Bundle-20948-Solar-PuTTY-FT-and-SAM[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Bundle-20948-Solar-PuTTY-FT-and-SAM.zip
Size

156.4MB
MD5

06d4bd535d517308a3e27d5d0d012273
SHA1

2a5d622f141a72853643860a96ca680cfff43002
SHA256

4d2776d27b44c6fba561f030e87d05b7d4075b2e26bbb52dfd4a3876d1fa91e1
SHA512

4c7f812dabd559a9415a28667827375ce2a3d2502a81784e25b53e1056368e6ae6a86cc18ca66089e95c43d2633f52e12b1b0b0d40ae08195f067f5771af9f24
SSDEEP

3145728:8Rnh0LgWB+rzEvBHCVU76gCehlpKefMyUumocTPY5d:8Ran+rzyHCVs6gCeheFyUumocbY5d

Score

3^/10

Malware Config

Signatures

Unsigned PE 15 IoCs

Checks for missing Authenticode signature.

resource
unpack002/Solar-PuTTY.exe
unpack003/$PLUGINSDIR/System.dll
unpack003/$_2_/ChromeTabs.dll
unpack003/$_2_/CommandLine.dll
unpack003/$_2_/CommonServiceLocator.dll
unpack003/$_2_/GalaSoft.MvvmLight.Extras.dll
unpack003/$_2_/GalaSoft.MvvmLight.Platform.dll
unpack003/$_2_/GalaSoft.MvvmLight.dll
unpack003/$_2_/HtmlAgilityPack.dll
unpack003/$_2_/Newtonsoft.Json.dll
unpack003/$_2_/Solar-PuTTY.exe
unpack003/$_2_/log4net.dll
unpack003/$_2_/pageant.exe
unpack003/$_2_/putty.exe
unpack003/$_2_/puttygen.exe

NSIS installer 4 IoCs

installer

resource	yara_rule
static1/unpack002/Solar-PuTTY.exe	nsis_installer_1
static1/unpack002/Solar-PuTTY.exe	nsis_installer_2
static1/unpack001/Solarwinds-SAM-Installer.Eval.exe	nsis_installer_1
static1/unpack001/Solarwinds-SAM-Installer.Eval.exe	nsis_installer_2

Files

Bundle-20948-Solar-PuTTY-FT-and-SAM.zip
.zip

Password: test
SolarWinds-FT-Solar-PuTTY.zip
.zip

Password: test
Solar-PuTTY.exe
.exe windows:4 windows x86 arch:x86

Password: test

3abe302b6d9a1256e6a915429af4ffd2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetEnvironmentVariableA
Sleep
GetTickCount
GetCommandLineA
lstrlenA
GetVersion
SetErrorMode
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GetWindowsDirectoryA
SetCurrentDirectoryA
GetLastError
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
ReadFile
WriteFile
lstrcpyA
MoveFileExA
lstrcatA
GetSystemDirectoryA
GetProcAddress
GetExitCodeProcess
WaitForSingleObject
CompareFileTime
SetFileAttributesA
GetFileAttributesA
GetShortPathNameA
MoveFileA
GetFullPathNameA
SetFileTime
SearchPathA
CloseHandle
lstrcmpiA
CreateThread
GlobalLock
lstrcmpA
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
GetPrivateProfileStringA
FindClose
MultiByteToWideChar
FreeLibrary
MulDiv
WritePrivateProfileStringA
LoadLibraryExA
GetModuleHandleA
GlobalAlloc
GlobalFree
ExpandEnvironmentStringsA

user32

ScreenToClient
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
PostQuitMessage
GetWindowRect
EnableMenuItem
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndDialog
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
GetDC
CreateDialogParamA
SetTimer
GetDlgItem
SetWindowLongA
SetForegroundWindow
LoadImageA
IsWindow
SendMessageTimeoutA
FindWindowExA
OpenClipboard
TrackPopupMenu
AppendMenuA
EndPaint
DestroyWindow
wsprintfA
ShowWindow
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
ShellExecuteExA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
SHFileOperationA

advapi32

AdjustTokenPrivileges
RegCreateKeyExA
RegOpenKeyExA
SetFileSecurityA
OpenProcessToken
LookupPrivilegeValueA
RegEnumValueA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 288KB - Virtual size: 287KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

Password: test

8c8a576201f68de1a3f26fc723b9f30f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GlobalFree
GlobalSize
lstrcpynA
lstrcpyA
GetProcAddress
VirtualFree
FreeLibrary
lstrlenA
LoadLibraryA
GetModuleHandleA
GlobalAlloc
WideCharToMultiByte
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/ChromeTabs.dll
.dll windows:4 windows x86 arch:x86

Password: test

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\code\putty79\tools-solar-putty\ChromeTabs\obj\Release\ChromeTabs.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/CommandLine.dll
.dll windows:4 windows x86 arch:x86

Password: test

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\projects\commandline\src\CommandLine\obj\Release\CommandLine.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 179KB - Virtual size: 178KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/CommonServiceLocator.dll
.dll windows:4 windows x86 arch:x86

Password: test

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\projects\commonservicelocator\src\obj\Release\net45\CommonServiceLocator.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/GalaSoft.MvvmLight.Extras.dll
.dll windows:4 windows x86 arch:x86

Password: test

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\lbugn\Documents\MVVMLight\GalaSoft.MvvmLight\GalaSoft.MvvmLight.Extras (PCL)\obj\Release\GalaSoft.MvvmLight.Extras.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/GalaSoft.MvvmLight.Platform.dll
.dll windows:4 windows x86 arch:x86

Password: test

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\lbugn\Documents\MVVMLight\GalaSoft.MvvmLight\GalaSoft.MvvmLight.Platform (NET45)\obj\Release\GalaSoft.MvvmLight.Platform.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/GalaSoft.MvvmLight.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\lbugn\Documents\MVVMLight\GalaSoft.MvvmLight\GalaSoft.MvvmLight (PCL)\obj\Release\GalaSoft.MvvmLight.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/HtmlAgilityPack.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Jonathan\Desktop\Z\zzzproject\HtmlAgilityPack\HtmlAgilityPack\obj\Release\HtmlAgilityPack.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/Newtonsoft.Json.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Development\Releases\Json\Working\Newtonsoft.Json\Working-Signed\Src\Newtonsoft.Json\obj\Release\Net45\Newtonsoft.Json.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 511KB - Virtual size: 511KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/Solar-PuTTY.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\code\putty79\tools-solar-putty\SSH-2.0\obj\Release\Solar-PuTTY.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 287KB - Virtual size: 286KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/Solar-PuTTY.exe.config
$_2_/System.Reflection.TypeExtensions.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:00:70:f4:18:bf:23:21:fc:50:9d:00:00:00:00:00:70
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/03/2015, 17:32

Not After

20/06/2016, 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:38:8d:23:6d:16:27:a3:26:e0:00:00:00:00:00:38
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/10/2014, 18:11

Not After

01/01/2016, 18:11

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

48:b3:c8:5e:40:0f:08:09:8f:9a:8c:f1:75:36:8d:15:07:0c:3c:ab:5e:b3:e4:c4:43:7a:b3:b5:6b:99:b7:15
Signer

Actual PE Digest

48:b3:c8:5e:40:0f:08:09:8f:9a:8c:f1:75:36:8d:15:07:0c:3c:ab:5e:b3:e4:c4:43:7a:b3:b5:6b:99:b7:15

Digest Algorithm

sha256

PE Digest Matches

true

f5:48:b4:57:d0:71:c7:7b:15:4a:7b:0a:9a:58:14:09:f2:73:57:1a
Signer

Actual PE Digest

f5:48:b4:57:d0:71:c7:7b:15:4a:7b:0a:9a:58:14:09:f2:73:57:1a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

f:\binaries\Intermediate\\FxCore\x86ret\System.Reflection.TypeExtensions.Desktop\System.Reflection.TypeExtensions.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/System.Windows.Interactivity.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:00:9d:1e:8d:27:ae:b8:f3:d8:38:00:01:00:00:00:9d
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/09/2012, 21:42

Not After

04/03/2013, 21:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:02:8e:42:00:00:00:00:00:1f
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

09/01/2012, 22:25

Not After

09/04/2013, 22:25

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:08:e2:79:fa:0d:25:58:45:ea:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/07/2012, 00:14

Not After

07/10/2013, 00:14

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3e:ee:d8:f6:58:e3:82:0a:29:a6:0d:4d:da:4f:ed:6b:c4:34:50:1b:a8:8c:42:82:1a:79:91:a0:3a:90:87:f2
Signer

Actual PE Digest

3e:ee:d8:f6:58:e3:82:0a:29:a6:0d:4d:da:4f:ed:6b:c4:34:50:1b:a8:8c:42:82:1a:79:91:a0:3a:90:87:f2

Digest Algorithm

sha256

PE Digest Matches

true

12:e5:b0:a2:ba:03:46:7f:56:92:05:89:ed:0e:65:b2:33:e9:07:1f
Signer

Actual PE Digest

12:e5:b0:a2:ba:03:46:7f:56:92:05:89:ed:0e:65:b2:33:e9:07:1f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\ExprUpdate2\Blend\SDK\BlendWPFSDK\Build\Intermediate\Release\Libraries\System.Windows.Interactivity\System.Windows.Interactivity.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/log4net.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\log4net\tags\2.0.8RC1\bin\net\4.5\release\log4net.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 267KB - Virtual size: 267KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/pageant.exe
.exe windows:6 windows x64 arch:x64

355b1b2a5e5822f3766a6d433f19c4db

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

CopySid
EqualSid
GetLengthSid
RegCloseKey
RegEnumKeyA
RegOpenKeyA
AllocateAndInitializeSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
GetUserNameA

comdlg32

GetSaveFileNameA
GetOpenFileNameA

gdi32

DeleteDC
GetTextExtentPoint32A
SelectObject
SetBkColor
SetTextColor
ExtTextOutA

shell32

ShellExecuteA
Shell_NotifyIconA

user32

IsDialogMessageA
DestroyIcon
LoadIconA
GetDesktopWindow
SetWindowLongPtrA
GetWindowLongPtrA
DrawFocusRect
GetSysColor
GetCursorPos
MessageBeep
MessageBoxA
GetWindowRect
GetDC
SetForegroundWindow
SetActiveWindow
TabbedTextOutA
SetMenuDefaultItem
GetMenuDefaultItem
GetMenuItemInfoA
InsertMenuItemA
MapDialogRect
RemoveMenu
AppendMenuA
GetMenuItemCount
DestroyMenu
CreatePopupMenu
CreateMenu
EnableWindow
MsgWaitForMultipleObjects
SendDlgItemMessageA
SetDlgItemTextA
GetDlgItem
EndDialog
DialogBoxParamA
CreateDialogParamA
SetWindowPos
MoveWindow
ShowWindow
DestroyWindow
IsWindow
CreateWindowExA
RegisterClassA
FindWindowA
MessageBoxIndirectA
GetDlgItemTextA
TrackPopupMenu
RegisterWindowMessageA
GetMessageA
TranslateMessage
DispatchMessageA
PeekMessageW
SendMessageA
PostMessageA
DefWindowProcA
PostQuitMessage

kernel32

GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetSystemDirectoryA
LoadLibraryA
CreateMutexA
ReleaseMutex
GetCurrentProcess
FormatMessageA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetTickCount
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetOverlappedResult
WaitNamedPipeA
CreateNamedPipeA
ConnectNamedPipe
SetHandleInformation
CreateFileMappingA
LocalAlloc
GetCurrentThreadId
ReadFile
FindFirstFileA
FindClose
FindResourceA
SizeofResource
LockResource
LoadResource
GetProcAddress
FreeLibrary
GetTempPathA
WriteFile
DeleteFileA
CreateFileA
OpenFileMappingA
LocalFree
GetModuleFileNameA
UnmapViewOfFile
MapViewOfFile
VirtualQuery
OpenProcess
CreateThread
GetCurrentProcessId
CreateEventA
WaitForSingleObject
SetEvent
GetLastError
CloseHandle
GetModuleHandleW

vcruntime140

strchr
strrchr
memcpy
__current_exception_context
__current_exception
strstr
__C_specific_handler
memchr
memcmp
memset
memmove

api-ms-win-crt-stdio-l1-1-0

fopen
fputc
fputs
_set_fmode
__p__commode
ferror
fgetc
fread
__stdio_common_vsprintf
fclose

api-ms-win-crt-filesystem-l1-1-0

remove

api-ms-win-crt-runtime-l1-1-0

terminate
abort
strerror
_seh_filter_exe
_set_app_type
_errno
_configure_narrow_argv
_initialize_narrow_environment
_get_narrow_winmain_command_line
_initterm
_wassert
_exit
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
exit
_initterm_e
_crt_atexit
_initialize_onexit_table
_register_onexit_function

api-ms-win-crt-string-l1-1-0

strncpy
strcspn
isxdigit
strspn
isspace
strcmp
strncmp

api-ms-win-crt-convert-l1-1-0

strtoul
atoi

api-ms-win-crt-time-l1-1-0

_gmtime64
strftime

api-ms-win-crt-heap-l1-1-0

malloc
realloc
_set_new_mode
free

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 231KB - Virtual size: 230KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/putty.exe
.exe windows:6 windows x64 arch:x64

c16791cac6ee87e1f37b3240ddd292f5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegCloseKey
RegOpenKeyA
RegQueryValueExA
EqualSid
AllocateAndInitializeSid
CopySid
GetLengthSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
RegCreateKeyExA
RegDeleteKeyA
RegEnumKeyA
RegOpenKeyExA
RegSetValueExA
GetUserNameA

comdlg32

ChooseFontA
GetOpenFileNameA
GetSaveFileNameA
ChooseColorA

gdi32

CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontA
CreatePalette
CreatePen
CreateSolidBrush
DeleteDC
DeleteObject
ExcludeClipRect
GetBkMode
GetCharWidthA
GetCharWidthW
GetCharWidth32A
GetCharWidth32W
GetCharABCWidthsFloatA
GetDeviceCaps
GetOutlineTextMetricsA
GetPixel
GetStockObject
TranslateCharsetInfo
GetCharacterPlacementW
IntersectClipRect
LineTo
Rectangle
RealizePalette
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetPaletteEntries
SetPixel
SetTextColor
SetTextAlign
UpdateColors
GetTextMetricsA
GetObjectA
MoveToEx
ExtTextOutA
ExtTextOutW
Polyline
UnrealizeObject
CreateFontIndirectA
GetTextExtentPoint32A
GetTextExtentExPointA
SetMapMode
TextOutA
BitBlt
GetCurrentObject
GetDIBits

imm32

ImmReleaseContext
ImmGetCompositionStringW
ImmSetCompositionFontA
ImmSetCompositionWindow
ImmGetContext

ole32

CoInitialize
CoUninitialize
CoCreateInstance

shell32

ShellExecuteA

user32

SetWindowPlacement
CreateDialogParamA
DialogBoxParamA
EndDialog
GetDlgItem
SetDlgItemTextA
SendDlgItemMessageA
SetFocus
EnableWindow
GetSystemMetrics
SetActiveWindow
GetSysColorBrush
GetParent
MapDialogRect
GetCaretBlinkTime
DrawEdge
GetDlgItemTextA
CheckDlgButton
CheckRadioButton
IsDlgButtonChecked
DefWindowProcA
GetWindowTextA
GetWindowTextLengthA
SystemParametersInfoA
SetScrollInfo
GetQueueStatus
FindWindowA
MessageBoxIndirectA
GetMessageA
DispatchMessageA
DefDlgProcA
MoveWindow
GetWindowPlacement
IsDialogMessageA
DrawIconEx
LoadImageA
DestroyIcon
LoadIconA
LoadCursorA
GetDesktopWindow
SetClassLongPtrA
SetWindowLongPtrA
GetWindowLongPtrA
OffsetRect
GetSysColor
ScreenToClient
SetCaretPos
ShowCaret
HideCaret
DestroyCaret
CreateCaret
GetCursorPos
SetCursor
ShowCursor
CreateWindowExA
MessageBoxA
GetWindowRect
GetClientRect
SetWindowTextW
SetWindowTextA
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
SetForegroundWindow
GetForegroundWindow
UpdateWindow
TrackPopupMenu
DeleteMenu
AppendMenuA
InsertMenuA
EnableMenuItem
CheckMenuItem
CreatePopupMenu
CreateMenu
GetSystemMenu
KillTimer
SetTimer
MsgWaitForMultipleObjects
ReleaseCapture
SetCapture
GetCapture
ToAsciiEx
SetKeyboardState
GetKeyboardState
EmptyClipboard
RegisterClipboardFormatA
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
IsZoomed
IsIconic
SetWindowPos
FlashWindow
ShowWindow
DestroyWindow
IsWindow
CreateWindowExW
RegisterClassW
RegisterClassA
GetDoubleClickTime
PostQuitMessage
DefWindowProcW
PostMessageA
SendMessageA
GetMessageTime
PeekMessageW
PeekMessageA
MessageBeep
GetScrollInfo
GetKeyboardLayout
RegisterWindowMessageA
TranslateMessage
DispatchMessageW
GetClipboardOwner

kernel32

GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetSystemDirectoryA
CreateMutexA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetLocalTime
GetACP
OpenProcess
FormatMessageA
LoadLibraryA
WaitForSingleObject
SetEvent
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetOverlappedResult
CreateEventA
WaitNamedPipeA
CreatePipe
SetHandleInformation
GetEnvironmentVariableA
CreateNamedPipeA
ConnectNamedPipe
SetCommTimeouts
SetCommState
SetCommBreak
GetCommState
ClearCommBreak
LocalFree
LocalAlloc
GetCurrentThreadId
ReadFile
ReleaseMutex
LoadLibraryExA
LocalFileTimeToFileTime
GlobalMemoryStatus
GetWindowsDirectoryA
GetSystemTimeAsFileTime
GetThreadTimes
GetCurrentThread
GetCurrentProcess
GetProcessTimes
QueryPerformanceCounter
FindNextFileA
FindFirstFileA
FindClose
FindResourceA
SizeofResource
LockResource
LoadResource
FreeLibrary
GetCurrentProcessId
GetTempPathA
WriteFile
DeleteFileA
CreateFileA
IsDBCSLeadByteEx
GetLocaleInfoA
GetCPInfo
GetOEMCP
WideCharToMultiByte
MultiByteToWideChar
CreateFileMappingA
MulDiv
GlobalFree
GlobalLock
GlobalUnlock
GlobalAlloc
GetProcAddress
GetModuleFileNameA
UnmapViewOfFile
MapViewOfFile
GetTickCount
CreateProcessA
CreateThread
GetLastError
CloseHandle
Beep
GetModuleHandleW

vcruntime140

__C_specific_handler
__current_exception
__current_exception_context
strstr
memchr
memcpy
memset
strrchr
memcmp
memmove
strchr

api-ms-win-crt-stdio-l1-1-0

fgets
fflush
fclose
fwrite
ferror
__stdio_common_vsprintf
__stdio_common_vsscanf
fopen
_set_fmode
fgetc
__p__commode
fread

api-ms-win-crt-heap-l1-1-0

free
malloc
realloc
_set_new_mode

api-ms-win-crt-runtime-l1-1-0

strerror
_register_thread_local_exe_atexit_callback
_crt_atexit
_c_exit
_cexit
_errno
_initterm_e
_initterm
_get_narrow_winmain_command_line
_initialize_narrow_environment
_configure_narrow_argv
_register_onexit_function
terminate
_exit
_set_app_type
abort
exit
_wassert
_seh_filter_exe
_initialize_onexit_table

api-ms-win-crt-convert-l1-1-0

strtol
strtoul
strtoumax
wcrtomb
mbrtowc
atoi
atof

api-ms-win-crt-string-l1-1-0

_stricmp
strspn
_strnicmp
toupper
strcspn
isalnum
isxdigit
strncpy
iswctype
tolower
strncmp
strcmp
isdigit
wcsncmp
isspace

api-ms-win-crt-time-l1-1-0

_gmtime64
_difftime64
_time64
strftime

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
setlocale

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-math-l1-1-0

__setusermatherr

Sections

.text
Size: 704KB - Virtual size: 704KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 239KB - Virtual size: 238KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/puttygen.exe
.exe windows:6 windows x64 arch:x64

d256cae1b0faaf20ca769b9b85c49ca6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

AllocateAndInitializeSid
CopySid
GetLengthSid
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA

comdlg32

GetOpenFileNameA
GetSaveFileNameA

gdi32

DeleteObject
SelectObject
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
GetCurrentObject
GetDIBits
GetObjectA

shell32

ShellExecuteA

user32

GetClientRect
GetMessageA
DispatchMessageA
PostQuitMessage
RegisterClassA
DestroyWindow
CreateDialogParamA
DefDlgProcA
LoadCursorA
IsDialogMessageA
MessageBoxIndirectA
GetCursorPos
GetForegroundWindow
GetCapture
GetQueueStatus
GetClipboardOwner
MapDialogRect
LoadIconA
ReleaseDC
GetDesktopWindow
SetWindowLongPtrA
GetWindowLongPtrA
MessageBeep
MessageBoxA
GetWindowRect
GetWindowTextLengthA
GetWindowTextA
SetForegroundWindow
SetActiveWindow
AppendMenuA
EnableMenuItem
CheckMenuItem
CreateMenu
SetMenu
EnableWindow
KillTimer
SetTimer
SendDlgItemMessageA
IsDlgButtonChecked
CheckRadioButton
GetDlgItemTextA
SetDlgItemTextA
GetDlgItemInt
SetDlgItemInt
GetDlgItem
GetDC
CheckMenuRadioItem
GetMessageTime
SendMessageA
PostMessageA
CreateWindowExA
ShowWindow
MoveWindow
SetWindowPos
DialogBoxParamA
EndDialog

kernel32

GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetCurrentThreadId
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetSystemDirectoryA
FormatMessageA
LoadLibraryA
GetLocalTime
LocalFree
LocalAlloc
OpenProcess
GetCurrentDirectoryA
SetCurrentDirectoryA
FindResourceA
SizeofResource
LockResource
LoadResource
FreeLibrary
GetTempPathA
GetLastError
WriteFile
ReadFile
DeleteFileA
CreateFileA
GetEnvironmentVariableA
GlobalMemoryStatus
GetProcAddress
GetWindowsDirectoryA
GetTickCount
GetSystemTimeAsFileTime
GetThreadTimes
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetProcessTimes
QueryPerformanceCounter
FindNextFileA
FindFirstFileA
FindClose
CreateThread
CloseHandle
GetModuleHandleW

vcruntime140

__current_exception_context
strchr
strstr
__current_exception
__C_specific_handler
memmove
memset
memcpy
memchr
memcmp

api-ms-win-crt-time-l1-1-0

strftime
_gmtime64

api-ms-win-crt-stdio-l1-1-0

fclose
fopen
__stdio_common_vsscanf
__stdio_common_vsprintf
__p__commode
fgetc
fputc
fputs
fread
ferror
fwrite
__stdio_common_vfprintf
_set_fmode

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_crt_atexit
_errno
strerror
_wassert
_seh_filter_exe
_set_app_type
_initialize_onexit_table
_configure_narrow_argv
_initialize_narrow_environment
_get_narrow_winmain_command_line
_initterm
_initterm_e
_exit
abort
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
terminate
exit

api-ms-win-crt-convert-l1-1-0

atoi
strtoul

api-ms-win-crt-string-l1-1-0

strncpy
strncmp
strcmp
isxdigit
isspace
strcspn

api-ms-win-crt-math-l1-1-0

pow
__setusermatherr

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-heap-l1-1-0

_set_new_mode
malloc
free
realloc

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 256KB - Virtual size: 256KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/solar-putty.json
Solarwinds-SAM-Installer.Eval.exe
.exe windows:5 windows x86 arch:x86

89d8fc2d0105e27d5daeba58d7129fb3

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:de:a8:38:8f:fe:fa:e2:5e:cf:70:2a:7b:9a:c7:c7
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

15/08/2023, 00:00

Not After

14/08/2024, 23:59

Subject

SERIALNUMBER=4069736,CN=Solarwinds Worldwide\, LLC,O=Solarwinds Worldwide\, LLC,L=Austin,ST=Texas,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ac:2d:53:82:f4:47:81:cc:a8:fa:8d:ac:77:ce:3f:91:72:9d:1a:38:7d:ff:7c:7a:55:79:ca:de:6d:20:04:c6
Signer

Actual PE Digest

ac:2d:53:82:f4:47:81:cc:a8:fa:8d:ac:77:ce:3f:91:72:9d:1a:38:7d:ff:7c:7a:55:79:ca:de:6d:20:04:c6

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\BuildAgent\work\1f9f86a87f80e5b8\src\nsis-3.04\build\urelease\stub_zlib-x86-ansi\stub_zlib.pdb

Imports

kernel32

MultiByteToWideChar
GetFileSize
GetTickCount
GetModuleFileNameA
GetCommandLineA
SetEnvironmentVariableA
GetTempPathA
SetErrorMode
GetCurrentProcess
ExitProcess
GetVersion
GetWindowsDirectoryA
lstrlenA
CopyFileA
GetDiskFreeSpaceA
CreateThread
GlobalUnlock
GlobalLock
lstrcpynA
CreateDirectoryA
WritePrivateProfileStringA
ReadFile
RemoveDirectoryA
WriteFile
GetTempFileNameA
WaitForSingleObject
GetExitCodeProcess
CreateProcessA
GetLocalTime
GetSystemDirectoryA
GetProcAddress
lstrcpyA
lstrcatA
MoveFileExA
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetPrivateProfileStringA
lstrcmpiA
lstrcmpA
MulDiv
GetShortPathNameA
GlobalFree
GlobalAlloc
LoadLibraryExA
GetModuleHandleA
FreeLibrary
Sleep
GetLastError
CloseHandle
SetFileTime
SetFilePointer
SetFileAttributesA
GetFullPathNameA
GetFileAttributesA
FindNextFileA
MoveFileA
IsProcessorFeaturePresent
FindFirstFileA
FindClose
DeleteFileA
CompareFileTime
SearchPathA
SetCurrentDirectoryA
CreateFileA
ExpandEnvironmentStringsA

user32

IsWindowEnabled
GetSystemMetrics
GetSystemMenu
CreatePopupMenu
EnableMenuItem
AppendMenuA
TrackPopupMenu
GetWindowRect
SetCursor
ScreenToClient
GetSysColor
GetWindowLongA
SetClassLongA
LoadBitmapA
LoadCursorA
GetAsyncKeyState
wvsprintfA
DispatchMessageA
PeekMessageA
SetDlgItemTextA
GetDlgItemTextA
CharPrevA
MessageBoxIndirectA
EmptyClipboard
DialogBoxParamA
IsWindowVisible
SetWindowPos
CreateWindowExA
GetClassInfoA
RegisterClassA
CallWindowProcA
GetMessagePos
ExitWindowsEx
SetClipboardData
CloseClipboard
OpenClipboard
IsDlgButtonChecked
CheckDlgButton
SystemParametersInfoA
EndDialog
SetWindowTextA
SetTimer
CreateDialogParamA
DestroyWindow
LoadImageA
FindWindowExA
SetWindowLongA
InvalidateRect
ReleaseDC
GetDC
SetForegroundWindow
EnableWindow
GetDlgItem
ShowWindow
IsWindow
PostQuitMessage
SendMessageTimeoutA
SendMessageA
wsprintfA
DefWindowProcA
DrawTextA
BeginPaint
EndPaint
GetClientRect
FillRect
CharNextA

gdi32

GetDeviceCaps
SetTextColor
SetBkMode
SelectObject
DeleteObject
CreateBrushIndirect
SetBkColor
CreateFontIndirectA

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
SHGetFileInfoA
SHFileOperationA
ShellExecuteExA
SHGetSpecialFolderLocation

advapi32

RegSetValueExA
SetFileSecurityA
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyA
RegEnumValueA
RegCreateKeyExA

comctl32

ImageList_Create
ImageList_Destroy
ImageList_AddMasked
ord17

ole32

OleInitialize
CoCreateInstance
OleUninitialize
CoTaskMemFree

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 288KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: test

Password: test

Password: test

3abe302b6d9a1256e6a915429af4ffd2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 149KB

.ndata Size: - Virtual size: 40KB

.rsrc Size: 288KB - Virtual size: 287KB

Password: test

8c8a576201f68de1a3f26fc723b9f30f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 867B

.data Size: 512B - Virtual size: 104B

.reloc Size: 1024B - Virtual size: 636B

Password: test

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 45KB - Virtual size: 44KB

.rsrc Size: 1024B - Virtual size: 912B

.reloc Size: 512B - Virtual size: 12B

Password: test

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 179KB - Virtual size: 178KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

Password: test

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 7KB - Virtual size: 6KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

Password: test

dae02f32a21e03ce65412f6e56942daa

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 149KB

.ndata
Size: - Virtual size: 40KB

.rsrc
Size: 288KB - Virtual size: 287KB

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 867B

.data
Size: 512B - Virtual size: 104B

.reloc
Size: 1024B - Virtual size: 636B

.text
Size: 45KB - Virtual size: 44KB

.rsrc
Size: 1024B - Virtual size: 912B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 179KB - Virtual size: 178KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 18KB - Virtual size: 18KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 10KB - Virtual size: 10KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 27KB - Virtual size: 26KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 121KB - Virtual size: 121KB

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 511KB - Virtual size: 511KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 1.1MB - Virtual size: 1.1MB

.rsrc
Size: 287KB - Virtual size: 286KB

.reloc
Size: 512B - Virtual size: 12B

33:00:00:00:70:f4:18:bf:23:21:fc:50:9d:00:00:00:00:00:70
Certificate