C:\Users\User\Source\data\installer\installer\obj\Release\installer.pdb
Overview
overview
10Static
static
100811cf7c27...de.exe
windows7-x64
90dd0b31f05...24.exe
windows7-x64
71ad888606f...e0.exe
windows7-x64
31c77a07e45...95.exe
windows7-x64
1023f1c183af...bc.exe
windows7-x64
1038e891599d...90.exe
windows7-x64
103a13e092e9...db.exe
windows7-x64
43b9dabd99d...82.exe
windows7-x64
358fe9776f3...06.exe
windows7-x64
105ab93bd422...11.exe
windows7-x64
36b06c25fc6...43.exe
windows7-x64
106cc8001c9b...07.exe
windows7-x64
173ca5dd6d4...3f.exe
windows7-x64
107b931d48ea...f0.exe
windows7-x64
107d6892645b...0f.exe
windows7-x64
109036aeb570...7e.exe
windows7-x64
39b6289a8bf...2b.exe
windows7-x64
8acf2b76704...a7.exe
windows7-x64
3af2f191f8d...53.exe
windows7-x64
10cc7045d9fe...ab.dll
windows7-x64
10d1a6bd542d...a8.exe
windows7-x64
10efe947e0a8...69.exe
windows7-x64
10f13edd0b86...9f.exe
windows7-x64
10Behavioral task
behavioral1
Sample
0811cf7c2702af79720305f03bb4945d63bd4052d4d6df4aa4cf8e6418e5d9de.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
0dd0b31f05bd8036791494372275f393714ac18bae0f8d26a808387a0fcfe224.exe
Resource
win7-20241010-en
Behavioral task
behavioral3
Sample
1ad888606f448d0d04c37ba11348b4c7d06f22b1cb3e8c217a21a5674bf29ce0.exe
Resource
win7-20241023-en
Behavioral task
behavioral4
Sample
1c77a07e45b4f3e7f2b756c76df58a9d0f78785aa0f9e154074503398203c695.exe
Resource
win7-20240708-en
Behavioral task
behavioral5
Sample
23f1c183af6a0322746465beeb83e79c30ba8f497cd52d60e2ed544bb7b39ebc.exe
Resource
win7-20240729-en
Behavioral task
behavioral6
Sample
38e891599dad5b84356bad13b154ef7e26bb07aa651809a00369e52a54adc890.exe
Resource
win7-20240903-en
Behavioral task
behavioral7
Sample
3a13e092e9c857702ad930dbd32ff7e4819151b0eab88be26d0229d95a74b6db.exe
Resource
win7-20240708-en
Behavioral task
behavioral8
Sample
3b9dabd99dc58a5242616cb6d1d876bca3046119a9b150c7d7868bf02202ea82.exe
Resource
win7-20240903-en
Behavioral task
behavioral9
Sample
58fe9776f33628fd965d1bcc442ec8dc5bfae0c648dcaec400f6090633484806.exe
Resource
win7-20241010-en
Behavioral task
behavioral10
Sample
5ab93bd4225586706037be1870f84d4bd124b38df01f78de5648e3e0f30b8911.exe
Resource
win7-20240903-en
Behavioral task
behavioral11
Sample
6b06c25fc6181adf110e8109550698897836b5c429fe9b013b2e51a3abc05343.exe
Resource
win7-20241010-en
Behavioral task
behavioral12
Sample
6cc8001c9b61f55dc390743a9a6adfe2de01efd983f68599b288d39d3bfb7207.exe
Resource
win7-20241023-en
Behavioral task
behavioral13
Sample
73ca5dd6d49b4c296ee1304aaac2e5fde01156800b538354fd27366df5b9323f.exe
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
7b931d48eafa703a99ca7f104daf9a7343b6f1161d49073b86f5a4700864d3f0.exe
Resource
win7-20240903-en
Behavioral task
behavioral15
Sample
7d6892645bc5ba581b2fff986b3e9371dd7298bab6aac890c99f80c8b1d78f0f.exe
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
9036aeb570b22497c0f937e7edcef624800426011f0193a2b78c7f124e3a4c7e.exe
Resource
win7-20240729-en
Behavioral task
behavioral17
Sample
9b6289a8bf3eab91297cc6d01215b06f4d979a81656eb80bc0ae6d3b7e8b112b.exe
Resource
win7-20240708-en
Behavioral task
behavioral18
Sample
acf2b767040e546b689b4f1724569fd9992189ba2035654cfbf866b933e5b1a7.exe
Resource
win7-20240903-en
Behavioral task
behavioral19
Sample
af2f191f8d2199d74867e9b1b9071e677c91b24d529d17b83ff04d0f03098a53.exe
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
cc7045d9fe77c4aa4cb646d01fb4700008a34f58f49358d0b0b0997d21016aab.dll
Resource
win7-20241010-en
Behavioral task
behavioral21
Sample
d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
Resource
win7-20241023-en
Behavioral task
behavioral22
Sample
efe947e0a8842997d152af946ef0293a972cc11662f3c62a8461bc4a07427669.exe
Resource
win7-20240903-en
Behavioral task
behavioral23
Sample
f13edd0b86c095dfb681e8bf08d7df0d53d9fb4301f2ba65ae9706a0aaeefe9f.exe
Resource
win7-20240903-en
General
-
Target
Unique_Icons_But_Unknown_Malware_2.rar
-
Size
2.3MB
-
MD5
5d4b7054cd11fb441757a5c52e41759b
-
SHA1
08956bd2dff30ecc33f7489ab9c1a8c142812e6c
-
SHA256
fa3f7a4c1502f499a481b56f5e7c185876626e3d00110d84e09652f98b776aff
-
SHA512
96fab5476cd758aa76c683810e485ae0adcdcbc9938f33ff71968367ef4664d62a79975cde6e5071427135a5073f11c1f55b36b73f88d86b96dcfd3e0ba13122
-
SSDEEP
49152:kdXUkI/XI52rHPNoZ/jV3DcVVcgGTYWLanJ6:aXk/IAzPMxDcVM8WLaJ6
Malware Config
Extracted
njrat
0.7d
HacKed
cheat12.ddns.net:57
a412988a99c974058615f1975119a5d1
-
reg_key
a412988a99c974058615f1975119a5d1
-
splitter
|'|'|
Extracted
blacknet
HacKed
https://xblackeyex.000webhostapp.com/blacknet/
BN[SNqrYexG-0655563]
-
antivm
false
-
elevate_uac
false
-
install_name
svchost.exe
-
splitter
|BN|
-
start_name
17d5d9a29524a220af2c5580f0145c42
-
startup
false
-
usb_spread
false
Extracted
pony
http://butterchoco.net/admin/bull/gate.php
Signatures
-
BlackNET payload 1 IoCs
resource yara_rule static1/unpack001/7d6892645bc5ba581b2fff986b3e9371dd7298bab6aac890c99f80c8b1d78f0f.exe family_blacknet -
Blacknet family
-
Chaos Ransomware 1 IoCs
resource yara_rule static1/unpack001/f13edd0b86c095dfb681e8bf08d7df0d53d9fb4301f2ba65ae9706a0aaeefe9f.exe family_chaos -
Chaos family
-
Detect MafiaWare666 ransomware 1 IoCs
resource yara_rule static1/unpack001/d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe family_mafiaware666 -
Eternity family
-
Mafiaware666 family
-
Njrat family
-
Pony family
-
Unsigned PE 19 IoCs
Checks for missing Authenticode signature.
resource unpack001/0811cf7c2702af79720305f03bb4945d63bd4052d4d6df4aa4cf8e6418e5d9de.exe unpack001/0dd0b31f05bd8036791494372275f393714ac18bae0f8d26a808387a0fcfe224.exe unpack001/1ad888606f448d0d04c37ba11348b4c7d06f22b1cb3e8c217a21a5674bf29ce0.exe unpack001/1c77a07e45b4f3e7f2b756c76df58a9d0f78785aa0f9e154074503398203c695.exe unpack001/23f1c183af6a0322746465beeb83e79c30ba8f497cd52d60e2ed544bb7b39ebc.exe unpack001/38e891599dad5b84356bad13b154ef7e26bb07aa651809a00369e52a54adc890.exe unpack001/3a13e092e9c857702ad930dbd32ff7e4819151b0eab88be26d0229d95a74b6db.exe unpack001/58fe9776f33628fd965d1bcc442ec8dc5bfae0c648dcaec400f6090633484806.exe unpack001/6b06c25fc6181adf110e8109550698897836b5c429fe9b013b2e51a3abc05343.exe unpack001/6cc8001c9b61f55dc390743a9a6adfe2de01efd983f68599b288d39d3bfb7207.exe unpack001/7b931d48eafa703a99ca7f104daf9a7343b6f1161d49073b86f5a4700864d3f0.exe unpack001/7d6892645bc5ba581b2fff986b3e9371dd7298bab6aac890c99f80c8b1d78f0f.exe unpack001/9b6289a8bf3eab91297cc6d01215b06f4d979a81656eb80bc0ae6d3b7e8b112b.exe unpack001/acf2b767040e546b689b4f1724569fd9992189ba2035654cfbf866b933e5b1a7.exe unpack001/af2f191f8d2199d74867e9b1b9071e677c91b24d529d17b83ff04d0f03098a53.exe unpack001/cc7045d9fe77c4aa4cb646d01fb4700008a34f58f49358d0b0b0997d21016aab.exe unpack001/d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe unpack001/efe947e0a8842997d152af946ef0293a972cc11662f3c62a8461bc4a07427669.exe unpack001/f13edd0b86c095dfb681e8bf08d7df0d53d9fb4301f2ba65ae9706a0aaeefe9f.exe
Files
-
Unique_Icons_But_Unknown_Malware_2.rar.rar
-
0811cf7c2702af79720305f03bb4945d63bd4052d4d6df4aa4cf8e6418e5d9de.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
mscoree
_CorExeMain
Sections
.text Size: 146KB - Virtual size: 145KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 111KB - Virtual size: 111KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
0dd0b31f05bd8036791494372275f393714ac18bae0f8d26a808387a0fcfe224.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 166KB - Virtual size: 166KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 16KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
1ad888606f448d0d04c37ba11348b4c7d06f22b1cb3e8c217a21a5674bf29ce0.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
d:\PC_CONTENTS\MY_TOOLS\Unpackers\MegaDumper\MegaDumper\obj\x86\Debug\MegaDumper.pdb
Imports
mscoree
_CorExeMain
Sections
.text Size: 172KB - Virtual size: 170KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 8KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
1c77a07e45b4f3e7f2b756c76df58a9d0f78785aa0f9e154074503398203c695.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
mscoree
_CorExeMain
Sections
.text Size: 94KB - Virtual size: 94KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 18KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
23f1c183af6a0322746465beeb83e79c30ba8f497cd52d60e2ed544bb7b39ebc.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 147KB - Virtual size: 146KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
38e891599dad5b84356bad13b154ef7e26bb07aa651809a00369e52a54adc890.exe.exe windows:6 windows x86 arch:x86
2469bdeec834e1080ec1d36ede2b8455
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
c:\Spell\Travel\complete\Landlone.pdb
Imports
kernel32
InitializeCriticalSectionAndSpinCount
DecodePointer
SetEndOfFile
WriteConsoleW
HeapReAlloc
HeapSize
FlushFileBuffers
CreateFileW
GetConsoleCP
GetProcessHeap
GetStringTypeW
SetStdHandle
LCMapStringW
GetExitCodeProcess
lstrcmpiA
FindFirstChangeNotificationA
ResetEvent
DeleteFileA
TlsAlloc
GetCurrentThread
OpenMutexA
GetTempPathA
Sleep
DuplicateHandle
lstrcmpA
CreateMutexA
GetEnvironmentVariableA
PeekNamedPipe
FindNextFileA
VirtualProtect
TlsSetValue
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
EncodePointer
RaiseException
GetLastError
GetModuleFileNameW
SetLastError
RtlUnwind
FindFirstFileA
TlsGetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ReadFile
GetStdHandle
WriteFile
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
GetACP
HeapFree
HeapAlloc
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetFileType
CloseHandle
FindClose
FindFirstFileExA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
user32
GetWindowLongA
GetKeyNameTextA
IsDlgButtonChecked
CallNextHookEx
EnumWindows
ReleaseDC
DefWindowProcA
DrawIconEx
DrawEdge
GetClassInfoExA
gdi32
IntersectClipRect
EndPage
RestoreDC
CreateFontIndirectA
Rectangle
LineTo
SetBkMode
StartDocA
ExtTextOutA
comctl32
ImageList_Destroy
ImageList_SetIconSize
ImageList_GetImageCount
ImageList_SetBkColor
ImageList_AddMasked
ImageList_Remove
ole32
CoRegisterClassObject
CoUninitialize
CoInitialize
CoRegisterSurrogate
shlwapi
SHRegCloseUSKey
SHRegWriteUSValueA
StrToIntA
SHRegCreateUSKeyA
PathFindFileNameA
advapi32
SystemFunction036
OpenServiceA
OpenThreadToken
RegOpenKeyExA
InitializeSecurityDescriptor
FreeSid
OpenProcessToken
ControlService
SetSecurityDescriptorDacl
SetEntriesInAclA
CreateServiceW
RegCloseKey
StartServiceCtrlDispatcherA
QueryServiceStatus
RegDeleteKeyA
RegQueryValueExA
AllocateAndInitializeSid
LookupPrivilegeValueA
SetServiceStatus
RegisterServiceCtrlHandlerA
OpenSCManagerA
RegCreateKeyExA
imm32
ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow
ImmNotifyIME
ImmSetCompositionFontA
ImmGetCompositionStringA
Sections
.text Size: 124KB - Virtual size: 124KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 46KB - Virtual size: 46KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 22KB - Virtual size: 84KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.gfids Size: 512B - Virtual size: 292B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 64KB - Virtual size: 63KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
3a13e092e9c857702ad930dbd32ff7e4819151b0eab88be26d0229d95a74b6db.exe.exe windows:6 windows x86 arch:x86
1d46cc82ecd324ef15e6b3920d944eb3
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
E:\源码\i2\i2\vs2017\Release\WindowsProject1.pdb
Imports
kernel32
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
Sleep
ExitProcess
VirtualAlloc
VirtualProtect
VirtualFree
FreeLibrary
GetModuleFileNameW
GetProcAddress
LoadLibraryA
CopyFileW
IsBadReadPtr
UnhandledExceptionFilter
LocalFree
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
ole32
CoInitializeSecurity
CoCreateInstance
CoInitializeEx
CoUninitialize
oleaut32
VariantClear
VariantInit
SysFreeString
SysAllocString
msvcp140
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?uncaught_exception@std@@YA_NXZ
?_Xlength_error@std@@YAXPBD@Z
??Bid@locale@std@@QAEIXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
vcruntime140
_CxxThrowException
_except_handler4_common
memmove
__std_exception_destroy
__std_exception_copy
__std_terminate
memset
__CxxFrameHandler3
memcpy
api-ms-win-crt-runtime-l1-1-0
_invalid_parameter_noinfo_noreturn
_initterm_e
exit
_get_wide_winmain_command_line
_initialize_wide_environment
_seh_filter_exe
_c_exit
_register_thread_local_exe_atexit_callback
_set_app_type
_configure_wide_argv
_exit
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_controlfp_s
terminate
_cexit
_initterm
api-ms-win-crt-environment-l1-1-0
_wgetenv
api-ms-win-crt-stdio-l1-1-0
__p__commode
_set_fmode
__stdio_common_vfprintf
ungetc
__acrt_iob_func
_get_stream_buffer_pointers
fclose
setvbuf
fwrite
_fseeki64
fflush
fread
fputc
fgetpos
fgetc
fsetpos
api-ms-win-crt-filesystem-l1-1-0
_unlock_file
_lock_file
api-ms-win-crt-heap-l1-1-0
free
_callnewh
_set_new_mode
malloc
api-ms-win-crt-math-l1-1-0
__setusermatherr
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
Sections
.text Size: 19KB - Virtual size: 19KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 13KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 70KB - Virtual size: 71KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 79KB - Virtual size: 78KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
3b9dabd99dc58a5242616cb6d1d876bca3046119a9b150c7d7868bf02202ea82.exe.exe windows:4 windows x86 arch:x86
ec7603dfc11290c5ea59ede1b41eac50
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15-06-2007 00:00Not After14-06-2012 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04-12-2003 00:00Not After03-12-2013 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before16-07-2004 00:00Not After15-07-2014 23:59SubjectCN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
4b:ea:81:7c:ba:c7:c3:8a:ba:72:e7:be:6f:00:de:6dCertificate
IssuerCN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=USNot Before07-11-2007 00:00Not After10-12-2008 23:59SubjectCN=Adobe Systems Incorporated,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Information Systems,O=Adobe Systems Incorporated,L=San Jose,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
55:7e:59:12:c0:ed:63:3a:cb:5b:e7:da:2f:6c:23:99:5e:d6:5d:d2Signer
Actual PE Digest55:7e:59:12:c0:ed:63:3a:cb:5b:e7:da:2f:6c:23:99:5e:d6:5d:d2Digest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
comctl32
_TrackMouseEvent
ord17
msvfw32
MCIWndCreateW
MCIWndCreateA
winmm
waveOutSetVolume
waveOutGetVolume
PlaySoundA
waveOutGetNumDevs
shlwapi
PathRemoveFileSpecW
kernel32
InterlockedExchange
GetModuleHandleA
GetModuleFileNameA
GetWindowsDirectoryA
GetSystemDirectoryA
LoadLibraryA
SetLastError
GetOEMCP
GetACP
SetEndOfFile
CreateFileA
FlushFileBuffers
SetStdHandle
GetTimeZoneInformation
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
VirtualQuery
GetSystemInfo
VirtualProtect
GetLocaleInfoA
IsBadCodePtr
IsBadReadPtr
SetFilePointer
GetStringTypeA
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetCommandLineW
GetCommandLineA
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
CompareStringA
WaitForSingleObject
CloseHandle
DeviceIoControl
MulDiv
FreeLibrary
Sleep
ReleaseMutex
GetLastError
GetUserDefaultLCID
GetUserDefaultUILanguage
GetSystemDefaultLangID
WriteFile
ReadFile
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
SetUnhandledExceptionFilter
SetEnvironmentVariableA
HeapSize
HeapReAlloc
RtlUnwind
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileA
RaiseException
ExitProcess
TerminateProcess
GetCurrentProcess
GetVersionExA
HeapAlloc
HeapFree
LCMapStringA
user32
DestroyIcon
GetSystemMetrics
SetFocus
BeginPaint
FillRect
DrawEdge
keybd_event
SetForegroundWindow
UpdateWindow
TranslateMessage
ReleaseDC
GetAsyncKeyState
SetCursor
EndPaint
RedrawWindow
MoveWindow
GetIconInfo
CreateIconIndirect
GetClientRect
InvalidateRect
ShowWindow
PostQuitMessage
DrawIconEx
SetRect
GetDC
GetWindowRect
gdi32
CreateSolidBrush
GetStockObject
PatBlt
CreateCompatibleBitmap
CreateCompatibleDC
SetTextAlign
SetLayout
LineTo
SetBkMode
StretchBlt
BitBlt
SetTextColor
CreatePenIndirect
SelectObject
MoveToEx
Polyline
DeleteObject
DeleteDC
advapi32
RegQueryValueA
RegCloseKey
Sections
.text Size: 116KB - Virtual size: 114KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 20KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 12KB - Virtual size: 538KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 28KB - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
58fe9776f33628fd965d1bcc442ec8dc5bfae0c648dcaec400f6090633484806.exe.exe windows:5 windows x86 arch:x86
4c3d146415a27e5b2b768097598f2851
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
C:\random\fucking\path\to\fucking\idiotic\nonexisting\file\with\pdb\extension.pdb
Imports
kernel32
GetProcAddress
VirtualAlloc
ExitProcess
GetModuleHandleW
WriteFile
OpenProcess
Sleep
CreateFileW
ExitThread
GetLastError
OutputDebugStringA
CloseHandle
CreateThread
SetStdHandle
SetFilePointerEx
GetStringTypeW
ReadConsoleW
EncodePointer
DecodePointer
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
HeapSize
HeapFree
RaiseException
HeapAlloc
SetLastError
GetCurrentThreadId
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
GetModuleFileNameW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
RtlUnwind
LoadLibraryExW
HeapReAlloc
LCMapStringW
OutputDebugStringW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ReadFile
WriteConsoleW
user32
CreateWindowExA
PostMessageA
MessageBoxA
Sections
.text Size: 88KB - Virtual size: 88KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 26KB - Virtual size: 26KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 369KB - Virtual size: 376KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 16KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
5ab93bd4225586706037be1870f84d4bd124b38df01f78de5648e3e0f30b8911.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Code Sign
33:00:00:03:25:48:b2:9d:0e:7f:c5:f4:1f:00:00:00:00:03:25Certificate
IssuerCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before04-03-2020 18:29Not After03-03-2021 18:29SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0c:52:4c:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before06-07-2010 20:40Not After06-07-2025 20:50SubjectCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:01:8a:07:37:33:cf:20:48:89:3c:00:00:00:00:01:8aCertificate
IssuerCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before04-03-2020 18:39Not After03-03-2021 18:39SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0e:90:d2:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before08-07-2011 20:59Not After08-07-2026 21:09SubjectCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
8c:e3:1b:2b:4e:1a:03:92:e0:3f:49:b9:66:60:f3:db:ba:b7:48:49:e5:cd:e4:9f:d3:ab:8a:9c:0a:48:1d:87Signer
Actual PE Digest8c:e3:1b:2b:4e:1a:03:92:e0:3f:49:b9:66:60:f3:db:ba:b7:48:49:e5:cd:e4:9f:d3:ab:8a:9c:0a:48:1d:87Digest Algorithmsha256PE Digest Matchesfalse8c:e3:1b:2b:4e:1a:03:92:e0:3f:49:b9:66:60:f3:db:ba:b7:48:49:e5:cd:e4:9f:d3:ab:8a:9c:0a:48:1d:87Signer
Actual PE Digest8c:e3:1b:2b:4e:1a:03:92:e0:3f:49:b9:66:60:f3:db:ba:b7:48:49:e5:cd:e4:9f:d3:ab:8a:9c:0a:48:1d:87Digest Algorithmsha256PE Digest MatchesfalseHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 166KB - Virtual size: 166KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
6b06c25fc6181adf110e8109550698897836b5c429fe9b013b2e51a3abc05343.exe.exe windows:4 windows x86 arch:x86
f4c0c0105b7e9220f8a3864a384e3519
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
msvbvm60
__vbaStrI2
_CIcos
_adj_fptan
__vbaFreeVar
ord588
__vbaFreeVarList
_adj_fdiv_m64
ord513
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
ord660
__vbaHresultCheckObj
ord662
ord557
_adj_fdiv_m32
ord666
__vbaAryDestruct
ord591
__vbaLateMemSt
__vbaObjSet
ord595
ord596
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
ord529
__vbaAryConstruct2
__vbaVarTstEq
__vbaObjVar
_adj_fpatan
ord569
ord677
EVENT_SINK_Release
ord679
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord713
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaStrVarVal
ord536
_CIlog
ord646
__vbaNew2
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
ord573
__vbaStrCopy
ord682
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarTstNe
ord610
__vbaLateMemCall
__vbaVarAdd
__vbaVarDup
ord615
__vbaVarLateMemCallLd
ord616
__vbaFpI4
__vbaLateMemCallLd
_CIatan
ord540
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeStr
__vbaFreeObj
Sections
.text Size: 144KB - Virtual size: 140KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
6cc8001c9b61f55dc390743a9a6adfe2de01efd983f68599b288d39d3bfb7207.exe.exe windows:4 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
D:\qb\workspace\19992\p4gen\gfx_Development\SourceCUI\GfxDownloadWrapper\obj\x64\Release\GfxDownloadWrapper.pdb
Sections
.text Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 125KB - Virtual size: 124KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
73ca5dd6d49b4c296ee1304aaac2e5fde01156800b538354fd27366df5b9323f.exe.exe windows:4 windows x64 arch:x64
12c0f256818a0032e7fc8a4fe9b667ee
Code Sign
73:e6:ae:dc:8c:44:d8:72:f1:55:d7:41:d1:10:f6:20Certificate
IssuerCN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before04-02-2019 00:00Not After04-02-2020 23:59SubjectCN=MYSINGLESOURCE LTD,O=MYSINGLESOURCE LTD,POSTALCODE=GU34 5B,STREET=21 Kingswood Rise\, Four Marks\, \, United Kingdom\, GU34 5B,L=Alton,ST=Hampshire,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
01:fd:6d:30:fc:a3:ca:51:a8:1b:bc:64:0e:35:03:2dCertificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before01-02-2010 00:00Not After18-01-2038 23:59SubjectCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USKey Usages
KeyUsageCertSign
KeyUsageCRLSign
1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02-11-2018 00:00Not After31-12-2030 23:59SubjectCN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate
IssuerCN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before22-10-2014 00:00Not After22-10-2024 00:00SubjectCN=DigiCert Timestamp Responder,O=DigiCert,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before10-11-2006 00:00Not After10-11-2021 00:00SubjectCN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
06:f6:4d:5e:1a:07:2d:d9:0f:b4:49:4c:dd:10:3a:49:83:3e:fa:10Signer
Actual PE Digest06:f6:4d:5e:1a:07:2d:d9:0f:b4:49:4c:dd:10:3a:49:83:3e:fa:10Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
comctl32
ord17
shell32
ShellExecuteW
SHBrowseForFolderW
ShellExecuteExW
SHGetPathFromIDListW
SHGetFileInfoW
SHGetSpecialFolderPathW
SHGetMalloc
gdi32
CreateCompatibleDC
CreateFontIndirectW
DeleteObject
DeleteDC
GetCurrentObject
StretchBlt
GetDeviceCaps
CreateCompatibleBitmap
SelectObject
SetStretchBltMode
GetObjectW
advapi32
FreeSid
AllocateAndInitializeSid
CheckTokenMembership
user32
EnableMenuItem
IsWindow
EnableWindow
MessageBeep
LoadIconW
LoadImageW
SetWindowsHookExW
PtInRect
CallNextHookEx
DefWindowProcW
CallWindowProcW
DrawIconEx
DialogBoxIndirectParamW
GetWindow
ClientToScreen
GetDC
DrawTextW
ShowWindow
SystemParametersInfoW
GetSystemMetrics
SetFocus
UnhookWindowsHookEx
GetWindowLongPtrW
SetWindowLongPtrW
GetClientRect
GetSystemMenu
GetKeyState
MessageBoxA
GetSysColor
SetWindowTextW
GetWindowTextLengthW
GetWindowTextW
wsprintfA
GetClassNameA
GetWindowLongW
GetMenu
SetWindowPos
GetWindowDC
ReleaseDC
CopyImage
GetParent
GetWindowRect
ScreenToClient
CreateWindowExW
SetTimer
GetMessageW
CreateWindowExA
KillTimer
DestroyWindow
CharUpperW
DispatchMessageW
EndDialog
wsprintfW
MessageBoxW
wvsprintfW
GetDlgItem
SendMessageW
ole32
CreateStreamOnHGlobal
CoInitialize
CoCreateInstance
oleaut32
SysFreeString
VariantClear
SysAllocStringLen
OleLoadPicture
SysAllocString
kernel32
GetFileInformationByHandle
WaitForMultipleObjects
VirtualAlloc
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
VirtualFree
SetEndOfFile
SetFileTime
ReadFile
SetFilePointer
GetFileSize
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
FormatMessageW
lstrcpyW
LocalFree
IsBadReadPtr
SuspendThread
TerminateThread
GetSystemDirectoryW
GetCurrentThreadId
SetCurrentDirectoryA
InitializeCriticalSection
ResetEvent
SetEvent
CreateEventW
GetVersionExW
GetModuleFileNameW
GetCurrentProcess
SetProcessWorkingSetSize
SetEnvironmentVariableW
GetDriveTypeW
CreateFileW
LoadLibraryA
SetThreadLocale
GetSystemTimeAsFileTime
ExpandEnvironmentStringsW
CompareFileTime
WideCharToMultiByte
GetTempPathW
FindFirstFileW
lstrcmpW
DeleteFileW
FindNextFileW
FindClose
RemoveDirectoryW
GetEnvironmentVariableW
lstrcmpiW
GetLocaleInfoW
MultiByteToWideChar
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetSystemDefaultLCID
lstrcmpiA
GlobalAlloc
GlobalFree
MulDiv
FindResourceExA
SizeofResource
LoadResource
LockResource
GetProcAddress
GetModuleHandleW
GetStdHandle
WriteFile
lstrlenA
CreateDirectoryW
GetFileAttributesW
lstrlenW
GetLocalTime
SystemTimeToFileTime
CreateThread
GetExitCodeThread
ExitProcess
lstrcatW
AddVectoredExceptionHandler
RemoveVectoredExceptionHandler
CloseHandle
WaitForSingleObject
GetExitCodeProcess
GetQueuedCompletionStatus
ResumeThread
SetInformationJobObject
CreateIoCompletionPort
AssignProcessToJobObject
CreateJobObjectW
GetLastError
CreateProcessW
GetStartupInfoW
GetCommandLineW
SetLastError
SetCurrentDirectoryW
GetDiskFreeSpaceExW
SetFileAttributesW
Sleep
GetCurrentProcessId
msvcrt
__CxxFrameHandler
??3@YAXPEAX@Z
memset
_wtol
_purecall
memcmp
??2@YAPEAX_K@Z
_wcsnicmp
memmove
memcpy
strncpy
wcsncpy
wcsncmp
strncmp
?_set_new_handler@@YAP6AH_K@ZP6AH0@Z@Z
_beginthreadex
wcscmp
_CxxThrowException
wcsstr
free
malloc
__C_specific_handler
_unlock
__dllonexit
_lock
_onexit
??1type_info@@UEAA@XZ
__getmainargs
_XcptFilter
_exit
_ismbblead
_cexit
exit
_acmdln
_initterm
_amsg_exit
__setusermatherr
_commode
_fmode
__set_app_type
?terminate@@YAXXZ
Sections
.text Size: 121KB - Virtual size: 121KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 24KB - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 23KB - Virtual size: 23KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
7b931d48eafa703a99ca7f104daf9a7343b6f1161d49073b86f5a4700864d3f0.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
G:\ravdhksam\ravdhksam\obj\Debug\ravdhksam.pdb
Imports
mscoree
_CorExeMain
Sections
.text Size: 74KB - Virtual size: 74KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.sdata Size: 512B - Virtual size: 312B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
7d6892645bc5ba581b2fff986b3e9371dd7298bab6aac890c99f80c8b1d78f0f.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 56KB - Virtual size: 55KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 190KB - Virtual size: 189KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
9036aeb570b22497c0f937e7edcef624800426011f0193a2b78c7f124e3a4c7e.exe.exe windows:6 windows x86 arch:x86
ba8df9c8faad61510a4a5d848be97a10
Code Sign
7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before21-12-2012 00:00Not After30-12-2020 23:59SubjectCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate
IssuerCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USNot Before18-10-2012 00:00Not After29-12-2020 23:59SubjectCN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
09:ad:30:22:5b:bb:6c:63:61:4a:1a:54:88:e0:95:6eCertificate
IssuerCN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=USNot Before14-09-2019 00:00Not After20-08-2020 12:00SubjectSERIALNUMBER=628941,CN=OM SECURE PROTECTION SERVICES LIMITED,O=OM SECURE PROTECTION SERVICES LIMITED,L=Dublin,C=IE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024945Extended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate
IssuerCN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before18-04-2012 12:00Not After18-04-2027 12:00SubjectCN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
e8:f9:ba:73:64:ba:d9:df:75:c8:b2:0f:c2:93:e8:07:d6:92:d3:c7Signer
Actual PE Digeste8:f9:ba:73:64:ba:d9:df:75:c8:b2:0f:c2:93:e8:07:d6:92:d3:c7Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
CreateProcessA
CloseHandle
CreateFileA
GetFileSize
ReadFile
WriteConsoleW
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
LCMapStringW
HeapSize
GetStringTypeW
WideCharToMultiByte
HeapReAlloc
RtlUnwind
LoadLibraryW
OutputDebugStringW
GetCommandLineW
IsDebuggerPresent
IsProcessorFeaturePresent
HeapAlloc
GetLastError
SetLastError
InterlockedIncrement
InterlockedDecrement
GetCurrentThreadId
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
GetStdHandle
WriteFile
GetModuleFileNameW
GetProcessHeap
GetFileType
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
HeapFree
Sleep
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
LoadLibraryExW
CreateFileW
user32
EndDialog
PostQuitMessage
EndPaint
BeginPaint
DefWindowProcW
DestroyWindow
DialogBoxParamW
UpdateWindow
CreateWindowExW
RegisterClassExW
LoadCursorW
LoadIconW
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
GetMessageW
LoadAcceleratorsW
LoadStringW
ShowWindow
shell32
SHGetFolderPathA
Sections
.text Size: 26KB - Virtual size: 25KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 18KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 24KB - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
9b6289a8bf3eab91297cc6d01215b06f4d979a81656eb80bc0ae6d3b7e8b112b.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 68KB - Virtual size: 67KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 17KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
acf2b767040e546b689b4f1724569fd9992189ba2035654cfbf866b933e5b1a7.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
D:\VB\HiDDen PerSOn NotePad\HiDDen PerSOn NotePad\obj\x86\Release\HiDDen PerSOn NotePad.pdb
Imports
mscoree
_CorExeMain
Sections
.text Size: 173KB - Virtual size: 172KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.sdata Size: 512B - Virtual size: 144B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 78KB - Virtual size: 77KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
af2f191f8d2199d74867e9b1b9071e677c91b24d529d17b83ff04d0f03098a53.exe.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 84KB - Virtual size: 83KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 31KB - Virtual size: 31KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 185KB - Virtual size: 184KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
cc7045d9fe77c4aa4cb646d01fb4700008a34f58f49358d0b0b0997d21016aab.exe.dll regsvr32 windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Exports
Exports
DllUnregisterServer
DllRegisterServer
DllGetClassObject
DllCanUnloadNow
Sections
.text Size: 109KB - Virtual size: 108KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 496B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 121KB - Virtual size: 134KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 10KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
C:\Users\1\Downloads\EncrypterPOC-main\EncrypterPOC-main\WindowsFormsApp1\obj\Release\WindowsFormsApp1.pdb
Imports
mscoree
_CorExeMain
Sections
.text Size: 66KB - Virtual size: 65KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 206KB - Virtual size: 206KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
efe947e0a8842997d152af946ef0293a972cc11662f3c62a8461bc4a07427669.exe.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.rrdata Size: 73KB - Virtual size: 72KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.idata Size: 512B - Virtual size: 256B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rmnet Size: 19KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.orpc Size: 22KB - Virtual size: 22KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.text Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.text Size: 512B - Virtual size: 512B
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data2 Size: 512B - Virtual size: 512B
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tsustu Size: 3KB - Virtual size: 4KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
rqvmxkb Size: 512B - Virtual size: 512B
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
CODE Size: 4KB - Virtual size: 4KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.brdata Size: 512B - Virtual size: 512B
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.gfids Size: 512B - Virtual size: 512B
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.extjmp Size: 512B - Virtual size: 512B
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
new_imp Size: 8KB - Virtual size: 8KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
new_imp Size: 8KB - Virtual size: 8KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rmnet Size: 512B - Virtual size: 512B
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
new_imp Size: 14KB - Virtual size: 14KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
f13edd0b86c095dfb681e8bf08d7df0d53d9fb4301f2ba65ae9706a0aaeefe9f.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 20KB - Virtual size: 20KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 167KB - Virtual size: 166KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ