blankgrabber | FeatherExecutor[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

FeatherExecutor.rar
Size

24.4MB
MD5

f275f20835ef62e7c4fe4edc12608fd5
SHA1

a0b1f33fc3d9b651c9e054f3bc5be849a8d7b6fe
SHA256

2458d71acea70c16e35b4e70d32799f7234e77396b91d38b8db7448a7d3acdbf
SHA512

8170061edaa0979885557ffb9fe6bc3cf8c1f384d4d781d8b62553e8060b1bb620833812cd8cbc29f04198b52bed537fa7a21728e2d51855d611fac2dc077d08
SSDEEP

786432:EUZy1k3XaRN9CosGVvjlKZmaUUE1jj7PICp:fj3qf9dsGVvjY4aUUIj7j

Score

10^/10

blankgrabber

Malware Config

Signatures

A stealer written in Python and packaged with Pyinstaller 1 IoCs

resource	yara_rule
static1/unpack002/k�u��.pyc	blankgrabber

Blankgrabber family
blankgrabber

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/winmm.dll

Files

FeatherExecutor.rar
.rar
Feather Boostrap.exe
.exe windows:6 windows x64 arch:x64

72c4e339b7af8ab1ed2eb3821c98713a

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bf:b1:50:01:bb:f5:92:d4:96:2a:77:97:ea:73:6f:a3
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

29-09-2021 00:00

Not After

28-09-2024 23:59

Subject

SERIALNUMBER=407950,CN=Akeo Consulting,O=Akeo Consulting,ST=Donegal,C=IE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024945

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

2e:06:d4:d5:a8:b0:f5:8b:e1:18:16:f2:87:7e:70:2b:08:75:50:30:9b:5e:d1:9d:54:95:0a:a1:40:84:18:18
Signer

Actual PE Digest

2e:06:d4:d5:a8:b0:f5:8b:e1:18:16:f2:87:7e:70:2b:08:75:50:30:9b:5e:d1:9d:54:95:0a:a1:40:84:18:18

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

CreateWindowExW
ShutdownBlockReasonCreate
MsgWaitForMultipleObjects
ShowWindow
DestroyWindow
RegisterClassW
DefWindowProcW
PeekMessageW
DispatchMessageW
TranslateMessage
PostMessageW
GetMessageW
MessageBoxW
MessageBoxA
SystemParametersInfoW
DestroyIcon
SetWindowLongPtrW
GetWindowLongPtrW
GetClientRect
InvalidateRect
ReleaseDC
GetDC
DrawTextW
GetDialogBaseUnits
EndDialog
DialogBoxIndirectParamW
MoveWindow
SendMessageW

comctl32

ord380

kernel32

GetACP
IsValidCodePage
GetStringTypeW
GetFileAttributesExW
SetEnvironmentVariableW
FlushFileBuffers
GetCurrentDirectoryW
LCMapStringW
CompareStringW
FlsFree
GetOEMCP
GetCPInfo
GetModuleHandleW
MulDiv
FormatMessageW
GetLastError
GetModuleFileNameW
LoadLibraryExW
SetDllDirectoryW
CreateSymbolicLinkW
GetProcAddress
GetEnvironmentStringsW
GetCommandLineW
GetEnvironmentVariableW
ExpandEnvironmentStringsW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetDriveTypeW
RemoveDirectoryW
GetTempPathW
CloseHandle
QueryPerformanceCounter
QueryPerformanceFrequency
WaitForSingleObject
Sleep
GetCurrentProcess
TerminateProcess
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
FreeLibrary
LocalFree
SetConsoleCtrlHandler
K32EnumProcessModules
K32GetModuleFileNameExW
CreateFileW
FindFirstFileExW
GetFinalPathNameByHandleW
MultiByteToWideChar
WideCharToMultiByte
FlsSetValue
FreeEnvironmentStringsW
GetProcessHeap
GetTimeZoneInformation
HeapSize
HeapReAlloc
WriteConsoleW
SetEndOfFile
CreateDirectoryW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
RtlUnwindEx
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
RaiseException
RtlPcToFileHeader
GetCommandLineA
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ReadFile
GetFullPathNameW
SetStdHandle
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
HeapFree
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleOutputCP
GetFileSizeEx
HeapAlloc
FlsAlloc
FlsGetValue

advapi32

OpenProcessToken
GetTokenInformation
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

gdi32

SelectObject
DeleteObject
CreateFontIndirectW

Sections

.text
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
k�u��.pyc
NVUnityPlugin.dll
.dll windows:6 windows x64 arch:x64

afa68b106ecfe09cca356fd193ab5f78

Code Sign

03:e6:cb:30:35:09:9e:63:9e:f3:35:ea:cd:37:c0:1f
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

11-12-2023 00:00

Not After

08-06-2026 23:59

Subject

SERIALNUMBER=3183233,CN=Unity Technologies SF,O=Unity Technologies SF,L=San Francisco,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a43616c69666f726e6961,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fd:93:e5:d5:c9:c9:82:17:3b:cc:8a:40:7f:61:ee:12:14:7d:b8:cb:73:f7:79:55:6e:f1:bc:16:04:91:ef:41
Signer

Actual PE Digest

fd:93:e5:d5:c9:c9:82:17:3b:cc:8a:40:7f:61:ee:12:14:7d:b8:cb:73:f7:79:55:6e:f1:bc:16:04:91:ef:41

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\dev\NVUnityPlugin\t2-output\win64-msvc-production-default\NVUnityPlugin.pdb

Imports

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

user32

GetWindowThreadProcessId
MessageBoxA

kernel32

WriteConsoleW
SetEndOfFile
HeapSize
OutputDebugStringA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
VerSetConditionMask
CreateFileW
GetFileAttributesW
GetFullPathNameW
OutputDebugStringW
CloseHandle
GetLastError
SetLastError
CreateProcessA
CreateProcessW
GetSystemDirectoryW
FreeLibrary
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleW
GetModuleHandleExA
GetProcAddress
LoadLibraryExW
LoadLibraryW
LocalAlloc
LocalFree
lstrcmpA
VerifyVersionInfoW
FileTimeToSystemTime
GetStdHandle
GetCurrentProcessId
AllocConsole
WriteConsoleA
SetConsoleTitleA
GetConsoleWindow
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
TryAcquireSRWLockExclusive
TryAcquireSRWLockShared
WideCharToMultiByte
MultiByteToWideChar
InitializeCriticalSectionEx
EncodePointer
DecodePointer
LCMapStringEx
GetLocaleInfoEx
GetStringTypeW
CompareStringEx
GetCPInfo
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
ReadConsoleW
RtlPcToFileHeader
RaiseException
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitProcess
GetModuleHandleExW
GetCurrentThread
HeapFree
HeapAlloc
GetFileType
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
GetTimeZoneInformation
HeapReAlloc
SetConsoleCtrlHandler
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
GetFileSizeEx
SetFilePointerEx
SetStdHandle
ReadFile
RtlUnwind

Exports

Exports

NVSDK_NGX_D3D11_AllocateParameters
NVSDK_NGX_D3D11_CreateFeature
NVSDK_NGX_D3D11_DestroyParameters
NVSDK_NGX_D3D11_EvaluateFeature
NVSDK_NGX_D3D11_EvaluateFeature_C
NVSDK_NGX_D3D11_GetCapabilityParameters
NVSDK_NGX_D3D11_GetFeatureRequirements
NVSDK_NGX_D3D11_GetParameters
NVSDK_NGX_D3D11_GetScratchBufferSize
NVSDK_NGX_D3D11_ReleaseFeature
NVSDK_NGX_D3D11_Shutdown
NVSDK_NGX_D3D11_Shutdown1
NVSDK_NGX_D3D12_AllocateParameters
NVSDK_NGX_D3D12_CreateFeature
NVSDK_NGX_D3D12_DestroyParameters
NVSDK_NGX_D3D12_EvaluateFeature
NVSDK_NGX_D3D12_EvaluateFeature_C
NVSDK_NGX_D3D12_GetCapabilityParameters
NVSDK_NGX_D3D12_GetFeatureRequirements
NVSDK_NGX_D3D12_GetParameters
NVSDK_NGX_D3D12_GetScratchBufferSize
NVSDK_NGX_D3D12_ReleaseFeature
NVSDK_NGX_D3D12_Shutdown
NVSDK_NGX_D3D12_Shutdown1
NVSDK_NGX_Parameter_GetD
NVSDK_NGX_Parameter_GetD3d11Resource
NVSDK_NGX_Parameter_GetD3d12Resource
NVSDK_NGX_Parameter_GetF
NVSDK_NGX_Parameter_GetI
NVSDK_NGX_Parameter_GetUI
NVSDK_NGX_Parameter_GetULL
NVSDK_NGX_Parameter_GetVoidPointer
NVSDK_NGX_Parameter_SetD
NVSDK_NGX_Parameter_SetD3d11Resource
NVSDK_NGX_Parameter_SetD3d12Resource
NVSDK_NGX_Parameter_SetF
NVSDK_NGX_Parameter_SetI
NVSDK_NGX_Parameter_SetUI
NVSDK_NGX_Parameter_SetULL
NVSDK_NGX_Parameter_SetVoidPointer
NVSDK_NGX_UpdateFeature
NVSDK_NGX_VULKAN_AllocateParameters
NVSDK_NGX_VULKAN_CreateFeature
NVSDK_NGX_VULKAN_CreateFeature1
NVSDK_NGX_VULKAN_DestroyParameters
NVSDK_NGX_VULKAN_EvaluateFeature
NVSDK_NGX_VULKAN_EvaluateFeature_C
NVSDK_NGX_VULKAN_GetCapabilityParameters
NVSDK_NGX_VULKAN_GetFeatureDeviceExtensionRequirements
NVSDK_NGX_VULKAN_GetFeatureInstanceExtensionRequirements
NVSDK_NGX_VULKAN_GetFeatureRequirements
NVSDK_NGX_VULKAN_GetParameters
NVSDK_NGX_VULKAN_GetScratchBufferSize
NVSDK_NGX_VULKAN_Init
NVSDK_NGX_VULKAN_ReleaseFeature
NVSDK_NGX_VULKAN_RequiredExtensions
NVSDK_NGX_VULKAN_Shutdown
NVSDK_NGX_VULKAN_Shutdown1
NVUP_CreateDebugView
NVUP_CreateFeatureSlot
NVUP_DeleteDebugView
NVUP_GetBaseEventId
NVUP_GetDeviceVersion
NVUP_GetGraphicsDeviceDebugInfo
NVUP_GetOptimalSettings
NVUP_GetRenderEventCallback
NVUP_GetSetTextureEventCallback
NVUP_InitApi
NVUP_IsFeatureAvailable
NVUP_ProcessRenderEvent
NVUP_SetTextureEventCallback
NVUP_ShutdownApi
UnityPluginLoad
UnityPluginUnload

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 218KB - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 795B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 337B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 1024B - Virtual size: 546B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
READ ME !.txt
nvngx_dlss.dll
.dll windows:6 windows x64 arch:x64

784f20d86218239f4081a901a3d4330c

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:36:af:b1:da:06:ca:97:91:38:8b:36:e2:58:d0:48
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

17-10-2022 00:00

Not After

15-10-2025 23:59

Subject

CN=NVIDIA Corporation,OU=1-G,O=NVIDIA Corporation,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

38:63:de:f8
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

24-12-1999 17:50

Not After

24-07-2029 14:15

Subject

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

22-07-2015 19:02

Not After

22-06-2029 19:32

Subject

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

56:ab:95:75:28:9c:a5:9f:0e:17:d4:0b:ea:05:c3:1f
Certificate

Issuer

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

04-10-2022 17:21

Not After

01-01-2029 00:00

Subject

CN=Entrust Timestamp Authority - TSA1,O=Entrust\, Inc.,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

c2:2d:73:32:2e:10:29:59:9c:69:0b:10:0c:1c:89:a7:37:8c:9a:22:ea:37:a0:0e:e0:c0:1f:7e:9d:cc:6f:2f
Signer

Actual PE Digest

c2:2d:73:32:2e:10:29:59:9c:69:0b:10:0c:1c:89:a7:37:8c:9a:22:ea:37:a0:0e:e0:c0:1f:7e:9d:cc:6f:2f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\dvs\p4\build\sw\devrel\libdev\NGX\snippets\rel_tot\source\features\dlaa\_out\wddm_amd64_release\custom_engine_generic\nvngx_dlss.pdb

Imports

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

kernel32

GetProcessHeap
SetEndOfFile
WriteConsoleW
IsDebuggerPresent
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
MultiByteToWideChar
WideCharToMultiByte
SetLastError
GetFullPathNameW
GetModuleFileNameW
LocalAlloc
CreateFileW
GetFileAttributesW
GetSystemDirectoryW
GetModuleHandleExA
GetLastError
CloseHandle
LoadLibraryW
GetProcAddress
LocalFree
VerSetConditionMask
GetModuleHandleW
FreeLibrary
VerifyVersionInfoW
LoadLibraryExW
GetModuleFileNameA
GetModuleHandleA
GetStdHandle
WriteConsoleA
OutputDebugStringA
GetCurrentProcessId
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
Sleep
TryEnterCriticalSection
GetCurrentThreadId
QueryPerformanceCounter
QueryPerformanceFrequency
InitializeCriticalSectionAndSpinCount
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
EncodePointer
DecodePointer
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
SetEvent
ResetEvent
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetCurrentThread
GetThreadTimes
FreeLibraryAndExitThread
GetVersionExW
VirtualAlloc
VirtualProtect
VirtualFree
DuplicateHandle
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
CreateTimerQueue
GetCommandLineW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
GetFileType
ExitProcess
GetModuleHandleExW
HeapFree
HeapAlloc
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapReAlloc
SetStdHandle
ReadFile
GetConsoleMode
ReadConsoleW
FlushFileBuffers
WriteFile
GetConsoleCP
SetFilePointerEx
HeapSize
GetTimeZoneInformation
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA

Exports

Exports

NGX_SNIPPETS_GetRequiredDriverSupport
NVSDK_NGX_D3D11_CreateFeature
NVSDK_NGX_D3D11_EvaluateFeature
NVSDK_NGX_D3D11_GetFeatureRequirements
NVSDK_NGX_D3D11_GetScratchBufferSize
NVSDK_NGX_D3D11_Init
NVSDK_NGX_D3D11_Init_Ext
NVSDK_NGX_D3D11_PopulateParameters_Impl
NVSDK_NGX_D3D11_ReleaseFeature
NVSDK_NGX_D3D11_Shutdown
NVSDK_NGX_D3D11_Shutdown1
NVSDK_NGX_D3D12_CreateFeature
NVSDK_NGX_D3D12_EvaluateFeature
NVSDK_NGX_D3D12_GetFeatureRequirements
NVSDK_NGX_D3D12_GetScratchBufferSize
NVSDK_NGX_D3D12_Init
NVSDK_NGX_D3D12_Init_Ext
NVSDK_NGX_D3D12_PopulateParameters_Impl
NVSDK_NGX_D3D12_ReleaseFeature
NVSDK_NGX_D3D12_Shutdown
NVSDK_NGX_D3D12_Shutdown1
NVSDK_NGX_GetAPIVersion
NVSDK_NGX_GetApplicationId
NVSDK_NGX_GetDriverVersion
NVSDK_NGX_GetDriverVersionEx
NVSDK_NGX_GetGPUArchitecture
NVSDK_NGX_GetSnippetVersion
NVSDK_NGX_SetInfoCallback
NVSDK_NGX_SetTelemetryEvaluateCallback
NVSDK_NGX_VULKAN_CreateFeature
NVSDK_NGX_VULKAN_CreateFeature1
NVSDK_NGX_VULKAN_EvaluateFeature
NVSDK_NGX_VULKAN_GetFeatureDeviceExtensionRequirements
NVSDK_NGX_VULKAN_GetFeatureInstanceExtensionRequirements
NVSDK_NGX_VULKAN_GetFeatureRequirements
NVSDK_NGX_VULKAN_GetScratchBufferSize
NVSDK_NGX_VULKAN_Init
NVSDK_NGX_VULKAN_Init_Ext
NVSDK_NGX_VULKAN_Init_Ext2
NVSDK_NGX_VULKAN_PopulateParameters_Impl
NVSDK_NGX_VULKAN_ReleaseFeature
NVSDK_NGX_VULKAN_Shutdown
NVSDK_NGX_VULKAN_Shutdown1

Sections

.text
Size: 683KB - Virtual size: 682KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 291KB - Virtual size: 290KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32.7MB - Virtual size: 32.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
winmm.dll
.dll windows:6 windows x64 arch:x64

d87c96e86984e394d8b76e8b7350cb52

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameW
GetSystemDirectoryW
GetLastError
LoadLibraryW
GetProcAddress
ExitProcess
SetEndOfFile
WriteConsoleW
HeapSize
MultiByteToWideChar
GetStringTypeW
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
GetLocaleInfoEx
LCMapStringEx
CompareStringEx
GetCPInfo
HeapCreate
VirtualProtect
HeapFree
GetCurrentProcess
Thread32Next
Thread32First
GetCurrentThreadId
SuspendThread
ResumeThread
CreateToolhelp32Snapshot
Sleep
HeapReAlloc
CloseHandle
HeapAlloc
GetThreadContext
GetCurrentProcessId
GetModuleHandleW
FlushInstructionCache
SetThreadContext
OpenThread
VirtualFree
VirtualAlloc
GetSystemInfo
VirtualQuery
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetModuleHandleExW
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
GetStdHandle
GetFileType
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ReadFile
GetTimeZoneInformation
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
SetStdHandle
ReadConsoleW
CreateFileW
RtlUnwind

user32

MessageBoxA
MessageBoxW

Exports

Exports

CloseDriver
DefDriverProc
DriverCallback
DrvGetModuleHandle
GetDriverModuleHandle
NotifyCallbackData
OnlineFix
OpenDriver
PlaySound
PlaySoundA
PlaySoundW
SendDriverMessage
WOW32DriverCallback
WOW32ResolveMultiMediaHandle
WOWAppExit
aux32Message
auxGetDevCapsA
auxGetDevCapsW
auxGetNumDevs
auxGetVolume
auxOutMessage
auxSetVolume
joy32Message
joyConfigChanged
joyGetDevCapsA
joyGetDevCapsW
joyGetNumDevs
joyGetPos
joyGetPosEx
joyGetThreshold
joyReleaseCapture
joySetCapture
joySetThreshold
mci32Message
mciDriverNotify
mciDriverYield
mciExecute
mciFreeCommandResource
mciGetCreatorTask
mciGetDeviceIDA
mciGetDeviceIDFromElementIDA
mciGetDeviceIDFromElementIDW
mciGetDeviceIDW
mciGetDriverData
mciGetErrorStringA
mciGetErrorStringW
mciGetYieldProc
mciLoadCommandResource
mciSendCommandA
mciSendCommandW
mciSendStringA
mciSendStringW
mciSetDriverData
mciSetYieldProc
mid32Message
midiConnect
midiDisconnect
midiInAddBuffer
midiInClose
midiInGetDevCapsA
midiInGetDevCapsW
midiInGetErrorTextA
midiInGetErrorTextW
midiInGetID
midiInGetNumDevs
midiInMessage
midiInOpen
midiInPrepareHeader
midiInReset
midiInStart
midiInStop
midiInUnprepareHeader
midiOutCacheDrumPatches
midiOutCachePatches
midiOutClose
midiOutGetDevCapsA
midiOutGetDevCapsW
midiOutGetErrorTextA
midiOutGetErrorTextW
midiOutGetID
midiOutGetNumDevs
midiOutGetVolume
midiOutLongMsg
midiOutMessage
midiOutOpen
midiOutPrepareHeader
midiOutReset
midiOutSetVolume
midiOutShortMsg
midiOutUnprepareHeader
midiStreamClose
midiStreamOpen
midiStreamOut
midiStreamPause
midiStreamPosition
midiStreamProperty
midiStreamRestart
midiStreamStop
mixerClose
mixerGetControlDetailsA
mixerGetControlDetailsW
mixerGetDevCapsA
mixerGetDevCapsW
mixerGetID
mixerGetLineControlsA
mixerGetLineControlsW
mixerGetLineInfoA
mixerGetLineInfoW
mixerGetNumDevs
mixerMessage
mixerOpen
mixerSetControlDetails
mmDrvInstall
mmGetCurrentTask
mmTaskBlock
mmTaskCreate
mmTaskSignal
mmTaskYield
mmioAdvance
mmioAscend
mmioClose
mmioCreateChunk
mmioDescend
mmioFlush
mmioGetInfo
mmioInstallIOProcA
mmioInstallIOProcW
mmioOpenA
mmioOpenW
mmioRead
mmioRenameA
mmioRenameW
mmioSeek
mmioSendMessage
mmioSetBuffer
mmioSetInfo
mmioStringToFOURCCA
mmioStringToFOURCCW
mmioWrite
mmsystemGetVersion
mod32Message
mxd32Message
sndPlaySoundA
sndPlaySoundW
tid32Message
timeBeginPeriod
timeEndPeriod
timeGetDevCaps
timeGetSystemTime
timeGetTime
timeKillEvent
timeSetEvent
waveInAddBuffer
waveInClose
waveInGetDevCapsA
waveInGetDevCapsW
waveInGetErrorTextA
waveInGetErrorTextW
waveInGetID
waveInGetNumDevs
waveInGetPosition
waveInMessage
waveInOpen
waveInPrepareHeader
waveInReset
waveInStart
waveInStop
waveInUnprepareHeader
waveOutBreakLoop
waveOutClose
waveOutGetDevCapsA
waveOutGetDevCapsW
waveOutGetErrorTextA
waveOutGetErrorTextW
waveOutGetID
waveOutGetNumDevs
waveOutGetPitch
waveOutGetPlaybackRate
waveOutGetPosition
waveOutGetVolume
waveOutMessage
waveOutOpen
waveOutPause
waveOutPrepareHeader
waveOutReset
waveOutRestart
waveOutSetPitch
waveOutSetPlaybackRate
waveOutSetVolume
waveOutUnprepareHeader
waveOutWrite
wid32Message
wod32Message

Sections

.text
Size: 372KB - Virtual size: 372KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

72c4e339b7af8ab1ed2eb3821c98713a

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6eCertificate

Extended Key Usages

Key Usages

bf:b1:50:01:bb:f5:92:d4:96:2a:77:97:ea:73:6f:a3Certificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

2e:06:d4:d5:a8:b0:f5:8b:e1:18:16:f2:87:7e:70:2b:08:75:50:30:9b:5e:d1:9d:54:95:0a:a1:40:84:18:18Signer

Headers

DLL Characteristics

File Characteristics

Imports

user32

comctl32

kernel32

advapi32

gdi32

Sections

.text Size: 168KB - Virtual size: 167KB

.rdata Size: 75KB - Virtual size: 74KB

.data Size: 3KB - Virtual size: 20KB

.pdata Size: 9KB - Virtual size: 8KB

.rsrc Size: 83KB - Virtual size: 83KB

.reloc Size: 2KB - Virtual size: 1KB

afa68b106ecfe09cca356fd193ab5f78

Code Sign

03:e6:cb:30:35:09:9e:63:9e:f3:35:ea:cd:37:c0:1fCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

fd:93:e5:d5:c9:c9:82:17:3b:cc:8a:40:7f:61:ee:12:14:7d:b8:cb:73:f7:79:55:6e:f1:bc:16:04:91:ef:41Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

user32

kernel32

Exports

Exports

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 218KB - Virtual size: 217KB

.data Size: 12KB - Virtual size: 139KB

.pdata Size: 50KB - Virtual size: 49KB

.idata Size: 6KB - Virtual size: 5KB

.tls Size: 1024B - Virtual size: 795B

.00cfg Size: 512B - Virtual size: 337B

_RDATA Size: 1024B - Virtual size: 546B

.reloc Size: 8KB - Virtual size: 7KB

784f20d86218239f4081a901a3d4330c

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

06:36:af:b1:da:06:ca:97:91:38:8b:36:e2:58:d0:48Certificate

Extended Key Usages

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

bf:b1:50:01:bb:f5:92:d4:96:2a:77:97:ea:73:6f:a3
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

2e:06:d4:d5:a8:b0:f5:8b:e1:18:16:f2:87:7e:70:2b:08:75:50:30:9b:5e:d1:9d:54:95:0a:a1:40:84:18:18
Signer

.text
Size: 168KB - Virtual size: 167KB

.rdata
Size: 75KB - Virtual size: 74KB

.data
Size: 3KB - Virtual size: 20KB

.pdata
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 83KB - Virtual size: 83KB

.reloc
Size: 2KB - Virtual size: 1KB

03:e6:cb:30:35:09:9e:63:9e:f3:35:ea:cd:37:c0:1f
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

fd:93:e5:d5:c9:c9:82:17:3b:cc:8a:40:7f:61:ee:12:14:7d:b8:cb:73:f7:79:55:6e:f1:bc:16:04:91:ef:41
Signer

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 218KB - Virtual size: 217KB

.data
Size: 12KB - Virtual size: 139KB

.pdata
Size: 50KB - Virtual size: 49KB

.idata
Size: 6KB - Virtual size: 5KB

.tls
Size: 1024B - Virtual size: 795B

.00cfg
Size: 512B - Virtual size: 337B

_RDATA
Size: 1024B - Virtual size: 546B

.reloc
Size: 8KB - Virtual size: 7KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

06:36:af:b1:da:06:ca:97:91:38:8b:36:e2:58:d0:48
Certificate

38:63:de:f8
Certificate

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

56:ab:95:75:28:9c:a5:9f:0e:17:d4:0b:ea:05:c3:1f
Certificate

c2:2d:73:32:2e:10:29:59:9c:69:0b:10:0c:1c:89:a7:37:8c:9a:22:ea:37:a0:0e:e0:c0:1f:7e:9d:cc:6f:2f
Signer

.text
Size: 683KB - Virtual size: 682KB

.rdata
Size: 291KB - Virtual size: 290KB

.data
Size: 32.7MB - Virtual size: 32.9MB

.pdata
Size: 31KB - Virtual size: 30KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 6KB

.text
Size: 372KB - Virtual size: 372KB

.rdata
Size: 108KB - Virtual size: 107KB

.data
Size: 8KB - Virtual size: 15KB

.pdata
Size: 17KB - Virtual size: 16KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 1024B - Virtual size: 648B

.reloc
Size: 4KB - Virtual size: 3KB