jupyter | a1c7157e3d321dc5966c65601335e053edb2c4a1e6cf4f1f678b974a4f2dbf26

Sharing

Copy URL

Twitter E-mail

General

Target

a1c7157e3d321dc5966c65601335e053edb2c4a1e6cf4f1f678b974a4f2dbf26
Size

9.2MB
MD5

b058ec95cb680a10ef84508b3e59dcb0
SHA1

c2f5087a31b4724609fde3df3baba836a675b85d
SHA256

a1c7157e3d321dc5966c65601335e053edb2c4a1e6cf4f1f678b974a4f2dbf26
SHA512

d065692a5fac686a37bd93a609c7abc21574986a2097b91f28d6882f04bd38d5b81dd058176dc632bee913f5a2e172a03ada8c0d1b0bcbf0b5a82adb9d011c47
SSDEEP

196608:d6RXFl4U5+6dQnNMro1nGRohwd+xjlaH7SlT4Q6Ju75/TrCdaFfMSkGlY1jY:8br5+6qn9DZx318u0daFVp

Score

10^/10

upx jupyter

Malware Config

Extracted

Family

jupyter

Version

IL-1

http://185.244.213.64

Signatures

Jupyter Backdoor/Client payload 1 IoCs

resource	yara_rule
static1/unpack001/90bfa67161e3c835aa16b29bf8861fa138708af978597e1a04ff98e79ed61a53	family_jupyter

Jupyter family
jupyter

.NET Reactor proctector 1 IoCs

Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

resource	yara_rule
static1/unpack001/8bcc9ea07aa49b1c774327cb2fffaea269806805538b40aa8b7d2a89b8cfbca8	net_reactor

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/65df637db227ff1685bdf82ab676de4ed70bffd4c96e6cde70d575217700083b	upx

Unsigned PE 16 IoCs

Checks for missing Authenticode signature.

resource
unpack001/1650ced30cfb68451bb432b44f72fa93687d95d83f70fa039658d8cb665508c5
unpack001/1a70a7de8a393638b80336e9d2b225c2fd199d9d3eed3ad2c007656cc20c2b4a
unpack002/ISSUES INVOICE E-4136 REV.1.exe
unpack001/350fbd43ce6f7d1d3d636aa5b94187d4dcc8e866527cfdc9c9ce226aea3500ed
unpack001/44faf11719b3a679e7a6dd5db40033ec4dd6e1b0361c145b81586cb735a64112
unpack001/717ad3ee2b9ae94aac5bd01bce9bb945d8c620e3a60f241864dede3646f3dd47
unpack001/89ab99f5721b691e5513f4192e7c96eb0981ddb6c2d2b94c1a32e2df896397b8
unpack001/8bcc9ea07aa49b1c774327cb2fffaea269806805538b40aa8b7d2a89b8cfbca8
unpack001/8eb3ba4bf74f0ec17a13a504d3f68a9ce7a71b93b2b1b5274b691b17ecc1a3ed
unpack001/90bfa67161e3c835aa16b29bf8861fa138708af978597e1a04ff98e79ed61a53
unpack001/a44afa0907b48e04657561e24ca6e009777c607827d08086dff676b1249b9de9
unpack001/c7a9cf7edcb74210ab3d98121f29f8ca4c54d11e3d0240edc7ecdbe9e1a85e2e
unpack001/d2efca8ecf1e864e10c22469f0e1d06cdc17a8c4b5aa4afe0975525230171042
unpack003/Order items 2652-21-22.exe
unpack004/$PLUGINSDIR/LogEx.dll
unpack004/$PLUGINSDIR/System.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
static1/unpack001/e24f03db97f321cac1a81ae747465be307c949c91d366941e9501d42c3c7a8ed	nsis_installer_1
static1/unpack001/e24f03db97f321cac1a81ae747465be307c949c91d366941e9501d42c3c7a8ed	nsis_installer_2

Files

a1c7157e3d321dc5966c65601335e053edb2c4a1e6cf4f1f678b974a4f2dbf26
.zip

Password: infected
06ffb7bbd7dd6a47bd3fdb77f86e2bc3b3a9d0112496eed24f75581164da3906
.elf linux
154080c5844ed76332320fcf3f1773391d80200f18f9025fd05b55b86f8ff795
.msi
1650ced30cfb68451bb432b44f72fa93687d95d83f70fa039658d8cb665508c5
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rda
Size: 304KB - Virtual size: 303KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data1
Size: 20KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.m5Fih
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
1a70a7de8a393638b80336e9d2b225c2fd199d9d3eed3ad2c007656cc20c2b4a
.exe windows:4 windows x86 arch:x86

524711ec9c5a149fe3bf3479d0b505b6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

shell32

ShellExecuteExW
ShellExecuteW
SHGetMalloc
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
SHGetSpecialFolderPathW

gdi32

CreateCompatibleDC
CreateFontIndirectW
DeleteObject
DeleteDC
GetCurrentObject
StretchBlt
GetDeviceCaps
CreateCompatibleBitmap
SelectObject
SetStretchBltMode
GetObjectW

advapi32

FreeSid
AllocateAndInitializeSid
CheckTokenMembership

user32

GetWindowRect
SetWindowPos
GetWindowLongW
GetMessageW
DispatchMessageW
KillTimer
GetDesktopWindow
SendMessageW
EndDialog
ShowWindow
BringWindowToTop
wsprintfW
MessageBoxW
CreateWindowExW
ScreenToClient
GetParent
CopyImage
ReleaseDC
GetWindowDC
CharUpperW
GetClassNameA
wsprintfA
GetWindowTextW
GetWindowTextLengthW
SetWindowTextW
GetSysColor
DestroyWindow
MessageBoxA
GetKeyState
GetDlgItem
GetClientRect
SetWindowLongW
UnhookWindowsHookEx
SetFocus
GetSystemMetrics
SystemParametersInfoW
DrawTextW
GetDC
ClientToScreen
GetWindow
DialogBoxIndirectParamW
DrawIconEx
CallWindowProcW
DefWindowProcW
CallNextHookEx
PtInRect
SetWindowsHookExW
LoadImageW
LoadIconW
MessageBeep
EnableWindow
IsWindow
EnableMenuItem
GetSystemMenu
CreateWindowExA
wvsprintfW
GetMenu
SetTimer

ole32

CreateStreamOnHGlobal
CoCreateInstance
CoInitialize

oleaut32

SysAllocStringLen
VariantClear
SysFreeString
OleLoadPicture
SysAllocString

kernel32

SetFileTime
SetEndOfFile
GetFileInformationByHandle
VirtualFree
GetModuleHandleA
WaitForMultipleObjects
VirtualAlloc
ReadFile
SetFilePointer
GetFileSize
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
FormatMessageW
lstrcpyW
LocalFree
IsBadReadPtr
SuspendThread
TerminateThread
GetSystemDirectoryW
GetCurrentThreadId
InitializeCriticalSection
ResetEvent
SetEvent
CreateEventW
GetVersionExW
GetModuleFileNameW
GetCurrentProcess
SetProcessWorkingSetSize
SetEnvironmentVariableW
GetDriveTypeW
CreateFileW
LoadLibraryA
SetThreadLocale
GetSystemTimeAsFileTime
ExpandEnvironmentStringsW
CompareFileTime
WideCharToMultiByte
GetTempPathW
GetCurrentDirectoryW
FindFirstFileW
lstrcmpW
DeleteFileW
FindNextFileW
FindClose
RemoveDirectoryW
SetCurrentDirectoryW
GetEnvironmentVariableW
lstrcmpiW
GetLocaleInfoW
MultiByteToWideChar
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetSystemDefaultLCID
lstrcmpiA
GlobalAlloc
GlobalFree
MulDiv
FindResourceExA
SizeofResource
LoadResource
LockResource
GetProcAddress
GetModuleHandleW
GetStdHandle
WriteFile
lstrlenA
CreateDirectoryW
GetFileAttributesW
lstrlenW
GetLocalTime
SystemTimeToFileTime
CreateThread
GetExitCodeThread
Sleep
SetFileAttributesW
ExitProcess
lstrcatW
CloseHandle
WaitForSingleObject
GetExitCodeProcess
GetQueuedCompletionStatus
SetInformationJobObject
CreateIoCompletionPort
AssignProcessToJobObject
ResumeThread
CreateJobObjectW
GetLastError
CreateProcessW
GetStartupInfoW
GetCommandLineW
SetLastError
GetDiskFreeSpaceExW
GetStartupInfoA

msvcrt

memset
_wtol
_purecall
memcmp
??2@YAPAXI@Z
_wcsnicmp
memmove
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
_onexit
__dllonexit
malloc
free
wcsstr
_CxxThrowException
wcscmp
_beginthreadex
_EH_prolog
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
strncmp
wcsncmp
wcsncpy
strncpy
memcpy
??3@YAXPAX@Z

Sections

.text
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 151KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
2771c9b15d6a7ce670af03b2709545a4553f187098db3ac7616b25aa8067bd1e
.rar
ISSUES INVOICE E-4136 REV.1.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 644KB - Virtual size: 643KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
350fbd43ce6f7d1d3d636aa5b94187d4dcc8e866527cfdc9c9ce226aea3500ed
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rda
Size: 304KB - Virtual size: 303KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data1
Size: 20KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.m5Fih
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
44faf11719b3a679e7a6dd5db40033ec4dd6e1b0361c145b81586cb735a64112
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Projects\Shark\Shark\obj\Debug\Shark.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
4853dc09bbd4a61610a354d5fcd0f9e376e284124c5ff949ba49457eed1f55f6
.html .js polyglot
4ba637df90076330cdace697a87aafc6dd1d1b3a35b4ad924aad80aa7c3f4a9e
.elf linux x86
4f8c1840d692d8248f3b7cb478acfbb7e65bdeecd64790a163eaa0db5592df06
.elf linux x64
623534bf150f2538edb27e51ed56b92f464adb5da8e2db378ec3a666fcb64772
.vbs
65df637db227ff1685bdf82ab676de4ed70bffd4c96e6cde70d575217700083b
.elf linux x64
717ad3ee2b9ae94aac5bd01bce9bb945d8c620e3a60f241864dede3646f3dd47
.dll regsvr32 windows:5 windows x86 arch:x86

e559c8e7fa82d1011738e0e35ad87008

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

K:\MFC-Examples-main\MFC-Examples-main\SoundStudio\Release\SoundStudio.pdb

Imports

kernel32

UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
RaiseException
RtlUnwind
Sleep
ExitProcess
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualFree
HeapCreate
HeapDestroy
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
TerminateProcess
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
GetFileTime
GetFileSizeEx
GetFileAttributesW
FileTimeToLocalFileTime
GetTickCount
CreateFileW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
FileTimeToSystemTime
GetThreadLocale
lstrlenA
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalFlags
CloseHandle
WritePrivateProfileStringW
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
FreeResource
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetVersionExW
FreeLibrary
CompareStringW
LoadLibraryA
lstrcmpW
GetModuleHandleW
GetVersionExA
WideCharToMultiByte
MultiByteToWideChar
GlobalFree
GlobalAlloc
FormatMessageW
LocalFree
lstrlenW
GetCurrentProcessId
GetModuleFileNameW
GetLastError
GlobalLock
GlobalUnlock
MulDiv
GetModuleHandleA
GetProcAddress
SetLastError
InterlockedExchange
InterlockedCompareExchange
OutputDebugStringW
LockResource
GetCurrentProcess
LoadLibraryW
SizeofResource
LoadResource
FindResourceW
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoA
HeapReAlloc

user32

RegisterClipboardFormatW
PostThreadMessageW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
SetPropW
GetPropW
RemovePropW
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
SetActiveWindow
DispatchMessageW
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
GetKeyState
SetMenu
SetForegroundWindow
IsWindowVisible
UpdateWindow
CreateWindowExW
GetClassInfoExW
AdjustWindowRectEx
EqualRect
PtInRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
SetWindowLongW
SetWindowPos
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetWindow
IntersectRect
CopyRect
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetWindowThreadProcessId
GetParent
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
MessageBoxW
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
PostMessageW
DrawIcon
GetSysColor
IsWindow
InvalidateRect
GetSystemMetrics
IsIconic
SendMessageW
AppendMenuW
GetSystemMenu
GetClassNameW
GetFocus
LoadIconW
EnableWindow
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
OffsetRect
GetClientRect
RegisterClassW
CharUpperW
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
SetRect
IsRectEmpty
CopyAcceleratorTableW
CharNextW
ReleaseCapture
SetCapture
LoadCursorW
GetSysColorBrush
DestroyMenu
SetCursor
GetMessageW
TranslateMessage
ValidateRect
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
GetClassInfoW
GetCursorPos

gdi32

SetTextColor
SetMapMode
GetClipBox
DeleteObject
GetObjectW
GetViewportExtEx
GetWindowExtEx
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ExtSelectClipRgn
DeleteDC
CreateBitmap
GetStockObject
GetDeviceCaps
CreateRectRgnIndirect
GetTextColor
GetRgnBox
SetBkMode
SetBkColor
RestoreDC
SaveDC
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
Polyline
CreatePen
BitBlt
GetBkColor
ScaleWindowExtEx
CreateCompatibleDC
GetMapMode
CreateCompatibleBitmap
LPtoDP
DPtoLP

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameW
PathRemoveFileSpecW
PathStripToRootW
PathFindExtensionW
PathIsUNCW

oledlg

OleUIBusyW

ole32

CoInitialize
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CoCreateInstance
CoInitializeEx
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CLSIDFromString

oleaut32

SysStringLen
SysAllocStringLen
VariantClear
VariantChangeType
VariantInit
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
SysAllocString
SysFreeString

winmm

waveOutUnprepareHeader
waveOutPrepareHeader
waveOutWrite
waveOutGetPosition
waveOutPause
waveOutReset
waveOutRestart
waveOutClose
waveOutOpen
timeKillEvent
timeSetEvent
timeEndPeriod
timeBeginPeriod
timeGetDevCaps
mixerGetLineInfoW
mixerGetLineControlsW
mixerSetControlDetails
mixerGetControlDetailsW
mixerClose
mixerOpen

oleacc

LresultFromObject
CreateStdAccessibleObject

Exports

Exports

DllRegisterServer

Sections

.text
Size: 235KB - Virtual size: 234KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 245KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
71ba20bdd899fde2a4e2967bc6c719f2c96146cc80c3dd8953431cb82d4df199
.pps windows office2003
7696fa96542ff737b9eb4152fb3e2c0c04c5972d724d93efe7666fb4b7038f4f
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

73:1d:40:ae:3f:3a:1f:b2:bc:3d:83:95
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

25-08-2020 13:42

Not After

26-08-2023 13:42

Subject

CN=win.rar GmbH,O=win.rar GmbH,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

73:1d:40:ae:3f:3a:1f:b2:bc:3d:83:95
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

25-08-2020 13:42

Not After

26-08-2023 13:42

Subject

CN=win.rar GmbH,O=win.rar GmbH,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9f
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

27-05-2021 09:55

Not After

28-06-2032 09:55

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20-06-2018 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20-02-2019 00:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18-03-2009 10:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

19:6d:ea:1a:9c:8a:0d:de:e5:1e:20:d6:a2:fb:f4:a5:55:0b:b4:5a:53:12:c5:98:9d:a8:0d:a8:ae:1d:c5:9c
Signer

Actual PE Digest

19:6d:ea:1a:9c:8a:0d:de:e5:1e:20:d6:a2:fb:f4:a5:55:0b:b4:5a:53:12:c5:98:9d:a8:0d:a8:ae:1d:c5:9c

Digest Algorithm

sha256

PE Digest Matches

false

3f:4b:9b:f0:b8:e6:5b:0d:1e:ad:08:6d:2b:b2:d1:25:8b:c5:50:01
Signer

Actual PE Digest

3f:4b:9b:f0:b8:e6:5b:0d:1e:ad:08:6d:2b:b2:d1:25:8b:c5:50:01

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Administrator\Desktop\Nl91zcJH7dyY0oy.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
89ab99f5721b691e5513f4192e7c96eb0981ddb6c2d2b94c1a32e2df896397b8
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\source\repos\Shark\Shark\obj\Release\audioddg.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
8bcc9ea07aa49b1c774327cb2fffaea269806805538b40aa8b7d2a89b8cfbca8
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 836B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
8eb3ba4bf74f0ec17a13a504d3f68a9ce7a71b93b2b1b5274b691b17ecc1a3ed
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rda
Size: 304KB - Virtual size: 303KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data1
Size: 20KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.m5Fih
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
90bfa67161e3c835aa16b29bf8861fa138708af978597e1a04ff98e79ed61a53
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
a44afa0907b48e04657561e24ca6e009777c607827d08086dff676b1249b9de9
.dll regsvr32 windows:4 windows x86 arch:x86

9646f8d9906f1ec39cfd7388ea0616e5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileSize
GetFileTime
WritePrivateProfileStringA
GetProcessVersion
SizeofResource
GetFileAttributesA
FileTimeToLocalFileTime
GetTickCount
FormatMessageA
LocalReAlloc
SetStdHandle
RaiseException
GetProfileStringA
GlobalReAlloc
GlobalHandle
LocalFree
LocalAlloc
GlobalFlags
FreeLibrary
lstrcatA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalFree
LockResource
FindResourceA
LoadResource
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetThreadLocale
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
lstrcpyA
lstrlenA
SetEndOfFile
UnlockFile
LockFile
CloseHandle
FlushFileBuffers
SetFilePointer
ReadFile
CreateFileA
DuplicateHandle
lstrcpynA
GlobalLock
GlobalUnlock
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetTimeZoneInformation
LoadLibraryA
GetOEMCP
GetACP
GetStringTypeW
GetStringTypeA
GetCPInfo
LCMapStringW
LCMapStringA
MultiByteToWideChar
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
WriteFile
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
HeapSize
TerminateProcess
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
ExitProcess
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetCurrentThread
GetLastError
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetModuleHandleA
GetProcAddress
GetVersion
GetCommandLineA
InterlockedIncrement
InterlockedDecrement
HeapAlloc
HeapFree
RtlUnwind
LoadLibraryW
GetCurrentProcess
FileTimeToSystemTime
MulDiv

user32

GetSysColor
SetFocus
AdjustWindowRectEx
GetTopWindow
IsChild
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
DefWindowProcA
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
SetWindowLongA
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
MapDialogRect
SetWindowPos
GetWindow
SetWindowContextHelpId
MapWindowPoints
EndDialog
SetActiveWindow
IsWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
GetMenuCheckMarkDimensions
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
MessageBoxA
SetCursor
HideCaret
ShowCaret
ExcludeUpdateRgn
DrawFocusRect
DefDlgProcA
IsWindowUnicode
ReleaseDC
PostQuitMessage
PostMessageA
LoadBitmapA
CharUpperA
wsprintfA
UnhookWindowsHookEx
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
SendDlgItemMessageA
UpdateWindow
CopyRect
ScreenToClient
PtInRect
KillTimer
SetTimer
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
GetSystemMenu
AppendMenuA
GetDC
SetRect
EnableWindow
LoadIconA
SendMessageA
PostThreadMessageA
RegisterClipboardFormatA
InvalidateRect
MessageBeep
GetNextDlgGroupItem
CopyAcceleratorTableA
CharNextA
InflateRect
GetSysColorBrush
PeekMessageA
LoadCursorA
GetDesktopWindow
GetClassNameA
DestroyMenu
LoadStringA
ShowWindow
MoveWindow
SetWindowTextA
GetMenuState
IsDialogMessageA

gdi32

GetStockObject
SelectPalette
SetBkColor
SetBkMode
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
IntersectClipRect
RestoreDC
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
CreateBitmap
PatBlt
GetMapMode
DPtoLP
GetTextColor
GetBkColor
LPtoDP
SaveDC
DeleteDC
CreateDiscardableBitmap
CreateSolidBrush
GetPixel
GetDIBColorTable
GetObjectA
CreateCompatibleDC
SelectObject
BitBlt
CreateDIBSection
GdiFlush
GetDeviceCaps
RealizePalette
SetDIBitsToDevice
DeleteObject
CreateDIBitmap
GetTextExtentPointA
CreatePalette

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA

comctl32

ord17

oledlg

ord8

ole32

CoFreeUnusedLibraries
OleInitialize
CoTaskMemAlloc
CoTaskMemFree
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
OleUninitialize

olepro32

ord252
ord253

oleaut32

VariantChangeType
VariantCopy
VariantTimeToSystemTime
VariantClear
SysAllocStringLen
SysFreeString
SysAllocStringByteLen
SysStringLen
SysAllocString

msvfw32

DrawDibRealize
DrawDibDraw
DrawDibClose
DrawDibSetPalette

Exports

Exports

DllRegisterServer

Sections

.text
Size: 144KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 292KB - Virtual size: 288KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
b057ac2640418b1490c82aaaee24b62a76b94a6e47e0b4ed7fb19fd030783b6d
.elf linux x86
b360aec1b9a2f3bd41c1fdf68acb487728fce3e7b47dbaeffd7dbb6fab621baa
.elf linux sh
b4eb8e75e74fb03a7a28cf17d98413fed877a43137d458e488216f8e938c551c
.xls windows office2003
be96e4fd3e4b3e9420aff07aa8865c1900f1ecb4f52297bfcccb254ef263a737
.vbs
bfd643cf18986969f199d1deb54a11af5d4b62c118d17ab8ee473eb758839814
.ps1
c41074592226333dee840e9164629107ee070cc7eee344a11720578fe7e52acd
c7a9cf7edcb74210ab3d98121f29f8ca4c54d11e3d0240edc7ecdbe9e1a85e2e
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
d2efca8ecf1e864e10c22469f0e1d06cdc17a8c4b5aa4afe0975525230171042
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 843KB - Virtual size: 843KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
d8cee88209eafdf76e683c275e9bcd74f02f3604d70fd5591a272d7320e1e27b
.rar
Order items 2652-21-22.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 980KB - Virtual size: 979KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
e24f03db97f321cac1a81ae747465be307c949c91d366941e9501d42c3c7a8ed
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Code Sign

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04-03-2014 00:00

Not After

03-03-2024 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3c:4e:15:99:e4:4f:bd:0a:9a:50:05:4b:29:eb:9a:87
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

14-01-2019 00:00

Not After

14-01-2022 23:59

Subject

SERIALNUMBER=2828381,CN=Support.com\, Inc.,OU=Operations,O=Support.com\, Inc.,L=Sunnyvale,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#130953756e6e7976616c65,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:cd:ab:f9:09:9a:71:0a:59:f0:37:c1:e0:a1:18:c8:24:ab:88:82:1f:5c:69:75:6f:4c:60:40:1a:23:d8:a9
Signer

Actual PE Digest

1d:cd:ab:f9:09:9a:71:0a:59:f0:37:c1:e0:a1:18:c8:24:ab:88:82:1f:5c:69:75:6f:4c:60:40:1a:23:d8:a9

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 247KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 456KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$0
.exe windows:5 windows x86 arch:x86

3630df791e5225154ca77baeb9729016

Code Sign

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04-03-2014 00:00

Not After

03-03-2024 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3c:4e:15:99:e4:4f:bd:0a:9a:50:05:4b:29:eb:9a:87
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

14-01-2019 00:00

Not After

14-01-2022 23:59

Subject

SERIALNUMBER=2828381,CN=Support.com\, Inc.,OU=Operations,O=Support.com\, Inc.,L=Sunnyvale,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#130953756e6e7976616c65,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

86:4c:66:0f:45:5e:b5:08:4c:8a:80:6e:c8:43:a5:c1:f2:18:04:0b:fb:65:3d:c7:55:b8:c4:26:e2:e9:9c:4b
Signer

Actual PE Digest

86:4c:66:0f:45:5e:b5:08:4c:8a:80:6e:c8:43:a5:c1:f2:18:04:0b:fb:65:3d:c7:55:b8:c4:26:e2:e9:9c:4b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

W:\git_repo\buildjobs\firebet-rang\vncupgrade_master\output\Release\Win32\ssrangsv.pdb

Imports

ws2_32

WSAGetLastError
WSAStringToAddressW
__WSAFDIsSet
accept
bind
closesocket
connect
ioctlsocket
getsockopt
htonl
WSASetLastError
WSAStartup
ntohl
ntohs
select
setsockopt
shutdown
WSAIoctl
WSARecv
WSASend
WSASocketW
htons
WSACleanup
WSAAddressToStringW
getaddrinfo
freeaddrinfo
getsockname
WSASetEvent
listen
WSACloseEvent
WSAEnumNetworkEvents
WSAEventSelect
WSACreateEvent
inet_addr
gethostbyname
getpeername
recv
send
socket
recvfrom
sendto
gethostname
WSAConnect
inet_ntoa

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

shell32

SHGetFolderPathA
ShellExecuteA
ShellExecuteExA
SHGetFolderPathW
DoEnvironmentSubstA

winmm

timeGetTime

rpcrt4

UuidFromStringA
RpcStringFreeA
UuidToStringA

powrprof

ReadGlobalPwrPolicy
SetActivePwrScheme
GetActivePwrScheme
ReadPwrScheme

psapi

GetModuleFileNameExW
GetProcessImageFileNameW
EnumProcesses

netapi32

NetUserEnum
NetApiBufferFree

pdh

PdhCloseQuery
PdhAddCounterW
PdhOpenQueryW
PdhRemoveCounter
PdhCollectQueryData

kernel32

DecodePointer
DeleteCriticalSection
FreeResource
FindResourceW
LoadResource
GetFileAttributesW
GetCurrentDirectoryW
LockResource
ExpandEnvironmentStringsW
WaitForSingleObjectEx
CreateFileA
UnmapViewOfFile
WaitForSingleObject
WriteFile
GetCommandLineA
Sleep
WaitForMultipleObjects
CreateMutexA
ReleaseMutex
DeleteFileA
CreateThread
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
MapViewOfFile
FlushViewOfFile
CreateFileMappingA
OpenFileMappingA
CreateProcessW
GetDateFormatW
GetFileSize
SetFilePointer
VirtualQuery
SetUnhandledExceptionFilter
CreateDirectoryW
OutputDebugStringW
GetCurrentThread
GetTimeFormatW
IsBadWritePtr
CreateFileW
MoveFileExA
SetEndOfFile
RaiseException
GetFileSizeEx
RemoveDirectoryA
GetCurrentDirectoryA
DeleteFileW
CopyFileA
GetTempPathA
GetEnvironmentVariableW
GetPrivateProfileStringW
CopyFileW
WritePrivateProfileStringW
FlushFileBuffers
MoveFileW
SetFileAttributesW
FreeConsole
OpenEventW
ExitProcess
GetCommandLineW
MoveFileExW
lstrlenW
SetSystemTime
ExpandEnvironmentStringsA
GetFileTime
GetTickCount
SetCurrentDirectoryW
OutputDebugStringA
FormatMessageA
GetFileAttributesA
TlsGetValue
TlsSetValue
TlsAlloc
TlsFree
GetThreadTimes
ResumeThread
GetSystemTimeAsFileTime
OpenEventA
WaitForMultipleObjectsEx
ReleaseSemaphore
GetModuleHandleA
SetWaitableTimer
CreateWaitableTimerA
PostQueuedCompletionStatus
VerSetConditionMask
SetLastError
CreateIoCompletionPort
GetQueuedCompletionStatus
SleepEx
CreateMutexW
QueueUserAPC
TerminateThread
VerifyVersionInfoA
CreateSemaphoreA
DuplicateHandle
MultiByteToWideChar
InitializeCriticalSectionAndSpinCount
LoadLibraryW
SystemTimeToFileTime
LocalFree
GetSystemInfo
LoadLibraryA
GetProcAddress
GetVersionExW
FormatMessageW
GetVolumeInformationA
FreeLibrary
GetLocaleInfoA
GetSystemTime
GetLocalTime
CreateEventW
ResetEvent
QueryPerformanceFrequency
QueryPerformanceCounter
GetModuleFileNameW
SetEvent
HeapFree
CreateEventA
HeapAlloc
GetProcessHeap
GetModuleHandleW
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
TerminateProcess
FindNextFileA
FindClose
FindFirstFileA
FileTimeToLocalFileTime
CloseHandle
GetLastError
CreateDirectoryA
FileTimeToSystemTime
WideCharToMultiByte
OpenProcess
ReadConsoleInputA
SetHandleInformation
SetConsoleMode
GetFileInformationByHandle
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
CreateSemaphoreW
GetStartupInfoW
UnhandledExceptionFilter
GetCPInfo
UnregisterWait
FindFirstFileExW
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
GetFullPathNameW
EnumSystemLocalesW
IsValidCodePage
GetACP
GetOEMCP
GetTimeZoneInformation
ReadFile
PeekNamedPipe
FlushConsoleInputBuffer
GlobalMemoryStatus
GetVersionExA
lstrlenA
SetEnvironmentVariableA
CreateProcessA
WriteConsoleW
SetStdHandle
HeapReAlloc
ReadConsoleW
VirtualProtect
VirtualFree
VirtualAlloc
UnregisterWaitEx
InitializeSListHead
FreeLibraryAndExitThread
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetFileType
GetStdHandle
GetConsoleMode
GetConsoleCP
GetTempFileNameW
GetExitCodeProcess
GetTempPathW
SetProcessShutdownParameters
GetOverlappedResult
WaitNamedPipeA
SetNamedPipeHandleState
ConnectNamedPipe
DisconnectNamedPipe
CreateNamedPipeA
Process32First
Thread32First
Thread32Next
Module32First
Process32Next
Module32Next
SuspendThread
GlobalMemoryStatusEx
InterlockedDecrement
SetFilePointerEx
GetFileAttributesExW
EncodePointer
GetStringTypeW
IsDebuggerPresent
IsProcessorFeaturePresent
AreFileApisANSI
GetModuleHandleExW
RtlUnwind
ExitThread
LoadLibraryExW
CreateTimerQueue
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
SetConsoleCtrlHandler
SignalObjectAndWait
SwitchToThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
HeapSize

user32

wvsprintfW
DispatchMessageW
PeekMessageW
MsgWaitForMultipleObjects
wsprintfW
GetClassNameW
CloseDesktop
EnumDesktopsW
OpenDesktopW
GetProcessWindowStation
EnumDesktopWindows
SendMessageW
GetUserObjectInformationW
RegisterClassW
CreateWindowExW
SetWindowLongW
GetWindowLongW
DestroyWindow
DefWindowProcW
PostThreadMessageA
DispatchMessageA
PeekMessageA
LoadStringA
GetDesktopWindow
GetSystemMetrics
GetWindowThreadProcessId
GetWindowTextW
GetForegroundWindow
UnregisterClassW
ExitWindowsEx
LoadStringW
MessageBoxA
PostThreadMessageW
MessageBoxW
FindWindowW
WaitForInputIdle
CharNextW
CharPrevW
TranslateMessage

advapi32

LookupPrivilegeValueW
RegisterServiceCtrlHandlerW
SetServiceStatus
ReportEventA
RegisterEventSourceA
DeregisterEventSource
LookupPrivilegeValueA
AddAccessAllowedAce
InitializeAcl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
FreeSid
IsValidSid
AllocateAndInitializeSid
CopySid
QueryServiceStatus
StartServiceW
EqualSid
OpenServiceW
StartServiceCtrlDispatcherW
OpenSCManagerW
DeleteService
RegCreateKeyExW
RegQueryInfoKeyW
AdjustTokenPrivileges
ControlService
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
SetTokenInformation
LogonUserW
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptReleaseContext
CryptAcquireContextW
CryptGetHashParam
DuplicateTokenEx
GetTokenInformation
OpenProcessToken
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegSetValueExW
CreateProcessAsUserW
GetLengthSid
GetUserNameW
ImpersonateLoggedOnUser
RevertToSelf
CreateServiceW
CloseServiceHandle

ole32

CoSetProxyBlanket
CoInitializeSecurity
CoCreateGuid
CoInitializeEx
CoUninitialize
CoCreateInstance
CLSIDFromProgID

oleaut32

VariantClear
SysAllocStringLen
SysFreeString
SysStringLen
SysAllocString
VariantInit

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 873KB - Virtual size: 873KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 107KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$2
.exe windows:5 windows x86 arch:x86

3630df791e5225154ca77baeb9729016

Code Sign

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04-03-2014 00:00

Not After

03-03-2024 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3c:4e:15:99:e4:4f:bd:0a:9a:50:05:4b:29:eb:9a:87
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

14-01-2019 00:00

Not After

14-01-2022 23:59

Subject

SERIALNUMBER=2828381,CN=Support.com\, Inc.,OU=Operations,O=Support.com\, Inc.,L=Sunnyvale,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#130953756e6e7976616c65,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

86:4c:66:0f:45:5e:b5:08:4c:8a:80:6e:c8:43:a5:c1:f2:18:04:0b:fb:65:3d:c7:55:b8:c4:26:e2:e9:9c:4b
Signer

Actual PE Digest

86:4c:66:0f:45:5e:b5:08:4c:8a:80:6e:c8:43:a5:c1:f2:18:04:0b:fb:65:3d:c7:55:b8:c4:26:e2:e9:9c:4b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

W:\git_repo\buildjobs\firebet-rang\vncupgrade_master\output\Release\Win32\ssrangsv.pdb

Imports

ws2_32

WSAGetLastError
WSAStringToAddressW
__WSAFDIsSet
accept
bind
closesocket
connect
ioctlsocket
getsockopt
htonl
WSASetLastError
WSAStartup
ntohl
ntohs
select
setsockopt
shutdown
WSAIoctl
WSARecv
WSASend
WSASocketW
htons
WSACleanup
WSAAddressToStringW
getaddrinfo
freeaddrinfo
getsockname
WSASetEvent
listen
WSACloseEvent
WSAEnumNetworkEvents
WSAEventSelect
WSACreateEvent
inet_addr
gethostbyname
getpeername
recv
send
socket
recvfrom
sendto
gethostname
WSAConnect
inet_ntoa

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

shell32

SHGetFolderPathA
ShellExecuteA
ShellExecuteExA
SHGetFolderPathW
DoEnvironmentSubstA

winmm

timeGetTime

rpcrt4

UuidFromStringA
RpcStringFreeA
UuidToStringA

powrprof

ReadGlobalPwrPolicy
SetActivePwrScheme
GetActivePwrScheme
ReadPwrScheme

psapi

GetModuleFileNameExW
GetProcessImageFileNameW
EnumProcesses

netapi32

NetUserEnum
NetApiBufferFree

pdh

PdhCloseQuery
PdhAddCounterW
PdhOpenQueryW
PdhRemoveCounter
PdhCollectQueryData

kernel32

DecodePointer
DeleteCriticalSection
FreeResource
FindResourceW
LoadResource
GetFileAttributesW
GetCurrentDirectoryW
LockResource
ExpandEnvironmentStringsW
WaitForSingleObjectEx
CreateFileA
UnmapViewOfFile
WaitForSingleObject
WriteFile
GetCommandLineA
Sleep
WaitForMultipleObjects
CreateMutexA
ReleaseMutex
DeleteFileA
CreateThread
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
MapViewOfFile
FlushViewOfFile
CreateFileMappingA
OpenFileMappingA
CreateProcessW
GetDateFormatW
GetFileSize
SetFilePointer
VirtualQuery
SetUnhandledExceptionFilter
CreateDirectoryW
OutputDebugStringW
GetCurrentThread
GetTimeFormatW
IsBadWritePtr
CreateFileW
MoveFileExA
SetEndOfFile
RaiseException
GetFileSizeEx
RemoveDirectoryA
GetCurrentDirectoryA
DeleteFileW
CopyFileA
GetTempPathA
GetEnvironmentVariableW
GetPrivateProfileStringW
CopyFileW
WritePrivateProfileStringW
FlushFileBuffers
MoveFileW
SetFileAttributesW
FreeConsole
OpenEventW
ExitProcess
GetCommandLineW
MoveFileExW
lstrlenW
SetSystemTime
ExpandEnvironmentStringsA
GetFileTime
GetTickCount
SetCurrentDirectoryW
OutputDebugStringA
FormatMessageA
GetFileAttributesA
TlsGetValue
TlsSetValue
TlsAlloc
TlsFree
GetThreadTimes
ResumeThread
GetSystemTimeAsFileTime
OpenEventA
WaitForMultipleObjectsEx
ReleaseSemaphore
GetModuleHandleA
SetWaitableTimer
CreateWaitableTimerA
PostQueuedCompletionStatus
VerSetConditionMask
SetLastError
CreateIoCompletionPort
GetQueuedCompletionStatus
SleepEx
CreateMutexW
QueueUserAPC
TerminateThread
VerifyVersionInfoA
CreateSemaphoreA
DuplicateHandle
MultiByteToWideChar
InitializeCriticalSectionAndSpinCount
LoadLibraryW
SystemTimeToFileTime
LocalFree
GetSystemInfo
LoadLibraryA
GetProcAddress
GetVersionExW
FormatMessageW
GetVolumeInformationA
FreeLibrary
GetLocaleInfoA
GetSystemTime
GetLocalTime
CreateEventW
ResetEvent
QueryPerformanceFrequency
QueryPerformanceCounter
GetModuleFileNameW
SetEvent
HeapFree
CreateEventA
HeapAlloc
GetProcessHeap
GetModuleHandleW
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
TerminateProcess
FindNextFileA
FindClose
FindFirstFileA
FileTimeToLocalFileTime
CloseHandle
GetLastError
CreateDirectoryA
FileTimeToSystemTime
WideCharToMultiByte
OpenProcess
ReadConsoleInputA
SetHandleInformation
SetConsoleMode
GetFileInformationByHandle
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
CreateSemaphoreW
GetStartupInfoW
UnhandledExceptionFilter
GetCPInfo
UnregisterWait
FindFirstFileExW
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
GetFullPathNameW
EnumSystemLocalesW
IsValidCodePage
GetACP
GetOEMCP
GetTimeZoneInformation
ReadFile
PeekNamedPipe
FlushConsoleInputBuffer
GlobalMemoryStatus
GetVersionExA
lstrlenA
SetEnvironmentVariableA
CreateProcessA
WriteConsoleW
SetStdHandle
HeapReAlloc
ReadConsoleW
VirtualProtect
VirtualFree
VirtualAlloc
UnregisterWaitEx
InitializeSListHead
FreeLibraryAndExitThread
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetFileType
GetStdHandle
GetConsoleMode
GetConsoleCP
GetTempFileNameW
GetExitCodeProcess
GetTempPathW
SetProcessShutdownParameters
GetOverlappedResult
WaitNamedPipeA
SetNamedPipeHandleState
ConnectNamedPipe
DisconnectNamedPipe
CreateNamedPipeA
Process32First
Thread32First
Thread32Next
Module32First
Process32Next
Module32Next
SuspendThread
GlobalMemoryStatusEx
InterlockedDecrement
SetFilePointerEx
GetFileAttributesExW
EncodePointer
GetStringTypeW
IsDebuggerPresent
IsProcessorFeaturePresent
AreFileApisANSI
GetModuleHandleExW
RtlUnwind
ExitThread
LoadLibraryExW
CreateTimerQueue
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
SetConsoleCtrlHandler
SignalObjectAndWait
SwitchToThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
HeapSize

user32

wvsprintfW
DispatchMessageW
PeekMessageW
MsgWaitForMultipleObjects
wsprintfW
GetClassNameW
CloseDesktop
EnumDesktopsW
OpenDesktopW
GetProcessWindowStation
EnumDesktopWindows
SendMessageW
GetUserObjectInformationW
RegisterClassW
CreateWindowExW
SetWindowLongW
GetWindowLongW
DestroyWindow
DefWindowProcW
PostThreadMessageA
DispatchMessageA
PeekMessageA
LoadStringA
GetDesktopWindow
GetSystemMetrics
GetWindowThreadProcessId
GetWindowTextW
GetForegroundWindow
UnregisterClassW
ExitWindowsEx
LoadStringW
MessageBoxA
PostThreadMessageW
MessageBoxW
FindWindowW
WaitForInputIdle
CharNextW
CharPrevW
TranslateMessage

advapi32

LookupPrivilegeValueW
RegisterServiceCtrlHandlerW
SetServiceStatus
ReportEventA
RegisterEventSourceA
DeregisterEventSource
LookupPrivilegeValueA
AddAccessAllowedAce
InitializeAcl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
FreeSid
IsValidSid
AllocateAndInitializeSid
CopySid
QueryServiceStatus
StartServiceW
EqualSid
OpenServiceW
StartServiceCtrlDispatcherW
OpenSCManagerW
DeleteService
RegCreateKeyExW
RegQueryInfoKeyW
AdjustTokenPrivileges
ControlService
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
SetTokenInformation
LogonUserW
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptReleaseContext
CryptAcquireContextW
CryptGetHashParam
DuplicateTokenEx
GetTokenInformation
OpenProcessToken
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegSetValueExW
CreateProcessAsUserW
GetLengthSid
GetUserNameW
ImpersonateLoggedOnUser
RevertToSelf
CreateServiceW
CloseServiceHandle

ole32

CoSetProxyBlanket
CoInitializeSecurity
CoCreateGuid
CoInitializeEx
CoUninitialize
CoCreateInstance
CLSIDFromProgID

oleaut32

VariantClear
SysAllocStringLen
SysFreeString
SysStringLen
SysAllocString
VariantInit

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 873KB - Virtual size: 873KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 107KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LogEx.dll
.dll windows:5 windows x86 arch:x86

81e9c76bf8107db86c4e6a1c8cd2f7cc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileA
CloseHandle
VirtualFree
WriteFile
ReadFile
VirtualAlloc
GetFileSize
GlobalFree
GetLocalTime
GlobalAlloc
GetStringTypeW
MultiByteToWideChar
lstrcpyA
GetCurrentThreadId
DecodePointer
GetCommandLineA
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
GetLastError
InterlockedDecrement
GetProcAddress
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LeaveCriticalSection
EnterCriticalSection
HeapAlloc
HeapReAlloc
LoadLibraryW
GetModuleFileNameW
RtlUnwind
LCMapStringW
HeapSize

user32

FindWindowExA
GetDlgItem
SendMessageA
SetWindowTextA
wsprintfA

Exports

Exports

AddFile
Close
Init
Write

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

Headers

DLL Characteristics

File Characteristics

Sections

.rda Size: 304KB - Virtual size: 303KB

.rdata Size: 4KB - Virtual size: 3KB

.data1 Size: 20KB - Virtual size: 30KB

.m5Fih Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 3KB

524711ec9c5a149fe3bf3479d0b505b6

Headers

File Characteristics

Imports

comctl32

shell32

gdi32

advapi32

user32

ole32

oleaut32

kernel32

msvcrt

Sections

.text Size: 85KB - Virtual size: 84KB

.rdata Size: 15KB - Virtual size: 15KB

.data Size: 2KB - Virtual size: 18KB

.rsrc Size: 151KB - Virtual size: 151KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 644KB - Virtual size: 643KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

Headers

DLL Characteristics

File Characteristics

Sections

.rda Size: 304KB - Virtual size: 303KB

.rdata Size: 4KB - Virtual size: 3KB

.data1 Size: 20KB - Virtual size: 30KB

.m5Fih Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 3KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 29KB - Virtual size: 28KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

e559c8e7fa82d1011738e0e35ad87008

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

comctl32

shlwapi

oledlg

ole32

oleaut32

.rda
Size: 304KB - Virtual size: 303KB

.rdata
Size: 4KB - Virtual size: 3KB

.data1
Size: 20KB - Virtual size: 30KB

.m5Fih
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 85KB - Virtual size: 84KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 2KB - Virtual size: 18KB

.rsrc
Size: 151KB - Virtual size: 151KB

.text
Size: 644KB - Virtual size: 643KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.rda
Size: 304KB - Virtual size: 303KB

.rdata
Size: 4KB - Virtual size: 3KB

.data1
Size: 20KB - Virtual size: 30KB

.m5Fih
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 29KB - Virtual size: 28KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 235KB - Virtual size: 234KB

.rdata
Size: 65KB - Virtual size: 65KB

.data
Size: 12KB - Virtual size: 27KB

.rsrc
Size: 245KB - Virtual size: 244KB

.reloc
Size: 35KB - Virtual size: 35KB

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

73:1d:40:ae:3f:3a:1f:b2:bc:3d:83:95
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

73:1d:40:ae:3f:3a:1f:b2:bc:3d:83:95
Certificate

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9f
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

19:6d:ea:1a:9c:8a:0d:de:e5:1e:20:d6:a2:fb:f4:a5:55:0b:b4:5a:53:12:c5:98:9d:a8:0d:a8:ae:1d:c5:9c
Signer

3f:4b:9b:f0:b8:e6:5b:0d:1e:ad:08:6d:2b:b2:d1:25:8b:c5:50:01
Signer

.text
Size: 1.7MB - Virtual size: 1.7MB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 27KB - Virtual size: 26KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 2.9MB - Virtual size: 2.9MB