metasploit | f87237859e6849d770c327ae300cdfbff8b8f9193e8ace2f739f8629a087b7f3

Sharing

Copy URL

Twitter E-mail

General

Target

f87237859e6849d770c327ae300cdfbff8b8f9193e8ace2f739f8629a087b7f3
Size

14.3MB
MD5

6fcd7ac1028668bcda61633dd40f1f49
SHA1

bd9547ee86e28fc01fe459b91c2c5ee090fbe2cb
SHA256

f87237859e6849d770c327ae300cdfbff8b8f9193e8ace2f739f8629a087b7f3
SHA512

cd4a68943fc2995fac19beaf99949e9b68238a7759d6744e569f3fa0ab7e6ea413c40a3cc2af447366db71dbe48106c79f5a403d797ff03de431d802f4f968c3
SSDEEP

393216:oZo8lNCe0Iymb6JrIpgp+ueSrfAZa5EkwBN5Tc:oq8liJEpa+6iNlc

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

http://101.34.205.247:443/jquery-3.3.1.slim.min.js

Signatures

Metasploit family
metasploit

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/101.34.205.247:8080/BugSplatRc64.dll
unpack001/101.34.205.247:8080/checker.exe
unpack001/101.34.205.247:8080/cs/logon.exe
unpack001/101.34.205.247:8080/get.exe
unpack001/101.34.205.247:8080/vshell_x86/uninstall.exe

Files

f87237859e6849d770c327ae300cdfbff8b8f9193e8ace2f739f8629a087b7f3
.zip
101.34.205.247:8080/.DS_Store
101.34.205.247:8080/33.txt
101.34.205.247:8080/BsSndRpt1.exe
.exe windows:6 windows x64 arch:x64

6b4ebbc76a24a32743d71833b7b047b2

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07
Certificate

Issuer

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

03-05-2011 07:00

Not After

03-05-2031 07:00

Subject

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f8:49:5e:22:4e:fa:55:d4
Certificate

Issuer

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

24-07-2020 17:34

Not After

21-05-2023 21:28

Subject

CN=BugSplat,O=BugSplat,L=Henniker,ST=New Hampshire,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

57:fd:cb:8d:e2:14:e7:74:18:99:1b:27:43:ff:da:d6:a6:70:b4:1e
Signer

Actual PE Digest

57:fd:cb:8d:e2:14:e7:74:18:99:1b:27:43:ff:da:d6:a6:70:b4:1e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\www\src\BugSplat\bin64\BsSndRpt64.pdb

Imports

shlwapi

PathFindFileNameW
PathFileExistsW
PathRemoveFileSpecW
PathAppendW

rpcrt4

RpcStringFreeW
UuidToStringW

wininet

HttpQueryInfoW
HttpSendRequestW
HttpOpenRequestW
InternetSetOptionW
InternetQueryOptionW
InternetReadFile
InternetConnectW
InternetCloseHandle
InternetOpenW
InternetCheckConnectionW
InternetAttemptConnect

ws2_32

WSAStartup
gethostname
inet_ntoa
WSACleanup
gethostbyname

kernel32

GetModuleHandleW
lstrcmpiW
LeaveCriticalSection
RaiseException
EnterCriticalSection
GetLastError
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
InitializeCriticalSectionEx
DeleteCriticalSection
GetPrivateProfileStringW
GetCurrentThreadId
DecodePointer
GetCommandLineW
LockResource
FindResourceExW
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
CloseHandle
FormatMessageW
ResetEvent
Sleep
SetEvent
OutputDebugStringW
GetTempPathW
SetLastError
LocalFree
CompareStringW
lstrlenW
VerifyVersionInfoW
VerSetConditionMask
ReadFile
MulDiv
CreateEventW
WaitForSingleObject
CreateThread
SetThreadPriority
ResumeThread
FileTimeToSystemTime
GetFileType
GetFileSize
SetFilePointer
FileTimeToDosDateTime
GetCurrentProcess
WriteFile
GetCurrentDirectoryW
SystemTimeToFileTime
WideCharToMultiByte
GetFullPathNameW
IsValidCodePage
FindNextFileW
FindFirstFileExW
GetProcAddress
FlushFileBuffers
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetStdHandle
GetModuleHandleExW
ExitProcess
GetTimeZoneInformation
DeleteFileW
RtlPcToFileHeader
RtlUnwindEx
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
WaitForSingleObjectEx
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
LoadLibraryExA
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
IsDebuggerPresent
GetCPInfo
GetLocaleInfoW
LCMapStringW
GetSystemTimeAsFileTime
TlsFree
GetFileAttributesW
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
InitializeCriticalSectionAndSpinCount
EncodePointer
GetStringTypeW
FreeLibrary
LoadLibraryW
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
MapViewOfFile
SetStdHandle
CreateFileMappingW
GetFileInformationByHandle
CreateFileW
UnmapViewOfFile
GetACP
MultiByteToWideChar
GetModuleFileNameW
FindClose
SetCurrentDirectoryW
ReadConsoleW
SetEndOfFile
WriteConsoleW
GetLocalTime
RtlUnwind

user32

ShowWindow
SetTimer
KillTimer
GetSysColor
MessageBoxW
CharNextW
LoadStringW
GetActiveWindow
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
MessageBeep
SetDlgItemTextW
EnableWindow
BringWindowToTop
EndDialog
UnregisterClassW
DialogBoxParamW
SetRectEmpty
DefWindowProcW
SetFocus
SendMessageW
SetWindowLongPtrW
InvalidateRect
OffsetRect
SetForegroundWindow
PostMessageW
GetDlgItem
GetWindow
MonitorFromWindow
GetMonitorInfoW
GetWindowRect
CallWindowProcW
GetWindowLongPtrW
GetClassNameW
SetWindowLongW
SetWindowPos
LoadCursorW
SystemParametersInfoW
CreateWindowExW
DestroyWindow
BeginPaint
EndPaint
FillRect
IsWindowEnabled
MapWindowPoints
GetFocus
DrawFocusRect
SetCursor
TrackMouseEvent
SetCapture
GetCapture
ReleaseCapture
GetParent
GetDlgCtrlID
GetCursorPos
ScreenToClient
PtInRect
UpdateWindow
IsWindow
GetDC
ReleaseDC
GetClientRect
GetWindowLongW
DrawTextW

gdi32

GetObjectW
GetStockObject
SelectObject
SetTextColor
CreateFontIndirectW
DeleteObject
SetBkMode

advapi32

CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptReleaseContext
RegQueryInfoKeyW
CryptCreateHash
CryptAcquireContextW
RegQueryValueExW
RegCloseKey
RegDeleteKeyW
RegCreateKeyW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegisterEventSourceW
ReportEventW
DeregisterEventSource
RegEnumKeyExW

shell32

ShellExecuteW

ole32

CoTaskMemAlloc
CoCreateGuid
CoInitialize
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance

oleaut32

VarUI4FromStr

comctl32

InitCommonControlsEx

Sections

.text
Size: 328KB - Virtual size: 327KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
101.34.205.247:8080/BugSplatRc64.dll
.dll windows:6 windows x64 arch:x64

c8cab1972b3ba5955077d319a689516c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

FreeLibrary
LoadLibraryExW
GlobalDeleteAtom
lstrcmpW
GlobalAddAtomW
GlobalFindAtomW
CreateFileW
FindClose
FindFirstFileW
FlushFileBuffers
GetFileSize
GetFullPathNameW
GetVolumeInformationW
LockFile
ReadFile
SetEndOfFile
SetFilePointer
UnlockFile
DuplicateHandle
lstrcmpiW
GlobalFlags
GetVersionExW
GetLocaleInfoW
GetUserDefaultUILanguage
FileTimeToLocalFileTime
GetFileAttributesW
GetFileAttributesExW
GetFileSizeEx
GetFileTime
SystemTimeToTzSpecificLocalTime
lstrcpyW
GetCurrentDirectoryW
FindResourceExW
GetWindowsDirectoryW
VerSetConditionMask
VerifyVersionInfoW
GetTempPathW
GetTickCount
GetProfileIntW
SearchPathW
GetTempFileNameW
GetUserDefaultLCID
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
GetStringTypeW
LCMapStringEx
GetCPInfo
EncodePointer
RtlUnwindEx
RtlPcToFileHeader
InterlockedFlushSList
CreateThread
ExitThread
FreeLibraryAndExitThread
HeapQueryInformation
GetCommandLineA
GetSystemInfo
QueryPerformanceFrequency
SetStdHandle
GetFileType
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetStdHandle
GetDateFormatW
GetTimeFormatW
LCMapStringW
IsValidLocale
EnumSystemLocalesW
GetTimeZoneInformation
GetConsoleOutputCP
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
WriteConsoleW
GlobalGetAtomNameW
lstrcmpA
CompareStringW
GetProcAddress
GetModuleHandleW
ResumeThread
SetThreadPriority
GetCurrentThreadId
CreateEventW
MultiByteToWideChar
CopyFileW
FormatMessageW
MulDiv
GlobalSize
FindResourceW
SizeofResource
LockResource
LoadResource
LocalReAlloc
LocalAlloc
GlobalFree
GlobalHandle
GlobalLock
GlobalUnlock
GlobalReAlloc
GlobalAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
QueryActCtxW
FindActCtxSectionStringW
DeactivateActCtx
ActivateActCtx
CreateActCtxW
LoadLibraryW
GetModuleHandleExW
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
SetLastError
OutputDebugStringA
GetSystemDirectoryW
VirtualQuery
FileTimeToSystemTime
SetThreadContext
WideCharToMultiByte
GlobalMemoryStatusEx
GetProcessHeap
GetCurrentProcessId
ExitProcess
DeleteCriticalSection
LocalFree
GetThreadContext
DecodePointer
HeapAlloc
ResetEvent
RaiseException
CloseHandle
HeapReAlloc
Process32FirstW
Process32NextW
GetLastError
GetTickCount64
Sleep
CreateToolhelp32Snapshot
HeapSize
WaitForSingleObject
InitializeCriticalSectionEx
SetErrorMode
GetModuleFileNameW
VirtualAlloc
GetCurrentProcess
GetCommandLineW
HeapFree
VirtualProtect
WriteFile
GetModuleFileNameA
RtlUnwind

user32

DrawFocusRect
IsRectEmpty
DrawIconEx
GetIconInfo
MessageBeep
EnableScrollBar
HideCaret
InvertRect
NotifyWinEvent
CreatePopupMenu
GetMenuDefaultItem
MapVirtualKeyW
GetKeyNameTextW
LoadMenuW
SetLayeredWindowAttributes
EnumDisplayMonitors
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DrawStateW
SetClassLongPtrW
SetWindowRgn
SetParent
DrawEdge
DrawFrameControl
IsZoomed
GetSystemMenu
BringWindowToTop
SetCursorPos
CopyIcon
FrameRect
DrawIcon
UnionRect
UpdateLayeredWindow
MonitorFromPoint
LoadAcceleratorsW
TranslateAcceleratorW
InsertMenuItemW
UnpackDDElParam
ReuseDDElParam
GetComboBoxInfo
PostThreadMessageW
WaitMessage
GetKeyboardLayout
IsCharLowerW
MapVirtualKeyExW
ToUnicodeEx
GetKeyboardState
CreateAcceleratorTableW
DestroyAcceleratorTable
CopyAcceleratorTableW
SetRect
LockWindowUpdate
SetMenuDefaultItem
GetDoubleClickTime
ModifyMenuW
RegisterClipboardFormatW
CharUpperBuffW
IsClipboardFormatAvailable
GetUpdateRect
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
SubtractRect
CreateMenu
GetWindowRgn
DestroyCursor
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
ShowOwnedPopups
SetScrollPos
ScrollWindow
RedrawWindow
EndPaint
BeginPaint
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
UpdateWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
SetFocus
GetDlgCtrlID
GetDlgItem
IsIconic
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
ReleaseCapture
GetWindowPlacement
SetWindowPos
DestroyWindow
IsChild
IsMenu
IsWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
PostMessageW
GetMessageTime
GetMessagePos
RegisterWindowMessageW
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetFocus
GetWindowTextLengthW
GetWindowTextW
LoadCursorW
GetSysColorBrush
GetSysColor
ReleaseDC
GetDC
GetSystemMetrics
CallNextHookEx
SetWindowsHookExW
GetCursorPos
ValidateRect
GetKeyState
GetActiveWindow
IsWindowVisible
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
RemoveMenu
AppendMenuW
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringW
GetLastActivePopup
GetWindowThreadProcessId
GetParent
GetWindowLongW
IsWindowEnabled
EnableWindow
SendMessageW
UnhookWindowsHookEx
LoadImageW
InvalidateRect
TrackMouseEvent
IntersectRect
MapDialogRect
GetAsyncKeyState
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
PostQuitMessage
OffsetRect
SetRectEmpty
SendDlgItemMessageA
CopyImage
SystemParametersInfoW
InflateRect
GetMenuItemInfoW
DestroyMenu
FillRect
GetWindowDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
RealChildWindowFromPoint
GetDesktopWindow
RemovePropW
CharUpperW
DestroyIcon
IsDialogMessageW
SetWindowTextW
CheckDlgButton
MoveWindow
ShowWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
WindowFromPoint
SetCapture
GetNextDlgGroupItem
KillTimer
SetTimer
DeleteMenu
SetWindowPlacement
LoadIconW
GetWindow
GetTopWindow
GetClassNameW
GetClassLongPtrW
SetWindowLongPtrW
GetWindowLongPtrW
SetWindowLongW
PtInRect
EqualRect
CopyRect
SetCursor
MapWindowPoints
ScreenToClient
AdjustWindowRectEx
MessageBoxW
GetWindowRect
GetScrollPos
GetClientRect
ClientToScreen

advapi32

RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegOpenKeyExW
RegDeleteValueW
RegEnumKeyExW
RegSetValueExW
RegQueryValueExW

shell32

SHAppBarMessage
SHBrowseForFolderW
DragFinish
DragQueryFileW
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetPathFromIDListW
CommandLineToArgvW
ShellExecuteW
SHGetFileInfoW

ole32

OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleCreateMenuDescriptor
CoUninitialize
OleLockRunning
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
DoDragDrop
CreateStreamOnHGlobal
CoInitialize
CoCreateInstance
CoDisconnectObject
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CoInitializeEx

msimg32

TransparentBlt
AlphaBlend

shlwapi

PathIsUNCW
PathStripToRootW
PathFindExtensionW
PathRemoveFileSpecW
StrFormatKBSizeW
PathFindFileNameW

uxtheme

DrawThemeParentBackground
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeColor
GetCurrentThemeName
GetWindowTheme
DrawThemeText
IsAppThemed
IsThemeBackgroundPartiallyTransparent
GetThemeSysColor
GetThemePartSize

gdiplus

GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipDeleteGraphics
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipFree
GdipAlloc
GdiplusStartup
GdiplusShutdown
GdipDrawImageI
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipCloneImage
GdipBitmapUnlockBits
GdipGetImagePalette

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundW

gdi32

GetClipBox
GetObjectType
GetPixel
GetStockObject
GetViewportExtEx
GetWindowExtEx
Escape
LineTo
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
CreateSolidBrush
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateCompatibleDC
BitBlt
ExcludeClipRect
DeleteObject
GetObjectW
SetTextColor
SetBkColor
CreateBitmap
GetDeviceCaps
CreateDCW
IntersectClipRect
DeleteDC
SelectObject
GetTextFaceW
GetViewportOrgEx
GetWindowOrgEx
SetPixelV
SetPaletteEntries
ExtFloodFill
PtInRegion
GetBoundsRect
FrameRgn
FillRgn
RoundRect
OffsetRgn
GetRgnBox
Rectangle
LPtoDP
CreateRoundRectRgn
Polyline
Polygon
CreatePolygonRgn
GetTextColor
Ellipse
CreateEllipticRgn
SetDIBColorTable
CreateDIBSection
StretchBlt
SetPixel
GetTextCharsetInfo
EnumFontFamiliesW
CreateDIBitmap
CreateCompatibleBitmap
GetBkColor
SelectPalette
SetBkMode
RealizePalette
GetSystemPaletteEntries
GetPaletteEntries
GetNearestPaletteIndex
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextAlign
MoveToEx
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateFontIndirectW
GetTextExtentPoint32W
CombineRgn
CreateRectRgnIndirect
PatBlt
SetRectRgn
DPtoLP
GetTextMetricsW
EnumFontFamiliesExW
CreatePalette
CopyMetaFileW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

oleaut32

VariantInit
SysAllocString
VarBstrFromDate
SysFreeString
LoadTypeLi
SysAllocStringLen
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantCopy
VariantClear
VariantChangeType

Exports

Exports

DllEntryPoint
MyFunction

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 543KB - Virtual size: 543KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
101.34.205.247:8080/checker.exe
.exe windows:5 windows x64 arch:x64

7ee2ff4d75ec27ee2f4e0cc4e2424986

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\ws\pc\src\out\electron_x64\tt_crash_reporter.exe.pdb

Imports

advapi32

EventRegister
EventUnregister
EventWrite
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
SystemFunction036

dbghelp

MiniDumpWriteDump

shell32

CommandLineToArgvW
ord165
SHGetFolderPathW
SHGetKnownFolderPath

user32

UnregisterClassW

kernel32

AcquireSRWLockExclusive
CloseHandle
CompareFileTime
CompareStringW
CreateEventW
CreateFileW
CreateThread
CreateToolhelp32Snapshot
DecodePointer
DeleteCriticalSection
DeleteFileW
EncodePointer
EnterCriticalSection
EnumSystemLocalesW
ExitProcess
ExitThread
ExpandEnvironmentStringsW
FindClose
FindFirstFileExW
FindFirstFileW
FindNextFileW
FindResourceW
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryAndExitThread
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetConsoleOutputCP
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetDriveTypeW
GetEnvironmentStringsW
GetEnvironmentVariableW
GetFileAttributesW
GetFileInformationByHandle
GetFileSizeEx
GetFileType
GetFullPathNameW
GetLastError
GetLocalTime
GetLocaleInfoW
GetLogicalProcessorInformation
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetNativeSystemInfo
GetOEMCP
GetProcAddress
GetProcessHeap
GetProductInfo
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemDirectoryW
GetSystemInfo
GetSystemTimeAsFileTime
GetTempPathW
GetThreadId
GetThreadPriority
GetTickCount
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLCID
GetUserDefaultLangID
GetVersionExW
GetWindowsDirectoryW
HeapAlloc
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
InitOnceExecuteOnce
InitializeConditionVariable
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
InitializeSListHead
InitializeSRWLock
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
IsWow64Process
K32GetModuleBaseNameW
K32GetModuleFileNameExW
K32GetPerformanceInfo
LCMapStringW
LeaveCriticalSection
LoadLibraryExA
LoadLibraryExW
LoadResource
LocalFree
LockResource
MapViewOfFile
MultiByteToWideChar
OpenProcess
OutputDebugStringA
OutputDebugStringW
Process32FirstW
Process32NextW
QueryPerformanceCounter
QueryPerformanceFrequency
QueryThreadCycleTime
RaiseException
ReadConsoleW
ReadFile
ReadProcessMemory
ReleaseSRWLockExclusive
RemoveDirectoryW
ResetEvent
RtlCaptureContext
RtlCaptureStackBackTrace
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwind
RtlUnwindEx
RtlVirtualUnwind
SetEndOfFile
SetEnvironmentVariableW
SetEvent
SetFileAttributesW
SetFilePointerEx
SetLastError
SetStdHandle
SetThreadPriority
SetUnhandledExceptionFilter
SizeofResource
Sleep
SleepConditionVariableSRW
SwitchToThread
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryAcquireSRWLockExclusive
UnhandledExceptionFilter
UnmapViewOfFile
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForSingleObject
WaitForSingleObjectEx
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFile
lstrlenA

ole32

CoTaskMemFree

parfait

?AddCrashContext@ParfaitWrapperBase@parfait@@QEAAXPEBD0@Z
?InitGlobalEnv@ParfaitWrapperBase@parfait@@QEAAXAEAVParfaitGlobalEnvBuilderBase@2@@Z
?InitInstanceEnv@ParfaitWrapperBase@parfait@@QEAAXAEAVParfaitEnvBuilderBase@2@@Z
?SetAppVersion@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@PEBD@Z
?SetChannel@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@PEBD@Z
?SetDid@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@PEBD@Z
?SetHost@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@PEBD@Z
?SetIsDebug@ParfaitGlobalEnvBuilderBase@parfait@@SAX_N@Z
?SetProcessName@ParfaitEnvBuilderBase@parfait@@QEAAAEAV12@PEBD@Z
?SetRootPathName@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@PEBD@Z
?SetUid@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@PEBD@Z
?UploadCrashFile@ParfaitWrapperBase@parfait@@QEAAXPEBUCrashUploadRequest@12@@Z
?UploadFile@ParfaitWrapperBase@parfait@@QEAAXPEBDPEBUUploadFileCallback@12@@Z
CreateParfaitEnvBuilder
CreateParfaitGlobalEnvBuilder
CreateParfaitWrapper
DestroyParfaitEnvBuilder
DestroyParfaitGlobalEnvBuilder
DestroyParfaitWrapper

winhttp

WinHttpAddRequestHeaders
WinHttpCloseHandle
WinHttpConnect
WinHttpOpen
WinHttpOpenRequest
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpSetOption

version

VerQueryValueW

shlwapi

PathMatchSpecW

winmm

timeGetTime

Exports

Exports

Cr_z_adler32
Cr_z_adler32_combine
Cr_z_adler32_z
Cr_z_compress
Cr_z_compress2
Cr_z_compressBound
Cr_z_crc32
Cr_z_crc32_combine
Cr_z_crc32_combine_gen
Cr_z_crc32_combine_op
Cr_z_crc32_z
Cr_z_deflate
Cr_z_deflateBound
Cr_z_deflateCopy
Cr_z_deflateEnd
Cr_z_deflateGetDictionary
Cr_z_deflateInit2_
Cr_z_deflateInit_
Cr_z_deflateParams
Cr_z_deflatePending
Cr_z_deflatePrime
Cr_z_deflateReset
Cr_z_deflateResetKeep
Cr_z_deflateSetDictionary
Cr_z_deflateSetHeader
Cr_z_deflateTune
Cr_z_get_crc_table
Cr_z_zError
Cr_z_zlibCompileFlags
Cr_z_zlibVersion
GetHandleVerifier

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 330KB - Virtual size: 330KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 66KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gxfg
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.retplne
Size: 512B - Virtual size: 136B

.rodata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 329B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

malloc_h
Size: 512B - Virtual size: 236B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 227KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
101.34.205.247:8080/cs/.DS_Store
101.34.205.247:8080/cs/help.dll
.dll windows:6 windows x64 arch:x64

29928cc8b6c099534ed3c048707b8e8f

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2013 12:00

Not After

15-01-2038 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:7b:b7:80:66:44:45:4c:59:d0:14:a8:db:b7:1b:6b
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

12-04-2024 00:00

Not After

13-04-2027 23:59

Subject

SERIALNUMBER=91110101MA0045N17U,CN=北京抖音科技有限公司,O=北京抖音科技有限公司,ST=北京市,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#0c09e6b5b7e6b780e58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e58c97e4baace5b882,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

dd:41:84:23:3a:f8:69:0e:1e:87:8f:0c:4a:25:00:dd:63:21:02:fe:ce:72:d1:82:c6:2f:0f:ac:07:d1:65:70
Signer

Actual PE Digest

dd:41:84:23:3a:f8:69:0e:1e:87:8f:0c:4a:25:00:dd:63:21:02:fe:ce:72:d1:82:c6:2f:0f:ac:07:d1:65:70

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\25475\parfait\windows\outputs\crashpad_nogwpasan_noperf\nottnet\x64\Release\parfait.pdb

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

kernel32

ReadFile
SetEndOfFile
SetFilePointerEx
WriteFile
GetLastError
CreateFileW
DeleteFileW
LockFileEx
UnlockFile
CloseHandle
MultiByteToWideChar
WideCharToMultiByte
WaitForSingleObject
OpenProcess
GetFileSizeEx
GetFileAttributesW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetFullPathNameW
GetFileSize
FlushViewOfFile
CreateFileMappingA
GetTimeZoneInformation
SetEvent
ReleaseMutex
CreateMutexW
CreateEventW
WaitForMultipleObjects
CreateThread
GetLocalTime
CreateDirectoryW
SetFilePointer
GetCurrentThreadId
GetSystemTime
SystemTimeToFileTime
OutputDebugStringW
GetVersionExW
GetModuleHandleW
GetProcAddress
RemoveDirectoryW
MoveFileExW
FindNextFileW
GetStdHandle
GetFileType
RaiseException
SetUnhandledExceptionFilter
AddVectoredExceptionHandler
SleepEx
Sleep
GetCurrentProcess
TerminateProcess
OpenThread
GetExitCodeThread
CreateProcessW
GetThreadContext
GetVersion
FormatMessageW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LoadLibraryW
SetLastError
SetNamedPipeHandleState
TransactNamedPipe
CreateNamedPipeW
WaitNamedPipeW
LocalFree
VirtualAlloc
ReadConsoleW
FindFirstFileW
FindClose
GetCurrentProcessId
WriteConsoleW
HeapReAlloc
RtlCaptureContext
RtlUnwind
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
FlushFileBuffers
HeapSize
SetStdHandle
QueryPerformanceCounter
QueryPerformanceFrequency
WaitForSingleObjectEx
SwitchToThread
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
RtlPcToFileHeader
InitOnceBeginInitialize
InitOnceComplete
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
GetModuleHandleExW
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
LCMapStringEx
CompareStringEx
GetCPInfo
GetStringTypeW
ResetEvent
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
RtlUnwindEx
InterlockedFlushSList
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetFileAttributesExW
ExitThread
FreeLibraryAndExitThread
GetDriveTypeW
GetFileInformationByHandle
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetConsoleOutputCP
GetConsoleMode
SetConsoleCtrlHandler
ExitProcess
GetModuleFileNameW
HeapFree
HeapAlloc
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetCurrentDirectoryW

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
BuildExplicitAccessWithNameW
BuildSecurityDescriptorW
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
SystemFunction036

winhttp

WinHttpQueryHeaders
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpOpenRequest
WinHttpSetTimeouts
WinHttpSetOption
WinHttpReceiveResponse
WinHttpWriteData
WinHttpReadData
WinHttpConnect
WinHttpCloseHandle
WinHttpOpen
WinHttpQueryDataAvailable

Exports

Exports

?AddCrashContext@ParfaitEnvBuilderBase@parfait@@QEAAAEAV12@PEBD0@Z
?AddCrashContext@ParfaitWrapperBase@parfait@@QEAAXPEBD0@Z
?AddExtraCrashContextForDisplay@ParfaitWrapperBase@parfait@@SAXPEBD0@Z
?AddRecordContext@ParfaitEnvBuilderBase@parfait@@QEAAAEAV12@PEBD0@Z
?AddRecordContext@ParfaitWrapperBase@parfait@@QEAAXPEBD0@Z
?AddUnhandledSignal@ParfaitWrapperBase@parfait@@SAXH@Z
?AddVehTargetExceptionType@ParfaitWrapperBase@parfait@@SAXK@Z
?AlogDestroy@@YAXXZ
?AlogInit@@YA_NAEBVFilePath@parfait@@PEB_WPEBD2_N3@Z
?AlogSyncFlush@@YAXXZ
?AlogWrite@@YAXHPEBD0@Z
?CreateLogRecorder@ParfaitWrapperBase@parfait@@QEAAPEAVParfaitLogRecorderBase@2@W4RECORD_INTERVAL@2@W4LOG_RECORD_LEVEL@2@@Z
?CreateRecorder@ParfaitWrapperBase@parfait@@QEAAPEAVParfaitRecorderBase@2@W4RECORD_INTERVAL@2@PEBD@Z
?CreateUserDefinedRecorder@ParfaitWrapperBase@parfait@@QEAAPEAVParfaitUserDefinedRecorderBase@2@W4RECORD_INTERVAL@2@PEBD@Z
?DestroyLogRecorder@ParfaitWrapperBase@parfait@@QEAAXPEAVParfaitLogRecorderBase@2@@Z
?DestroyRecorder@ParfaitWrapperBase@parfait@@QEAAXPEAVParfaitRecorderBase@2@@Z
?DestroyUserDefinedRecorder@ParfaitWrapperBase@parfait@@QEAAXPEAVParfaitUserDefinedRecorderBase@2@@Z
?DoRecord@ParfaitLogRecorderBase@parfait@@QEAAXXZ
?DoRecord@ParfaitRecorderBase@parfait@@QEAAXXZ
?DoRecord@ParfaitUserDefinedRecorderBase@parfait@@QEAAXXZ
?DumpAndUploadFulldumpImmediately@ParfaitWrapperBase@parfait@@QEAAXPEBD@Z
?DumpJankAndUploadImmediately@ParfaitWrapperBase@parfait@@QEAAX_KPEBD_J@Z
?EnablePassExceptionToOriginalHandler@ParfaitWrapperBase@parfait@@SAXXZ
?ExitReport@ParfaitWrapperBase@parfait@@QEAAXXZ
?HandlerUploadCrashEventIfCrashed@ParfaitWrapperBase@parfait@@QEAAXXZ
?InitAlog@ParfaitWrapperBase@parfait@@QEAAXPEBD0@Z
?InitAlog@ParfaitWrapperBase@parfait@@QEAAXPEBD0_N@Z
?InitCrashClientOnMac@ParfaitWrapperBase@parfait@@QEAAXXZ
?InitCrashClientOnWin@ParfaitWrapperBase@parfait@@QEAA_NPEBD@Z
?InitCrashClientOnWinEarly@ParfaitWrapperBase@parfait@@SA_NPEBD@Z
?InitCrashServer@ParfaitWrapperBase@parfait@@QEAA_NPEBD@Z
?InitCrashServerEarly@ParfaitWrapperBase@parfait@@SA_NPEBD@Z
?InitCrashServerOnWin@ParfaitWrapperBase@parfait@@QEAAXPEBD0P6AX_N0@Z@Z
?InitCrashServerOnWinEarly@ParfaitWrapperBase@parfait@@SA_NPEBD0_NP6AX10@Z@Z
?InitGlobalEnv@ParfaitWrapperBase@parfait@@QEAAXAEAVParfaitGlobalEnvBuilderBase@2@@Z
?InitInstanceEnv@ParfaitWrapperBase@parfait@@QEAAXAEAVParfaitEnvBuilderBase@2@@Z
?InjectNetworkMonitor@ParfaitWrapperBase@parfait@@QEAAXPEAX@Z
?InterruptUploadIfExit@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@_N@Z
?LaunchReport@ParfaitWrapperBase@parfait@@QEAAXXZ
?OpenCloudMessage@ParfaitWrapperBase@parfait@@QEAAXJ@Z
?RefreshCrashContextInCrashServer@ParfaitWrapperBase@parfait@@QEAAXXZ
?ResetGlobalEnv@ParfaitWrapperBase@parfait@@QEAAXAEAVParfaitGlobalEnvBuilderBase@2@@Z
?SetAppMinorVersion@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@PEBD@Z
?SetAppVersion@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@PEBD@Z
?SetBuildID@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@PEBD@Z
?SetChannel@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@PEBD@Z
?SetCrashAnnotation@ParfaitWrapperBase@parfait@@SAXPEBUCrashAnnotation@12@@Z
?SetCrashCallback@ParfaitWrapperBase@parfait@@SAXQ6AXXZ@Z
?SetCrashClientJsStackCallback@ParfaitWrapperBase@parfait@@SAXQ6APEBDXZ@Z
?SetCrashPostHandlerInCrashServer@ParfaitWrapperBase@parfait@@SA_NPEBUCrashPostHandlerData@2@@Z
?SetCrashServerIdentifierOnMac@ParfaitWrapperBase@parfait@@SAXPEBD@Z
?SetDid@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@PEBD@Z
?SetExceptionDisplayContext@ParfaitWrapperBase@parfait@@QEAAXIPEBD0@Z
?SetExceptionFilterContext@ParfaitWrapperBase@parfait@@QEAAXIPEBD0@Z
?SetHost@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@PEBD@Z
?SetIsDebug@ParfaitGlobalEnvBuilderBase@parfait@@SAX_N@Z
?SetIsOverseas@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@_N@Z
?SetMaxFileSize@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@H@Z
?SetMaxLogNumber@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@H@Z
?SetMaxReportSize@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@H@Z
?SetOsVersion@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@PEBD@Z
?SetPcCrashCallback@ParfaitEnvBuilderBase@parfait@@QEAAAEAV12@PEAUIPcCrashCallback@12@@Z
?SetPerformanceScene@ParfaitWrapperBase@parfait@@QEAAXPEBD@Z
?SetPid@ParfaitEnvBuilderBase@parfait@@QEAAAEAV12@PEBD@Z
?SetProcessName@ParfaitEnvBuilderBase@parfait@@QEAAAEAV12@PEBD@Z
?SetReportInterval@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@H@Z
?SetReportUrl@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@PEBD@Z
?SetRootPathName@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@PEBD@Z
?SetSessionID@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@PEBD@Z
?SetTTNetEngine@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@PEBX@Z
?SetUid@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@PEBD@Z
?SetUploader@ParfaitEnvBuilderBase@parfait@@QEAAAEAV12@PEAUIUploader@12@@Z
?StartCPUMonitor@ParfaitWrapperBase@parfait@@QEAAXHPEBD@Z
?StartCPUMonitor@ParfaitWrapperBase@parfait@@QEAAXXZ
?StartDiskIOMonitor@ParfaitWrapperBase@parfait@@QEAAXHPEBD@Z
?StartDiskIOMonitor@ParfaitWrapperBase@parfait@@QEAAXXZ
?StartDiskMonitor@ParfaitWrapperBase@parfait@@QEAAXXZ
?StartLogRecord@ParfaitWrapperBase@parfait@@QEAAAEAVParfaitLogRecorderBase@2@W4RECORD_INTERVAL@2@W4LOG_RECORD_LEVEL@2@@Z
?StartMemoryMonitor@ParfaitWrapperBase@parfait@@QEAAXHPEBD@Z
?StartMemoryMonitor@ParfaitWrapperBase@parfait@@QEAAXXZ
?StartRecord@ParfaitWrapperBase@parfait@@QEAAAEAVParfaitRecorderBase@2@W4RECORD_INTERVAL@2@PEBD@Z
?Upload@ParfaitWrapperBase@parfait@@QEAAXXZ
?UploadAlog@ParfaitWrapperBase@parfait@@QEAAXJJ@Z
?UploadAlogIfCrashed@ParfaitWrapperBase@parfait@@QEAAXXZ
?UploadAlogWithCallback@ParfaitWrapperBase@parfait@@QEAAXJJPEAXQ6AX_NHHPEBD0@Z@Z
?UploadAlogWithCallback@ParfaitWrapperBase@parfait@@QEAAXJJQ6AX_NHHPEBD@Z@Z
?UploadCrashDumpFile@ParfaitWrapperBase@parfait@@QEAAXPEBDJPEBUUploadCrashDumpCallback@12@@Z
?UploadCrashFile@ParfaitWrapperBase@parfait@@QEAAXPEBUCrashUploadRequest@12@@Z
?UploadCustomFile@ParfaitWrapperBase@parfait@@QEAAXUCustomFileUploadRequest@2@@Z
?UploadDumpImmediatelyIfCrashed@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@_N@Z
?UploadFile@ParfaitWrapperBase@parfait@@QEAAXPEBDPEBUUploadFileCallback@12@@Z
?UploadJankFile@ParfaitWrapperBase@parfait@@QEAAXUJankUploadRequest@2@@Z
?UploadNetworkLog@ParfaitWrapperBase@parfait@@QEAAXPEAX0@Z
?UploadNetworkLog@ParfaitWrapperBase@parfait@@QEAAXPEBDH0@Z
?UploadWithFlushImmediately@ParfaitWrapperBase@parfait@@QEAAXXZ
?UseMainProcessParamAsChildProcessExceptionUploadParam@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@XZ
?UseSystemDefaultHandlerOnMac@ParfaitWrapperBase@parfait@@SAXXZ
?WriteAlog@ParfaitWrapperBase@parfait@@QEAAXPEBD0@Z
?WriteAlog@ParfaitWrapperBase@parfait@@QEAAXW4ALOG_LEVEL@2@PEBD1@Z
?WriteCategory@ParfaitLogRecorderBase@parfait@@QEAAAEAV12@PEBD@Z
?WriteCategory@ParfaitRecorderBase@parfait@@QEAAAEAV12@PEBD@Z
?WriteExtra@ParfaitRecorderBase@parfait@@QEAAAEAV12@PEBD@Z
?WriteJsonData@ParfaitUserDefinedRecorderBase@parfait@@QEAAAEAV12@PEBD@Z
?WriteLog@ParfaitLogRecorderBase@parfait@@QEAAAEAV12@PEBD@Z
?WriteMetric@ParfaitRecorderBase@parfait@@QEAAAEAV12@PEBD@Z
CreateParfaitEnvBuilder
CreateParfaitGlobalEnvBuilder
CreateParfaitWrapper
DestroyParfaitEnvBuilder
DestroyParfaitGlobalEnvBuilder
DestroyParfaitWrapper
UploadCrashEventSynchronously
UploadCrashSynchronously

Sections

.text
Size: 845KB - Virtual size: 844KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 233KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

CPADinfo
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 812B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
101.34.205.247:8080/cs/logon.exe
.exe windows:5 windows x64 arch:x64

7ee2ff4d75ec27ee2f4e0cc4e2424986

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\ws\pc\src\out\electron_x64\tt_crash_reporter.exe.pdb

Imports

advapi32

EventRegister
EventUnregister
EventWrite
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
SystemFunction036

dbghelp

MiniDumpWriteDump

shell32

CommandLineToArgvW
ord165
SHGetFolderPathW
SHGetKnownFolderPath

user32

UnregisterClassW

kernel32

AcquireSRWLockExclusive
CloseHandle
CompareFileTime
CompareStringW
CreateEventW
CreateFileW
CreateThread
CreateToolhelp32Snapshot
DecodePointer
DeleteCriticalSection
DeleteFileW
EncodePointer
EnterCriticalSection
EnumSystemLocalesW
ExitProcess
ExitThread
ExpandEnvironmentStringsW
FindClose
FindFirstFileExW
FindFirstFileW
FindNextFileW
FindResourceW
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryAndExitThread
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetConsoleOutputCP
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetDriveTypeW
GetEnvironmentStringsW
GetEnvironmentVariableW
GetFileAttributesW
GetFileInformationByHandle
GetFileSizeEx
GetFileType
GetFullPathNameW
GetLastError
GetLocalTime
GetLocaleInfoW
GetLogicalProcessorInformation
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetNativeSystemInfo
GetOEMCP
GetProcAddress
GetProcessHeap
GetProductInfo
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemDirectoryW
GetSystemInfo
GetSystemTimeAsFileTime
GetTempPathW
GetThreadId
GetThreadPriority
GetTickCount
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLCID
GetUserDefaultLangID
GetVersionExW
GetWindowsDirectoryW
HeapAlloc
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
InitOnceExecuteOnce
InitializeConditionVariable
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
InitializeSListHead
InitializeSRWLock
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
IsWow64Process
K32GetModuleBaseNameW
K32GetModuleFileNameExW
K32GetPerformanceInfo
LCMapStringW
LeaveCriticalSection
LoadLibraryExA
LoadLibraryExW
LoadResource
LocalFree
LockResource
MapViewOfFile
MultiByteToWideChar
OpenProcess
OutputDebugStringA
OutputDebugStringW
Process32FirstW
Process32NextW
QueryPerformanceCounter
QueryPerformanceFrequency
QueryThreadCycleTime
RaiseException
ReadConsoleW
ReadFile
ReadProcessMemory
ReleaseSRWLockExclusive
RemoveDirectoryW
ResetEvent
RtlCaptureContext
RtlCaptureStackBackTrace
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwind
RtlUnwindEx
RtlVirtualUnwind
SetEndOfFile
SetEnvironmentVariableW
SetEvent
SetFileAttributesW
SetFilePointerEx
SetLastError
SetStdHandle
SetThreadPriority
SetUnhandledExceptionFilter
SizeofResource
Sleep
SleepConditionVariableSRW
SwitchToThread
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryAcquireSRWLockExclusive
UnhandledExceptionFilter
UnmapViewOfFile
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForSingleObject
WaitForSingleObjectEx
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFile
lstrlenA

ole32

CoTaskMemFree

parfait

?AddCrashContext@ParfaitWrapperBase@parfait@@QEAAXPEBD0@Z
?InitGlobalEnv@ParfaitWrapperBase@parfait@@QEAAXAEAVParfaitGlobalEnvBuilderBase@2@@Z
?InitInstanceEnv@ParfaitWrapperBase@parfait@@QEAAXAEAVParfaitEnvBuilderBase@2@@Z
?SetAppVersion@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@PEBD@Z
?SetChannel@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@PEBD@Z
?SetDid@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@PEBD@Z
?SetHost@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@PEBD@Z
?SetIsDebug@ParfaitGlobalEnvBuilderBase@parfait@@SAX_N@Z
?SetProcessName@ParfaitEnvBuilderBase@parfait@@QEAAAEAV12@PEBD@Z
?SetRootPathName@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@PEBD@Z
?SetUid@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@PEBD@Z
?UploadCrashFile@ParfaitWrapperBase@parfait@@QEAAXPEBUCrashUploadRequest@12@@Z
?UploadFile@ParfaitWrapperBase@parfait@@QEAAXPEBDPEBUUploadFileCallback@12@@Z
CreateParfaitEnvBuilder
CreateParfaitGlobalEnvBuilder
CreateParfaitWrapper
DestroyParfaitEnvBuilder
DestroyParfaitGlobalEnvBuilder
DestroyParfaitWrapper

winhttp

WinHttpAddRequestHeaders
WinHttpCloseHandle
WinHttpConnect
WinHttpOpen
WinHttpOpenRequest
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpSetOption

version

VerQueryValueW

shlwapi

PathMatchSpecW

winmm

timeGetTime

Exports

Exports

Cr_z_adler32
Cr_z_adler32_combine
Cr_z_adler32_z
Cr_z_compress
Cr_z_compress2
Cr_z_compressBound
Cr_z_crc32
Cr_z_crc32_combine
Cr_z_crc32_combine_gen
Cr_z_crc32_combine_op
Cr_z_crc32_z
Cr_z_deflate
Cr_z_deflateBound
Cr_z_deflateCopy
Cr_z_deflateEnd
Cr_z_deflateGetDictionary
Cr_z_deflateInit2_
Cr_z_deflateInit_
Cr_z_deflateParams
Cr_z_deflatePending
Cr_z_deflatePrime
Cr_z_deflateReset
Cr_z_deflateResetKeep
Cr_z_deflateSetDictionary
Cr_z_deflateSetHeader
Cr_z_deflateTune
Cr_z_get_crc_table
Cr_z_zError
Cr_z_zlibCompileFlags
Cr_z_zlibVersion
GetHandleVerifier

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 330KB - Virtual size: 330KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 66KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gxfg
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.retplne
Size: 512B - Virtual size: 136B

.rodata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 329B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

malloc_h
Size: 512B - Virtual size: 236B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 227KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
101.34.205.247:8080/cs/parfait.dll
.dll windows:6 windows x64 arch:x64

53ddc0e7df312cddd94f9ac19fc1b83d

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2013 12:00

Not After

15-01-2038 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:7b:b7:80:66:44:45:4c:59:d0:14:a8:db:b7:1b:6b
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

12-04-2024 00:00

Not After

13-04-2027 23:59

Subject

SERIALNUMBER=91110101MA0045N17U,CN=北京抖音科技有限公司,O=北京抖音科技有限公司,ST=北京市,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#0c09e6b5b7e6b780e58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e58c97e4baace5b882,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:2c:cf:70:c8:26:0e:e1:41:75:e1:73:9b:06:54:6a:7f:31:a3:9f:d2:50:53:eb:15:d8:02:d8:cd:5c:78:b8
Signer

Actual PE Digest

30:2c:cf:70:c8:26:0e:e1:41:75:e1:73:9b:06:54:6a:7f:31:a3:9f:d2:50:53:eb:15:d8:02:d8:cd:5c:78:b8

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

gdi32

BitBlt
CreateCompatibleDC
CreateDIBSection
DeleteDC
DeleteObject
GetDeviceCaps
SelectObject

kernel32

AddVectoredContinueHandler
AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateFileA
CreateIoCompletionPort
CreateThread
CreateWaitableTimerExW
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
ExitProcess
FreeEnvironmentStringsW
GetConsoleMode
GetCurrentThread
GetCurrentThreadId
GetEnvironmentStringsW
GetErrorMode
GetLastError
GetModuleHandleA
GetProcAddress
GetProcessAffinityMask
GetProcessHeap
GetQueuedCompletionStatusEx
GetStdHandle
GetSystemDirectoryA
GetSystemInfo
GetThreadContext
HeapCreate
HeapDestroy
HeapUnlock
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryExW
LoadLibraryW
MultiByteToWideChar
OpenThread
PostQueuedCompletionStatus
RaiseFailFastException
ResumeThread
RtlLookupFunctionEntry
RtlVirtualUnwind
SetConsoleCtrlHandler
SetErrorMode
SetEvent
SetProcessPriorityBoost
SetThreadContext
SetThreadPriority
SetWaitableTimer
Sleep
SuspendThread
SwitchToThread
TlsAlloc
TlsGetValue
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WerGetFlags
WerSetFlags
WideCharToMultiByte
WriteConsoleW
WriteFile
lstrcmpiW

msvcrt

___lc_codepage_func
___mb_cur_max_func
__iob_func
_amsg_exit
_assert
_beginthread
_errno
_initterm
_lock
_time64
_unlock
abort
calloc
clock
fputc
free
fwrite
isupper
localeconv
malloc
memcpy
realloc
strcpy
strerror
strlen
strncmp
vfprintf
wcslen

user32

ClientToScreen
EnumDisplayMonitors
EnumWindows
GetClientRect
GetCursorPos
GetDC
GetDesktopWindow
GetForegroundWindow
GetSystemMetrics
GetWindowLongPtrA
GetWindowRect
GetWindowTextA
GetWindowThreadProcessId
IsWindow
MapVirtualKeyA
MessageBoxA
PostMessageA
PostMessageW
ReleaseDC
SendInput
SetForegroundWindow
SetWindowPos
ShowWindow
VkKeyScanA

Exports

Exports

?AddCrashContext@ParfaitEnvBuilderBase@parfait@@QEAAAEAV12@PEBD0@Z
?AddCrashContext@ParfaitWrapperBase@parfait@@QEAAXPEBD0@Z
?AddExtraCrashContextForDisplay@ParfaitWrapperBase@parfait@@SAXPEBD0@Z
?AddRecordContext@ParfaitEnvBuilderBase@parfait@@QEAAAEAV12@PEBD0@Z
?AddRecordContext@ParfaitWrapperBase@parfait@@QEAAXPEBD0@Z
?AddUnhandledSignal@ParfaitWrapperBase@parfait@@SAXH@Z
?AddVehTargetExceptionType@ParfaitWrapperBase@parfait@@SAXK@Z
?AlogDestroy@@YAXXZ
?AlogInit@@YA_NAEBVFilePath@parfait@@PEB_WPEBD2_N3@Z
?AlogSyncFlush@@YAXXZ
?AlogWrite@@YAXHPEBD0@Z
?CreateLogRecorder@ParfaitWrapperBase@parfait@@QEAAPEAVParfaitLogRecorderBase@2@W4RECORD_INTERVAL@2@W4LOG_RECORD_LEVEL@2@@Z
?CreateRecorder@ParfaitWrapperBase@parfait@@QEAAPEAVParfaitRecorderBase@2@W4RECORD_INTERVAL@2@PEBD@Z
?CreateUserDefinedRecorder@ParfaitWrapperBase@parfait@@QEAAPEAVParfaitUserDefinedRecorderBase@2@W4RECORD_INTERVAL@2@PEBD@Z
?DestroyLogRecorder@ParfaitWrapperBase@parfait@@QEAAXPEAVParfaitLogRecorderBase@2@@Z
?DestroyRecorder@ParfaitWrapperBase@parfait@@QEAAXPEAVParfaitRecorderBase@2@@Z
?DestroyUserDefinedRecorder@ParfaitWrapperBase@parfait@@QEAAXPEAVParfaitUserDefinedRecorderBase@2@@Z
?DoRecord@ParfaitLogRecorderBase@parfait@@QEAAXXZ
?DoRecord@ParfaitRecorderBase@parfait@@QEAAXXZ
?DoRecord@ParfaitUserDefinedRecorderBase@parfait@@QEAAXXZ
?DumpAndUploadFulldumpImmediately@ParfaitWrapperBase@parfait@@QEAAXPEBD@Z
?DumpJankAndUploadImmediately@ParfaitWrapperBase@parfait@@QEAAX_KPEBD_J@Z
?EnablePassExceptionToOriginalHandler@ParfaitWrapperBase@parfait@@SAXXZ
?ExitReport@ParfaitWrapperBase@parfait@@QEAAXXZ
?HandlerUploadCrashEventIfCrashed@ParfaitWrapperBase@parfait@@QEAAXXZ
?InitAlog@ParfaitWrapperBase@parfait@@QEAAXPEBD0@Z
?InitAlog@ParfaitWrapperBase@parfait@@QEAAXPEBD0_N@Z
?InitCrashClientOnMac@ParfaitWrapperBase@parfait@@QEAAXXZ
?InitCrashClientOnWin@ParfaitWrapperBase@parfait@@QEAA_NPEBD@Z
?InitCrashClientOnWinEarly@ParfaitWrapperBase@parfait@@SA_NPEBD@Z
?InitCrashServer@ParfaitWrapperBase@parfait@@QEAA_NPEBD@Z
?InitCrashServerEarly@ParfaitWrapperBase@parfait@@SA_NPEBD@Z
?InitCrashServerOnWin@ParfaitWrapperBase@parfait@@QEAAXPEBD0P6AX_N0@Z@Z
?InitCrashServerOnWinEarly@ParfaitWrapperBase@parfait@@SA_NPEBD0_NP6AX10@Z@Z
?InitGlobalEnv@ParfaitWrapperBase@parfait@@QEAAXAEAVParfaitGlobalEnvBuilderBase@2@@Z
?InitInstanceEnv@ParfaitWrapperBase@parfait@@QEAAXAEAVParfaitEnvBuilderBase@2@@Z
?InjectNetworkMonitor@ParfaitWrapperBase@parfait@@QEAAXPEAX@Z
?InterruptUploadIfExit@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@_N@Z
?LaunchReport@ParfaitWrapperBase@parfait@@QEAAXXZ
?OpenCloudMessage@ParfaitWrapperBase@parfait@@QEAAXJ@Z
?RefreshCrashContextInCrashServer@ParfaitWrapperBase@parfait@@QEAAXXZ
?ResetGlobalEnv@ParfaitWrapperBase@parfait@@QEAAXAEAVParfaitGlobalEnvBuilderBase@2@@Z
?SetAppMinorVersion@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@PEBD@Z
?SetAppVersion@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@PEBD@Z
?SetBuildID@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@PEBD@Z
?SetChannel@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@PEBD@Z
?SetCrashAnnotation@ParfaitWrapperBase@parfait@@SAXPEBUCrashAnnotation@12@@Z
?SetCrashCallback@ParfaitWrapperBase@parfait@@SAXQ6AXXZ@Z
?SetCrashClientJsStackCallback@ParfaitWrapperBase@parfait@@SAXQ6APEBDXZ@Z
?SetCrashPostHandlerInCrashServer@ParfaitWrapperBase@parfait@@SA_NPEBUCrashPostHandlerData@2@@Z
?SetCrashServerIdentifierOnMac@ParfaitWrapperBase@parfait@@SAXPEBD@Z
?SetDid@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@PEBD@Z
?SetExceptionDisplayContext@ParfaitWrapperBase@parfait@@QEAAXIPEBD0@Z
?SetExceptionFilterContext@ParfaitWrapperBase@parfait@@QEAAXIPEBD0@Z
?SetHost@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@PEBD@Z
?SetIsDebug@ParfaitGlobalEnvBuilderBase@parfait@@SAX_N@Z
?SetIsOverseas@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@_N@Z
?SetMaxFileSize@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@H@Z
?SetMaxLogNumber@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@H@Z
?SetMaxReportSize@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@H@Z
?SetOsVersion@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@PEBD@Z
?SetPcCrashCallback@ParfaitEnvBuilderBase@parfait@@QEAAAEAV12@PEAUIPcCrashCallback@12@@Z
?SetPerformanceScene@ParfaitWrapperBase@parfait@@QEAAXPEBD@Z
?SetPid@ParfaitEnvBuilderBase@parfait@@QEAAAEAV12@PEBD@Z
?SetProcessName@ParfaitEnvBuilderBase@parfait@@QEAAAEAV12@PEBD@Z
?SetReportInterval@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@H@Z
?SetReportUrl@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@PEBD@Z
?SetRootPathName@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@PEBD@Z
?SetSessionID@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@PEBD@Z
?SetTTNetEngine@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@PEBX@Z
?SetUid@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@PEBD@Z
?SetUploader@ParfaitEnvBuilderBase@parfait@@QEAAAEAV12@PEAUIUploader@12@@Z
?StartCPUMonitor@ParfaitWrapperBase@parfait@@QEAAXHPEBD@Z
?StartCPUMonitor@ParfaitWrapperBase@parfait@@QEAAXXZ
?StartDiskIOMonitor@ParfaitWrapperBase@parfait@@QEAAXHPEBD@Z
?StartDiskIOMonitor@ParfaitWrapperBase@parfait@@QEAAXXZ
?StartDiskMonitor@ParfaitWrapperBase@parfait@@QEAAXXZ
?StartLogRecord@ParfaitWrapperBase@parfait@@QEAAAEAVParfaitLogRecorderBase@2@W4RECORD_INTERVAL@2@W4LOG_RECORD_LEVEL@2@@Z
?StartMemoryMonitor@ParfaitWrapperBase@parfait@@QEAAXHPEBD@Z
?StartMemoryMonitor@ParfaitWrapperBase@parfait@@QEAAXXZ
?StartRecord@ParfaitWrapperBase@parfait@@QEAAAEAVParfaitRecorderBase@2@W4RECORD_INTERVAL@2@PEBD@Z
?Upload@ParfaitWrapperBase@parfait@@QEAAXXZ
?UploadAlog@ParfaitWrapperBase@parfait@@QEAAXJJ@Z
?UploadAlogIfCrashed@ParfaitWrapperBase@parfait@@QEAAXXZ
?UploadAlogWithCallback@ParfaitWrapperBase@parfait@@QEAAXJJPEAXQ6AX_NHHPEBD0@Z@Z
?UploadAlogWithCallback@ParfaitWrapperBase@parfait@@QEAAXJJQ6AX_NHHPEBD@Z@Z
?UploadCrashDumpFile@ParfaitWrapperBase@parfait@@QEAAXPEBDJPEBUUploadCrashDumpCallback@12@@Z
?UploadCrashFile@ParfaitWrapperBase@parfait@@QEAAXPEBUCrashUploadRequest@12@@Z
?UploadCustomFile@ParfaitWrapperBase@parfait@@QEAAXUCustomFileUploadRequest@2@@Z
?UploadDumpImmediatelyIfCrashed@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@_N@Z
?UploadFile@ParfaitWrapperBase@parfait@@QEAAXPEBDPEBUUploadFileCallback@12@@Z
?UploadJankFile@ParfaitWrapperBase@parfait@@QEAAXUJankUploadRequest@2@@Z
?UploadNetworkLog@ParfaitWrapperBase@parfait@@QEAAXPEAX0@Z
?UploadNetworkLog@ParfaitWrapperBase@parfait@@QEAAXPEBDH0@Z
?UploadWithFlushImmediately@ParfaitWrapperBase@parfait@@QEAAXXZ
?UseMainProcessParamAsChildProcessExceptionUploadParam@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@XZ
?UseSystemDefaultHandlerOnMac@ParfaitWrapperBase@parfait@@SAXXZ
?WriteAlog@ParfaitWrapperBase@parfait@@QEAAXPEBD0@Z
?WriteAlog@ParfaitWrapperBase@parfait@@QEAAXW4ALOG_LEVEL@2@PEBD1@Z
?WriteCategory@ParfaitLogRecorderBase@parfait@@QEAAAEAV12@PEBD@Z
?WriteCategory@ParfaitRecorderBase@parfait@@QEAAAEAV12@PEBD@Z
?WriteExtra@ParfaitRecorderBase@parfait@@QEAAAEAV12@PEBD@Z
?WriteJsonData@ParfaitUserDefinedRecorderBase@parfait@@QEAAAEAV12@PEBD@Z
?WriteLog@ParfaitLogRecorderBase@parfait@@QEAAAEAV12@PEBD@Z
?WriteMetric@ParfaitRecorderBase@parfait@@QEAAAEAV12@PEBD@Z
CreateParfaitEnvBuilder
CreateParfaitGlobalEnvBuilder
CreateParfaitWrapper
DestroyParfaitEnvBuilder
DestroyParfaitGlobalEnvBuilder
DestroyParfaitWrapper
UploadCrashEventSynchronously
UploadCrashSynchronously

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 234KB - Virtual size: 233KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 562KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
101.34.205.247:8080/get.exe
.exe windows:6 windows x64 arch:x64

9cd12d9f6cec0a2da4ded5a7c6bb3bbb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

AddVectoredContinueHandler
AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateFileA
CreateIoCompletionPort
CreateThread
CreateWaitableTimerExW
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
ExitProcess
FreeEnvironmentStringsW
FreeLibrary
GetConsoleMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStringsW
GetErrorMode
GetLastError
GetProcAddress
GetProcessAffinityMask
GetProcessHeap
GetQueuedCompletionStatusEx
GetStartupInfoA
GetStdHandle
GetSystemDirectoryA
GetSystemInfo
GetSystemTimeAsFileTime
GetThreadContext
GetThreadLocale
GetTickCount
HeapAlloc
HeapFree
InitializeCriticalSection
IsBadReadPtr
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
PostQueuedCompletionStatus
QueryPerformanceCounter
RaiseFailFastException
ResumeThread
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetConsoleCtrlHandler
SetErrorMode
SetEvent
SetLastError
SetProcessPriorityBoost
SetThreadContext
SetUnhandledExceptionFilter
SetWaitableTimer
Sleep
SuspendThread
SwitchToThread
TerminateProcess
TlsAlloc
TlsGetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WerGetFlags
WerSetFlags
WriteConsoleW
WriteFile
__C_specific_handler
lstrlenA

msvcrt

__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_beginthread
_cexit
_errno
_fmode
_initterm
_onexit
_stricmp
abort
calloc
exit
fprintf
free
fwrite
malloc
memcpy
memset
realloc
signal
strlen
strncmp
strtol
vfprintf
wcstombs

Exports

Exports

_cgo_dummy_export

Sections

.text
Size: 614KB - Virtual size: 614KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 687KB - Virtual size: 687KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 551KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 78B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
101.34.205.247:8080/help.dll
.dll windows:6 windows x64 arch:x64

29928cc8b6c099534ed3c048707b8e8f

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2013 12:00

Not After

15-01-2038 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:7b:b7:80:66:44:45:4c:59:d0:14:a8:db:b7:1b:6b
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

12-04-2024 00:00

Not After

13-04-2027 23:59

Subject

SERIALNUMBER=91110101MA0045N17U,CN=北京抖音科技有限公司,O=北京抖音科技有限公司,ST=北京市,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#0c09e6b5b7e6b780e58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e58c97e4baace5b882,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

dd:41:84:23:3a:f8:69:0e:1e:87:8f:0c:4a:25:00:dd:63:21:02:fe:ce:72:d1:82:c6:2f:0f:ac:07:d1:65:70
Signer

Actual PE Digest

dd:41:84:23:3a:f8:69:0e:1e:87:8f:0c:4a:25:00:dd:63:21:02:fe:ce:72:d1:82:c6:2f:0f:ac:07:d1:65:70

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\25475\parfait\windows\outputs\crashpad_nogwpasan_noperf\nottnet\x64\Release\parfait.pdb

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

kernel32

ReadFile
SetEndOfFile
SetFilePointerEx
WriteFile
GetLastError
CreateFileW
DeleteFileW
LockFileEx
UnlockFile
CloseHandle
MultiByteToWideChar
WideCharToMultiByte
WaitForSingleObject
OpenProcess
GetFileSizeEx
GetFileAttributesW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetFullPathNameW
GetFileSize
FlushViewOfFile
CreateFileMappingA
GetTimeZoneInformation
SetEvent
ReleaseMutex
CreateMutexW
CreateEventW
WaitForMultipleObjects
CreateThread
GetLocalTime
CreateDirectoryW
SetFilePointer
GetCurrentThreadId
GetSystemTime
SystemTimeToFileTime
OutputDebugStringW
GetVersionExW
GetModuleHandleW
GetProcAddress
RemoveDirectoryW
MoveFileExW
FindNextFileW
GetStdHandle
GetFileType
RaiseException
SetUnhandledExceptionFilter
AddVectoredExceptionHandler
SleepEx
Sleep
GetCurrentProcess
TerminateProcess
OpenThread
GetExitCodeThread
CreateProcessW
GetThreadContext
GetVersion
FormatMessageW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LoadLibraryW
SetLastError
SetNamedPipeHandleState
TransactNamedPipe
CreateNamedPipeW
WaitNamedPipeW
LocalFree
VirtualAlloc
ReadConsoleW
FindFirstFileW
FindClose
GetCurrentProcessId
WriteConsoleW
HeapReAlloc
RtlCaptureContext
RtlUnwind
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
FlushFileBuffers
HeapSize
SetStdHandle
QueryPerformanceCounter
QueryPerformanceFrequency
WaitForSingleObjectEx
SwitchToThread
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
RtlPcToFileHeader
InitOnceBeginInitialize
InitOnceComplete
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
GetModuleHandleExW
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
LCMapStringEx
CompareStringEx
GetCPInfo
GetStringTypeW
ResetEvent
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
RtlUnwindEx
InterlockedFlushSList
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetFileAttributesExW
ExitThread
FreeLibraryAndExitThread
GetDriveTypeW
GetFileInformationByHandle
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetConsoleOutputCP
GetConsoleMode
SetConsoleCtrlHandler
ExitProcess
GetModuleFileNameW
HeapFree
HeapAlloc
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetCurrentDirectoryW

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
BuildExplicitAccessWithNameW
BuildSecurityDescriptorW
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
SystemFunction036

winhttp

WinHttpQueryHeaders
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpOpenRequest
WinHttpSetTimeouts
WinHttpSetOption
WinHttpReceiveResponse
WinHttpWriteData
WinHttpReadData
WinHttpConnect
WinHttpCloseHandle
WinHttpOpen
WinHttpQueryDataAvailable

Exports

Exports

?AddCrashContext@ParfaitEnvBuilderBase@parfait@@QEAAAEAV12@PEBD0@Z
?AddCrashContext@ParfaitWrapperBase@parfait@@QEAAXPEBD0@Z
?AddExtraCrashContextForDisplay@ParfaitWrapperBase@parfait@@SAXPEBD0@Z
?AddRecordContext@ParfaitEnvBuilderBase@parfait@@QEAAAEAV12@PEBD0@Z
?AddRecordContext@ParfaitWrapperBase@parfait@@QEAAXPEBD0@Z
?AddUnhandledSignal@ParfaitWrapperBase@parfait@@SAXH@Z
?AddVehTargetExceptionType@ParfaitWrapperBase@parfait@@SAXK@Z
?AlogDestroy@@YAXXZ
?AlogInit@@YA_NAEBVFilePath@parfait@@PEB_WPEBD2_N3@Z
?AlogSyncFlush@@YAXXZ
?AlogWrite@@YAXHPEBD0@Z
?CreateLogRecorder@ParfaitWrapperBase@parfait@@QEAAPEAVParfaitLogRecorderBase@2@W4RECORD_INTERVAL@2@W4LOG_RECORD_LEVEL@2@@Z
?CreateRecorder@ParfaitWrapperBase@parfait@@QEAAPEAVParfaitRecorderBase@2@W4RECORD_INTERVAL@2@PEBD@Z
?CreateUserDefinedRecorder@ParfaitWrapperBase@parfait@@QEAAPEAVParfaitUserDefinedRecorderBase@2@W4RECORD_INTERVAL@2@PEBD@Z
?DestroyLogRecorder@ParfaitWrapperBase@parfait@@QEAAXPEAVParfaitLogRecorderBase@2@@Z
?DestroyRecorder@ParfaitWrapperBase@parfait@@QEAAXPEAVParfaitRecorderBase@2@@Z
?DestroyUserDefinedRecorder@ParfaitWrapperBase@parfait@@QEAAXPEAVParfaitUserDefinedRecorderBase@2@@Z
?DoRecord@ParfaitLogRecorderBase@parfait@@QEAAXXZ
?DoRecord@ParfaitRecorderBase@parfait@@QEAAXXZ
?DoRecord@ParfaitUserDefinedRecorderBase@parfait@@QEAAXXZ
?DumpAndUploadFulldumpImmediately@ParfaitWrapperBase@parfait@@QEAAXPEBD@Z
?DumpJankAndUploadImmediately@ParfaitWrapperBase@parfait@@QEAAX_KPEBD_J@Z
?EnablePassExceptionToOriginalHandler@ParfaitWrapperBase@parfait@@SAXXZ
?ExitReport@ParfaitWrapperBase@parfait@@QEAAXXZ
?HandlerUploadCrashEventIfCrashed@ParfaitWrapperBase@parfait@@QEAAXXZ
?InitAlog@ParfaitWrapperBase@parfait@@QEAAXPEBD0@Z
?InitAlog@ParfaitWrapperBase@parfait@@QEAAXPEBD0_N@Z
?InitCrashClientOnMac@ParfaitWrapperBase@parfait@@QEAAXXZ
?InitCrashClientOnWin@ParfaitWrapperBase@parfait@@QEAA_NPEBD@Z
?InitCrashClientOnWinEarly@ParfaitWrapperBase@parfait@@SA_NPEBD@Z
?InitCrashServer@ParfaitWrapperBase@parfait@@QEAA_NPEBD@Z
?InitCrashServerEarly@ParfaitWrapperBase@parfait@@SA_NPEBD@Z
?InitCrashServerOnWin@ParfaitWrapperBase@parfait@@QEAAXPEBD0P6AX_N0@Z@Z
?InitCrashServerOnWinEarly@ParfaitWrapperBase@parfait@@SA_NPEBD0_NP6AX10@Z@Z
?InitGlobalEnv@ParfaitWrapperBase@parfait@@QEAAXAEAVParfaitGlobalEnvBuilderBase@2@@Z
?InitInstanceEnv@ParfaitWrapperBase@parfait@@QEAAXAEAVParfaitEnvBuilderBase@2@@Z
?InjectNetworkMonitor@ParfaitWrapperBase@parfait@@QEAAXPEAX@Z
?InterruptUploadIfExit@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@_N@Z
?LaunchReport@ParfaitWrapperBase@parfait@@QEAAXXZ
?OpenCloudMessage@ParfaitWrapperBase@parfait@@QEAAXJ@Z
?RefreshCrashContextInCrashServer@ParfaitWrapperBase@parfait@@QEAAXXZ
?ResetGlobalEnv@ParfaitWrapperBase@parfait@@QEAAXAEAVParfaitGlobalEnvBuilderBase@2@@Z
?SetAppMinorVersion@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@PEBD@Z
?SetAppVersion@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@PEBD@Z
?SetBuildID@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@PEBD@Z
?SetChannel@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@PEBD@Z
?SetCrashAnnotation@ParfaitWrapperBase@parfait@@SAXPEBUCrashAnnotation@12@@Z
?SetCrashCallback@ParfaitWrapperBase@parfait@@SAXQ6AXXZ@Z
?SetCrashClientJsStackCallback@ParfaitWrapperBase@parfait@@SAXQ6APEBDXZ@Z
?SetCrashPostHandlerInCrashServer@ParfaitWrapperBase@parfait@@SA_NPEBUCrashPostHandlerData@2@@Z
?SetCrashServerIdentifierOnMac@ParfaitWrapperBase@parfait@@SAXPEBD@Z
?SetDid@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@PEBD@Z
?SetExceptionDisplayContext@ParfaitWrapperBase@parfait@@QEAAXIPEBD0@Z
?SetExceptionFilterContext@ParfaitWrapperBase@parfait@@QEAAXIPEBD0@Z
?SetHost@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@PEBD@Z
?SetIsDebug@ParfaitGlobalEnvBuilderBase@parfait@@SAX_N@Z
?SetIsOverseas@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@_N@Z
?SetMaxFileSize@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@H@Z
?SetMaxLogNumber@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@H@Z
?SetMaxReportSize@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@H@Z
?SetOsVersion@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@PEBD@Z
?SetPcCrashCallback@ParfaitEnvBuilderBase@parfait@@QEAAAEAV12@PEAUIPcCrashCallback@12@@Z
?SetPerformanceScene@ParfaitWrapperBase@parfait@@QEAAXPEBD@Z
?SetPid@ParfaitEnvBuilderBase@parfait@@QEAAAEAV12@PEBD@Z
?SetProcessName@ParfaitEnvBuilderBase@parfait@@QEAAAEAV12@PEBD@Z
?SetReportInterval@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@H@Z
?SetReportUrl@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@PEBD@Z
?SetRootPathName@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@PEBD@Z
?SetSessionID@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@PEBD@Z
?SetTTNetEngine@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@PEBX@Z
?SetUid@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@PEBD@Z
?SetUploader@ParfaitEnvBuilderBase@parfait@@QEAAAEAV12@PEAUIUploader@12@@Z
?StartCPUMonitor@ParfaitWrapperBase@parfait@@QEAAXHPEBD@Z
?StartCPUMonitor@ParfaitWrapperBase@parfait@@QEAAXXZ
?StartDiskIOMonitor@ParfaitWrapperBase@parfait@@QEAAXHPEBD@Z
?StartDiskIOMonitor@ParfaitWrapperBase@parfait@@QEAAXXZ
?StartDiskMonitor@ParfaitWrapperBase@parfait@@QEAAXXZ
?StartLogRecord@ParfaitWrapperBase@parfait@@QEAAAEAVParfaitLogRecorderBase@2@W4RECORD_INTERVAL@2@W4LOG_RECORD_LEVEL@2@@Z
?StartMemoryMonitor@ParfaitWrapperBase@parfait@@QEAAXHPEBD@Z
?StartMemoryMonitor@ParfaitWrapperBase@parfait@@QEAAXXZ
?StartRecord@ParfaitWrapperBase@parfait@@QEAAAEAVParfaitRecorderBase@2@W4RECORD_INTERVAL@2@PEBD@Z
?Upload@ParfaitWrapperBase@parfait@@QEAAXXZ
?UploadAlog@ParfaitWrapperBase@parfait@@QEAAXJJ@Z
?UploadAlogIfCrashed@ParfaitWrapperBase@parfait@@QEAAXXZ
?UploadAlogWithCallback@ParfaitWrapperBase@parfait@@QEAAXJJPEAXQ6AX_NHHPEBD0@Z@Z
?UploadAlogWithCallback@ParfaitWrapperBase@parfait@@QEAAXJJQ6AX_NHHPEBD@Z@Z
?UploadCrashDumpFile@ParfaitWrapperBase@parfait@@QEAAXPEBDJPEBUUploadCrashDumpCallback@12@@Z
?UploadCrashFile@ParfaitWrapperBase@parfait@@QEAAXPEBUCrashUploadRequest@12@@Z
?UploadCustomFile@ParfaitWrapperBase@parfait@@QEAAXUCustomFileUploadRequest@2@@Z
?UploadDumpImmediatelyIfCrashed@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@_N@Z
?UploadFile@ParfaitWrapperBase@parfait@@QEAAXPEBDPEBUUploadFileCallback@12@@Z
?UploadJankFile@ParfaitWrapperBase@parfait@@QEAAXUJankUploadRequest@2@@Z
?UploadNetworkLog@ParfaitWrapperBase@parfait@@QEAAXPEAX0@Z
?UploadNetworkLog@ParfaitWrapperBase@parfait@@QEAAXPEBDH0@Z
?UploadWithFlushImmediately@ParfaitWrapperBase@parfait@@QEAAXXZ
?UseMainProcessParamAsChildProcessExceptionUploadParam@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@XZ
?UseSystemDefaultHandlerOnMac@ParfaitWrapperBase@parfait@@SAXXZ
?WriteAlog@ParfaitWrapperBase@parfait@@QEAAXPEBD0@Z
?WriteAlog@ParfaitWrapperBase@parfait@@QEAAXW4ALOG_LEVEL@2@PEBD1@Z
?WriteCategory@ParfaitLogRecorderBase@parfait@@QEAAAEAV12@PEBD@Z
?WriteCategory@ParfaitRecorderBase@parfait@@QEAAAEAV12@PEBD@Z
?WriteExtra@ParfaitRecorderBase@parfait@@QEAAAEAV12@PEBD@Z
?WriteJsonData@ParfaitUserDefinedRecorderBase@parfait@@QEAAAEAV12@PEBD@Z
?WriteLog@ParfaitLogRecorderBase@parfait@@QEAAAEAV12@PEBD@Z
?WriteMetric@ParfaitRecorderBase@parfait@@QEAAAEAV12@PEBD@Z
CreateParfaitEnvBuilder
CreateParfaitGlobalEnvBuilder
CreateParfaitWrapper
DestroyParfaitEnvBuilder
DestroyParfaitGlobalEnvBuilder
DestroyParfaitWrapper
UploadCrashEventSynchronously
UploadCrashSynchronously

Sections

.text
Size: 845KB - Virtual size: 844KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 233KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

CPADinfo
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 812B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
101.34.205.247:8080/output.exe
.exe windows:6 windows x86 arch:x86

76dc543bb336dc462cc5429c1182ea0a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

21:dd:22:7a:55:92:b5:4f:ce:64:9d:98:38:fa:c0:6b
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

09-12-2016 00:00

Not After

07-02-2020 23:59

Subject

CN=Bandisoft,O=Bandisoft,L=Yeongdeungpogu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:dd:22:7a:55:92:b5:4f:ce:64:9d:98:38:fa:c0:6b
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

09-12-2016 00:00

Not After

07-02-2020 23:59

Subject

CN=Bandisoft,O=Bandisoft,L=Yeongdeungpogu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

19-02-2018 00:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign TSA for Advanced - G2

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02-08-2011 10:00

Not After

29-03-2029 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

57:a8:37:44:4b:c5:df:dd:5f:df:ac:3c:86:76:9c:69:5e:f8:c6:6b:69:d6:8d:60:04:2f:0c:f8:e2:4c:8c:6f
Signer

Actual PE Digest

57:a8:37:44:4b:c5:df:dd:5f:df:ac:3c:86:76:9c:69:5e:f8:c6:6b:69:d6:8d:60:04:2f:0c:f8:e2:4c:8c:6f

Digest Algorithm

sha256

PE Digest Matches

false

3b:9d:95:fa:47:3b:36:3f:92:9a:0b:0c:ea:67:82:b6:5f:21:3b:5d
Signer

Actual PE Digest

3b:9d:95:fa:47:3b:36:3f:92:9a:0b:0c:ea:67:82:b6:5f:21:3b:5d

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\devel\Ark6\bin\Updater.pdb

Imports

kernel32

GetTempPathW
DeleteFileW
lstrlenW
GetFileAttributesW
GetFileSize
GetFileSizeEx
LocalFree
SetFileAttributesW
WideCharToMultiByte
MultiByteToWideChar
WaitForSingleObject
GetCurrentProcessId
TerminateProcess
GetSystemInfo
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
LocalAlloc
FileTimeToLocalFileTime
MulDiv
lstrcmpW
WriteFile
Sleep
InitializeCriticalSection
CreateEventW
DeleteCriticalSection
SetEvent
EnterCriticalSection
LeaveCriticalSection
lstrcmpiW
RaiseException
LoadLibraryExW
InitializeCriticalSectionEx
GetCurrentThreadId
CreateMutexW
GetLocalTime
DecodePointer
GetModuleFileNameW
WriteConsoleW
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStringTypeW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
SetFilePointerEx
GetFileType
LCMapStringW
CompareStringW
GetStdHandle
ExitProcess
GetCommandLineW
GetCommandLineA
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
QueryPerformanceCounter
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
InitializeCriticalSectionAndSpinCount
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
IsDebuggerPresent
GetCurrentProcess
FreeLibrary
GetProcAddress
GetModuleHandleW
SetLastError
FindClose
FindNextFileW
VirtualQuery
GetTimeZoneInformation
FileTimeToSystemTime
GetSystemTimeAsFileTime
ReadFile
SetFilePointer
CreateFileW
GetTickCount64
OutputDebugStringW
CloseHandle
VirtualProtect
GetLastError

user32

SetPropW
PostMessageW
LoadIconW
GetClassInfoW
MonitorFromWindow
GetWindow
SetDlgItemTextW
MessageBoxW
EnableWindow
GetActiveWindow
GetPropW
UnregisterClassW
RemovePropW
SendMessageW
SystemParametersInfoW
GetWindowRect
GetMonitorInfoW
OffsetRect
DialogBoxParamW
EndDialog
GetMessageW
DefWindowProcW
SetTimer
PostQuitMessage
RegisterClassW
KillTimer
RegisterClassExW
GetClassInfoExW
CallWindowProcW
ShowWindow
GetSysColor
FindWindowW
CharNextW
EqualRect
MoveWindow
GetWindowLongW
SetWindowPos
TranslateMessage
DispatchMessageW
GetParent
GetDesktopWindow
FindWindowExW
IsWindowVisible
GetWindowTextW
EnumChildWindows
MapWindowPoints
SetWindowTextW
GetDlgCtrlID
SetRect
SubtractRect
SetRectEmpty
GetClassLongW
GetClassNameW
IsRectEmpty
GetDlgItem
InvalidateRect
CreateWindowExW
GetClientRect
SetWindowLongW
LoadCursorW
RegisterWindowMessageW
ReleaseDC
GetDC

gdi32

CreateFontIndirectW
CreateSolidBrush
CreateFontW
DeleteObject
GetDeviceCaps
SelectObject
GetObjectW
GetStockObject
GetTextExtentPoint32W

advapi32

RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

shell32

ShellExecuteW

ole32

CoUninitialize
OleUninitialize
CoInitialize
OleInitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
OleSetContainedObject
OleCreate

oleaut32

SysFreeString
VarUI4FromStr
SysAllocString
VariantClear
VariantInit

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wininet

HttpOpenRequestA
HttpSendRequestW
InternetErrorDlg
InternetQueryOptionW
HttpAddRequestHeadersW
InternetConnectA
InternetOpenW
InternetCrackUrlA
InternetCloseHandle
InternetSetOptionW
InternetQueryDataAvailable
InternetReadFile
HttpQueryInfoW

Sections

.text
Size: 244KB - Virtual size: 243KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
101.34.205.247:8080/parfait.dll
.dll windows:6 windows x64 arch:x64

53ddc0e7df312cddd94f9ac19fc1b83d

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2013 12:00

Not After

15-01-2038 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:7b:b7:80:66:44:45:4c:59:d0:14:a8:db:b7:1b:6b
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

12-04-2024 00:00

Not After

13-04-2027 23:59

Subject

SERIALNUMBER=91110101MA0045N17U,CN=北京抖音科技有限公司,O=北京抖音科技有限公司,ST=北京市,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#0c09e6b5b7e6b780e58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e58c97e4baace5b882,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

56:85:2f:c9:4d:5d:dc:e5:54:85:b2:43:93:e7:7b:54:95:ac:5b:16:d3:5f:bc:ff:ec:25:60:f5:85:59:0c:e4
Signer

Actual PE Digest

56:85:2f:c9:4d:5d:dc:e5:54:85:b2:43:93:e7:7b:54:95:ac:5b:16:d3:5f:bc:ff:ec:25:60:f5:85:59:0c:e4

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

gdi32

BitBlt
CreateCompatibleDC
CreateDIBSection
DeleteDC
DeleteObject
GetDeviceCaps
SelectObject

kernel32

AddVectoredContinueHandler
AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateFileA
CreateIoCompletionPort
CreateThread
CreateWaitableTimerExW
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
ExitProcess
FreeEnvironmentStringsW
GetConsoleMode
GetCurrentThread
GetCurrentThreadId
GetEnvironmentStringsW
GetErrorMode
GetLastError
GetModuleHandleA
GetProcAddress
GetProcessAffinityMask
GetProcessHeap
GetQueuedCompletionStatusEx
GetStdHandle
GetSystemDirectoryA
GetSystemInfo
GetThreadContext
HeapCreate
HeapDestroy
HeapUnlock
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryExW
LoadLibraryW
MultiByteToWideChar
OpenThread
PostQueuedCompletionStatus
RaiseFailFastException
ResumeThread
RtlLookupFunctionEntry
RtlVirtualUnwind
SetConsoleCtrlHandler
SetErrorMode
SetEvent
SetProcessPriorityBoost
SetThreadContext
SetThreadPriority
SetWaitableTimer
Sleep
SuspendThread
SwitchToThread
TlsAlloc
TlsGetValue
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WerGetFlags
WerSetFlags
WideCharToMultiByte
WriteConsoleW
WriteFile
lstrcmpiW

msvcrt

___lc_codepage_func
___mb_cur_max_func
__iob_func
_amsg_exit
_assert
_beginthread
_errno
_initterm
_lock
_time64
_unlock
abort
calloc
clock
fputc
free
fwrite
isupper
localeconv
malloc
memcpy
realloc
strcpy
strerror
strlen
strncmp
vfprintf
wcslen

user32

ClientToScreen
EnumDisplayMonitors
EnumWindows
GetClientRect
GetCursorPos
GetDC
GetDesktopWindow
GetForegroundWindow
GetSystemMetrics
GetWindowLongPtrA
GetWindowRect
GetWindowTextA
GetWindowThreadProcessId
IsWindow
MapVirtualKeyA
MessageBoxA
PostMessageA
PostMessageW
ReleaseDC
SendInput
SetForegroundWindow
SetWindowPos
ShowWindow
VkKeyScanA

Exports

Exports

?AddCrashContext@ParfaitEnvBuilderBase@parfait@@QEAAAEAV12@PEBD0@Z
?AddCrashContext@ParfaitWrapperBase@parfait@@QEAAXPEBD0@Z
?AddExtraCrashContextForDisplay@ParfaitWrapperBase@parfait@@SAXPEBD0@Z
?AddRecordContext@ParfaitEnvBuilderBase@parfait@@QEAAAEAV12@PEBD0@Z
?AddRecordContext@ParfaitWrapperBase@parfait@@QEAAXPEBD0@Z
?AddUnhandledSignal@ParfaitWrapperBase@parfait@@SAXH@Z
?AddVehTargetExceptionType@ParfaitWrapperBase@parfait@@SAXK@Z
?AlogDestroy@@YAXXZ
?AlogInit@@YA_NAEBVFilePath@parfait@@PEB_WPEBD2_N3@Z
?AlogSyncFlush@@YAXXZ
?AlogWrite@@YAXHPEBD0@Z
?CreateLogRecorder@ParfaitWrapperBase@parfait@@QEAAPEAVParfaitLogRecorderBase@2@W4RECORD_INTERVAL@2@W4LOG_RECORD_LEVEL@2@@Z
?CreateRecorder@ParfaitWrapperBase@parfait@@QEAAPEAVParfaitRecorderBase@2@W4RECORD_INTERVAL@2@PEBD@Z
?CreateUserDefinedRecorder@ParfaitWrapperBase@parfait@@QEAAPEAVParfaitUserDefinedRecorderBase@2@W4RECORD_INTERVAL@2@PEBD@Z
?DestroyLogRecorder@ParfaitWrapperBase@parfait@@QEAAXPEAVParfaitLogRecorderBase@2@@Z
?DestroyRecorder@ParfaitWrapperBase@parfait@@QEAAXPEAVParfaitRecorderBase@2@@Z
?DestroyUserDefinedRecorder@ParfaitWrapperBase@parfait@@QEAAXPEAVParfaitUserDefinedRecorderBase@2@@Z
?DoRecord@ParfaitLogRecorderBase@parfait@@QEAAXXZ
?DoRecord@ParfaitRecorderBase@parfait@@QEAAXXZ
?DoRecord@ParfaitUserDefinedRecorderBase@parfait@@QEAAXXZ
?DumpAndUploadFulldumpImmediately@ParfaitWrapperBase@parfait@@QEAAXPEBD@Z
?DumpJankAndUploadImmediately@ParfaitWrapperBase@parfait@@QEAAX_KPEBD_J@Z
?EnablePassExceptionToOriginalHandler@ParfaitWrapperBase@parfait@@SAXXZ
?ExitReport@ParfaitWrapperBase@parfait@@QEAAXXZ
?HandlerUploadCrashEventIfCrashed@ParfaitWrapperBase@parfait@@QEAAXXZ
?InitAlog@ParfaitWrapperBase@parfait@@QEAAXPEBD0@Z
?InitAlog@ParfaitWrapperBase@parfait@@QEAAXPEBD0_N@Z
?InitCrashClientOnMac@ParfaitWrapperBase@parfait@@QEAAXXZ
?InitCrashClientOnWin@ParfaitWrapperBase@parfait@@QEAA_NPEBD@Z
?InitCrashClientOnWinEarly@ParfaitWrapperBase@parfait@@SA_NPEBD@Z
?InitCrashServer@ParfaitWrapperBase@parfait@@QEAA_NPEBD@Z
?InitCrashServerEarly@ParfaitWrapperBase@parfait@@SA_NPEBD@Z
?InitCrashServerOnWin@ParfaitWrapperBase@parfait@@QEAAXPEBD0P6AX_N0@Z@Z
?InitCrashServerOnWinEarly@ParfaitWrapperBase@parfait@@SA_NPEBD0_NP6AX10@Z@Z
?InitGlobalEnv@ParfaitWrapperBase@parfait@@QEAAXAEAVParfaitGlobalEnvBuilderBase@2@@Z
?InitInstanceEnv@ParfaitWrapperBase@parfait@@QEAAXAEAVParfaitEnvBuilderBase@2@@Z
?InjectNetworkMonitor@ParfaitWrapperBase@parfait@@QEAAXPEAX@Z
?InterruptUploadIfExit@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@_N@Z
?LaunchReport@ParfaitWrapperBase@parfait@@QEAAXXZ
?OpenCloudMessage@ParfaitWrapperBase@parfait@@QEAAXJ@Z
?RefreshCrashContextInCrashServer@ParfaitWrapperBase@parfait@@QEAAXXZ
?ResetGlobalEnv@ParfaitWrapperBase@parfait@@QEAAXAEAVParfaitGlobalEnvBuilderBase@2@@Z
?SetAppMinorVersion@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@PEBD@Z
?SetAppVersion@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@PEBD@Z
?SetBuildID@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@PEBD@Z
?SetChannel@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@PEBD@Z
?SetCrashAnnotation@ParfaitWrapperBase@parfait@@SAXPEBUCrashAnnotation@12@@Z
?SetCrashCallback@ParfaitWrapperBase@parfait@@SAXQ6AXXZ@Z
?SetCrashClientJsStackCallback@ParfaitWrapperBase@parfait@@SAXQ6APEBDXZ@Z
?SetCrashPostHandlerInCrashServer@ParfaitWrapperBase@parfait@@SA_NPEBUCrashPostHandlerData@2@@Z
?SetCrashServerIdentifierOnMac@ParfaitWrapperBase@parfait@@SAXPEBD@Z
?SetDid@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@PEBD@Z
?SetExceptionDisplayContext@ParfaitWrapperBase@parfait@@QEAAXIPEBD0@Z
?SetExceptionFilterContext@ParfaitWrapperBase@parfait@@QEAAXIPEBD0@Z
?SetHost@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@PEBD@Z
?SetIsDebug@ParfaitGlobalEnvBuilderBase@parfait@@SAX_N@Z
?SetIsOverseas@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@_N@Z
?SetMaxFileSize@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@H@Z
?SetMaxLogNumber@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@H@Z
?SetMaxReportSize@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@H@Z
?SetOsVersion@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@PEBD@Z
?SetPcCrashCallback@ParfaitEnvBuilderBase@parfait@@QEAAAEAV12@PEAUIPcCrashCallback@12@@Z
?SetPerformanceScene@ParfaitWrapperBase@parfait@@QEAAXPEBD@Z
?SetPid@ParfaitEnvBuilderBase@parfait@@QEAAAEAV12@PEBD@Z
?SetProcessName@ParfaitEnvBuilderBase@parfait@@QEAAAEAV12@PEBD@Z
?SetReportInterval@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@H@Z
?SetReportUrl@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@PEBD@Z
?SetRootPathName@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@PEBD@Z
?SetSessionID@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@PEBD@Z
?SetTTNetEngine@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@PEBX@Z
?SetUid@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@PEBD@Z
?SetUploader@ParfaitEnvBuilderBase@parfait@@QEAAAEAV12@PEAUIUploader@12@@Z
?StartCPUMonitor@ParfaitWrapperBase@parfait@@QEAAXHPEBD@Z
?StartCPUMonitor@ParfaitWrapperBase@parfait@@QEAAXXZ
?StartDiskIOMonitor@ParfaitWrapperBase@parfait@@QEAAXHPEBD@Z
?StartDiskIOMonitor@ParfaitWrapperBase@parfait@@QEAAXXZ
?StartDiskMonitor@ParfaitWrapperBase@parfait@@QEAAXXZ
?StartLogRecord@ParfaitWrapperBase@parfait@@QEAAAEAVParfaitLogRecorderBase@2@W4RECORD_INTERVAL@2@W4LOG_RECORD_LEVEL@2@@Z
?StartMemoryMonitor@ParfaitWrapperBase@parfait@@QEAAXHPEBD@Z
?StartMemoryMonitor@ParfaitWrapperBase@parfait@@QEAAXXZ
?StartRecord@ParfaitWrapperBase@parfait@@QEAAAEAVParfaitRecorderBase@2@W4RECORD_INTERVAL@2@PEBD@Z
?Upload@ParfaitWrapperBase@parfait@@QEAAXXZ
?UploadAlog@ParfaitWrapperBase@parfait@@QEAAXJJ@Z
?UploadAlogIfCrashed@ParfaitWrapperBase@parfait@@QEAAXXZ
?UploadAlogWithCallback@ParfaitWrapperBase@parfait@@QEAAXJJPEAXQ6AX_NHHPEBD0@Z@Z
?UploadAlogWithCallback@ParfaitWrapperBase@parfait@@QEAAXJJQ6AX_NHHPEBD@Z@Z
?UploadCrashDumpFile@ParfaitWrapperBase@parfait@@QEAAXPEBDJPEBUUploadCrashDumpCallback@12@@Z
?UploadCrashFile@ParfaitWrapperBase@parfait@@QEAAXPEBUCrashUploadRequest@12@@Z
?UploadCustomFile@ParfaitWrapperBase@parfait@@QEAAXUCustomFileUploadRequest@2@@Z
?UploadDumpImmediatelyIfCrashed@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@_N@Z
?UploadFile@ParfaitWrapperBase@parfait@@QEAAXPEBDPEBUUploadFileCallback@12@@Z
?UploadJankFile@ParfaitWrapperBase@parfait@@QEAAXUJankUploadRequest@2@@Z
?UploadNetworkLog@ParfaitWrapperBase@parfait@@QEAAXPEAX0@Z
?UploadNetworkLog@ParfaitWrapperBase@parfait@@QEAAXPEBDH0@Z
?UploadWithFlushImmediately@ParfaitWrapperBase@parfait@@QEAAXXZ
?UseMainProcessParamAsChildProcessExceptionUploadParam@ParfaitGlobalEnvBuilderBase@parfait@@QEAAAEAV12@XZ
?UseSystemDefaultHandlerOnMac@ParfaitWrapperBase@parfait@@SAXXZ
?WriteAlog@ParfaitWrapperBase@parfait@@QEAAXPEBD0@Z
?WriteAlog@ParfaitWrapperBase@parfait@@QEAAXW4ALOG_LEVEL@2@PEBD1@Z
?WriteCategory@ParfaitLogRecorderBase@parfait@@QEAAAEAV12@PEBD@Z
?WriteCategory@ParfaitRecorderBase@parfait@@QEAAAEAV12@PEBD@Z
?WriteExtra@ParfaitRecorderBase@parfait@@QEAAAEAV12@PEBD@Z
?WriteJsonData@ParfaitUserDefinedRecorderBase@parfait@@QEAAAEAV12@PEBD@Z
?WriteLog@ParfaitLogRecorderBase@parfait@@QEAAAEAV12@PEBD@Z
?WriteMetric@ParfaitRecorderBase@parfait@@QEAAAEAV12@PEBD@Z
CreateParfaitEnvBuilder
CreateParfaitGlobalEnvBuilder
CreateParfaitWrapper
DestroyParfaitEnvBuilder
DestroyParfaitGlobalEnvBuilder
DestroyParfaitWrapper
UploadCrashEventSynchronously
UploadCrashSynchronously

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 234KB - Virtual size: 233KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 562KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
101.34.205.247:8080/update.dat
101.34.205.247:8080/vshell_x86/.DS_Store
101.34.205.247:8080/vshell_x86/lib.dll
.dll windows:6 windows x86 arch:x86

2262054530b5f8bbeb0c4e3a111a37eb

Code Sign

33:00:00:00:f7:80:de:c4:94:54:79:46:07:00:00:00:00:00:f7
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2013,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2023 19:43

Not After

16-10-2024 19:43

Subject

CN=Microsoft Windows Software Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:14:9d:fb:c3:1f:1f:63:c3:10:00:00:00:00:00:14
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01-05-2013 20:44

Not After

01-05-2028 20:54

Subject

CN=Microsoft Windows Third Party Component CA 2013,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:03:a4:cb:e3:56:b8:cb:7f:e4:27:00:00:00:00:03:a4
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2023 19:51

Not After

16-10-2024 19:51

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2a:04:f4:88:25:0b:88:95:a4:93:9c:b7:e2:5e:f4:ed:02:b1:5c:b7:d7:c3:03:26:01:88:fe:44:5f:dc:f7:c7
Signer

Actual PE Digest

2a:04:f4:88:25:0b:88:95:a4:93:9c:b7:e2:5e:f4:ed:02:b1:5c:b7:d7:c3:03:26:01:88:fe:44:5f:dc:f7:c7

Digest Algorithm

sha256

PE Digest Matches

true

2a:04:f4:88:25:0b:88:95:a4:93:9c:b7:e2:5e:f4:ed:02:b1:5c:b7:d7:c3:03:26:01:88:fe:44:5f:dc:f7:c7
Signer

Actual PE Digest

2a:04:f4:88:25:0b:88:95:a4:93:9c:b7:e2:5e:f4:ed:02:b1:5c:b7:d7:c3:03:26:01:88:fe:44:5f:dc:f7:c7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\a\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

terminate
abort

api-ms-win-crt-heap-l1-1-0

calloc
malloc
free

api-ms-win-crt-string-l1-1-0

strcpy_s
strncmp
wcsncmp

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
__stdio_common_vsprintf_s

api-ms-win-crt-convert-l1-1-0

atol

kernel32

LeaveCriticalSection
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
GetModuleHandleW
GetModuleFileNameW
LoadLibraryExW
GetProcAddress
FreeLibrary
TlsFree
RtlUnwind
VirtualQuery
EncodePointer
InterlockedPushEntrySList
InterlockedFlushSList
RaiseException
EnterCriticalSection
TlsGetValue
DeleteCriticalSection
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsSetValue

Exports

Exports

_CreateFrameInfo
_CxxThrowException
_EH_prolog
_FindAndUnlinkFrame
_IsExceptionObjectToBeDestroyed
_NLG_Dispatch2
_NLG_Return
_NLG_Return2
_SetWinRTOutOfMemoryExceptionCallback
__AdjustPointer
__BuildCatchObject
__BuildCatchObjectHelper
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxFrameHandler2
__CxxFrameHandler3
__CxxLongjmpUnwind
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__FrameUnwindFilter
__GetPlatformExceptionInfo
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__TypeMatch
__current_exception
__current_exception_context
__intrinsic_setjmp
__processing_throw
__report_gsfailure
__std_exception_copy
__std_exception_destroy
__std_terminate
__std_type_info_compare
__std_type_info_destroy_list
__std_type_info_hash
__std_type_info_name
__telemetry_main_invoke_trigger
__telemetry_main_return_trigger
__unDName
__unDNameEx
__uncaught_exception
__uncaught_exceptions
__vcrt_GetModuleFileNameW
__vcrt_GetModuleHandleW
__vcrt_InitializeCriticalSectionEx
__vcrt_LoadLibraryExW
_chkesp
_except_handler2
_except_handler3
_except_handler4_common
_get_purecall_handler
_get_unexpected
_global_unwind2
_is_exception_typeof
_local_unwind2
_local_unwind4
_longjmpex
_purecall
_seh_longjmp_unwind
_seh_longjmp_unwind4
_set_purecall_handler
_set_se_translator
_setjmp3
longjmp
memchr
memcmp
memcpy
memmove
memset
set_unexpected
strchr
strrchr
strstr
unexpected
wcschr
wcsrchr
wcsstr

Sections

.text
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
101.34.205.247:8080/vshell_x86/uninstall.exe
.exe windows:6 windows x86 arch:x86

abe504c523d3fc4f1c0b2f391d68a263

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\a\_work\1\s\binaries\x86ret\bin\i386\cvtres.pdb

Imports

advapi32

CryptDestroyHash
CryptHashData
CryptCreateHash
CryptAcquireContextW
CryptGetHashParam

kernel32

FindResourceExW
LoadResource
LoadLibraryExW
GetProcAddress
GetModuleHandleW
CreateFileW
GetLastError
GetFileSize
CreateFileMappingW
MapViewOfFile
CloseHandle
UnmapViewOfFile
SetErrorMode
GetEnvironmentVariableW
WideCharToMultiByte
MapViewOfFileEx
GetFileType
GetConsoleMode
FindFirstFileW
HeapFree
FindNextFileW
GetThreadPreferredUILanguages
FindClose
HeapAlloc
GetProcessHeap
SetThreadPreferredUILanguages
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter

vcruntime140

_except_handler4_common
memset
__current_exception_context
memcpy
__CxxFrameHandler3
__current_exception
memcmp
memmove

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
free

api-ms-win-crt-string-l1-1-0

wcsncat_s
_wcsdup
_wcsicmp
wcscpy_s
_wcsnicmp
wcsncpy_s
_strnicmp

api-ms-win-crt-runtime-l1-1-0

exit
__doserrno
__p__wpgmptr
_crt_atexit
_errno
_seh_filter_exe
_set_app_type
_controlfp_s
_configure_wide_argv
_initialize_wide_environment
_get_initial_wide_environment
_initterm
_initterm_e
_exit
__p___argc
_register_onexit_function
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
terminate
_initialize_onexit_table
__p___wargv

api-ms-win-crt-locale-l1-1-0

setlocale
_configthreadlocale

api-ms-win-crt-filesystem-l1-1-0

_wsplitpath_s
_wmakepath_s
_wfullpath
_wremove

api-ms-win-crt-time-l1-1-0

_time64
_tzset

api-ms-win-crt-stdio-l1-1-0

_chsize
__stdio_common_vsprintf_s
_wfsopen
fclose
__stdio_common_vfwprintf
fputwc
__stdio_common_vswscanf
_set_fmode
__acrt_iob_func
_fcloseall
fwrite
ftell
fseek
fread
_fileno
_get_osfhandle
__p__commode
fputws

api-ms-win-crt-conio-l1-1-0

_cputws
_putwch
__conio_common_vcwprintf

api-ms-win-crt-convert-l1-1-0

_itow_s
wcstoul
_ultow_s

api-ms-win-crt-environment-l1-1-0

_wgetcwd

api-ms-win-crt-math-l1-1-0

__setusermatherr

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
101.34.205.247:8080/vshell_x86/vcruntime140.dll
.dll windows:6 windows x86 arch:x86

582baffa61398d91fecd31e121380570

Code Sign

33:00:00:00:f7:80:de:c4:94:54:79:46:07:00:00:00:00:00:f7
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2013,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2023 19:43

Not After

16-10-2024 19:43

Subject

CN=Microsoft Windows Software Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:14:9d:fb:c3:1f:1f:63:c3:10:00:00:00:00:00:14
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01-05-2013 20:44

Not After

01-05-2028 20:54

Subject

CN=Microsoft Windows Third Party Component CA 2013,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:03:a4:cb:e3:56:b8:cb:7f:e4:27:00:00:00:00:03:a4
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2023 19:51

Not After

16-10-2024 19:51

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8a:9a:f1:09:5b:1b:c7:0b:19:45:68:a5:bb:19:f4:02:44:63:b3:e9:c2:ab:af:75:7c:6f:c5:8a:e0:42:7c:21
Signer

Actual PE Digest

8a:9a:f1:09:5b:1b:c7:0b:19:45:68:a5:bb:19:f4:02:44:63:b3:e9:c2:ab:af:75:7c:6f:c5:8a:e0:42:7c:21

Digest Algorithm

sha256

PE Digest Matches

false

8a:9a:f1:09:5b:1b:c7:0b:19:45:68:a5:bb:19:f4:02:44:63:b3:e9:c2:ab:af:75:7c:6f:c5:8a:e0:42:7c:21
Signer

Actual PE Digest

8a:9a:f1:09:5b:1b:c7:0b:19:45:68:a5:bb:19:f4:02:44:63:b3:e9:c2:ab:af:75:7c:6f:c5:8a:e0:42:7c:21

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

gdi32

BitBlt
CreateCompatibleDC
CreateDIBSection
DeleteDC
DeleteObject
GetDeviceCaps
SelectObject

kernel32

AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateFileA
CreateIoCompletionPort
CreateThread
CreateWaitableTimerExW
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
ExitProcess
FreeEnvironmentStringsW
FreeLibrary
GetConsoleMode
GetCurrentThreadId
GetEnvironmentStringsW
GetErrorMode
GetLastError
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessAffinityMask
GetProcessHeap
GetQueuedCompletionStatusEx
GetStdHandle
GetSystemDirectoryA
GetSystemInfo
GetThreadContext
HeapUnlock
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
MultiByteToWideChar
PostQueuedCompletionStatus
RaiseFailFastException
ResumeThread
SetConsoleCtrlHandler
SetErrorMode
SetEvent
SetProcessPriorityBoost
SetThreadContext
SetUnhandledExceptionFilter
SetWaitableTimer
Sleep
SuspendThread
SwitchToThread
TlsAlloc
TlsGetValue
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WerGetFlags
WerSetFlags
WideCharToMultiByte
WriteConsoleW
WriteFile
lstrcmpiW

msvcrt

__mb_cur_max
_amsg_exit
_assert
_beginthread
_errno
_initterm
_iob
_lock
_unlock
abort
atoi
calloc
clock
fputc
free
fwrite
isupper
localeconv
malloc
memcpy
realloc
setlocale
strchr
strcpy
strerror
strlen
strncmp
vfprintf
time
wcslen

user32

ClientToScreen
EnumDisplayMonitors
EnumWindows
GetClientRect
GetCursorPos
GetDC
GetDesktopWindow
GetForegroundWindow
GetSystemMetrics
GetWindowLongA
GetWindowRect
GetWindowTextA
GetWindowThreadProcessId
IsWindow
MapVirtualKeyA
MessageBoxA
PostMessageA
PostMessageW
ReleaseDC
SendInput
SetForegroundWindow
SetWindowPos
ShowWindow
VkKeyScanA

Exports

Exports

_CreateFrameInfo
_CxxThrowException
_EH_prolog
_FindAndUnlinkFrame
_IsExceptionObjectToBeDestroyed
_NLG_Dispatch2
_NLG_Return
_NLG_Return2
_SetWinRTOutOfMemoryExceptionCallback
__AdjustPointer
__BuildCatchObject
__BuildCatchObjectHelper
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxFrameHandler2
__CxxFrameHandler3
__CxxLongjmpUnwind
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__FrameUnwindFilter
__GetPlatformExceptionInfo
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__TypeMatch
__current_exception
__current_exception_context
__intrinsic_setjmp
__processing_throw
__report_gsfailure
__std_exception_copy
__std_exception_destroy
__std_terminate
__std_type_info_compare
__std_type_info_destroy_list
__std_type_info_hash
__std_type_info_name
__telemetry_main_invoke_trigger
__telemetry_main_return_trigger
__unDName
__unDNameEx
__uncaught_exception
__uncaught_exceptions
__vcrt_GetModuleFileNameW
__vcrt_GetModuleHandleW
__vcrt_InitializeCriticalSectionEx
__vcrt_LoadLibraryExW
_chkesp
_except_handler2
_except_handler3
_except_handler4_common
_get_purecall_handler
_get_unexpected
_global_unwind2
_is_exception_typeof
_local_unwind2
_local_unwind4
_longjmpex
_purecall
_seh_longjmp_unwind
_seh_longjmp_unwind4
_set_purecall_handler
_set_se_translator
_setjmp3
longjmp
memchr
memcmp
memcpy
memmove
memset
set_unexpected
strchr
strrchr
strstr
unexpected
wcschr
wcsrchr
wcsstr

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 190KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 283KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
101.34.205.247:8080/x86.exe
.exe windows:6 windows x86 arch:x86

76dc543bb336dc462cc5429c1182ea0a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

21:dd:22:7a:55:92:b5:4f:ce:64:9d:98:38:fa:c0:6b
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

09-12-2016 00:00

Not After

07-02-2020 23:59

Subject

CN=Bandisoft,O=Bandisoft,L=Yeongdeungpogu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:dd:22:7a:55:92:b5:4f:ce:64:9d:98:38:fa:c0:6b
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

09-12-2016 00:00

Not After

07-02-2020 23:59

Subject

CN=Bandisoft,O=Bandisoft,L=Yeongdeungpogu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

19-02-2018 00:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign TSA for Advanced - G2

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02-08-2011 10:00

Not After

29-03-2029 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

57:db:c8:3c:fe:ed:85:c9:7e:86:09:22:00:41:2a:b0:bb:14:39:54:21:90:a0:b3:ac:29:ca:72:32:b5:0d:9a
Signer

Actual PE Digest

57:db:c8:3c:fe:ed:85:c9:7e:86:09:22:00:41:2a:b0:bb:14:39:54:21:90:a0:b3:ac:29:ca:72:32:b5:0d:9a

Digest Algorithm

sha256

PE Digest Matches

false

1c:5f:86:e2:0f:d3:87:d6:25:a3:b3:c2:c5:8a:9f:d8:54:3d:83:cb
Signer

Actual PE Digest

1c:5f:86:e2:0f:d3:87:d6:25:a3:b3:c2:c5:8a:9f:d8:54:3d:83:cb

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\devel\Ark6\bin\Updater.pdb

Imports

kernel32

GetTempPathW
DeleteFileW
lstrlenW
GetFileAttributesW
GetFileSize
GetFileSizeEx
LocalFree
SetFileAttributesW
WideCharToMultiByte
MultiByteToWideChar
WaitForSingleObject
GetCurrentProcessId
TerminateProcess
GetSystemInfo
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
LocalAlloc
FileTimeToLocalFileTime
MulDiv
lstrcmpW
WriteFile
Sleep
InitializeCriticalSection
CreateEventW
DeleteCriticalSection
SetEvent
EnterCriticalSection
LeaveCriticalSection
lstrcmpiW
RaiseException
LoadLibraryExW
InitializeCriticalSectionEx
GetCurrentThreadId
CreateMutexW
GetLocalTime
DecodePointer
GetModuleFileNameW
WriteConsoleW
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStringTypeW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
SetFilePointerEx
GetFileType
LCMapStringW
CompareStringW
GetStdHandle
ExitProcess
GetCommandLineW
GetCommandLineA
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
QueryPerformanceCounter
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
InitializeCriticalSectionAndSpinCount
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
IsDebuggerPresent
GetCurrentProcess
FreeLibrary
GetProcAddress
GetModuleHandleW
SetLastError
FindClose
FindNextFileW
VirtualQuery
GetTimeZoneInformation
FileTimeToSystemTime
GetSystemTimeAsFileTime
ReadFile
SetFilePointer
CreateFileW
GetTickCount64
OutputDebugStringW
CloseHandle
VirtualProtect
GetLastError

user32

SetPropW
PostMessageW
LoadIconW
GetClassInfoW
MonitorFromWindow
GetWindow
SetDlgItemTextW
MessageBoxW
EnableWindow
GetActiveWindow
GetPropW
UnregisterClassW
RemovePropW
SendMessageW
SystemParametersInfoW
GetWindowRect
GetMonitorInfoW
OffsetRect
DialogBoxParamW
EndDialog
GetMessageW
DefWindowProcW
SetTimer
PostQuitMessage
RegisterClassW
KillTimer
RegisterClassExW
GetClassInfoExW
CallWindowProcW
ShowWindow
GetSysColor
FindWindowW
CharNextW
EqualRect
MoveWindow
GetWindowLongW
SetWindowPos
TranslateMessage
DispatchMessageW
GetParent
GetDesktopWindow
FindWindowExW
IsWindowVisible
GetWindowTextW
EnumChildWindows
MapWindowPoints
SetWindowTextW
GetDlgCtrlID
SetRect
SubtractRect
SetRectEmpty
GetClassLongW
GetClassNameW
IsRectEmpty
GetDlgItem
InvalidateRect
CreateWindowExW
GetClientRect
SetWindowLongW
LoadCursorW
RegisterWindowMessageW
ReleaseDC
GetDC

gdi32

CreateFontIndirectW
CreateSolidBrush
CreateFontW
DeleteObject
GetDeviceCaps
SelectObject
GetObjectW
GetStockObject
GetTextExtentPoint32W

advapi32

RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

shell32

ShellExecuteW

ole32

CoUninitialize
OleUninitialize
CoInitialize
OleInitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
OleSetContainedObject
OleCreate

oleaut32

SysFreeString
VarUI4FromStr
SysAllocString
VariantClear
VariantInit

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wininet

HttpOpenRequestA
HttpSendRequestW
InternetErrorDlg
InternetQueryOptionW
HttpAddRequestHeadersW
InternetConnectA
InternetOpenW
InternetCrackUrlA
InternetCloseHandle
InternetSetOptionW
InternetQueryDataAvailable
InternetReadFile
HttpQueryInfoW

Sections

.text
Size: 244KB - Virtual size: 243KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
__MACOSX/101.34.205.247:8080/._.DS_Store
__MACOSX/101.34.205.247:8080/cs/._.DS_Store
__MACOSX/101.34.205.247:8080/vshell_x86/._.DS_Store

Sharing

General

Malware Config

Extracted

Signatures

Files

6b4ebbc76a24a32743d71833b7b047b2

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

07Certificate

Key Usages

f8:49:5e:22:4e:fa:55:d4Certificate

Extended Key Usages

Key Usages

57:fd:cb:8d:e2:14:e7:74:18:99:1b:27:43:ff:da:d6:a6:70:b4:1eSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

rpcrt4

wininet

ws2_32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

Sections

.text Size: 328KB - Virtual size: 327KB

.rdata Size: 134KB - Virtual size: 134KB

.data Size: 7KB - Virtual size: 13KB

.pdata Size: 15KB - Virtual size: 14KB

.rsrc Size: 7KB - Virtual size: 7KB

c8cab1972b3ba5955077d319a689516c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

msimg32

shlwapi

uxtheme

gdiplus

oleacc

imm32

winmm

gdi32

winspool.drv

oleaut32

Exports

Exports

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 543KB - Virtual size: 543KB

.data Size: 30KB - Virtual size: 68KB

.pdata Size: 85KB - Virtual size: 85KB

.detourc Size: 8KB - Virtual size: 8KB

.detourd Size: 512B - Virtual size: 24B

_RDATA Size: 512B - Virtual size: 252B

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 59KB - Virtual size: 58KB

7ee2ff4d75ec27ee2f4e0cc4e2424986

Headers

DLL Characteristics

File Characteristics

PDB Paths

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

07
Certificate

f8:49:5e:22:4e:fa:55:d4
Certificate

57:fd:cb:8d:e2:14:e7:74:18:99:1b:27:43:ff:da:d6:a6:70:b4:1e
Signer

.text
Size: 328KB - Virtual size: 327KB

.rdata
Size: 134KB - Virtual size: 134KB

.data
Size: 7KB - Virtual size: 13KB

.pdata
Size: 15KB - Virtual size: 14KB

.rsrc
Size: 7KB - Virtual size: 7KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 543KB - Virtual size: 543KB

.data
Size: 30KB - Virtual size: 68KB

.pdata
Size: 85KB - Virtual size: 85KB

.detourc
Size: 8KB - Virtual size: 8KB

.detourd
Size: 512B - Virtual size: 24B

_RDATA
Size: 512B - Virtual size: 252B

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 59KB - Virtual size: 58KB

.text
Size: 2.6MB - Virtual size: 2.6MB

.rdata
Size: 330KB - Virtual size: 330KB

.data
Size: 66KB - Virtual size: 138KB

.pdata
Size: 36KB - Virtual size: 35KB

.00cfg
Size: 512B - Virtual size: 48B

.gxfg
Size: 12KB - Virtual size: 12KB

.retplne
Size: 512B - Virtual size: 136B

.rodata
Size: 5KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 329B

_RDATA
Size: 512B - Virtual size: 348B

malloc_h
Size: 512B - Virtual size: 236B

.rsrc
Size: 227KB - Virtual size: 227KB

.reloc
Size: 5KB - Virtual size: 5KB

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0f:7b:b7:80:66:44:45:4c:59:d0:14:a8:db:b7:1b:6b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

dd:41:84:23:3a:f8:69:0e:1e:87:8f:0c:4a:25:00:dd:63:21:02:fe:ce:72:d1:82:c6:2f:0f:ac:07:d1:65:70
Signer

.text
Size: 845KB - Virtual size: 844KB

.rdata
Size: 233KB - Virtual size: 232KB

.data
Size: 23KB - Virtual size: 31KB

.pdata
Size: 64KB - Virtual size: 64KB

CPADinfo
Size: 512B - Virtual size: 56B

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 1024B - Virtual size: 812B

.reloc
Size: 4KB - Virtual size: 4KB