C:\projects\jint\Jint\obj\Release\net451\Jint.pdb
Behavioral task
behavioral1
Sample
Mail Access Checker by xRisky v2 [Free version].rar
Resource
win11-20241007-en
collectioncredential_accessdefense_evasiondiscoveryexecutionpersistenceprivilege_escalationspywarestealerupx
windows11-21h2-x64
31 signatures
150 seconds
General
-
Target
Mail Access Checker by xRisky v2 [Free version].rar
-
Size
173.8MB
-
MD5
a6b32c78de05f46e70353c4ef78835d7
-
SHA1
df2308aaa56a7171363a45ad74d4066395fdb28e
-
SHA256
b823e4a9a2d447217bcc6c7a7f67cabd36eab432d7d7e9d6b580fadba2446667
-
SHA512
34598fa8f4b353534ad0da5c98e16ec98794100c16879cad66cb51c9f985a5c211e7e012473c86643afec6440d51e793cb03787035609d5c5fc8e82c4479fc03
-
SSDEEP
3145728:rdmoIl768Uzz+3baQahQQAlDHor/Jp3Jqm8zV/Qlrt33VxI6C8mRHll6D1Gs:clu8UPihorD3J8Ql13VxiDRHll6R
Score
10/10
Malware Config
Signatures
-
A stealer written in Python and packaged with Pyinstaller 1 IoCs
resource yara_rule static1/unpack002/����i��.pyc blankgrabber -
Blankgrabber family
-
Unsigned PE 6 IoCs
Checks for missing Authenticode signature.
resource unpack001/Mail Access Checker by xRisky v2 [Free version]/Data/Jint.dll unpack001/Mail Access Checker by xRisky v2 [Free version]/Data/Leaf.xNet.dll unpack001/Mail Access Checker by xRisky v2 [Free version]/Data/Modules/Checker1.exe unpack001/Mail Access Checker by xRisky v2 [Free version]/Data/Modules/Jint.dll unpack001/Mail Access Checker by xRisky v2 [Free version]/Data/Modules/Leaf.xNet.dll unpack001/Mail Access Checker by xRisky v2 [Free version]/Mailaccess Checker by xRisky v2.exe
Files
-
Mail Access Checker by xRisky v2 [Free version].rar.rar
-
98k+.txt
-
Mail Access Checker by xRisky v2 [Free version]/Data/Jint.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
Imports
mscoree
_CorDllMain
Sections
.text Size: 242KB - Virtual size: 241KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 668B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Mail Access Checker by xRisky v2 [Free version]/Data/Leaf.xNet.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
mscoree
_CorDllMain
Sections
.text Size: 140KB - Virtual size: 139KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1000B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Mail Access Checker by xRisky v2 [Free version]/Data/Modules/Checker.exe.exe windows:6 windows x64 arch:x64
a06f302f71edd380da3d5bf4a6d94ebd
Code Sign
48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate
IssuerCN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GBNot Before25-05-2021 00:00Not After31-12-2028 23:59SubjectCN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6eCertificate
IssuerCN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GBNot Before22-03-2021 00:00Not After21-03-2036 23:59SubjectCN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
bf:b1:50:01:bb:f5:92:d4:96:2a:77:97:ea:73:6f:a3Certificate
IssuerCN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GBNot Before29-09-2021 00:00Not After28-09-2024 23:59SubjectSERIALNUMBER=407950,CN=Akeo Consulting,O=Akeo Consulting,ST=Donegal,C=IE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024945Extended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate
IssuerCN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before12-01-2016 00:00Not After11-01-2031 23:59SubjectCN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate
IssuerCN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USNot Before23-12-2017 00:00Not After22-03-2029 23:59SubjectCN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
10:5c:7c:cb:ae:47:79:cb:44:6e:05:a0:1f:b6:d0:aa:44:65:f2:d2:e0:4f:6c:22:60:c5:bb:e4:c5:bc:75:32Signer
Actual PE Digest10:5c:7c:cb:ae:47:79:cb:44:6e:05:a0:1f:b6:d0:aa:44:65:f2:d2:e0:4f:6c:22:60:c5:bb:e4:c5:bc:75:32Digest Algorithmsha256PE Digest MatchesfalseHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
user32
TranslateMessage
ShutdownBlockReasonCreate
GetWindowThreadProcessId
SetWindowLongPtrW
GetWindowLongPtrW
MsgWaitForMultipleObjects
ShowWindow
DestroyWindow
CreateWindowExW
RegisterClassW
DefWindowProcW
PeekMessageW
DispatchMessageW
GetMessageW
kernel32
GetTimeZoneInformation
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetStringTypeW
FormatMessageW
GetLastError
GetModuleFileNameW
LoadLibraryExW
SetDllDirectoryW
CreateSymbolicLinkW
GetProcAddress
CreateDirectoryW
GetCommandLineW
GetEnvironmentVariableW
ExpandEnvironmentStringsW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
HeapSize
RemoveDirectoryW
GetTempPathW
CloseHandle
QueryPerformanceCounter
QueryPerformanceFrequency
WaitForSingleObject
Sleep
GetCurrentProcess
GetCurrentProcessId
TerminateProcess
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
FreeLibrary
LocalFree
SetConsoleCtrlHandler
GetConsoleWindow
K32EnumProcessModules
K32GetModuleFileNameExW
CreateFileW
FindFirstFileExW
GetFinalPathNameByHandleW
MultiByteToWideChar
WideCharToMultiByte
GetFileAttributesExW
HeapReAlloc
WriteConsoleW
SetEndOfFile
GetDriveTypeW
IsDebuggerPresent
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetModuleHandleW
RtlUnwindEx
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
RaiseException
RtlPcToFileHeader
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ReadFile
GetFullPathNameW
SetStdHandle
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
GetCommandLineA
HeapFree
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleOutputCP
GetFileSizeEx
HeapAlloc
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
GetCurrentDirectoryW
FlushFileBuffers
SetEnvironmentVariableW
advapi32
ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken
ConvertStringSecurityDescriptorToSecurityDescriptorW
Sections
.text Size: 172KB - Virtual size: 172KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 74KB - Virtual size: 74KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 68KB - Virtual size: 67KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
����i��.pyc
-
Mail Access Checker by xRisky v2 [Free version]/Data/Modules/Checker1.exe.exe windows:4 windows x64 arch:x64
00257f821e41c50431687c7fdd2cf671
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
FreeLibrary
Sleep
SetLastError
HeapFree
GetProcessHeap
HeapReAlloc
HeapAlloc
InitializeCriticalSection
DeleteCriticalSection
GetUserDefaultUILanguage
FindResourceExA
CompareStringW
GetCurrentProcessId
CloseHandle
SetEvent
GetLastError
WaitForSingleObject
CompareStringA
FormatMessageA
WriteFile
SetFileTime
GetModuleFileNameW
lstrcpyW
GetSystemTimeAsFileTime
FindFirstFileW
FindClose
lstrcatW
CreateFileA
ReadFile
IsBadReadPtr
CreateEventA
GetModuleFileNameA
SetFilePointer
GetCurrentProcess
GetVolumeInformationA
GetWindowsDirectoryA
FlushInstructionCache
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
GetTickCount
GetStringTypeW
GetStringTypeA
QueryPerformanceCounter
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
SetHandleCount
LCMapStringW
LCMapStringA
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetCPInfo
RtlVirtualUnwind
HeapCreate
HeapSetInformation
GetStdHandle
FlsAlloc
TlsSetValue
GetCurrentThreadId
FlsFree
TlsFree
FlsSetValue
FlsGetValue
RtlUnwindEx
RtlLookupFunctionEntry
RtlPcToFileHeader
GetStartupInfoW
RtlCaptureContext
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemInfo
VirtualAlloc
CreateThread
ResumeThread
ExitThread
GetThreadLocale
GetLocaleInfoA
GetACP
HeapSize
HeapDestroy
GetVersionExA
RaiseException
SetEnvironmentVariableW
WideCharToMultiByte
lstrlenW
lstrcmpiW
SetEnvironmentVariableA
IsBadWritePtr
VirtualProtect
VirtualQuery
GetModuleHandleA
lstrcmpiA
MultiByteToWideChar
ExitProcess
lstrcmpA
LoadLibraryA
GetProcAddress
LeaveCriticalSection
EnterCriticalSection
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
LockResource
LoadResource
SizeofResource
FindResourceA
lstrcpyA
lstrlenA
user32
UnregisterClassA
GetMessageA
DrawIcon
DispatchMessageA
LoadIconA
CreateDialogIndirectParamA
SetTimer
EndPaint
KillTimer
DestroyWindow
EndDialog
GetDC
FillRect
GetClientRect
ReleaseDC
SetClassLongA
PtInRect
GetWindowRect
SetCursor
GetWindowLongA
LoadCursorA
GetSystemMetrics
SetWindowLongA
GetParent
GetCursorPos
GetDesktopWindow
MapWindowPoints
LoadStringA
TranslateMessage
SetWindowPos
SendMessageA
SetForegroundWindow
ReleaseCapture
PostMessageA
BeginPaint
TrackMouseEvent
SetActiveWindow
IsDialogMessageA
EnableWindow
SetWindowLongPtrA
GetActiveWindow
UpdateWindow
AdjustWindowRectEx
OffsetRect
CreateWindowExA
LoadImageA
RegisterClassExA
ScreenToClient
GetWindowTextLengthA
DefWindowProcA
SetWindowTextA
ShowWindow
TranslateAcceleratorA
SetFocus
DrawFocusRect
DrawTextA
GetWindowTextA
SetCapture
DrawEdge
CallWindowProcA
InvalidateRect
GetClassNameA
GetWindowLongPtrA
PostQuitMessage
MessageBoxA
wsprintfA
gdi32
GetObjectA
SelectObject
GetDIBColorTable
StretchBlt
DeleteObject
CreateDIBSection
TextOutA
CreateCompatibleBitmap
SetBkMode
GetStockObject
SetTextColor
SetDIBColorTable
CreateFontIndirectA
CreateSolidBrush
CreateCompatibleDC
LineTo
DeleteDC
MoveToEx
CreatePen
GetTextExtentPointA
BitBlt
advapi32
RegDeleteValueA
RegCreateKeyExA
RegCloseKey
RegSetValueExA
RegQueryValueExA
ole32
CoCreateInstance
CoInitializeEx
CreateStreamOnHGlobal
CoSetProxyBlanket
oleaut32
GetErrorInfo
SafeArrayGetElement
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
SafeArrayDestroy
SysAllocString
SysFreeString
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocStringLen
VariantInit
VariantClear
VariantChangeType
SafeArrayPutElement
SafeArrayGetUBound
SafeArrayGetLBound
shlwapi
StrRChrW
gdiplus
GdiplusStartup
GdipFree
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipDeleteGraphics
GdipAlloc
GdipDisposeImage
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageGraphicsContext
GdipCloneImage
GdipBitmapUnlockBits
GdipBitmapLockBits
GdiplusShutdown
GdipDrawImageI
GdipGetImagePaletteSize
GdipGetImageWidth
msimg32
TransparentBlt
AlphaBlend
iphlpapi
GetAdaptersInfo
version
VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
Sections
.text Size: 434KB - Virtual size: 433KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 170KB - Virtual size: 170KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1.7MB - Virtual size: 1.7MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 25KB - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.I:R Size: 4.2MB - Virtual size: 4.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 61.1MB - Virtual size: 61.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Mail Access Checker by xRisky v2 [Free version]/Data/Modules/Jint.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
C:\projects\jint\Jint\obj\Release\net451\Jint.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 242KB - Virtual size: 241KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 668B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Mail Access Checker by xRisky v2 [Free version]/Data/Modules/Leaf.xNet.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
mscoree
_CorDllMain
Sections
.text Size: 140KB - Virtual size: 139KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1000B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Mail Access Checker by xRisky v2 [Free version]/Data/Modules/Newtonsoft.Json.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Code Sign
06:ce:e1:31:be:6d:55:c8:07:f7:c0:c7:fb:44:e6:20Certificate
IssuerCN=DigiCert CS RSA4096 Root G5,O=DigiCert\, Inc.,C=USNot Before15-01-2021 00:00Not After14-01-2046 23:59SubjectCN=DigiCert CS RSA4096 Root G5,O=DigiCert\, Inc.,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0a:de:32:e9:50:9b:44:aa:34:b1:da:f1:bc:0e:c8:73Certificate
IssuerCN=DigiCert CS RSA4096 Root G5,O=DigiCert\, Inc.,C=USNot Before15-07-2021 00:00Not After14-07-2031 23:59SubjectCN=.NET Foundation Projects Code Signing CA2,O=.NET Foundation,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0c:d1:40:7a:5a:bd:ed:43:d5:c1:73:12:1d:38:c5:29Certificate
IssuerCN=.NET Foundation Projects Code Signing CA2,O=.NET Foundation,C=USNot Before13-08-2021 00:00Not After29-10-2024 23:59SubjectSERIALNUMBER=603 389 068,CN=Json.NET (.NET Foundation),O=Json.NET (.NET Foundation),L=Redmond,ST=Washington,C=US,1.3.6.1.4.1.311.60.2.1.2=#130a57617368696e67746f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6eExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate
IssuerCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USNot Before21-09-2022 00:00Not After21-11-2033 23:59SubjectCN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before23-03-2022 00:00Not After22-03-2037 23:59SubjectCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before01-08-2022 00:00Not After09-11-2031 23:59SubjectCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
3a:57:8c:7c:68:8b:18:66:50:3e:ca:01:8e:c9:25:ce:98:4d:c3:92:f9:6d:09:57:64:2e:4c:79:0e:24:5a:52Signer
Actual PE Digest3a:57:8c:7c:68:8b:18:66:50:3e:ca:01:8e:c9:25:ce:98:4d:c3:92:f9:6d:09:57:64:2e:4c:79:0e:24:5a:52Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
/_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 681KB - Virtual size: 680KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Mail Access Checker by xRisky v2 [Free version]/Data/Newtonsoft.Json.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Code Sign
06:ce:e1:31:be:6d:55:c8:07:f7:c0:c7:fb:44:e6:20Certificate
IssuerCN=DigiCert CS RSA4096 Root G5,O=DigiCert\, Inc.,C=USNot Before15-01-2021 00:00Not After14-01-2046 23:59SubjectCN=DigiCert CS RSA4096 Root G5,O=DigiCert\, Inc.,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0a:de:32:e9:50:9b:44:aa:34:b1:da:f1:bc:0e:c8:73Certificate
IssuerCN=DigiCert CS RSA4096 Root G5,O=DigiCert\, Inc.,C=USNot Before15-07-2021 00:00Not After14-07-2031 23:59SubjectCN=.NET Foundation Projects Code Signing CA2,O=.NET Foundation,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0c:d1:40:7a:5a:bd:ed:43:d5:c1:73:12:1d:38:c5:29Certificate
IssuerCN=.NET Foundation Projects Code Signing CA2,O=.NET Foundation,C=USNot Before13-08-2021 00:00Not After29-10-2024 23:59SubjectSERIALNUMBER=603 389 068,CN=Json.NET (.NET Foundation),O=Json.NET (.NET Foundation),L=Redmond,ST=Washington,C=US,1.3.6.1.4.1.311.60.2.1.2=#130a57617368696e67746f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6eExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate
IssuerCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USNot Before21-09-2022 00:00Not After21-11-2033 23:59SubjectCN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before23-03-2022 00:00Not After22-03-2037 23:59SubjectCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before01-08-2022 00:00Not After09-11-2031 23:59SubjectCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
3a:57:8c:7c:68:8b:18:66:50:3e:ca:01:8e:c9:25:ce:98:4d:c3:92:f9:6d:09:57:64:2e:4c:79:0e:24:5a:52Signer
Actual PE Digest3a:57:8c:7c:68:8b:18:66:50:3e:ca:01:8e:c9:25:ce:98:4d:c3:92:f9:6d:09:57:64:2e:4c:79:0e:24:5a:52Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
/_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 681KB - Virtual size: 680KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Mail Access Checker by xRisky v2 [Free version]/Database/Database [Free version].db
-
Mail Access Checker by xRisky v2 [Free version]/Mailaccess Checker by xRisky v2.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
C:\Users\HawX\source\repos\ConsoleApp1\ConsoleApp1\obj\Release\ConsoleApp1.pdb
Imports
mscoree
_CorExeMain
Sections
.text Size: 323KB - Virtual size: 322KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 258KB - Virtual size: 257KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Mail Access Checker by xRisky v2 [Free version]/x64/SQLite.Interop.dll.dll windows:6 windows x64 arch:x64
d99c34fbf4a27bd49bd158efcb5d8cc5
Code Sign
08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before29-04-2021 00:00Not After28-04-2036 23:59SubjectCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
05:0c:c7:2c:cf:31:ae:9b:2e:36:41:0a:d0:ee:98:92Certificate
IssuerCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USNot Before01-10-2021 00:00Not After12-12-2024 23:59SubjectSERIALNUMBER=364617-96,CN=Mistachkin Systems (Joseph Mistachkin),O=Mistachkin Systems (Joseph Mistachkin),L=Beaverton,ST=Oregon,C=US,1.3.6.1.4.1.311.60.2.1.2=#13064f7265676f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#130f427573696e65737320456e74697479Extended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate
IssuerCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USNot Before21-09-2022 00:00Not After21-11-2033 23:59SubjectCN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before23-03-2022 00:00Not After22-03-2037 23:59SubjectCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before01-08-2022 00:00Not After09-11-2031 23:59SubjectCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before29-04-2021 00:00Not After28-04-2036 23:59SubjectCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
05:0c:c7:2c:cf:31:ae:9b:2e:36:41:0a:d0:ee:98:92Certificate
IssuerCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USNot Before01-10-2021 00:00Not After12-12-2024 23:59SubjectSERIALNUMBER=364617-96,CN=Mistachkin Systems (Joseph Mistachkin),O=Mistachkin Systems (Joseph Mistachkin),L=Beaverton,ST=Oregon,C=US,1.3.6.1.4.1.311.60.2.1.2=#13064f7265676f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#130f427573696e65737320456e74697479Extended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate
IssuerCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USNot Before21-09-2022 00:00Not After21-11-2033 23:59SubjectCN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before23-03-2022 00:00Not After22-03-2037 23:59SubjectCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before01-08-2022 00:00Not After09-11-2031 23:59SubjectCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
cf:d4:f4:c6:67:41:51:25:50:fe:04:71:14:50:fb:c3:8a:96:d0:e8:62:36:97:2d:eb:8d:05:97:81:a3:1e:a9:08:57:1c:47:e4:b3:9c:61:07:82:ad:63:6c:e8:02:52:73:2c:bf:34:b4:5d:5e:81:4d:22:e1:53:b2:5d:e2:13Signer
Actual PE Digestcf:d4:f4:c6:67:41:51:25:50:fe:04:71:14:50:fb:c3:8a:96:d0:e8:62:36:97:2d:eb:8d:05:97:81:a3:1e:a9:08:57:1c:47:e4:b3:9c:61:07:82:ad:63:6c:e8:02:52:73:2c:bf:34:b4:5d:5e:81:4d:22:e1:53:b2:5d:e2:13Digest Algorithmsha512PE Digest Matchestrueb6:7a:e6:77:bc:d2:69:c2:1a:a2:30:5d:0d:3c:28:b0:7a:c4:c3:ffSigner
Actual PE Digestb6:7a:e6:77:bc:d2:69:c2:1a:a2:30:5d:0d:3c:28:b0:7a:c4:c3:ffDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
C:\dev\sqlite\dotnet-private\bin\2015\x64\ReleaseNativeOnlyStatic\SQLite.Interop.pdb
Imports
mscoree
CorBindToRuntimeEx
wintrust
WinVerifyTrust
kernel32
GetFullPathNameW
lstrlenW
WriteFile
GetDiskFreeSpaceW
OutputDebugStringA
GetModuleFileNameW
SetEnvironmentVariableW
LockFile
LeaveCriticalSection
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
GetEnvironmentVariableW
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
lstrlenA
GetEnvironmentVariableA
WaitForSingleObject
CreateFileW
GetFileAttributesW
GetCurrentThreadId
lstrcmpA
UnmapViewOfFile
HeapValidate
lstrcatA
HeapSize
MultiByteToWideChar
Sleep
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetLastError
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
EnterCriticalSection
DisableThreadLibraryCalls
LoadLibraryA
lstrcatW
WaitForSingleObjectEx
DeleteFileA
DeleteFileW
HeapReAlloc
CloseHandle
GetSystemInfo
LoadLibraryW
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
GetProcAddress
CreateFileMappingA
LocalFree
LockFileEx
GetFileSize
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
SystemTimeToFileTime
GetModuleHandleW
FreeLibrary
WideCharToMultiByte
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
WriteConsoleW
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
SetStdHandle
RaiseException
HeapFree
HeapCreate
TryEnterCriticalSection
ReadFile
AreFileApisANSI
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CreateFileA
lstrcmpiW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwindEx
InterlockedFlushSList
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameA
CompareStringW
LCMapStringW
GetACP
GetTimeZoneInformation
GetStringTypeW
GetStdHandle
GetFileType
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
user32
wsprintfA
wsprintfW
advapi32
CryptAcquireContextW
CryptEncrypt
CryptDecrypt
CryptCreateHash
CryptDeriveKey
CryptHashData
CryptDestroyHash
CryptReleaseContext
CryptDestroyKey
Exports
Exports
SI0019486164d7bf44
SI02ba66995d97a90f
SI03287dbc8723fdd9
SI04b638e115f7beb4
SI04ce52527311d73d
SI04fc6f8a1e017f73
SI0504e2b10fc984a6
SI08e1b81c309b0697
SI093ec945feac7a9f
SI0a5994a5732236aa
SI0a5abed06696b608
SI0b7b29d9f4d9e9cd
SI0baa26a8603fbeaa
SI0ea978ea1c0d405a
SI106a696fe4411f05
SI11c76cd24cbc4f5a
SI140dacdec9d5041b
SI143d3c343ba8f025
SI14b078570350825e
SI14f276d110ea07d2
SI1698350d8fe62095
SI19682c472152ed2e
SI1b5f3547d13ba432
SI1b7dde7e97584ae2
SI1d073d65c838cf5f
SI1d2e911ac01d0e2a
SI1da0a0558762261c
SI2443a50be142b79d
SI24b9ac65c591ee78
SI257c42d028c92062
SI25e7ed432da5abe2
SI26bead82d146f523
SI26ecabef7303a42d
SI26f15d49d07fe93a
SI279a729adc1377d7
SI2836277b871ce8fa
SI28cd73ca34f8fb73
SI2a15a1761404662d
SI2a54b637f740510b
SI2de6c00a59e7266e
SI2f17e57366f2805e
SI2f719ae9d2d6fe5e
SI3145812b5ff77358
SI3455a1cea238c256
SI350ef657c32efd79
SI352a26dec0656975
SI35b071367928739e
SI36d903e8ae1034f7
SI371968036eb4539a
SI3721ad633fe2573d
SI37ce1131ccb4e11f
SI3862a1ce27ef5703
SI38b2a832762db8ac
SI3a79cd3b97e12d27
SI3b5b10d9ddfee5ca
SI3c382270243917a2
SI3c49f645ceb670cc
SI3cbdfafed17209a8
SI3d262250f51c6b05
SI3d4a59f30e3066e7
SI3eeccb23f013126d
SI4004f11c66fafdc3
SI419eb095ca17491d
SI45c0ebd9695268ad
SI45fe92a006b7a736
SI467bb3798f593774
SI4919ea51262dac3c
SI4a17a8a321d6ec6a
SI4bab566a390e239c
SI4d728c49baeb336f
SI4de37165831bc271
SI4dfb599f3fd3e023
SI5012edaf9a9b576b
SI523067e3e1269727
SI53b960648e352398
SI5460c9874d9a9c36
SI55523c66e4a81c11
SI565732004973ce4e
SI56805d3cb6ea5260
SI58ae048217841433
SI59ef51e4227a1e60
SI5b8b7f6e43119418
SI5c09368f04cf7aa2
SI5cff166c599de746
SI5d045c2b9d9b73fa
SI5ea70b9767a9e9ce
SI606edd9d386f5df5
SI60bfb2a7e6c9c0e3
SI611d33161126275a
SI613bc819b96e1775
SI6187cc864ff10c8f
SI61c731d3f0a5a8a6
SI63f918e55acf1c40
SI66be4ec506ed664f
SI698058cf78c6a869
SI6a086e2f49de7e85
SI72535cfc141a05c2
SI73e26334041d137d
SI747f3b763c8524f5
SI75e0cee60392beec
SI7742db5e5c879069
SI77d1487d2c16c856
SI78561b4f7190c8dd
SI785b181261fdc0bd
SI7991725b877e4051
SI7af3787a4ab6b5b0
SI7d9178711dcd6811
SI7da1c71ef2b6697a
SI7e5af6a8bfaa1747
SI7f2136bd3d2988aa
SI7f3350ed5ca228bf
SI810facc01c4e99e6
SI81dd6ea067523204
SI837eea5ba53f61b3
SI83f01e67cc2cc9a2
SI85018aaa81082789
SI853298524d63488b
SI8554a644a22f6f20
SI8668b1fc92c22ce1
SI87ee2ec0596a27ef
SI8b1f1431e854f393
SI8b4ecf9e9b46e30b
SI8b6fe1d4af2fdb27
SI8bd848f76b779693
SI8c91429ec00ce6ea
SI8f46df6c19cb419c
SI9006fa68bc924c6f
SI947263e5a132a998
SI965595dac5504b14
SI96e96b93e3971a75
SI971aea6e1a3ae173
SI9ced4623ecd3a3df
SI9e7440e5cce5dc43
SI9edfb98001bcad06
SIa0b934f9dd65efc0
SIa0da56ff87b86dd4
SIa0e5ab23d1190dca
SIa129aff02640c9fe
SIa25f4de441a18204
SIa2c646e1460e3d6a
SIa48df0905a06105d
SIa5013de19e424d00
SIa9bfcac726a70265
SIa9d260dfe73149da
SIaa3c70b5d386c1fa
SIaa3fada7ca685a32
SIaa8f19242494c08c
SIabcd6360beb68a2a
SIabe868fb63f052f8
SIac677082e755b84d
SIae3be833182ff91d
SIaebfdeab19641351
SIaf4898799c5c5ab8
SIafa80a0dba5e3a76
SIb21b3064163c0cda
SIb22cf6c68ac1220a
SIb2d853f1157189a5
SIb30987ff703d6e36
SIb369846d768c8d78
SIb3941677af59e24d
SIb41581ca1b61ed15
SIb57167164aea0161
SIb7b5b2f8e5976737
SIb8a2357403777398
SIb99186e559a4aff6
SIba36cbed52191512
SIbae13b5cc010bd67
SIc0ea1e3857b0ec43
SIc0f749663083c28a
SIc0f7fc1c96c2f62b
SIc2aaa7918e50464c
SIc4f8bd1f4b581f4f
SIc5e3cd0a498a1779
SIc63f2c66e9fadd2d
SIc6b2972f1a2dc615
SIc7e5bd609ce4c68a
SIc8e3ed89cf504a6c
SIc9a5f32c73143c77
SIc9f2182c4a948277
SIca49018e24ca57ec
SIcb4a928df499bdf6
SId08a69e2f8f143ba
SId290cb03f3dc3f61
SId56a8ebc35663981
SId59e1d487aca89f9
SId5fff727332fb0f9
SId65d58073bd498dc
SId7d7db98a12d19ea
SIda2943ab88fe2b4e
SIdb6bf1b7b5944bb6
SIdbad5a35d7a3205c
SIde1622bcd84f5091
SIdfd4204af97948d5
SIe0b31ba0fca9dfae
SIe47e4c5201c5334a
SIeb85fb6ed1178f6e
SIed7328d4da7ea496
SIefa0b6ff8825450f
SIf2f03057a674dd64
SIf39369f79e9f653d
SIf44cd2b5614ea7da
SIf5c71e022d4e16c5
SIf61494071db20f41
SIf67c886bb709cc2f
SIf6ca1239c6e3c3e4
SIfe86240eeda8764b
SIfeac64b03115a142
sqlite3_cryptoapi_init
sqlite3_fts5_init
sqlite3_fts_init
sqlite3_percentile_init
sqlite3_regexp_init
sqlite3_sha_init
sqlite3_shathree_init
sqlite3_totype_init
sqlite3_vtshim_init
Sections
.text Size: 1.4MB - Virtual size: 1.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 268KB - Virtual size: 268KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 18KB - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 72KB - Virtual size: 72KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.gfids Size: 512B - Virtual size: 156B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Mail Access Checker by xRisky v2 [Free version]/x86/SQLite.Interop.dll.dll windows:6 windows x86 arch:x86
c7ed3cced4a9a7e77612b9900591b547
Code Sign
08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before29-04-2021 00:00Not After28-04-2036 23:59SubjectCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
05:0c:c7:2c:cf:31:ae:9b:2e:36:41:0a:d0:ee:98:92Certificate
IssuerCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USNot Before01-10-2021 00:00Not After12-12-2024 23:59SubjectSERIALNUMBER=364617-96,CN=Mistachkin Systems (Joseph Mistachkin),O=Mistachkin Systems (Joseph Mistachkin),L=Beaverton,ST=Oregon,C=US,1.3.6.1.4.1.311.60.2.1.2=#13064f7265676f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#130f427573696e65737320456e74697479Extended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate
IssuerCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USNot Before21-09-2022 00:00Not After21-11-2033 23:59SubjectCN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before23-03-2022 00:00Not After22-03-2037 23:59SubjectCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before01-08-2022 00:00Not After09-11-2031 23:59SubjectCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before29-04-2021 00:00Not After28-04-2036 23:59SubjectCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
05:0c:c7:2c:cf:31:ae:9b:2e:36:41:0a:d0:ee:98:92Certificate
IssuerCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USNot Before01-10-2021 00:00Not After12-12-2024 23:59SubjectSERIALNUMBER=364617-96,CN=Mistachkin Systems (Joseph Mistachkin),O=Mistachkin Systems (Joseph Mistachkin),L=Beaverton,ST=Oregon,C=US,1.3.6.1.4.1.311.60.2.1.2=#13064f7265676f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#130f427573696e65737320456e74697479Extended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate
IssuerCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USNot Before21-09-2022 00:00Not After21-11-2033 23:59SubjectCN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before23-03-2022 00:00Not After22-03-2037 23:59SubjectCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before01-08-2022 00:00Not After09-11-2031 23:59SubjectCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
d4:95:db:a3:94:61:26:b1:2d:bf:e5:f6:9d:dc:72:f7:db:9d:f3:dc:57:45:22:31:d8:03:41:3c:a9:c1:40:36:35:f1:d8:eb:0f:93:68:3d:65:82:2c:53:e9:4e:6a:73:c0:da:2a:28:82:1f:1c:8a:cf:a4:68:b4:d9:8a:39:10Signer
Actual PE Digestd4:95:db:a3:94:61:26:b1:2d:bf:e5:f6:9d:dc:72:f7:db:9d:f3:dc:57:45:22:31:d8:03:41:3c:a9:c1:40:36:35:f1:d8:eb:0f:93:68:3d:65:82:2c:53:e9:4e:6a:73:c0:da:2a:28:82:1f:1c:8a:cf:a4:68:b4:d9:8a:39:10Digest Algorithmsha512PE Digest Matchestrue4e:c9:2e:71:0b:72:3e:5b:a9:de:43:94:da:02:17:9e:ee:b8:68:7eSigner
Actual PE Digest4e:c9:2e:71:0b:72:3e:5b:a9:de:43:94:da:02:17:9e:ee:b8:68:7eDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
C:\dev\sqlite\dotnet-private\bin\2015\Win32\ReleaseNativeOnlyStatic\SQLite.Interop.pdb
Imports
mscoree
CorBindToRuntimeEx
wintrust
WinVerifyTrust
kernel32
GetFullPathNameW
lstrlenW
WriteFile
GetDiskFreeSpaceW
OutputDebugStringA
GetModuleFileNameW
SetEnvironmentVariableW
LockFile
LeaveCriticalSection
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
GetEnvironmentVariableW
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
lstrlenA
GetEnvironmentVariableA
WaitForSingleObject
CreateFileW
GetFileAttributesW
GetCurrentThreadId
lstrcmpA
UnmapViewOfFile
HeapValidate
lstrcatA
HeapSize
MultiByteToWideChar
Sleep
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetLastError
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
EnterCriticalSection
DisableThreadLibraryCalls
LoadLibraryA
lstrcatW
WaitForSingleObjectEx
DeleteFileA
DeleteFileW
HeapReAlloc
CloseHandle
GetSystemInfo
LoadLibraryW
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
GetProcAddress
CreateFileMappingA
LocalFree
LockFileEx
GetFileSize
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
SystemTimeToFileTime
GetModuleHandleW
FreeLibrary
WideCharToMultiByte
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
WriteConsoleW
lstrcmpiW
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
RaiseException
SetStdHandle
DecodePointer
HeapFree
HeapCreate
TryEnterCriticalSection
ReadFile
AreFileApisANSI
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CreateFileA
MapViewOfFile
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
InterlockedFlushSList
RtlUnwind
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameA
CompareStringW
LCMapStringW
GetACP
GetTimeZoneInformation
GetStringTypeW
GetStdHandle
GetFileType
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
user32
wsprintfA
wsprintfW
advapi32
CryptAcquireContextW
CryptEncrypt
CryptDecrypt
CryptCreateHash
CryptDeriveKey
CryptHashData
CryptDestroyHash
CryptReleaseContext
CryptDestroyKey
Exports
Exports
SI02ba66995d97a90f
SI03287dbc8723fdd9
SI04ce52527311d73d
SI0504e2b10fc984a6
SI08e1b81c309b0697
SI093ec945feac7a9f
SI0a5994a5732236aa
SI0a5abed06696b608
SI0b7b29d9f4d9e9cd
SI0baa26a8603fbeaa
SI0ea978ea1c0d405a
SI106a696fe4411f05
SI11c76cd24cbc4f5a
SI143d3c343ba8f025
SI14b078570350825e
SI14f276d110ea07d2
SI1698350d8fe62095
SI19682c472152ed2e
SI1b5f3547d13ba432
SI1b7dde7e97584ae2
SI2443a50be142b79d
SI24b9ac65c591ee78
SI257c42d028c92062
SI26bead82d146f523
SI26ecabef7303a42d
SI26f15d49d07fe93a
SI279a729adc1377d7
SI2836277b871ce8fa
SI28cd73ca34f8fb73
SI2a15a1761404662d
SI2a54b637f740510b
SI2f17e57366f2805e
SI3145812b5ff77358
SI3455a1cea238c256
SI350ef657c32efd79
SI352a26dec0656975
SI35b071367928739e
SI371968036eb4539a
SI3721ad633fe2573d
SI37ce1131ccb4e11f
SI38b2a832762db8ac
SI3c382270243917a2
SI3c49f645ceb670cc
SI3cbdfafed17209a8
SI3d4a59f30e3066e7
SI3eeccb23f013126d
SI45c0ebd9695268ad
SI45fe92a006b7a736
SI467bb3798f593774
SI4919ea51262dac3c
SI4a17a8a321d6ec6a
SI4bab566a390e239c
SI4d728c49baeb336f
SI4de37165831bc271
SI523067e3e1269727
SI53b960648e352398
SI5460c9874d9a9c36
SI55523c66e4a81c11
SI565732004973ce4e
SI56805d3cb6ea5260
SI5c09368f04cf7aa2
SI5cff166c599de746
SI5d045c2b9d9b73fa
SI5ea70b9767a9e9ce
SI606edd9d386f5df5
SI60bfb2a7e6c9c0e3
SI6187cc864ff10c8f
SI61c731d3f0a5a8a6
SI63f918e55acf1c40
SI66be4ec506ed664f
SI698058cf78c6a869
SI6a086e2f49de7e85
SI72535cfc141a05c2
SI73e26334041d137d
SI747f3b763c8524f5
SI75e0cee60392beec
SI7742db5e5c879069
SI77d1487d2c16c856
SI78561b4f7190c8dd
SI785b181261fdc0bd
SI7991725b877e4051
SI7af3787a4ab6b5b0
SI7d9178711dcd6811
SI7da1c71ef2b6697a
SI7e5af6a8bfaa1747
SI7f2136bd3d2988aa
SI81dd6ea067523204
SI837eea5ba53f61b3
SI83f01e67cc2cc9a2
SI85018aaa81082789
SI853298524d63488b
SI8554a644a22f6f20
SI8668b1fc92c22ce1
SI87ee2ec0596a27ef
SI8b1f1431e854f393
SI8b6fe1d4af2fdb27
SI8bd848f76b779693
SI8c91429ec00ce6ea
SI8f46df6c19cb419c
SI9006fa68bc924c6f
SI96e96b93e3971a75
SI9ced4623ecd3a3df
SI9e7440e5cce5dc43
SI9edfb98001bcad06
SIa0b934f9dd65efc0
SIa129aff02640c9fe
SIa25f4de441a18204
SIa2c646e1460e3d6a
SIa5013de19e424d00
SIa9bfcac726a70265
SIa9d260dfe73149da
SIaa3fada7ca685a32
SIaa8f19242494c08c
SIabcd6360beb68a2a
SIabe868fb63f052f8
SIac677082e755b84d
SIae3be833182ff91d
SIb21b3064163c0cda
SIb22cf6c68ac1220a
SIb2d853f1157189a5
SIb30987ff703d6e36
SIb41581ca1b61ed15
SIb57167164aea0161
SIb7b5b2f8e5976737
SIb8a2357403777398
SIb99186e559a4aff6
SIba36cbed52191512
SIbae13b5cc010bd67
SIc0ea1e3857b0ec43
SIc0f7fc1c96c2f62b
SIc4f8bd1f4b581f4f
SIc5e3cd0a498a1779
SIc63f2c66e9fadd2d
SIc6b2972f1a2dc615
SIc7e5bd609ce4c68a
SIc9a5f32c73143c77
SIc9f2182c4a948277
SIca49018e24ca57ec
SIcb4a928df499bdf6
SId08a69e2f8f143ba
SId290cb03f3dc3f61
SId59e1d487aca89f9
SId5fff727332fb0f9
SIdb6bf1b7b5944bb6
SIdbad5a35d7a3205c
SIde1622bcd84f5091
SIdfd4204af97948d5
SIe47e4c5201c5334a
SIed7328d4da7ea496
SIefa0b6ff8825450f
SIf2f03057a674dd64
SIf44cd2b5614ea7da
SIf61494071db20f41
SIf67c886bb709cc2f
SIfe86240eeda8764b
SIfeac64b03115a142
_SI0019486164d7bf44@12
_SI04b638e115f7beb4@20
_SI04fc6f8a1e017f73@20
_SI140dacdec9d5041b@12
_SI1d073d65c838cf5f@12
_SI1d2e911ac01d0e2a@4
_SI1da0a0558762261c@8
_SI25e7ed432da5abe2@0
_SI2de6c00a59e7266e@4
_SI2f719ae9d2d6fe5e@8
_SI36d903e8ae1034f7@12
_SI3862a1ce27ef5703@4
_SI3a79cd3b97e12d27@8
_SI3b5b10d9ddfee5ca@4
_SI3d262250f51c6b05@32
_SI4004f11c66fafdc3@4
_SI419eb095ca17491d@12
_SI4dfb599f3fd3e023@12
_SI5012edaf9a9b576b@12
_SI58ae048217841433@12
_SI59ef51e4227a1e60@40
_SI5b8b7f6e43119418@0
_SI611d33161126275a@24
_SI613bc819b96e1775@8
_SI7f3350ed5ca228bf@112
_SI810facc01c4e99e6@12
_SI8b4ecf9e9b46e30b@12
_SI947263e5a132a998@36
_SI965595dac5504b14@12
_SI971aea6e1a3ae173@12
_SIa0da56ff87b86dd4@12
_SIa0e5ab23d1190dca@8
_SIa48df0905a06105d@4
_SIaa3c70b5d386c1fa@4
_SIaebfdeab19641351@12
_SIaf4898799c5c5ab8@44
_SIafa80a0dba5e3a76@12
_SIb369846d768c8d78@4
_SIb3941677af59e24d@12
_SIc0f749663083c28a@8
_SIc2aaa7918e50464c@4
_SIc8e3ed89cf504a6c@8
_SId56a8ebc35663981@12
_SId65d58073bd498dc@12
_SId7d7db98a12d19ea@8
_SIda2943ab88fe2b4e@20
_SIe0b31ba0fca9dfae@4
_SIeb85fb6ed1178f6e@16
_SIf39369f79e9f653d@8
_SIf5c71e022d4e16c5@12
_SIf6ca1239c6e3c3e4@8
sqlite3_cryptoapi_init
sqlite3_fts5_init
sqlite3_fts_init
sqlite3_percentile_init
sqlite3_regexp_init
sqlite3_sha_init
sqlite3_shathree_init
sqlite3_totype_init
sqlite3_vtshim_init
Sections
.text Size: 1.1MB - Virtual size: 1.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 164KB - Virtual size: 163KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 11KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.gfids Size: 512B - Virtual size: 168B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 36KB - Virtual size: 35KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ