory
xmlExpCtxtNbCons
xmlExpCtxtNbNodes
xmlExpDump
xmlExpExpDerive
xmlExpFree
xmlExpFreeCtxt
xmlExpGetLanguage
xmlExpGetStart
xmlExpIsNillable
xmlExpMaxToken
xmlExpNewAtom
xmlExpNewCtxt
xmlExpNewOr
xmlExpNewRange
xmlExpNewSeq
xmlExpParse
xmlExpRef
xmlExpStringDerive
xmlExpSubsume
xmlFileClose
xmlFileMatch
xmlFileOpen
xmlFileRead
xmlFindCharEncodingHandler
xmlFirstElementChild
xmlFree
xmlFreeAttributeTable
xmlFreeAutomata
xmlFreeCatalog
xmlFreeDoc
xmlFreeDocElementContent
xmlFreeDtd
xmlFreeElementContent
xmlFreeElementTable
xmlFreeEntitiesTable
xmlFreeEnumeration
xmlFreeIDTable
xmlFreeInputStream
xmlFreeMutex
xmlFreeNode
xmlFreeNodeList
xmlFreeNotationTable
xmlFreeNs
xmlFreeNsList
xmlFreeParserCtxt
xmlFreeParserInputBuffer
xmlFreePattern
xmlFreePatternList
xmlFreeProp
xmlFreePropList
xmlFreeRMutex
xmlFreeRefTable
xmlFreeStreamCtxt
xmlFreeTextReader
xmlFreeURI
xmlFreeValidCtxt
xmlGcMemGet
xmlGcMemSetup
xmlGetBufferAllocationScheme
xmlGetCharEncodingHandler
xmlGetCharEncodingName
xmlGetCompressMode
xmlGetDocCompressMode
xmlGetDocEntity
xmlGetDtdAttrDesc
xmlGetDtdElementDesc
xmlGetDtdEntity
xmlGetDtdNotationDesc
xmlGetDtdQAttrDesc
xmlGetDtdQElementDesc
xmlGetEncodingAlias
xmlGetExternalEntityLoader
xmlGetGlobalState
xmlGetID
xmlGetIntSubset
xmlGetLastChild
xmlGetLastError
xmlGetLineNo
xmlGetNoNsProp
xmlGetNodePath
xmlGetNsList
xmlGetNsProp
xmlGetParameterEntity
xmlGetPredefinedEntity
xmlGetProp
xmlGetRefs
xmlGetThreadId
xmlGetUTF8Char
xmlHasFeature
xmlHasNsProp
xmlHasProp
xmlHashAddEntry
xmlHashAddEntry2
xmlHashAddEntry3
xmlHashCopy
xmlHashCreate
xmlHashCreateDict
xmlHashFree
xmlHashLookup
xmlHashLookup2
xmlHashLookup3
xmlHashQLookup
xmlHashQLookup2
xmlHashQLookup3
xmlHashRemoveEntry
xmlHashRemoveEntry2
xmlHashRemoveEntry3
xmlHashScan
xmlHashScan3
xmlHashScanFull
xmlHashScanFull3
xmlHashSize
xmlHashUpdateEntry
xmlHashUpdateEntry2
xmlHashUpdateEntry3
xmlIOFTPClose
xmlIOFTPMatch
xmlIOFTPOpen
xmlIOFTPRead
xmlIOHTTPClose
xmlIOHTTPMatch
xmlIOHTTPOpen
xmlIOHTTPOpenW
xmlIOHTTPRead
xmlIOParseDTD
xmlInitCharEncodingHandlers
xmlInitGlobals
xmlInitMemory
xmlInitNodeInfoSeq
xmlInitParser
xmlInitParserCtxt
xmlInitThreads
xmlInitializeCatalog
xmlInitializeDict
xmlInitializeGlobalState
xmlIsBaseChar
xmlIsBaseCharGroup
xmlIsBlank
xmlIsBlankNode
xmlIsChar
xmlIsCharGroup
xmlIsCombining
xmlIsCombiningGroup
xmlIsDigit
xmlIsDigitGroup
xmlIsExtender
xmlIsExtenderGroup
xmlIsID
xmlIsIdeographic
xmlIsIdeographicGroup
xmlIsLetter
xmlIsMainThread
xmlIsMixedElement
xmlIsPubidChar
xmlIsPubidChar_tab
xmlIsRef
xmlIsXHTML
xmlKeepBlanksDefault
xmlLastElementChild
xmlLineNumbersDefault
xmlLinkGetData
xmlListAppend
xmlListClear
xmlListCopy
xmlListCreate
xmlListDelete
xmlListDup
xmlListEmpty
xmlListEnd
xmlListFront
xmlListInsert
xmlListMerge
xmlListPopBack
xmlListPopFront
xmlListPushBack
xmlListPushFront
xmlListRemoveAll
xmlListRemoveFirst
xmlListRemoveLast
xmlListReverse
xmlListReverseSearch

Sections

.text
Size: 6.7MB - Virtual size: 6.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 330KB - Virtual size: 466KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 380KB - Virtual size: 379KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 233B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_63_
.exe windows:5 windows x64 arch:x64

e151a0069972584044aaf448bf8b70a8

Code Sign

03:0d:13:85:df:b4:ab:83:0e:eb:84:dc:e8:4f:01:38
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-07-2020 00:00

Not After

14-09-2023 12:00

Subject

CN=北京升鑫网络科技有限公司,O=北京升鑫网络科技有限公司,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11-02-2011 12:00

Not After

10-02-2026 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ab:4b:8a:d4:e1:3e:b1:e8:ef:66:df:00:dc:97:8c
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

06-07-2020 00:00

Not After

14-09-2023 12:00

Subject

CN=北京升鑫网络科技有限公司,O=北京升鑫网络科技有限公司,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

63:60:fa:da:85:ad:8f:bf:69:93:e5:2b:11:94:fc:88:72:a4:bb:79:26:a2:fe:57:75:8c:f8:c6:a0:1d:f6:7f
Signer

Actual PE Digest

63:60:fa:da:85:ad:8f:bf:69:93:e5:2b:11:94:fc:88:72:a4:bb:79:26:a2:fe:57:75:8c:f8:c6:a0:1d:f6:7f

Digest Algorithm

sha256

PE Digest Matches

true

8e:56:e5:bc:53:06:52:b1:f0:2b:32:de:e1:4e:1d:14:e7:45:e7:aa
Signer

Actual PE Digest

8e:56:e5:bc:53:06:52:b1:f0:2b:32:de:e1:4e:1d:14:e7:45:e7:aa

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\jenkens_slave\workspace\vendor-v3.4.0.10\win-release\titan_agent\agent-monitor\dist\x64\Release\titan_guard.pdb

Imports

psapi

EnumProcesses
GetModuleFileNameExW
GetProcessMemoryInfo

wldap32

ord132
ord46
ord141
ord301
ord27
ord144
ord126
ord215
ord146
ord207
ord14
ord166
ord79
ord26
ord41
ord118

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

CreateEventA
Sleep
RaiseException
DecodePointer
DeleteCriticalSection
GetCurrentThreadId
MultiByteToWideChar
FindFirstFileW
GetModuleFileNameW
GetCurrentDirectoryW
FindClose
GetModuleFileNameA
FormatMessageA
SetLastError
SystemTimeToFileTime
HeapAlloc
HeapFree
WaitForSingleObject
GetProcessHeap
GetSystemDirectoryW
GetExitCodeProcess
CreateProcessA
GetStartupInfoA
CreatePipe
DuplicateHandle
GetModuleHandleA
Thread32First
Thread32Next
OpenThread
CreateToolhelp32Snapshot
ResumeThread
InitializeCriticalSectionAndSpinCount
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleW
WaitForSingleObjectEx
QueryDosDeviceW
CreateThread
TlsGetValue
GetTickCount
SetFileAttributesW
WaitForMultipleObjectsEx
TlsSetValue
ReleaseSemaphore
ResetEvent
OpenEventA
TlsAlloc
TlsFree
GetProcessId
PeekNamedPipe
GetStdHandle
GetFileType
WaitForMultipleObjects
ExpandEnvironmentStringsA
GetSystemDirectoryA
LoadLibraryA
GetWindowsDirectoryA
QueryPerformanceCounter
GlobalMemoryStatusEx
RtlVirtualUnwind
FlushConsoleInputBuffer
GetTimeFormatW
GetDateFormatW
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
SetEvent
DeleteFileW
CopyFileW
GetCurrentProcessId
CreateWaitableTimerW
SetWaitableTimer
GetLongPathNameW
GetNativeSystemInfo
OutputDebugStringA
SleepEx
OutputDebugStringW
TerminateProcess
GetFileAttributesW
WideCharToMultiByte
OpenProcess
GetProcessTimes
CreateDirectoryW
GetCurrentProcess
FreeLibrary
CloseHandle
GetLastError
CreateFileW
ReadFile
WriteFile
SetFilePointer
GetProcAddress
VerifyVersionInfoW
ReadProcessMemory
LoadLibraryW
VerSetConditionMask
ExpandEnvironmentStringsW
GetEnvironmentVariableW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapSize
IsValidCodePage
GetACP
GetOEMCP
FlushFileBuffers
GetConsoleCP
ReadConsoleW
GetFullPathNameW
LocalFileTimeToFileTime
SetFileTime
SetConsoleMode
ReadConsoleInputA
GetConsoleMode
GetTimeZoneInformation
GetFileInformationByHandle
FileTimeToLocalFileTime
SetFilePointerEx
LoadLibraryExW
ExitThread
HeapReAlloc
GetCommandLineA
SetConsoleCtrlHandler
MoveFileExW
AreFileApisANSI
GetModuleHandleExW
ExitProcess
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
FindFirstFileExW
IsProcessorFeaturePresent
IsDebuggerPresent
GetStringTypeW
EncodePointer
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
WriteConsoleW
SetEndOfFile
SetEnvironmentVariableA
GetSystemTimeAsFileTime

user32

wsprintfW
CharNextW
GetUserObjectInformationW
MessageBoxW
GetProcessWindowStation
GetDesktopWindow

advapi32

CloseServiceHandle
RegOpenKeyExA
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
CryptGetUserKey
CryptDestroyHash
CryptDecrypt
CryptDestroyKey
CryptEnumProvidersA
CryptCreateHash
CryptGetProvParam
CryptAcquireContextA
CryptSignHashA
CryptReleaseContext
CryptExportKey
CryptSetHashParam
ReportEventW
DeregisterEventSource
RegisterEventSourceW
RegEnumKeyExA
EnumServicesStatusExW
OpenSCManagerW
RegQueryValueExA

ntdll

NtQuerySystemInformation
NtQueryInformationProcess
NtOpenSymbolicLinkObject
NtQuerySymbolicLinkObject
NtClose
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
RtlCaptureContext

ws2_32

getsockname
ntohs
htons
WSACleanup
WSAStartup
getsockopt
closesocket
WSASetLastError
shutdown
socket
getaddrinfo
freeaddrinfo
gethostname
inet_ntoa
inet_addr
htonl
getservbyport
getservbyname
setsockopt
recv
bind
gethostbyaddr
gethostbyname
ioctlsocket
listen
accept
recvfrom
sendto
send
select
__WSAFDIsSet
getpeername
WSAIoctl
connect
WSAGetLastError

crypt32

CertEnumCertificatesInStore
CertGetCertificateContextProperty
CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CertDuplicateCertificateContext
CertOpenStore

Exports

Exports

?foo@link_static_warning_inhibit@boost@@YAXXZ

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 542KB - Virtual size: 542KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 78KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_64_
.exe windows:5 windows x64 arch:x64

030b3781c4ad1218e0395a46cb07264c

Code Sign

03:0d:13:85:df:b4:ab:83:0e:eb:84:dc:e8:4f:01:38
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-07-2020 00:00

Not After

14-09-2023 12:00

Subject

CN=北京升鑫网络科技有限公司,O=北京升鑫网络科技有限公司,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11-02-2011 12:00

Not After

10-02-2026 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ab:4b:8a:d4:e1:3e:b1:e8:ef:66:df:00:dc:97:8c
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

06-07-2020 00:00

Not After

14-09-2023 12:00

Subject

CN=北京升鑫网络科技有限公司,O=北京升鑫网络科技有限公司,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

44:b9:5a:dc:96:97:06:78:d9:25:a7:5d:1c:86:d0:12:38:16:7f:74:c6:e1:92:ec:1f:87:83:02:0b:13:af:48
Signer

Actual PE Digest

44:b9:5a:dc:96:97:06:78:d9:25:a7:5d:1c:86:d0:12:38:16:7f:74:c6:e1:92:ec:1f:87:83:02:0b:13:af:48

Digest Algorithm

sha256

PE Digest Matches

true

49:38:9c:86:17:ed:26:5f:48:e5:2e:fe:9d:e2:e7:c4:bd:8b:32:70
Signer

Actual PE Digest

49:38:9c:86:17:ed:26:5f:48:e5:2e:fe:9d:e2:e7:c4:bd:8b:32:70

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\jenkens_slave\workspace\vendor-v3.4.0.10\win-release\titan_agent\agent-monitor\dist\x64\Release\TitanMonitor.pdb

Imports

psapi

EnumProcesses
GetModuleFileNameExW

wldap32

ord132
ord46
ord141
ord301
ord27
ord144
ord126
ord215
ord146
ord207
ord14
ord166
ord79
ord26
ord41
ord118

kernel32

GetSystemInfo
QueryPerformanceFrequency
CreateProcessW
WaitForSingleObject
CreateSemaphoreW
InitializeCriticalSectionAndSpinCount
RaiseException
DecodePointer
DeleteCriticalSection
GetCurrentThreadId
WideCharToMultiByte
MultiByteToWideChar
GetCurrentDirectoryW
FindClose
FormatMessageA
SetLastError
SystemTimeToFileTime
Thread32First
Thread32Next
OpenThread
CreateToolhelp32Snapshot
SuspendThread
ResumeThread
TlsGetValue
SetWaitableTimer
GetTickCount
WaitForMultipleObjectsEx
GetLastError
ReleaseSemaphore
ResetEvent
OpenEventA
GetModuleHandleA
CreateWaitableTimerW
TlsAlloc
TlsFree
MapViewOfFile
UnmapViewOfFile
CreateFileW
CreateFileMappingW
SleepEx
GetCurrentProcess
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleW
CreateThread
GetProcessId
PeekNamedPipe
ReadFile
GetStdHandle
GetFileType
WaitForMultipleObjects
ExpandEnvironmentStringsA
GetSystemDirectoryA
LoadLibraryA
GetWindowsDirectoryA
GlobalMemoryStatusEx
RtlVirtualUnwind
FlushConsoleInputBuffer
CompareStringW
GetTimeFormatW
GetDateFormatW
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
QueryInformationJobObject
TerminateProcess
Sleep
IsProcessInJob
OpenProcess
GetProcessTimes
GetSystemTimeAsFileTime
GetProcessHeap
HeapFree
TlsSetValue
QueryPerformanceCounter
HeapAlloc
FreeLibrary
GetCurrentProcessId
CloseHandle
OutputDebugStringA
CreateEventA
OutputDebugStringW
WaitForSingleObjectEx
SetEvent
GetModuleFileNameW
GetProcAddress
VerifyVersionInfoW
ReadProcessMemory
LoadLibraryW
VerSetConditionMask
GetEnvironmentVariableW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapSize
IsValidCodePage
GetACP
GetOEMCP
WriteFile
FlushFileBuffers
GetConsoleCP
ReadConsoleW
SetStdHandle
SetConsoleMode
ReadConsoleInputA
GetConsoleMode
GetTimeZoneInformation
AreFileApisANSI
GetModuleHandleExW
ExitProcess
SetConsoleCtrlHandler
FileTimeToSystemTime
GetFileInformationByHandle
FileTimeToLocalFileTime
SetFilePointerEx
LoadLibraryExW
ExitThread
HeapReAlloc
GetCommandLineW
SetEndOfFile
IsProcessorFeaturePresent
IsDebuggerPresent
GetStringTypeW
EncodePointer
GetEnvironmentStringsW
FreeEnvironmentStringsW
FindFirstFileExW
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
WriteConsoleW
SetEnvironmentVariableA
GetFullPathNameW
InitializeCriticalSection

user32

GetUserObjectInformationW
GetDesktopWindow
GetProcessWindowStation
MessageBoxW

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
CryptGetUserKey
CryptDestroyHash
CryptDecrypt
CryptDestroyKey
CryptEnumProvidersA
CryptCreateHash
CryptGetProvParam
CryptAcquireContextA
CryptSignHashA
CryptReleaseContext
CryptExportKey
CryptSetHashParam
RegEnumKeyExA
ReportEventW
DeregisterEventSource
RegisterEventSourceW
RegQueryValueExA

winmm

timeKillEvent
timeSetEvent

ntdll

NtQueryInformationProcess
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
RtlCaptureContext

imagehlp

ImageGetCertificateData
ImageEnumerateCertificates

ws2_32

closesocket
WSASetLastError
bind
recv
shutdown
getaddrinfo
freeaddrinfo
gethostname
setsockopt
inet_ntoa
inet_addr
htonl
getservbyport
getservbyname
gethostbyaddr
gethostbyname
ioctlsocket
listen
accept
recvfrom
getsockopt
WSAStartup
WSACleanup
sendto
send
select
__WSAFDIsSet
getpeername
WSAIoctl
connect
WSAGetLastError
htons
ntohs
getsockname
socket

crypt32

CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertGetCertificateContextProperty
CertCloseStore
CertFindCertificateInStore
CertOpenStore
CertFreeCertificateContext
CryptVerifyMessageSignature

Exports

Exports

?foo@link_static_warning_inhibit@boost@@YAXXZ

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 520KB - Virtual size: 519KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 78KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
base.conf
scanmanager.exe
.exe windows:6 windows x64 arch:x64

f44eaae9ba14d5cf00fa6a08dd6ecb4e

Code Sign

03:0d:13:85:df:b4:ab:83:0e:eb:84:dc:e8:4f:01:38
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-07-2020 00:00

Not After

14-09-2023 12:00

Subject

CN=北京升鑫网络科技有限公司,O=北京升鑫网络科技有限公司,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11-02-2011 12:00

Not After

10-02-2026 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ab:4b:8a:d4:e1:3e:b1:e8:ef:66:df:00:dc:97:8c
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

06-07-2020 00:00

Not After

14-09-2023 12:00

Subject

CN=北京升鑫网络科技有限公司,O=北京升鑫网络科技有限公司,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5b:b8:12:6c:5f:e6:fc:5c:f9:02:18:bb:92:03:08:50:b7:69:de:ad:c2:a6:8f:48:05:88:2d:e0:f9:d9:6b:4d
Signer

Actual PE Digest

5b:b8:12:6c:5f:e6:fc:5c:f9:02:18:bb:92:03:08:50:b7:69:de:ad:c2:a6:8f:48:05:88:2d:e0:f9:d9:6b:4d

Digest Algorithm

sha256

PE Digest Matches

true

72:3f:c2:c0:1c:2b:a8:90:ae:fd:0c:c2:44:3d:88:95:82:ee:d2:a4
Signer

Actual PE Digest

72:3f:c2:c0:1c:2b:a8:90:ae:fd:0c:c2:44:3d:88:95:82:ee:d2:a4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\jenkens_slave\workspace\vendor-v3.4.0.10\win-release\titan_agent\titan_client-scanner\dist\x64\Release\scanmanager.pdb

Imports

kernel32

SetEvent
WaitForSingleObjectEx
CreateEventA
CreateSemaphoreA
ReleaseSemaphore
DuplicateHandle
CloseHandle
HeapAlloc
HeapFree
GetTickCount
GetProcessHeap
GetModuleHandleA
SetConsoleCtrlHandler
ConnectNamedPipe
WriteFile
ReadFile
GetOverlappedResult
DisconnectNamedPipe
CreateNamedPipeA
CreateEventW
WaitForMultipleObjects
CancelIo
TlsGetValue
SetWaitableTimer
SystemTimeToFileTime
GetSystemTimeAsFileTime
WaitForMultipleObjectsEx
TlsSetValue
Sleep
ResetEvent
OpenEventA
CreateWaitableTimerW
TlsAlloc
GetCurrentProcessId
TlsFree
ResumeThread
WideCharToMultiByte
MultiByteToWideChar
QueryPerformanceCounter
GetCurrentProcess
GetExitCodeProcess
CreateProcessA
TerminateProcess
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
RaiseException
GetCurrentDirectoryW
FindClose
DecodePointer
GetModuleFileNameA
DeleteCriticalSection
DeleteFileW
SetFileAttributesW
HeapReAlloc
HeapDestroy
HeapCreate
CreateFileA
MapViewOfFile
UnmapViewOfFile
GetFileSizeEx
CreateFileMappingW
LCMapStringW
CompareStringW
GetTimeFormatW
GetCurrentThreadId
GetProcAddress
GetLastError
LoadLibraryW
QueryPerformanceFrequency
FreeLibrary
GetDateFormatW
EnumSystemLocalesW
GetUserDefaultLCID
GetFileAttributesExW
FindFirstFileExW
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
MoveFileExW
IsDebuggerPresent
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
ExitProcess
GetModuleHandleExW
AreFileApisANSI
GetCommandLineA
CreateThread
ExitThread
LoadLibraryExW
RtlUnwindEx
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetStdHandle
GetFileType
GetStartupInfoW
FlushFileBuffers
GetConsoleCP
FileTimeToLocalFileTime
GetFileInformationByHandle
PeekNamedPipe
GetFullPathNameW
CreateFileW
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetStdHandle
GetTimeZoneInformation
HeapSize
RtlPcToFileHeader
GetEnvironmentStringsW
FreeEnvironmentStringsW
OutputDebugStringW
WriteConsoleW
GetStringTypeW
SetEndOfFile
GetLocaleInfoW
IsValidLocale
SetEnvironmentVariableA

user32

CharNextW

Exports

Exports

?foo@link_static_warning_inhibit@boost@@YAXXZ

Sections

.text
Size: 547KB - Virtual size: 547KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3abe302b6d9a1256e6a915429af4ffd2

Code Sign

03:0d:13:85:df:b4:ab:83:0e:eb:84:dc:e8:4f:01:38Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

08:ab:4b:8a:d4:e1:3e:b1:e8:ef:66:df:00:dc:97:8cCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

9c:cc:8d:44:be:91:3e:a4:8f:6e:79:b8:5a:2b:a6:7f:6c:3c:b2:38:bf:2a:4d:49:02:e5:51:c9:6e:7d:c3:2dSigner

76:d1:f3:31:b3:b6:c6:cd:33:ac:7d:67:02:b2:ad:46:0f:47:f2:ccSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 106KB

.ndata Size: - Virtual size: 152KB

.rsrc Size: 35KB - Virtual size: 35KB

bf44c9fb48bb8c36b3e2527e7252350d

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 802B

.data Size: 512B - Virtual size: 142B

.reloc Size: 512B - Virtual size: 200B

274b99a815ba574d8c9e1712916d8b30

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 697B

03:0d:13:85:df:b4:ab:83:0e:eb:84:dc:e8:4f:01:38
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

08:ab:4b:8a:d4:e1:3e:b1:e8:ef:66:df:00:dc:97:8c
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

9c:cc:8d:44:be:91:3e:a4:8f:6e:79:b8:5a:2b:a6:7f:6c:3c:b2:38:bf:2a:4d:49:02:e5:51:c9:6e:7d:c3:2d
Signer

76:d1:f3:31:b3:b6:c6:cd:33:ac:7d:67:02:b2:ad:46:0f:47:f2:cc
Signer

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 106KB

.ndata
Size: - Virtual size: 152KB

.rsrc
Size: 35KB - Virtual size: 35KB

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 802B

.data
Size: 512B - Virtual size: 142B

.reloc
Size: 512B - Virtual size: 200B

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 697B

.data
Size: 512B - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 352B

.reloc
Size: 512B - Virtual size: 362B

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 867B

.data
Size: 512B - Virtual size: 104B

.reloc
Size: 1024B - Virtual size: 636B

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 724B

.data
Size: 512B - Virtual size: 36B

.CRT
Size: 512B - Virtual size: 4B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 152B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 620B

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 458B