Extracted

• meshagent32-mesh.exe

  .exe windows:6 windows x86 arch:x86

  7aa58492bf5691114c98568704d048cd

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  PDB Paths

  C:\MeshAgent\MeshAgent\Release\MeshService.pdb

  Imports

  comctl32

  InitCommonControlsEx

  crypt32

  CryptEncodeObject

  CertDuplicateCertificateContext

  CertEnumCertificatesInStore

  CertDeleteCertificateFromStore

  CryptAcquireCertificatePrivateKey

  CertAddEncodedCertificateToStore

  CryptMsgClose

  CryptMsgUpdate

  CryptExportPublicKeyInfo

  CertCreateSelfSignCertificate

  CertFreeCertificateContext

  CryptMsgOpenToEncode

  CertAddCertificateContextToStore

  CryptMsgOpenToDecode

  CryptMsgControl

  CertStrToNameW

  CertOpenStore

  CryptMsgCalculateEncodedLength

  CertFindCertificateInStore

  CertSetCertificateContextProperty

  CertGetCertificateContextProperty

  CryptMsgGetParam

  CertStrToNameA

  CertCloseStore

  CryptSignAndEncodeCertificate

  PFXExportCertStore

  ncrypt

  NCryptCreatePersistedKey

  BCryptGetProperty

  BCryptOpenAlgorithmProvider

  NCryptOpenStorageProvider

  BCryptCreateHash

  NCryptSetProperty

  BCryptHashData

  NCryptFreeObject

  NCryptFinalizeKey

  BCryptDestroyHash

  BCryptCloseAlgorithmProvider

  BCryptFinishHash

  BCryptGenRandom

  dbghelp

  SymInitialize

  SymFromAddr

  MiniDumpWriteDump

  SymGetModuleBase64

  SymGetLineFromAddr64

  SymFunctionTableAccess64

  StackWalk64

  iphlpapi

  GetAdaptersAddresses

  SendARP

  ConvertLengthToIpv4Mask

  GetAdaptersInfo

  ws2_32

  __WSAFDIsSet

  htons

  htonl

  gethostname

  ntohs

  ntohl

  WSAGetLastError

  ioctlsocket

  recv

  send

  gethostbyname

  getaddrinfo

  freeaddrinfo

  getnameinfo

  WSASetLastError

  getsockname

  WSASocketW

  listen

  closesocket

  bind

  accept

  WSACleanup

  FreeAddrInfoW

  select

  WSACloseEvent

  WSACreateEvent

  WSAStartup

  WSAEventSelect

  WSAResetEvent

  GetAddrInfoW

  WSAIoctl

  shutdown

  connect

  recvfrom

  getsockopt

  sendto

  socket

  setsockopt

  gdiplus

  GdipCloneImage

  GdipAlloc

  GdiplusStartup

  GdiplusShutdown

  GdipDisposeImage

  GdipLoadImageFromStreamICM

  GdipFree

  GdipGetImageEncodersSize

  GdipSaveImageToStream

  GdipLoadImageFromStream

  GdipGetImageEncoders

  kernel32

  InterlockedPushEntrySList

  InterlockedFlushSList

  RtlUnwind

  EnterCriticalSection

  GetFullPathNameW

  GetStdHandle

  WriteFile

  LoadLibraryExA

  GetModuleFileNameW

  GetSystemPowerStatus

  OpenProcess

  MultiByteToWideChar

  Sleep

  GetLastError

  CloseHandle

  GetCurrentDirectoryW

  SetCurrentDirectoryW

  GetProcAddress

  SetEnvironmentVariableA

  CreateProcessW

  FreeLibrary

  WideCharToMultiByte

  GetCurrentThreadId

  GetModuleHandleA

  WaitForSingleObjectEx

  CreateThread

  QueueUserAPC

  OpenThread

  ReadFile

  LoadLibraryA

  SleepEx

  SetSystemPowerState

  GetCurrentProcess

  SetThreadExecutionState

  HeapFree

  HeapAlloc

  GetProcessHeap

  SystemTimeToFileTime

  GetSystemTime

  FileTimeToSystemTime

  LeaveCriticalSection

  SystemTimeToTzSpecificLocalTime

  QueryPerformanceCounter

  ReleaseSemaphore

  WaitForSingleObject

  CreateSemaphoreA

  CancelIo

  FindFirstFileW

  FindNextFileW

  RemoveDirectoryW

  GetFinalPathNameByHandleW

  GetDriveTypeA

  SetFilePointer

  FindFirstVolumeA

  FindClose

  CreateFileW

  GetVolumePathNamesForVolumeNameA

  GetFileAttributesExW

  ReadDirectoryChangesW

  FindNextVolumeA

  FindVolumeClose

  GetDiskFreeSpaceExA

  CreateEventA

  GetModuleHandleExA

  WaitForMultipleObjectsEx

  CreateNamedPipeA

  DisconnectNamedPipe

  CreateFileA

  CancelIoEx

  LocalFree

  ConnectNamedPipe

  SetConsoleMode

  GetConsoleMode

  GetStartupInfoW

  IsDebuggerPresent

  TerminateProcess

  GetTempPathW

  CancelSynchronousIo

  SetEvent

  ResetEvent

  GetThreadId

  GetCurrentProcessId

  GetEnvironmentStrings

  FreeEnvironmentStringsA

  CopyFileW

  MoveFileW

  RtlCaptureContext

  SuspendThread

  ResumeThread

  DuplicateHandle

  ExitThread

  GetTickCount64

  GetCurrentThread

  DeleteFileA

  GetOverlappedResult

  GetThreadContext

  WTSGetActiveConsoleSessionId

  GetExitCodeProcess

  SetEndOfFile

  DeleteFileW

  SetFilePointerEx

  SetConsoleCtrlHandler

  FreeConsole

  LoadLibraryExW

  SetLastError

  GetFileType

  GetModuleHandleW

  FormatMessageW

  SwitchToFiber

  DeleteFiber

  CreateFiber

  GetSystemTimeAsFileTime

  ConvertFiberToThread

  ConvertThreadToFiber

  GetEnvironmentVariableW

  ReadConsoleA

  ReadConsoleW

  DeleteCriticalSection

  InitializeCriticalSectionAndSpinCount

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  ExitProcess

  GetModuleHandleExW

  CreateProcessA

  HeapValidate

  GetSystemInfo

  CreateDirectoryW

  GetConsoleCP

  MoveFileExW

  SetEnvironmentVariableW

  SetCurrentDirectoryA

  GetCurrentDirectoryA

  GetTimeZoneInformation

  SetStdHandle

  GetDriveTypeW

  PeekNamedPipe

  GetModuleFileNameA

  GetCommandLineA

  GetCommandLineW

  GetACP

  RaiseException

  GetDateFormatW

  GetTimeFormatW

  CompareStringW

  LCMapStringW

  InitializeSListHead

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  SetConsoleOutputCP

  IsProcessorFeaturePresent

  GetLocaleInfoW

  IsValidLocale

  GetUserDefaultLCID

  EnumSystemLocalesW

  FlushFileBuffers

  HeapReAlloc

  HeapSize

  HeapQueryInformation

  GetStringTypeW

  WriteConsoleW

  GetCPInfo

  GetFullPathNameA

  OutputDebugStringA

  OutputDebugStringW

  FindFirstFileExA

  FindFirstFileExW

  FindNextFileA

  IsValidCodePage

  GetOEMCP

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  EncodePointer

  QueryPerformanceFrequency

  DecodePointer

  user32

  EndDialog

  SetWindowTextW

  GetWindowPlacement

  ShowWindow

  GetDlgCtrlID

  SetWindowPlacement

  SetWindowTextA

  IsDlgButtonChecked

  GetDlgItem

  CheckDlgButton

  DialogBoxParamW

  EnableWindow

  MessageBeep

  ExitWindowsEx

  GetUserObjectInformationA

  EnumDisplayMonitors

  GetSystemMetrics

  SetThreadDesktop

  GetThreadDesktop

  CloseDesktop

  BlockInput

  GetMonitorInfoA

  OpenInputDesktop

  GetKeyState

  GetMessageA

  GetWindowRect

  SendMessageW

  LoadCursorA

  DestroyWindow

  GetDC

  PostMessageA

  GetIconInfo

  CallNextHookEx

  GetCursorInfo

  SetWindowsHookExA

  MapVirtualKeyA

  GetForegroundWindow

  UnhookWindowsHookEx

  DefWindowProcA

  CreateWindowExA

  TranslateMessage

  UnregisterClassA

  DrawIconEx

  SetWinEventHook

  RegisterClassExA

  UnhookWinEvent

  SetForegroundWindow

  ReleaseDC

  SendInput

  SetProcessDPIAware

  GetProcessWindowStation

  GetUserObjectInformationW

  DispatchMessageA

  CreateWindowExW

  MessageBoxW

  GetMessageExtraInfo

  gdi32

  DeleteObject

  GetDIBits

  CreateCompatibleDC

  SelectObject

  CreateCompatibleBitmap

  SetStretchBltMode

  DeleteDC

  StretchBlt

  BitBlt

  GetObjectA

  CreateSolidBrush

  SetBkColor

  SetBkMode

  SetTextColor

  GetStockObject

  advapi32

  RegOpenKeyExA

  RegCloseKey

  CryptEnumProvidersW

  CryptSignHashW

  CryptDestroyHash

  CryptCreateHash

  CryptDecrypt

  CryptExportKey

  CryptGetUserKey

  CryptGetProvParam

  CryptSetHashParam

  CryptAcquireContextW

  ReportEventW

  RegisterEventSourceW

  DeregisterEventSource

  StartServiceCtrlDispatcherA

  QueryServiceStatus

  CloseServiceHandle

  AllocateAndInitializeSid

  SetServiceStatus

  OpenSCManagerA

  RegisterServiceCtrlHandlerExA

  FreeSid

  CheckTokenMembership

  OpenServiceA

  SetTokenInformation

  CreateProcessAsUserW

  DuplicateTokenEx

  SetSecurityDescriptorDacl

  SetEntriesInAclA

  InitializeSecurityDescriptor

  CryptDestroyKey

  RegQueryValueExA

  RegSetValueExW

  RegOpenKeyExW

  RegQueryValueExW

  CryptReleaseContext

  AdjustTokenPrivileges

  LookupPrivilegeValueA

  InitiateSystemShutdownA

  RegCreateKeyW

  RegSetValueExA

  RegDeleteKeyA

  OpenProcessToken

  shell32

  ShellExecuteExW

  ole32

  CoCreateInstance

  CreateStreamOnHGlobal

  CoInitializeEx

  CoUninitialize

  oleaut32

  SysAllocString

  SysFreeString

  SysStringLen

  Sections

  .text

  Size: 2.3MB - Virtual size: 2.3MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 502KB - Virtual size: 502KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 579KB - Virtual size: 742KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .gfids

  Size: 512B - Virtual size: 372B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 136KB - Virtual size: 135KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 95KB - Virtual size: 94KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ