GoodCheck_v1[.]3[.]02_by_Ori[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

GoodCheck_v1.3.02_by_Ori.zip
Size

13.3MB
MD5

fa8bc0dae14a67c2e599ecccd3c670d5
SHA1

5e16bff7b061c10b5944afe2cd64306696f2935b
SHA256

3fe09876af783a66168e0e1619396f7aa665abb698b0b20649ade648ebefed83
SHA512

dc397ec3e21b5c62ce8b88fdcd84b96513182d0b529658f04710d3767558cf583406776ab93415d078b24ab16348b13882deb7815336cc33be95d0cfe45178e4
SSDEEP

98304:LN1Xm03nnqOb99wfpWWAmM6iyXRaInEQtY/CmG/NCV0oiPOizc1kRzjkGhyjZOJ3:Lm03FHAAmVhXO40etPS3Dg

Score

1^/10

Malware Config

Signatures

Files

GoodCheck_v1.3.02_by_Ori.zip
.zip .vbs polyglot
GoodCheck_v1.3.02_by_Ori/CheckLists/default - all.txt
GoodCheck_v1.3.02_by_Ori/CheckLists/default - googlevideo.txt
GoodCheck_v1.3.02_by_Ori/CheckLists/default - miscellaneous.txt
GoodCheck_v1.3.02_by_Ori/Config.cmd
.cmd .vbs
GoodCheck_v1.3.02_by_Ori/Curl/COPYING.txt
GoodCheck_v1.3.02_by_Ori/Curl/x86/curl-ca-bundle.crt
GoodCheck_v1.3.02_by_Ori/Curl/x86/curl.exe
.exe windows:6 windows x86 arch:x86

0b6925648f8d126ff5d3927e5817a476

Code Sign

21:05:fc:25:c2:a4:7d:bd:fd:de:47:cc:23:77:50:00:1d:5b:5b:b2
Certificate

Issuer

CN=curl-for-win Root CA 2024

Not Before

31/03/2024, 22:02

Not After

31/03/2029, 22:02

Subject

CN=curl-for-win Root CA 2024

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3f:ce:36:e2:7d:57:32:82:a8:5f:00:c4:17:99:d6:70:39:63:34:cb
Certificate

Issuer

CN=curl-for-win Root CA 2024

Not Before

31/03/2024, 22:02

Not After

31/03/2027, 22:02

Subject

CN=curl-for-win Code Signing Authority

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b8:b7:f0:e7:7c:18:64:d7:3d:e5:c6:7c:dc:de:8d:4f:05:07:57:24:50:65:85:a0:78:9d:60:70:cf:23:b2:e3:b4:04:f8:04:c2:54:43:86:09:c8:a3:b8:ed:e5:fe:d9:cc:c5:59:0a:ce:fe:94:10:3e:eb:08:a2:da:3d:f2:f6
Signer

Actual PE Digest

b8:b7:f0:e7:7c:18:64:d7:3d:e5:c6:7c:dc:de:8d:4f:05:07:57:24:50:65:85:a0:78:9d:60:70:cf:23:b2:e3:b4:04:f8:04:c2:54:43:86:09:c8:a3:b8:ed:e5:fe:d9:cc:c5:59:0a:ce:fe:94:10:3e:eb:08:a2:da:3d:f2:f6

Digest Algorithm

sha512

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

bcrypt

BCryptGenRandom

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFreeCertificateContext
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertOpenSystemStoreA

kernel32

AcquireSRWLockExclusive
CancelIo
CloseHandle
CompareFileTime
CreateEventA
CreateFileA
CreateFileMappingA
CreateMutexA
CreateToolhelp32Snapshot
DeleteCriticalSection
EnterCriticalSection
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
FormatMessageW
FreeLibrary
GetConsoleMode
GetConsoleScreenBufferInfo
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDiskFreeSpaceExW
GetEnvironmentVariableA
GetFileAttributesA
GetFileInformationByHandle
GetFileSizeEx
GetFileTime
GetFileType
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetOverlappedResult
GetProcAddress
GetStdHandle
GetSystemDirectoryA
GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount64
GetTickCount
GetTimeZoneInformation
GetVolumeInformationW
InitOnceExecuteOnce
InitializeCriticalSection
InitializeCriticalSectionEx
IsProcessorFeaturePresent
LeaveCriticalSection
LoadLibraryA
MapViewOfFile
Module32First
Module32Next
MoveFileExA
MultiByteToWideChar
PeekNamedPipe
QueryPerformanceCounter
QueryPerformanceFrequency
ReadFile
ReleaseMutex
ReleaseSRWLockExclusive
SearchPathA
SetConsoleCtrlHandler
SetConsoleMode
SetEndOfFile
SetFilePointer
SetFileTime
SetHandleInformation
SetLastError
SetUnhandledExceptionFilter
Sleep
SleepEx
TerminateProcess
TlsGetValue
UnmapViewOfFile
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
WaitNamedPipeA
WideCharToMultiByte
WriteConsoleW
WriteFile

normaliz

IdnToAscii
IdnToUnicode

api-ms-win-crt-conio-l1-1-0

_getch

api-ms-win-crt-convert-l1-1-0

atoi
mbrtowc
strtod
strtol
strtoll
strtoul
strtoull
wcrtomb
wcstombs

api-ms-win-crt-environment-l1-1-0

__p__environ
__p__wenviron
getenv

api-ms-win-crt-filesystem-l1-1-0

_findclose
_findfirst32
_findnext32
_fstat64
_fullpath
_lock_file
_stat64
_unlock_file
_unlink
_mkdir

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
free
malloc
realloc

api-ms-win-crt-locale-l1-1-0

localeconv
setlocale

api-ms-win-crt-math-l1-1-0

__setusermatherr
_fdopen

api-ms-win-crt-private-l1-1-0

memchr
memcmp
memcpy
memmove
strchr
strrchr
strstr

api-ms-win-crt-runtime-l1-1-0

_set_app_type
__p___argc
__p___argv
__p___wargv
__sys_errlist
__sys_nerr
_beginthreadex
_cexit
_configure_narrow_argv
_configure_wide_argv
_crt_at_quick_exit
_crt_atexit
_errno
_exit
_initialize_narrow_environment
_initialize_wide_environment
_initterm
_set_errno
_set_invalid_parameter_handler
abort
exit
signal
strerror

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__p__commode
__p__fmode
__stdio_common_vfprintf
__stdio_common_vfwprintf
__stdio_common_vsprintf
__stdio_common_vsscanf
_fseeki64
_get_osfhandle
_lseeki64
_open
_read
_telli64
fclose
feof
ferror
fflush
fgets
fopen
fputc
fputs
fread
freopen
fseek
ftell
fwrite
getc
putchar
puts
rewind
setvbuf
ungetc
_write
_write
_setmode
_open
_isatty
_fileno
_fileno
_close

api-ms-win-crt-string-l1-1-0

_strnicmp
isalnum
isspace
isupper
isxdigit
mbrlen
memset
strcmp
strcpy
strcspn
strlen
strncmp
strncpy
strpbrk
strspn
strtok
tolower
wcslen
_stricmp
_strdup

api-ms-win-crt-time-l1-1-0

__daylight
__timezone
__tzname
_difftime64
_gmtime64
_localtime64
_time64
_tzset
strftime

api-ms-win-crt-utility-l1-1-0

_byteswap_uint64
bsearch
qsort

user32

FindWindowA
SendMessageA

wldap32

ber_free
ldap_bind_s
ldap_err2string
ldap_first_attribute
ldap_first_entry
ldap_get_dn
ldap_get_values_len
ldap_init
ldap_memfree
ldap_msgfree
ldap_next_attribute
ldap_next_entry
ldap_search_s
ldap_set_option
ldap_simple_bind_s
ldap_sslinit
ldap_unbind_s
ldap_value_free_len

ws2_32

WSACleanup
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAGetLastError
WSAIoctl
WSAResetEvent
WSASetEvent
WSASetLastError
WSAStartup
WSAStringToAddressW
WSAWaitForMultipleEvents
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostname
getpeername
getsockname
getsockopt
htonl
htons
inet_ntop
inet_pton
ioctlsocket
listen
ntohl
ntohs
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 991KB - Virtual size: 990KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.eh_fram
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GoodCheck_v1.3.02_by_Ori/Curl/x86/libcurl.def
GoodCheck_v1.3.02_by_Ori/Curl/x86/libcurl.dll
.dll windows:6 windows x86 arch:x86

63db6dc8020804c629764ed3bbed96fa

Code Sign

21:05:fc:25:c2:a4:7d:bd:fd:de:47:cc:23:77:50:00:1d:5b:5b:b2
Certificate

Issuer

CN=curl-for-win Root CA 2024

Not Before

31/03/2024, 22:02

Not After

31/03/2029, 22:02

Subject

CN=curl-for-win Root CA 2024

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3f:ce:36:e2:7d:57:32:82:a8:5f:00:c4:17:99:d6:70:39:63:34:cb
Certificate

Issuer

CN=curl-for-win Root CA 2024

Not Before

31/03/2024, 22:02

Not After

31/03/2027, 22:02

Subject

CN=curl-for-win Code Signing Authority

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

36:6b:e4:d8:73:b6:50:cb:cb:a1:a0:aa:4c:86:f1:1e:2d:9e:00:fa:49:65:54:e2:d6:44:db:1c:29:e2:f1:21:18:08:5c:01:e0:81:43:da:db:8d:88:e9:5a:1a:0f:a9:73:ad:9c:35:78:93:1c:72:3d:6f:ef:4d:1b:8d:19:cc
Signer

Actual PE Digest

36:6b:e4:d8:73:b6:50:cb:cb:a1:a0:aa:4c:86:f1:1e:2d:9e:00:fa:49:65:54:e2:d6:44:db:1c:29:e2:f1:21:18:08:5c:01:e0:81:43:da:db:8d:88:e9:5a:1a:0f:a9:73:ad:9c:35:78:93:1c:72:3d:6f:ef:4d:1b:8d:19:cc

Digest Algorithm

sha512

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

bcrypt

BCryptGenRandom

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFreeCertificateContext
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertOpenSystemStoreA

kernel32

AcquireSRWLockExclusive
CancelIo
CloseHandle
CompareFileTime
CreateEventA
CreateFileA
CreateFileMappingA
CreateMutexA
DeleteCriticalSection
EnterCriticalSection
FormatMessageW
FreeLibrary
GetConsoleMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentVariableA
GetFileAttributesA
GetFileType
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetOverlappedResult
GetProcAddress
GetStdHandle
GetSystemDirectoryA
GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount64
GetTickCount
GetTimeZoneInformation
InitOnceExecuteOnce
InitializeCriticalSection
InitializeCriticalSectionEx
IsProcessorFeaturePresent
LeaveCriticalSection
LoadLibraryA
MapViewOfFile
MoveFileExA
MultiByteToWideChar
PeekNamedPipe
QueryPerformanceCounter
QueryPerformanceFrequency
ReadFile
ReleaseMutex
ReleaseSRWLockExclusive
SetConsoleMode
SetHandleInformation
SetLastError
Sleep
SleepEx
TerminateProcess
TlsGetValue
UnmapViewOfFile
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
WaitNamedPipeA
WideCharToMultiByte
WriteFile

normaliz

IdnToAscii
IdnToUnicode

api-ms-win-crt-convert-l1-1-0

atoi
mbrtowc
strtol
strtoll
strtoul
strtoull
wcrtomb
wcstombs

api-ms-win-crt-environment-l1-1-0

__p__environ
__p__wenviron
getenv

api-ms-win-crt-filesystem-l1-1-0

_findclose
_findfirst32
_findnext32
_fstat64
_fullpath
_lock_file
_stat64
_unlock_file
_unlink

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
free
malloc
realloc

api-ms-win-crt-locale-l1-1-0

localeconv

api-ms-win-crt-math-l1-1-0

_fdopen

api-ms-win-crt-private-l1-1-0

memchr
memcmp
memcpy
memmove
strchr
strrchr
strstr

api-ms-win-crt-runtime-l1-1-0

__p___argc
__p___argv
__p___wargv
__sys_errlist
__sys_nerr
_beginthreadex
_configure_narrow_argv
_configure_wide_argv
_crt_at_quick_exit
_crt_atexit
_errno
_execute_onexit_table
_exit
_initialize_narrow_environment
_initialize_onexit_table
_initialize_wide_environment
_initterm
_register_onexit_function
abort
exit
strerror

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vfprintf
__stdio_common_vfwprintf
__stdio_common_vsprintf
__stdio_common_vsscanf
_fseeki64
_get_osfhandle
_lseeki64
_open
_read
fclose
feof
ferror
fflush
fgets
fopen
fputc
fputs
fread
fseek
ftell
fwrite
getc
rewind
setvbuf
ungetc
_write
_write
_open
_fileno
_fileno
_close

api-ms-win-crt-string-l1-1-0

_strnicmp
isalnum
isspace
isupper
isxdigit
mbrlen
memset
strcmp
strcpy
strcspn
strlen
strncmp
strncpy
strpbrk
strspn
tolower
wcslen
_stricmp
_strdup

api-ms-win-crt-time-l1-1-0

__daylight
__timezone
__tzname
_difftime64
_gmtime64
_time64
_tzset
strftime

api-ms-win-crt-utility-l1-1-0

_byteswap_uint64
bsearch
qsort

user32

FindWindowA
SendMessageA

wldap32

ber_free
ldap_bind_s
ldap_err2string
ldap_first_attribute
ldap_first_entry
ldap_get_dn
ldap_get_values_len
ldap_init
ldap_memfree
ldap_msgfree
ldap_next_attribute
ldap_next_entry
ldap_search_s
ldap_set_option
ldap_simple_bind_s
ldap_sslinit
ldap_unbind_s
ldap_value_free_len

ws2_32

WSACleanup
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAGetLastError
WSAIoctl
WSAResetEvent
WSASetEvent
WSASetLastError
WSAStartup
WSAStringToAddressW
WSAWaitForMultipleEvents
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostname
getpeername
getsockname
getsockopt
htonl
htons
inet_ntop
inet_pton
ioctlsocket
listen
ntohl
ntohs
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_header
curl_easy_init
curl_easy_nextheader
curl_easy_option_by_id
curl_easy_option_by_name
curl_easy_option_next
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_easy_upkeep
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_global_sslset
curl_global_trace
curl_maprintf
curl_mfprintf
curl_mime_addpart
curl_mime_data
curl_mime_data_cb
curl_mime_encoder
curl_mime_filedata
curl_mime_filename
curl_mime_free
curl_mime_headers
curl_mime_init
curl_mime_name
curl_mime_subparts
curl_mime_type
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_get_handles
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_poll
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_multi_wait
curl_multi_waitfds
curl_multi_wakeup
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_pushheader_byname
curl_pushheader_bynum
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape
curl_url
curl_url_cleanup
curl_url_dup
curl_url_get
curl_url_set
curl_url_strerror
curl_version
curl_version_info
curl_ws_meta
curl_ws_recv
curl_ws_send

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 648KB - Virtual size: 648KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.eh_fram
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GoodCheck_v1.3.02_by_Ori/Curl/x86_64/CurlOutput.tmp
GoodCheck_v1.3.02_by_Ori/Curl/x86_64/curl-ca-bundle.crt
GoodCheck_v1.3.02_by_Ori/Curl/x86_64/curl.exe
.exe windows:6 windows x64 arch:x64

14487bbdf794e2c7e12a808e87f70967

Code Sign

21:05:fc:25:c2:a4:7d:bd:fd:de:47:cc:23:77:50:00:1d:5b:5b:b2
Certificate

Issuer

CN=curl-for-win Root CA 2024

Not Before

31/03/2024, 22:02

Not After

31/03/2029, 22:02

Subject

CN=curl-for-win Root CA 2024

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3f:ce:36:e2:7d:57:32:82:a8:5f:00:c4:17:99:d6:70:39:63:34:cb
Certificate

Issuer

CN=curl-for-win Root CA 2024

Not Before

31/03/2024, 22:02

Not After

31/03/2027, 22:02

Subject

CN=curl-for-win Code Signing Authority

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3c:f3:78:96:1d:6e:6d:74:9a:aa:8f:88:72:1f:4c:17:b1:13:81:8d:2a:cc:7a:90:61:77:1e:f0:fe:c8:89:71:f6:34:b0:e3:78:22:8d:6f:d0:c1:11:09:34:f4:c4:de:c8:d6:f9:c8:38:06:85:79:48:40:00:2c:a5:92:96:22
Signer

Actual PE Digest

3c:f3:78:96:1d:6e:6d:74:9a:aa:8f:88:72:1f:4c:17:b1:13:81:8d:2a:cc:7a:90:61:77:1e:f0:fe:c8:89:71:f6:34:b0:e3:78:22:8d:6f:d0:c1:11:09:34:f4:c4:de:c8:d6:f9:c8:38:06:85:79:48:40:00:2c:a5:92:96:22

Digest Algorithm

sha512

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

bcrypt

BCryptGenRandom

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFreeCertificateContext
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertOpenSystemStoreA

kernel32

AcquireSRWLockExclusive
CancelIo
CloseHandle
CompareFileTime
CreateEventA
CreateFileA
CreateFileMappingA
CreateMutexA
CreateToolhelp32Snapshot
DeleteCriticalSection
EnterCriticalSection
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
FormatMessageW
FreeLibrary
GetConsoleMode
GetConsoleScreenBufferInfo
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDiskFreeSpaceExW
GetEnvironmentVariableA
GetFileAttributesA
GetFileInformationByHandle
GetFileSizeEx
GetFileTime
GetFileType
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetOverlappedResult
GetProcAddress
GetStdHandle
GetSystemDirectoryA
GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount
GetTickCount64
GetTimeZoneInformation
GetVolumeInformationW
InitOnceExecuteOnce
InitializeCriticalSection
InitializeCriticalSectionEx
IsProcessorFeaturePresent
LeaveCriticalSection
LoadLibraryA
MapViewOfFile
Module32First
Module32Next
MoveFileExA
MultiByteToWideChar
PeekNamedPipe
QueryPerformanceCounter
QueryPerformanceFrequency
ReadFile
ReleaseMutex
ReleaseSRWLockExclusive
RtlVirtualUnwind
SearchPathA
SetConsoleCtrlHandler
SetConsoleMode
SetEndOfFile
SetFilePointer
SetFileTime
SetHandleInformation
SetLastError
SetUnhandledExceptionFilter
Sleep
SleepEx
TerminateProcess
TlsGetValue
UnmapViewOfFile
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
WaitNamedPipeA
WideCharToMultiByte
WriteConsoleW
WriteFile

normaliz

IdnToAscii
IdnToUnicode

api-ms-win-crt-conio-l1-1-0

_getch

api-ms-win-crt-convert-l1-1-0

atoi
mbrtowc
strtod
strtol
strtoll
strtoul
strtoull
wcrtomb
wcstombs

api-ms-win-crt-environment-l1-1-0

__p__environ
__p__wenviron
getenv

api-ms-win-crt-filesystem-l1-1-0

_findfirst64
_findclose
_findnext64
_fstat64
_fullpath
_lock_file
_stat64
_unlock_file
_unlink
_mkdir

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
free
malloc
realloc

api-ms-win-crt-locale-l1-1-0

localeconv
setlocale

api-ms-win-crt-math-l1-1-0

__setusermatherr
_fdopen

api-ms-win-crt-private-l1-1-0

__C_specific_handler
memchr
memcmp
memcpy
memmove
strchr
strrchr
strstr

api-ms-win-crt-runtime-l1-1-0

_set_app_type
__p___argc
__p___argv
__p___wargv
__sys_errlist
__sys_nerr
_beginthreadex
_cexit
_configure_narrow_argv
_configure_wide_argv
_crt_at_quick_exit
_crt_atexit
_errno
_exit
_initialize_narrow_environment
_initialize_wide_environment
_initterm
_set_errno
_set_invalid_parameter_handler
abort
exit
signal
strerror

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__p__commode
__p__fmode
__stdio_common_vfprintf
__stdio_common_vfwprintf
__stdio_common_vsprintf
__stdio_common_vsscanf
_fseeki64
_get_osfhandle
_lseeki64
_open
_read
_telli64
fclose
feof
ferror
fflush
fgets
fopen
fputc
fputs
fread
freopen
fseek
ftell
fwrite
getc
putchar
puts
rewind
setvbuf
ungetc
_write
_write
_setmode
_open
_isatty
_fileno
_fileno
_close

api-ms-win-crt-string-l1-1-0

_strnicmp
isalnum
isspace
isupper
isxdigit
mbrlen
memset
strcmp
strcpy
strcspn
strlen
strncmp
strncpy
strpbrk
strspn
strtok
tolower
wcslen
_stricmp
_strdup

api-ms-win-crt-time-l1-1-0

__daylight
__timezone
__tzname
_difftime64
_gmtime64
_localtime64
_time64
_tzset
strftime

api-ms-win-crt-utility-l1-1-0

_byteswap_uint64
bsearch
qsort

user32

FindWindowA
SendMessageA

wldap32

ber_free
ldap_bind_s
ldap_err2string
ldap_first_attribute
ldap_first_entry
ldap_get_dn
ldap_get_values_len
ldap_init
ldap_memfree
ldap_msgfree
ldap_next_attribute
ldap_next_entry
ldap_search_s
ldap_set_option
ldap_simple_bind_s
ldap_sslinit
ldap_unbind_s
ldap_value_free_len

ws2_32

WSACleanup
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAGetLastError
WSAIoctl
WSAResetEvent
WSASetEvent
WSASetLastError
WSAStartup
WSAStringToAddressW
WSAWaitForMultipleEvents
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostname
getpeername
getsockname
getsockopt
htonl
htons
inet_ntop
inet_pton
ioctlsocket
listen
ntohl
ntohs
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.note
Size: 512B - Virtual size: 364B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GoodCheck_v1.3.02_by_Ori/Curl/x86_64/libcurl-x64.def
GoodCheck_v1.3.02_by_Ori/Curl/x86_64/libcurl-x64.dll
.dll windows:6 windows x64 arch:x64

747e0ff48e244b4397bcbead95e570a7

Code Sign

21:05:fc:25:c2:a4:7d:bd:fd:de:47:cc:23:77:50:00:1d:5b:5b:b2
Certificate

Issuer

CN=curl-for-win Root CA 2024

Not Before

31/03/2024, 22:02

Not After

31/03/2029, 22:02

Subject

CN=curl-for-win Root CA 2024

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3f:ce:36:e2:7d:57:32:82:a8:5f:00:c4:17:99:d6:70:39:63:34:cb
Certificate

Issuer

CN=curl-for-win Root CA 2024

Not Before

31/03/2024, 22:02

Not After

31/03/2027, 22:02

Subject

CN=curl-for-win Code Signing Authority

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f8:ef:2b:1d:e4:d7:09:49:4d:cb:5d:a8:4c:d7:6e:5a:42:4d:1a:6c:b4:8f:b0:7e:df:3b:0f:31:4b:73:22:de:77:bb:84:d9:9b:65:5d:c9:11:cf:f8:97:b8:13:91:a6:0f:b9:36:4d:a6:7d:ca:ea:ae:40:bf:a8:09:c7:b5:01
Signer

Actual PE Digest

f8:ef:2b:1d:e4:d7:09:49:4d:cb:5d:a8:4c:d7:6e:5a:42:4d:1a:6c:b4:8f:b0:7e:df:3b:0f:31:4b:73:22:de:77:bb:84:d9:9b:65:5d:c9:11:cf:f8:97:b8:13:91:a6:0f:b9:36:4d:a6:7d:ca:ea:ae:40:bf:a8:09:c7:b5:01

Digest Algorithm

sha512

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

bcrypt

BCryptGenRandom

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFreeCertificateContext
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertOpenSystemStoreA

kernel32

AcquireSRWLockExclusive
CancelIo
CloseHandle
CompareFileTime
CreateEventA
CreateFileA
CreateFileMappingA
CreateMutexA
DeleteCriticalSection
EnterCriticalSection
FormatMessageW
FreeLibrary
GetConsoleMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentVariableA
GetFileAttributesA
GetFileType
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetOverlappedResult
GetProcAddress
GetStdHandle
GetSystemDirectoryA
GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount
GetTickCount64
GetTimeZoneInformation
InitOnceExecuteOnce
InitializeCriticalSection
InitializeCriticalSectionEx
IsProcessorFeaturePresent
LeaveCriticalSection
LoadLibraryA
MapViewOfFile
MoveFileExA
MultiByteToWideChar
PeekNamedPipe
QueryPerformanceCounter
QueryPerformanceFrequency
ReadFile
ReleaseMutex
ReleaseSRWLockExclusive
RtlVirtualUnwind
SetConsoleMode
SetHandleInformation
SetLastError
Sleep
SleepEx
TerminateProcess
TlsGetValue
UnmapViewOfFile
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
WaitNamedPipeA
WideCharToMultiByte
WriteFile

normaliz

IdnToAscii
IdnToUnicode

api-ms-win-crt-convert-l1-1-0

atoi
mbrtowc
strtol
strtoll
strtoul
strtoull
wcrtomb
wcstombs

api-ms-win-crt-environment-l1-1-0

__p__environ
__p__wenviron
getenv

api-ms-win-crt-filesystem-l1-1-0

_findfirst64
_findclose
_findnext64
_fstat64
_fullpath
_lock_file
_stat64
_unlock_file
_unlink

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
free
malloc
realloc

api-ms-win-crt-locale-l1-1-0

localeconv

api-ms-win-crt-math-l1-1-0

_fdopen

api-ms-win-crt-private-l1-1-0

memchr
memcmp
memcpy
memmove
strchr
strrchr
strstr

api-ms-win-crt-runtime-l1-1-0

__p___argc
__p___argv
__p___wargv
__sys_errlist
__sys_nerr
_beginthreadex
_configure_narrow_argv
_configure_wide_argv
_crt_at_quick_exit
_crt_atexit
_errno
_execute_onexit_table
_exit
_initialize_narrow_environment
_initialize_onexit_table
_initialize_wide_environment
_initterm
_register_onexit_function
abort
exit
strerror

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vfprintf
__stdio_common_vfwprintf
__stdio_common_vsprintf
__stdio_common_vsscanf
_fseeki64
_get_osfhandle
_lseeki64
_open
_read
fclose
feof
ferror
fflush
fgets
fopen
fputc
fputs
fread
fseek
ftell
fwrite
getc
rewind
setvbuf
ungetc
_write
_write
_open
_fileno
_fileno
_close

api-ms-win-crt-string-l1-1-0

_strnicmp
isalnum
isspace
isupper
isxdigit
mbrlen
memset
strcmp
strcpy
strcspn
strlen
strncmp
strncpy
strpbrk
strspn
tolower
wcslen
_stricmp
_strdup

api-ms-win-crt-time-l1-1-0

__daylight
__timezone
__tzname
_difftime64
_gmtime64
_time64
_tzset
strftime

api-ms-win-crt-utility-l1-1-0

_byteswap_uint64
bsearch
qsort

user32

FindWindowA
SendMessageA

wldap32

ber_free
ldap_bind_s
ldap_err2string
ldap_first_attribute
ldap_first_entry
ldap_get_dn
ldap_get_values_len
ldap_init
ldap_memfree
ldap_msgfree
ldap_next_attribute
ldap_next_entry
ldap_search_s
ldap_set_option
ldap_simple_bind_s
ldap_sslinit
ldap_unbind_s
ldap_value_free_len

ws2_32

WSACleanup
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAGetLastError
WSAIoctl
WSAResetEvent
WSASetEvent
WSASetLastError
WSAStartup
WSAStringToAddressW
WSAWaitForMultipleEvents
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostname
getpeername
getsockname
getsockopt
htonl
htons
inet_ntop
inet_pton
ioctlsocket
listen
ntohl
ntohs
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_header
curl_easy_init
curl_easy_nextheader
curl_easy_option_by_id
curl_easy_option_by_name
curl_easy_option_next
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_easy_upkeep
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_global_sslset
curl_global_trace
curl_maprintf
curl_mfprintf
curl_mime_addpart
curl_mime_data
curl_mime_data_cb
curl_mime_encoder
curl_mime_filedata
curl_mime_filename
curl_mime_free
curl_mime_headers
curl_mime_init
curl_mime_name
curl_mime_subparts
curl_mime_type
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_get_handles
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_poll
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_multi_wait
curl_multi_waitfds
curl_multi_wakeup
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_pushheader_byname
curl_pushheader_bynum
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape
curl_url
curl_url_cleanup
curl_url_dup
curl_url_get
curl_url_set
curl_url_strerror
curl_version
curl_version_info
curl_ws_meta
curl_ws_recv
curl_ws_send

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 696KB - Virtual size: 696KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.note
Size: 512B - Virtual size: 364B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GoodCheck_v1.3.02_by_Ori/GoodCheck.cmd
.cmd .vbs
GoodCheck_v1.3.02_by_Ori/Logs/Log_GoodCheck_10-10-2024_07-20-49.txt
GoodCheck_v1.3.02_by_Ori/Payloads/quic_ietf_www_google_com.bin
GoodCheck_v1.3.02_by_Ori/Payloads/tls_earth_google_com.bin
GoodCheck_v1.3.02_by_Ori/Readme.txt
.vbs
GoodCheck_v1.3.02_by_Ori/Start.cmd
GoodCheck_v1.3.02_by_Ori/Strategies/ByeDPI/[Rudimentary].txt
GoodCheck_v1.3.02_by_Ori/Strategies/GoodbyeDPI/[QUIC] - [e2] - [fake-with-sni].txt
GoodCheck_v1.3.02_by_Ori/Strategies/GoodbyeDPI/[TCP] - [e1] - [FULL].txt
GoodCheck_v1.3.02_by_Ori/Strategies/GoodbyeDPI/[TCP] - [e1] - [SIMPLE].txt
GoodCheck_v1.3.02_by_Ori/Strategies/GoodbyeDPI/[TCP] - [e1] - [fake-from-hex, fake-gen].txt
GoodCheck_v1.3.02_by_Ori/Strategies/GoodbyeDPI/[TCP] - [e1] - [fake-with-sni].txt
GoodCheck_v1.3.02_by_Ori/Strategies/GoodbyeDPI/[TCP] - [e2] - [FULL].txt
GoodCheck_v1.3.02_by_Ori/Strategies/GoodbyeDPI/[TCP] - [e2] - [SIMPLE].txt
GoodCheck_v1.3.02_by_Ori/Strategies/GoodbyeDPI/[TCP] - [e2] - [fake-from-hex, fake-gen].txt
GoodCheck_v1.3.02_by_Ori/Strategies/GoodbyeDPI/[TCP] - [e2] - [fake-with-sni].txt
GoodCheck_v1.3.02_by_Ori/Strategies/GoodbyeDPI/[basic functionality test].txt
GoodCheck_v1.3.02_by_Ori/Strategies/Zapret/[from Blockcheck] - [IPv4] - [QUIC].txt
GoodCheck_v1.3.02_by_Ori/Strategies/Zapret/[from Blockcheck] - [IPv4] - [TCP] - [No wssize, NO syndata].txt
GoodCheck_v1.3.02_by_Ori/Strategies/Zapret/[from Blockcheck] - [IPv4] - [TCP].txt
GoodCheck_v1.3.02_by_Ori/elevator.vbs
.vbs

Sharing

General

Malware Config

Signatures

Files

0b6925648f8d126ff5d3927e5817a476

Code Sign

21:05:fc:25:c2:a4:7d:bd:fd:de:47:cc:23:77:50:00:1d:5b:5b:b2Certificate

Key Usages

3f:ce:36:e2:7d:57:32:82:a8:5f:00:c4:17:99:d6:70:39:63:34:cbCertificate

Extended Key Usages

Key Usages

b8:b7:f0:e7:7c:18:64:d7:3d:e5:c6:7c:dc:de:8d:4f:05:07:57:24:50:65:85:a0:78:9d:60:70:cf:23:b2:e3:b4:04:f8:04:c2:54:43:86:09:c8:a3:b8:ed:e5:fe:d9:cc:c5:59:0a:ce:fe:94:10:3e:eb:08:a2:da:3d:f2:f6Signer

Headers

DLL Characteristics

File Characteristics

Imports

bcrypt

crypt32

kernel32

normaliz

api-ms-win-crt-conio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

user32

wldap32

ws2_32

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 991KB - Virtual size: 990KB

.buildid Size: 512B - Virtual size: 32B

.data Size: 18KB - Virtual size: 29KB

.eh_fram Size: 8KB - Virtual size: 8KB

.tls Size: 512B - Virtual size: 8B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 95KB - Virtual size: 95KB

63db6dc8020804c629764ed3bbed96fa

Code Sign

21:05:fc:25:c2:a4:7d:bd:fd:de:47:cc:23:77:50:00:1d:5b:5b:b2Certificate

Key Usages

3f:ce:36:e2:7d:57:32:82:a8:5f:00:c4:17:99:d6:70:39:63:34:cbCertificate

Extended Key Usages

Key Usages

36:6b:e4:d8:73:b6:50:cb:cb:a1:a0:aa:4c:86:f1:1e:2d:9e:00:fa:49:65:54:e2:d6:44:db:1c:29:e2:f1:21:18:08:5c:01:e0:81:43:da:db:8d:88:e9:5a:1a:0f:a9:73:ad:9c:35:78:93:1c:72:3d:6f:ef:4d:1b:8d:19:ccSigner

Headers

DLL Characteristics

File Characteristics

Imports

bcrypt

crypt32

kernel32

normaliz

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

user32

wldap32

ws2_32

Exports

Exports

Sections

21:05:fc:25:c2:a4:7d:bd:fd:de:47:cc:23:77:50:00:1d:5b:5b:b2
Certificate

3f:ce:36:e2:7d:57:32:82:a8:5f:00:c4:17:99:d6:70:39:63:34:cb
Certificate

b8:b7:f0:e7:7c:18:64:d7:3d:e5:c6:7c:dc:de:8d:4f:05:07:57:24:50:65:85:a0:78:9d:60:70:cf:23:b2:e3:b4:04:f8:04:c2:54:43:86:09:c8:a3:b8:ed:e5:fe:d9:cc:c5:59:0a:ce:fe:94:10:3e:eb:08:a2:da:3d:f2:f6
Signer

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 991KB - Virtual size: 990KB

.buildid
Size: 512B - Virtual size: 32B

.data
Size: 18KB - Virtual size: 29KB

.eh_fram
Size: 8KB - Virtual size: 8KB

.tls
Size: 512B - Virtual size: 8B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 95KB - Virtual size: 95KB

21:05:fc:25:c2:a4:7d:bd:fd:de:47:cc:23:77:50:00:1d:5b:5b:b2
Certificate

3f:ce:36:e2:7d:57:32:82:a8:5f:00:c4:17:99:d6:70:39:63:34:cb
Certificate

36:6b:e4:d8:73:b6:50:cb:cb:a1:a0:aa:4c:86:f1:1e:2d:9e:00:fa:49:65:54:e2:d6:44:db:1c:29:e2:f1:21:18:08:5c:01:e0:81:43:da:db:8d:88:e9:5a:1a:0f:a9:73:ad:9c:35:78:93:1c:72:3d:6f:ef:4d:1b:8d:19:cc
Signer

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 648KB - Virtual size: 648KB

.buildid
Size: 512B - Virtual size: 32B

.data
Size: 23KB - Virtual size: 32KB

.eh_fram
Size: 8KB - Virtual size: 7KB

.tls
Size: 512B - Virtual size: 8B

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 88KB - Virtual size: 88KB

21:05:fc:25:c2:a4:7d:bd:fd:de:47:cc:23:77:50:00:1d:5b:5b:b2
Certificate

3f:ce:36:e2:7d:57:32:82:a8:5f:00:c4:17:99:d6:70:39:63:34:cb
Certificate

3c:f3:78:96:1d:6e:6d:74:9a:aa:8f:88:72:1f:4c:17:b1:13:81:8d:2a:cc:7a:90:61:77:1e:f0:fe:c8:89:71:f6:34:b0:e3:78:22:8d:6f:d0:c1:11:09:34:f4:c4:de:c8:d6:f9:c8:38:06:85:79:48:40:00:2c:a5:92:96:22
Signer

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 1.0MB - Virtual size: 1.0MB

.buildid
Size: 512B - Virtual size: 32B

.data
Size: 35KB - Virtual size: 49KB

.pdata
Size: 2KB - Virtual size: 1KB

.note
Size: 512B - Virtual size: 364B

.rodata
Size: 17KB - Virtual size: 17KB

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 23KB - Virtual size: 22KB

21:05:fc:25:c2:a4:7d:bd:fd:de:47:cc:23:77:50:00:1d:5b:5b:b2
Certificate

3f:ce:36:e2:7d:57:32:82:a8:5f:00:c4:17:99:d6:70:39:63:34:cb
Certificate

f8:ef:2b:1d:e4:d7:09:49:4d:cb:5d:a8:4c:d7:6e:5a:42:4d:1a:6c:b4:8f:b0:7e:df:3b:0f:31:4b:73:22:de:77:bb:84:d9:9b:65:5d:c9:11:cf:f8:97:b8:13:91:a6:0f:b9:36:4d:a6:7d:ca:ea:ae:40:bf:a8:09:c7:b5:01
Signer