RobloxExecutor[.]rar

Resubmissions

02-01-2025 17:34

250102-v5d7yazket 10

02-01-2025 16:25

250102-twzxls1kfq 10

Sharing

Copy URL

Twitter E-mail

General

Target

RobloxExecutor.rar
Size

1005KB
MD5

46e0f063de23fc8c129106cb1258d09f
SHA1

5004d7e1c36219b5583d33396389a82c4639bbdf
SHA256

80b916d093ebd4f34b22552a839eb6ccc158c02f1903b5e63cb5e3cc86b15698
SHA512

1f24186ab4e590be112b999505215ee805b4f07df3576cc94623e76ba62b1e24573dca36cdc747f4c93d1c9a75f0d928b74912fe348afc7a04ef4fa6c5ab3001
SSDEEP

12288:QzOFh64h29ZgtIbtg8KoTiFQmQWyjz/F+JH2O2/zvwNQPsQiU4PMIbxs0Sy+1xeW:gOu4c9HbtuoTiz1G/hP8PPH51TDv0f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/SolaraExecutor.exe

Files

RobloxExecutor.rar
.rar

Password: 2025
SolaraExecutor.exe
.exe windows:4 windows x86 arch:x86

Password: 2025

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

fe mhM>
Size: 555KB - Virtual size: 555KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 131KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
locales/pt-PT.pak
locales/ro.pak
vstdlib_s.dll
.dll windows:6 windows x86 arch:x86

Password: 2025

b2450b502bee0a75b810fbd1e3320b5e

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2013 12:00

Not After

15-01-2038 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:89:b3:bc:eb:44:09:89:0a:32:d7:19:76:b1:32:a4
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

07-10-2021 00:00

Not After

09-10-2024 23:59

Subject

CN=Valve Corp.,O=Valve Corp.,L=Bellevue,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:a6:fd:b3:5e:0f:8a:8e:db:11:79:f4:80:01:f5:bb:d1:f7:d1:e5:8a:ac:ec:84:31:2f:e6:31:a4:24:72:b5
Signer

Actual PE Digest

0d:a6:fd:b3:5e:0f:8a:8e:db:11:79:f4:80:01:f5:bb:d1:f7:d1:e5:8a:ac:ec:84:31:2f:e6:31:a4:24:72:b5

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\buildslave\steam_rel_client_win32\build\src\vstdlib\Release\vstdlib_s.pdb

Imports

kernel32

GetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
HeapAlloc
GetProcessHeap
GetCurrentThreadId
GetModuleFileNameA
GetModuleHandleExA
VerSetConditionMask
GetVersionExA
VerifyVersionInfoW
FoldStringW
MultiByteToWideChar
WideCharToMultiByte
CreateFileW
FindClose
FindFirstFileExW
FindNextFileW
FlushFileBuffers
GetDiskFreeSpaceA
GetDriveTypeW
GetFileSizeEx
LeaveCriticalSection
ReadFile
SetFilePointer
SetFileTime
WriteFile
CloseHandle
SetLastError
GetSystemTimeAsFileTime
GetModuleHandleW
GetCurrentProcess
GetConsoleOutputCP
EnterCriticalSection
GetCommandLineW
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
SetStdHandle
DecodePointer
SetFilePointerEx
GetConsoleMode
LCMapStringW
GetStdHandle
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
GetFileType
GetCurrentDirectoryW
SetCurrentDirectoryW
SetEnvironmentVariableW
WriteConsoleW
GetFullPathNameW
RtlUnwind
InterlockedFlushSList
RaiseException
TerminateProcess
InitializeSListHead
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection

user32

CharLowerBuffW

tier0_s

Plat_OutputDebugStringRaw
VProfInternalEnterScopeCurrentThread
CVProfile_ExitScope
g_VProfProfilesRunningCount
?ClaimArrayMemory@CValidator@@QAEXPBX@Z
getcwd_utf8
ThreadImplOneTimeInit
ThreadGetCurrentProcessId
Plat_RelativeTicks
Is64BitOS
WriteMiniDump
Plat_IsInDebugSession
Plat_ExitProcess
??1CThreadRWLock@@QAE@XZ
?UnlockWrite@CThreadRWLock@@QAEXXZ
?LockForWrite@CThreadRWLock@@QAEXXZ
?UnlockRead@CThreadRWLock@@QAEXXZ
?LockForRead@CThreadRWLock@@QAEXXZ
??0CThreadRWLock@@QAE@XZ
Plat_OutputDebugString
Warning
?IsEnabled@CVProfile@@QBE_NXZ
?ExitScope@CVProfile@@QAEXXZ
?EnterScope@CVProfile@@QAE_NPBDW4EVProfBugdetGroup@@PAX@Z
?GetBudgetGroupID@CVProfNode@@QBE?AW4EVProfBugdetGroup@@XZ
?GetName@CVProfNode@@QAEPBDXZ
?GetProfile@CVProfNode@@QAEPAVCVProfile@@XZ
?GetParent@CVProfNode@@QAEPAV1@XZ
VProfInternalGetProfileForCurrentThread
??1CThreadMutex@@QAE@XZ
??0CThreadMutex@@QAE@XZ
?Set@CThreadLocalBase@@QAEXPAX@Z
?Get@CThreadLocalBase@@QBEPAXXZ
??1CThreadLocalBase@@QAE@XZ
??0CThreadLocalBase@@QAE@XZ
g_pMemAllocSteam
?ClaimMemory@CValidator@@QAEXPBX@Z
?Pop@CValidator@@QAEXXZ
?Push@CValidator@@QAEXPBDPAX0@Z
?AssertFailed@?$AssertMsgHelper@$0A@@@SA_NPBDI0ZZ
?AssertFailed@?$AssertMsgHelper@$00@@SA_NPBDI0@Z
Error
_DMsg
Msg
Plat_GetProcessArgv
g_dwDllEntryThreadId
g_VProfile

Exports

Exports

??0CCommandLineParam@@QAE@PBD0@Z
??0CGaussianRandomStream@@QAE@PAVIUniformRandomStream@@@Z
??0CUniformRandomStream@@QAE@$$QAV0@@Z
??0CUniformRandomStream@@QAE@ABV0@@Z
??0CUniformRandomStream@@QAE@XZ
??1CCommandLineParam@@QAE@XZ
??4CGaussianRandomStream@@QAEAAV0@$$QAV0@@Z
??4CGaussianRandomStream@@QAEAAV0@ABV0@@Z
??4CStringNormalization@@QAEAAV0@$$QAV0@@Z
??4CStringNormalization@@QAEAAV0@ABV0@@Z
??4CURLUtils@@QAEAAV0@$$QAV0@@Z
??4CURLUtils@@QAEAAV0@ABV0@@Z
??4CUniformRandomStream@@QAEAAV0@$$QAV0@@Z
??4CUniformRandomStream@@QAEAAV0@ABV0@@Z
??BCCommandLineParam@@QBEPAUOpaqueHParamType@@XZ
??_7CUniformRandomStream@@6B@
??_FCGaussianRandomStream@@QAEXXZ
?AttachToStream@CGaussianRandomStream@@QAEXPAVIUniformRandomStream@@@Z
?Exists@CCommandLineParam@@QBE_NXZ
?FixupSeparatorScheme@CURLUtils@@SAXAAVCUtlString@@@Z
?Fold@CStringNormalization@@SAHPBGPAGH@Z
?GenerateRandomNumber@CUniformRandomStream@@AAEHXZ
?GetHParam@CCommandLineParam@@QBEPAUOpaqueHParamType@@XZ
?GetValue@CCommandLineParam@@QBEPBDPBD@Z
?Initialize@CStringNormalization@@SAXXZ
?IsTLD@CURLUtils@@SA_NPBD@Z
?Normalize@CStringNormalization@@SAH_NPBDPADH@Z
?Normalize@CStringNormalization@@SAH_NPBGPAGH@Z
?RandomChar@CUniformRandomStream@@UAEDXZ
?RandomFillMemory@CUniformRandomStream@@UAEXPAXI@Z
?RandomFloat@CGaussianRandomStream@@QAEMMM@Z
?RandomFloat@CUniformRandomStream@@UAEMMM@Z
?RandomInt@CUniformRandomStream@@UAEHHH@Z
?SetSeed@CUniformRandomStream@@UAEXH@Z
?Test_BValidateStructures@CStringNormalization@@SA_NXZ
?V_ConvertStringToUUID@@YA_NPBDW4EUUIDStringFlags@@PAUV_UUID@@@Z
?V_ConvertStringToUUID@@YA_NPBGW4EUUIDStringFlags@@PAUV_UUID@@@Z
?V_ConvertUUIDToString@@YA_NPBUV_UUID@@W4EUUIDStringFlags@@PADH@Z
?V_ConvertUUIDToString@@YA_NPBUV_UUID@@W4EUUIDStringFlags@@PAGH@Z
?V_EscapeShellArgumentAndAppend@@YAIPADIPBD@Z
?V_EscapeShellArgumentAndAppend@@YAIPAVCUtlStringBuilder@@PBD@Z
?V_EscapeShellArgumentAndAppendPOSIX@@YAIPADIPBD@Z
?V_EscapeShellArgumentAndAppendWin32@@YAIPADIPBD@Z
?V_JoinStrings@@YA?AVCUtlString@@ABV?$CUtlVector@VCUtlString@@V?$CUtlMemory@VCUtlString@@@@@@PBD@Z
?V_ParseShellCommandLine@@YAXPBDAAV?$CUtlVector@VCUtlString@@V?$CUtlMemory@VCUtlString@@@@@@HPAPBD@Z
?V_ParseShellCommandLinePOSIX@@YAXPBDAAV?$CUtlVector@VCUtlString@@V?$CUtlMemory@VCUtlString@@@@@@HPAPBD@Z
?V_ParseShellCommandLineWin32@@YAXPBDAAV?$CUtlVector@VCUtlString@@V?$CUtlMemory@VCUtlString@@@@@@HPAPBD@Z
?V_SplitString3@@YAXPBDPBQBDHAAV?$CUtlVector@VCUtlString@@V?$CUtlMemory@VCUtlString@@@@@@2@Z
?V_SplitStringInternal@@YAXPBDPBQBDQAPBDHAAV?$CUtlVector@VCUtlString@@V?$CUtlMemory@VCUtlString@@@@@@_N@Z
?V_UnicodeAdvance@@YAPADPADH@Z
?V_UnicodeAdvance@@YAPAGPAGH@Z
?V_UnicodeAdvance@@YAPAIPAIH@Z
?V_UnicodeCaseConvert@@YAHAAV?$CUtlVector@GV?$CUtlMemory@G@@@@HW4EStringConvertErrorPolicy@@@Z
?V_UnicodeCaseConvert@@YAHAAVCUtlString@@HW4EStringConvertErrorPolicy@@@Z
?V_UnicodeCaseConvert@@YAHAAVCUtlStringBuilder@@HW4EStringConvertErrorPolicy@@@Z
?V_UnicodeCaseConvert@@YAHPBDPADHHW4EStringConvertErrorPolicy@@@Z
?V_UnicodeCaseConvert@@YAHPBGPAGHHW4EStringConvertErrorPolicy@@@Z
?V_UnicodeCaseConvert@@YAHPBIPAIHHW4EStringConvertErrorPolicy@@@Z
?V_UnicodeLength@@YAHPBD@Z
?V_UnicodeLength@@YAHPBG@Z
?V_UnicodeLength@@YAHPBI@Z
?V_UnicodeRepair@@YAHPADW4EStringConvertErrorPolicy@@@Z
?V_UnicodeRepair@@YAHPAGW4EStringConvertErrorPolicy@@@Z
?V_UnicodeRepair@@YAHPAIW4EStringConvertErrorPolicy@@@Z
?V_UnicodeValidate@@YA_NPBD@Z
?V_UnicodeValidate@@YA_NPBG@Z
?V_UnicodeValidate@@YA_NPBI@Z
?V_atoui128@@YA?AVuint128@@PBD@Z
?V_stristr@@YAPBDPBD0@Z
?ValidateStatics@CStringNormalization@@SAXAAVCValidator@@PBD@Z
?ValidateStatics@CURLUtils@@SAXAAVCValidator@@PBD@Z
BHanIdeograph
CanBeginLine
CanBreakBetween
CanBreakRepeated
CanEndLine
CommandLine
Coroutine_Cancel
Coroutine_Continue
Coroutine_Create
Coroutine_DebugBreak
Coroutine_GetCurrentlyActive
Coroutine_GetStackDepth
Coroutine_IsActive
Coroutine_IsAddressInOurStack
Coroutine_ReleaseThreadMemory
Coroutine_Test
Coroutine_ValidateGlobals
Coroutine_YieldToMain
CreateInterface
DebugStatsSystem
GetNameFromOSType
GetOSDetailString
GetOSType
GetPlatformFromOS
GetPlatformName
GetPlatformNameFromEPlatformType
GetPortableOsVersionInformation
InstallUniformRandomStream
KeyValuesSystemSteam
OSIsCompatible
OSTypesAreCompatible
StringAfterPrefix
StringAfterPrefixCaseSensitive
StringFindSuffix
VStdLib_GetICVarFactory
V_AggressiveStripPrecedingAndTrailingWhitespace
V_AggressiveStripPrecedingAndTrailingWhitespaceW
V_AppendParamToURL
V_AppendSlash
V_BasicHtmlEntityEncode
V_BasicHtmlEntityEncodeBuffer
V_CP437CharsToUTF8
V_ComposeFileName
V_CopyAndFixSlashes
V_DefaultExtension
V_EscapeStringForPHP
V_ExtractDomainFromURL
V_ExtractFileExtension
V_ExtractFilePath
V_FileBase
V_FixDoubleSlashes
V_FixSlashes
V_FixupPathName
V_FormatAndAppend
V_FormatAndAppendTail
V_FormatAndAppendV
V_Get2LDFromDomainName
V_GetCurrentDirectory
V_GetFileExtension
V_HtmlEntityDecodeToUTF8
V_IsAbsolutePath
V_IsDeprecatedW
V_IsInCommaDelimitedList
V_IsMeanSpaceW
V_IsSteamCloseProtocol
V_IsTLD
V_IsValidDomainNameCharacter
V_IsValidUChar32
V_IsValidURLCharacter
V_JoinNumbers
V_JoinNumbersUint
V_JoinNumbersUint64
V_LevenshteinDistance
V_LocaleSpecificANSIToUTF8
V_MakeAbsolutePath
V_MakeFileSafeName
V_MakeRelativePath
V_MatchWildcardDNSName
V_MatchWildcardString
V_NormalizeUTF8
V_NormalizeUTF8Old
V_ParseSteamOpenURLExternalProtocol
V_ParseURLQueryString
V_RemoveChar
V_RemoveDotSlashes
V_ReplaceBadFilenameCharacters
V_ReplaceBadFilenameCharactersInPlace
V_SetCurrentDirectory
V_SetExtension
V_SetURLParam
V_SplitNumbers
V_SplitNumbersUint
V_SplitStringInternal
V_StrLeft
V_StrReplaceChar
V_StrRight
V_StrSkipArticles
V_StrSlice
V_StrSubst
V_StrSubstInPlace
V_StrTrim
V_StrTrimAsciiSpaceChar
V_StripAndPreserveHTML
V_StripAndPreserveHTMLCore
V_StripBBCode
V_StripExtension
V_StripFilename
V_StripLastDir
V_StripPrecedingAndTrailingWhitespace
V_StripPrecedingAndTrailingWhitespaceW
V_StripTrailingSlash
V_StripTrailingWhitespaceASCII
V_StripUnprintable
V_StripUnprintableW
V_TruncateAbsolutePathToDiskIdentity
V_UChar32ToUTF16
V_UChar32ToUTF16Len
V_UChar32ToUTF8
V_UChar32ToUTF8Len
V_URLContainsDomain
V_URLCracker
V_URLDecode
V_URLDecodeRaw
V_URLEncode
V_URLEncodeRaw
V_URLEncodeToUtlString
V_URLParse
V_URLPartsToString
V_UTF16ToUChar32
V_UTF16ToUTF32
V_UTF16ToUTF8
V_UTF32CharsToUTF16
V_UTF32CharsToUTF8
V_UTF32ToUTF16
V_UTF32ToUTF8
V_UTF8ToUChar32
V_UTF8ToUTF16
V_UTF8ToUTF32
V_UnqualifiedFileName
V_WcsSkipArticles
V_Windows1252CharsToUTF8
V_atof
V_atoi
V_atoui64
V_binarytohex
V_hextobinary
V_isbreakablewspace
V_isbreakablewspace32
V_isnumeric
V_isstrlower
V_isvalidhex
V_iswalpha32
V_memcpy_nocache
V_pretifymem
V_pretifynum
V_snprintf
V_snwprintf
V_strcat
V_strcmp_prefix
V_stricmp_filename
V_stricmp_prefix
V_strlower_fast
V_strnappend
V_strncat
V_strncat_length
V_strncat_length_unbounded
V_strnchr
V_strncmp
V_strncpy
V_strnicmp
V_strnistr
V_strnlen
V_strristr
V_strtoi64
V_strtoui64
V_strupper_fast
V_tolower
V_toupper
V_towlower32
V_towupper32
V_vsnprintf
V_vsnprintfRet
V_vsnwprintf
V_wcscat
V_wcsncat
V_wcsncpy
V_wcstoi64
V_wcstoui64
V_whextobinary
WeakRandomChar
WeakRandomFillMemory
WeakRandomFloat
WeakRandomGaussianFloat
WeakRandomInt
WeakRandomSeed
WeakRandomUint32
vstdlib_wcsicmp
vstdlib_wcsnicmp
vstdlib_wcstoi64
vstdlib_wcstoui64

Sections

.text
Size: 220KB - Virtual size: 220KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 202KB - Virtual size: 213KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vstdlib_s64.dll
.dll windows:6 windows x64 arch:x64

Password: 2025

ceb8edf02069810b7cc97ea63ff86361

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2013 12:00

Not After

15-01-2038 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:89:b3:bc:eb:44:09:89:0a:32:d7:19:76:b1:32:a4
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

07-10-2021 00:00

Not After

09-10-2024 23:59

Subject

CN=Valve Corp.,O=Valve Corp.,L=Bellevue,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

8c:35:75:1a:61:a5:4e:44:43:5b:de:7b:64:85:3f:f8:60:03:0e:c2:86:bf:14:3b:bf:8a:37:f6:92:cd:60:c7
Signer

Actual PE Digest

8c:35:75:1a:61:a5:4e:44:43:5b:de:7b:64:85:3f:f8:60:03:0e:c2:86:bf:14:3b:bf:8a:37:f6:92:cd:60:c7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

c:\buildslave\steam_rel_client_win64\build\src\vstdlib\win64\Release\vstdlib_s64.pdb

Imports

kernel32

GetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
HeapAlloc
GetProcessHeap
GetCurrentThreadId
GetModuleFileNameA
GetModuleHandleExA
VerSetConditionMask
GetVersionExA
VerifyVersionInfoW
FoldStringW
MultiByteToWideChar
WideCharToMultiByte
CreateFileW
FindClose
FindFirstFileExW
FindNextFileW
FlushFileBuffers
GetDiskFreeSpaceA
GetDriveTypeW
GetFileSizeEx
LeaveCriticalSection
ReadFile
SetFilePointer
SetFileTime
WriteFile
CloseHandle
SetLastError
GetSystemTimeAsFileTime
GetModuleHandleW
GetCurrentProcess
WriteConsoleW
EnterCriticalSection
GetCommandLineW
GetConsoleOutputCP
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
SetStdHandle
SetFilePointerEx
GetConsoleMode
LCMapStringW
GetStdHandle
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
GetFileType
GetCurrentDirectoryW
SetCurrentDirectoryW
SetEnvironmentVariableW
GetFullPathNameW
TerminateProcess
InterlockedFlushSList
RtlUnwindEx
RaiseException
InitializeSListHead
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection

user32

CharLowerBuffW

tier0_s64

Plat_OutputDebugStringRaw
VProfInternalEnterScopeCurrentThread
CVProfile_ExitScope
g_VProfProfilesRunningCount
?ClaimArrayMemory@CValidator@@QEAAXPEBX@Z
getcwd_utf8
ThreadImplOneTimeInit
ThreadGetCurrentProcessId
Plat_RelativeTicks
Is64BitOS
WriteMiniDump
Plat_IsInDebugSession
Plat_ExitProcess
??1CThreadRWLock@@QEAA@XZ
?UnlockWrite@CThreadRWLock@@QEAAXXZ
?LockForWrite@CThreadRWLock@@QEAAXXZ
?UnlockRead@CThreadRWLock@@QEAAXXZ
?LockForRead@CThreadRWLock@@QEAAXXZ
??0CThreadRWLock@@QEAA@XZ
Warning
g_VProfile
?IsEnabled@CVProfile@@QEBA_NXZ
?ExitScope@CVProfile@@QEAAXXZ
?EnterScope@CVProfile@@QEAA_NPEBDW4EVProfBugdetGroup@@PEAX@Z
?GetBudgetGroupID@CVProfNode@@QEBA?AW4EVProfBugdetGroup@@XZ
?GetName@CVProfNode@@QEAAPEBDXZ
?GetProfile@CVProfNode@@QEAAPEAVCVProfile@@XZ
?GetParent@CVProfNode@@QEAAPEAV1@XZ
VProfInternalGetProfileForCurrentThread
??1CThreadMutex@@QEAA@XZ
??0CThreadMutex@@QEAA@XZ
?Set@CThreadLocalBase@@QEAAXPEAX@Z
?Get@CThreadLocalBase@@QEBAPEAXXZ
??1CThreadLocalBase@@QEAA@XZ
??0CThreadLocalBase@@QEAA@XZ
g_pMemAllocSteam
?ClaimMemory@CValidator@@QEAAXPEBX@Z
?Pop@CValidator@@QEAAXXZ
?Push@CValidator@@QEAAXPEBDPEAX0@Z
?AssertFailed@?$AssertMsgHelper@$0A@@@SA_NPEBDI0ZZ
?AssertFailed@?$AssertMsgHelper@$00@@SA_NPEBDI0@Z
Error
_DMsg
Msg
Plat_GetProcessArgv
g_dwDllEntryThreadId
Plat_OutputDebugString

Exports

Exports

??0CCommandLineParam@@QEAA@PEBD0@Z
??0CGaussianRandomStream@@QEAA@PEAVIUniformRandomStream@@@Z
??0CUniformRandomStream@@QEAA@$$QEAV0@@Z
??0CUniformRandomStream@@QEAA@AEBV0@@Z
??0CUniformRandomStream@@QEAA@XZ
??1CCommandLineParam@@QEAA@XZ
??4CGaussianRandomStream@@QEAAAEAV0@$$QEAV0@@Z
??4CGaussianRandomStream@@QEAAAEAV0@AEBV0@@Z
??4CStringNormalization@@QEAAAEAV0@$$QEAV0@@Z
??4CStringNormalization@@QEAAAEAV0@AEBV0@@Z
??4CURLUtils@@QEAAAEAV0@$$QEAV0@@Z
??4CURLUtils@@QEAAAEAV0@AEBV0@@Z
??4CUniformRandomStream@@QEAAAEAV0@$$QEAV0@@Z
??4CUniformRandomStream@@QEAAAEAV0@AEBV0@@Z
??BCCommandLineParam@@QEBAPEAUOpaqueHParamType@@XZ
??_7CUniformRandomStream@@6B@
??_FCGaussianRandomStream@@QEAAXXZ
?AttachToStream@CGaussianRandomStream@@QEAAXPEAVIUniformRandomStream@@@Z
?Exists@CCommandLineParam@@QEBA_NXZ
?FixupSeparatorScheme@CURLUtils@@SAXAEAVCUtlString@@@Z
?Fold@CStringNormalization@@SAHPEBGPEAGH@Z
?GenerateRandomNumber@CUniformRandomStream@@AEAAHXZ
?GetHParam@CCommandLineParam@@QEBAPEAUOpaqueHParamType@@XZ
?GetValue@CCommandLineParam@@QEBAPEBDPEBD@Z
?Initialize@CStringNormalization@@SAXXZ
?IsTLD@CURLUtils@@SA_NPEBD@Z
?Normalize@CStringNormalization@@SAH_NPEBDPEADH@Z
?Normalize@CStringNormalization@@SAH_NPEBGPEAGH@Z
?RandomChar@CUniformRandomStream@@UEAADXZ
?RandomFillMemory@CUniformRandomStream@@UEAAXPEAX_K@Z
?RandomFloat@CGaussianRandomStream@@QEAAMMM@Z
?RandomFloat@CUniformRandomStream@@UEAAMMM@Z
?RandomInt@CUniformRandomStream@@UEAAHHH@Z
?SetSeed@CUniformRandomStream@@UEAAXH@Z
?Test_BValidateStructures@CStringNormalization@@SA_NXZ
?V_ConvertStringToUUID@@YA_NPEBDW4EUUIDStringFlags@@PEAUV_UUID@@@Z
?V_ConvertStringToUUID@@YA_NPEBGW4EUUIDStringFlags@@PEAUV_UUID@@@Z
?V_ConvertUUIDToString@@YA_NPEBUV_UUID@@W4EUUIDStringFlags@@PEADH@Z
?V_ConvertUUIDToString@@YA_NPEBUV_UUID@@W4EUUIDStringFlags@@PEAGH@Z
?V_EscapeShellArgumentAndAppend@@YA_KPEAD_KPEBD@Z
?V_EscapeShellArgumentAndAppend@@YA_KPEAVCUtlStringBuilder@@PEBD@Z
?V_EscapeShellArgumentAndAppendPOSIX@@YA_KPEAD_KPEBD@Z
?V_EscapeShellArgumentAndAppendWin32@@YA_KPEAD_KPEBD@Z
?V_JoinStrings@@YA?AVCUtlString@@AEBV?$CUtlVector@VCUtlString@@V?$CUtlMemory@VCUtlString@@@@@@PEBD@Z
?V_ParseShellCommandLine@@YAXPEBDAEAV?$CUtlVector@VCUtlString@@V?$CUtlMemory@VCUtlString@@@@@@HPEAPEBD@Z
?V_ParseShellCommandLinePOSIX@@YAXPEBDAEAV?$CUtlVector@VCUtlString@@V?$CUtlMemory@VCUtlString@@@@@@HPEAPEBD@Z
?V_ParseShellCommandLineWin32@@YAXPEBDAEAV?$CUtlVector@VCUtlString@@V?$CUtlMemory@VCUtlString@@@@@@HPEAPEBD@Z
?V_SplitString3@@YAXPEBDPEBQEBDHAEAV?$CUtlVector@VCUtlString@@V?$CUtlMemory@VCUtlString@@@@@@2@Z
?V_SplitStringInternal@@YAXPEBDPEBQEBDQEAPEBDHAEAV?$CUtlVector@VCUtlString@@V?$CUtlMemory@VCUtlString@@@@@@_N@Z
?V_UnicodeAdvance@@YAPEADPEADH@Z
?V_UnicodeAdvance@@YAPEAGPEAGH@Z
?V_UnicodeAdvance@@YAPEAIPEAIH@Z
?V_UnicodeCaseConvert@@YAHAEAV?$CUtlVector@GV?$CUtlMemory@G@@@@HW4EStringConvertErrorPolicy@@@Z
?V_UnicodeCaseConvert@@YAHAEAVCUtlString@@HW4EStringConvertErrorPolicy@@@Z
?V_UnicodeCaseConvert@@YAHAEAVCUtlStringBuilder@@HW4EStringConvertErrorPolicy@@@Z
?V_UnicodeCaseConvert@@YAHPEBDPEADHHW4EStringConvertErrorPolicy@@@Z
?V_UnicodeCaseConvert@@YAHPEBGPEAGHHW4EStringConvertErrorPolicy@@@Z
?V_UnicodeCaseConvert@@YAHPEBIPEAIHHW4EStringConvertErrorPolicy@@@Z
?V_UnicodeLength@@YAHPEBD@Z
?V_UnicodeLength@@YAHPEBG@Z
?V_UnicodeLength@@YAHPEBI@Z
?V_UnicodeRepair@@YAHPEADW4EStringConvertErrorPolicy@@@Z
?V_UnicodeRepair@@YAHPEAGW4EStringConvertErrorPolicy@@@Z
?V_UnicodeRepair@@YAHPEAIW4EStringConvertErrorPolicy@@@Z
?V_UnicodeValidate@@YA_NPEBD@Z
?V_UnicodeValidate@@YA_NPEBG@Z
?V_UnicodeValidate@@YA_NPEBI@Z
?V_atoui128@@YA?AVuint128@@PEBD@Z
?V_stristr@@YAPEBDPEBD0@Z
?ValidateStatics@CStringNormalization@@SAXAEAVCValidator@@PEBD@Z
?ValidateStatics@CURLUtils@@SAXAEAVCValidator@@PEBD@Z
BHanIdeograph
CanBeginLine
CanBreakBetween
CanBreakRepeated
CanEndLine
CommandLine
Coroutine_Cancel
Coroutine_Continue
Coroutine_Create
Coroutine_DebugBreak
Coroutine_GetCurrentlyActive
Coroutine_GetStackDepth
Coroutine_IsActive
Coroutine_IsAddressInOurStack
Coroutine_ReleaseThreadMemory
Coroutine_Test
Coroutine_ValidateGlobals
Coroutine_YieldToMain
CreateInterface
DebugStatsSystem
GetNameFromOSType
GetOSDetailString
GetOSType
GetPlatformFromOS
GetPlatformName
GetPlatformNameFromEPlatformType
GetPortableOsVersionInformation
InstallUniformRandomStream
KeyValuesSystemSteam
OSIsCompatible
OSTypesAreCompatible
StringAfterPrefix
StringAfterPrefixCaseSensitive
StringFindSuffix
VStdLib_GetICVarFactory
V_AggressiveStripPrecedingAndTrailingWhitespace
V_AggressiveStripPrecedingAndTrailingWhitespaceW
V_AppendParamToURL
V_AppendSlash
V_BasicHtmlEntityEncode
V_BasicHtmlEntityEncodeBuffer
V_CP437CharsToUTF8
V_ComposeFileName
V_CopyAndFixSlashes
V_DefaultExtension
V_EscapeStringForPHP
V_ExtractDomainFromURL
V_ExtractFileExtension
V_ExtractFilePath
V_FileBase
V_FixDoubleSlashes
V_FixSlashes
V_FixupPathName
V_FormatAndAppend
V_FormatAndAppendTail
V_FormatAndAppendV
V_Get2LDFromDomainName
V_GetCurrentDirectory
V_GetFileExtension
V_HtmlEntityDecodeToUTF8
V_IsAbsolutePath
V_IsDeprecatedW
V_IsInCommaDelimitedList
V_IsMeanSpaceW
V_IsSteamCloseProtocol
V_IsTLD
V_IsValidDomainNameCharacter
V_IsValidUChar32
V_IsValidURLCharacter
V_JoinNumbers
V_JoinNumbersUint
V_JoinNumbersUint64
V_LevenshteinDistance
V_LocaleSpecificANSIToUTF8
V_MakeAbsolutePath
V_MakeFileSafeName
V_MakeRelativePath
V_MatchWildcardDNSName
V_MatchWildcardString
V_NormalizeUTF8
V_NormalizeUTF8Old
V_ParseSteamOpenURLExternalProtocol
V_ParseURLQueryString
V_RemoveChar
V_RemoveDotSlashes
V_ReplaceBadFilenameCharacters
V_ReplaceBadFilenameCharactersInPlace
V_SetCurrentDirectory
V_SetExtension
V_SetURLParam
V_SplitNumbers
V_SplitNumbersUint
V_SplitStringInternal
V_StrLeft
V_StrReplaceChar
V_StrRight
V_StrSkipArticles
V_StrSlice
V_StrSubst
V_StrSubstInPlace
V_StrTrim
V_StrTrimAsciiSpaceChar
V_StripAndPreserveHTML
V_StripAndPreserveHTMLCore
V_StripBBCode
V_StripExtension
V_StripFilename
V_StripLastDir
V_StripPrecedingAndTrailingWhitespace
V_StripPrecedingAndTrailingWhitespaceW
V_StripTrailingSlash
V_StripTrailingWhitespaceASCII
V_StripUnprintable
V_StripUnprintableW
V_TruncateAbsolutePathToDiskIdentity
V_UChar32ToUTF16
V_UChar32ToUTF16Len
V_UChar32ToUTF8
V_UChar32ToUTF8Len
V_URLContainsDomain
V_URLCracker
V_URLDecode
V_URLDecodeRaw
V_URLEncode
V_URLEncodeRaw
V_URLEncodeToUtlString
V_URLParse
V_URLPartsToString
V_UTF16ToUChar32
V_UTF16ToUTF32
V_UTF16ToUTF8
V_UTF32CharsToUTF16
V_UTF32CharsToUTF8
V_UTF32ToUTF16
V_UTF32ToUTF8
V_UTF8ToUChar32
V_UTF8ToUTF16
V_UTF8ToUTF32
V_UnqualifiedFileName
V_WcsSkipArticles
V_Windows1252CharsToUTF8
V_atof
V_atoi
V_atoui64
V_binarytohex
V_hextobinary
V_isbreakablewspace
V_isbreakablewspace32
V_isnumeric
V_isstrlower
V_isvalidhex
V_iswalpha32
V_memcpy_nocache
V_pretifymem
V_pretifynum
V_snprintf
V_snwprintf
V_strcat
V_strcmp_prefix
V_stricmp_filename
V_stricmp_prefix
V_strlower_fast
V_strnappend
V_strncat
V_strncat_length
V_strncat_length_unbounded
V_strnchr
V_strncmp
V_strncpy
V_strnicmp
V_strnistr
V_strnlen
V_strristr
V_strtoi64
V_strtoui64
V_strupper_fast
V_tolower
V_toupper
V_towlower32
V_towupper32
V_vsnprintf
V_vsnprintfRet
V_vsnwprintf
V_wcscat
V_wcsncat
V_wcsncpy
V_wcstoi64
V_wcstoui64
V_whextobinary
WeakRandomChar
WeakRandomFillMemory
WeakRandomFloat
WeakRandomGaussianFloat
WeakRandomInt
WeakRandomSeed
WeakRandomUint32
vstdlib_wcsicmp
vstdlib_wcsnicmp
vstdlib_wcstoi64
vstdlib_wcstoui64

Sections

.text
Size: 278KB - Virtual size: 278KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 272KB - Virtual size: 289KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: 2025

Password: 2025

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

fe mhM> Size: 555KB - Virtual size: 555KB

.text Size: 131KB - Virtual size: 130KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

Size: 512B - Virtual size: 16B

Password: 2025

b2450b502bee0a75b810fbd1e3320b5e

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5cCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

06:89:b3:bc:eb:44:09:89:0a:32:d7:19:76:b1:32:a4Certificate

Extended Key Usages

Key Usages

0d:a6:fd:b3:5e:0f:8a:8e:db:11:79:f4:80:01:f5:bb:d1:f7:d1:e5:8a:ac:ec:84:31:2f:e6:31:a4:24:72:b5Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

tier0_s

Exports

Exports

Sections

.text Size: 220KB - Virtual size: 220KB

.rdata Size: 81KB - Virtual size: 80KB

.data Size: 202KB - Virtual size: 213KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 11KB - Virtual size: 11KB

Password: 2025

ceb8edf02069810b7cc97ea63ff86361

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5cCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

06:89:b3:bc:eb:44:09:89:0a:32:d7:19:76:b1:32:a4Certificate

Extended Key Usages

Key Usages

8c:35:75:1a:61:a5:4e:44:43:5b:de:7b:64:85:3f:f8:60:03:0e:c2:86:bf:14:3b:bf:8a:37:f6:92:cd:60:c7Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

fe mhM>
Size: 555KB - Virtual size: 555KB

.text
Size: 131KB - Virtual size: 130KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

06:89:b3:bc:eb:44:09:89:0a:32:d7:19:76:b1:32:a4
Certificate

0d:a6:fd:b3:5e:0f:8a:8e:db:11:79:f4:80:01:f5:bb:d1:f7:d1:e5:8a:ac:ec:84:31:2f:e6:31:a4:24:72:b5
Signer

.text
Size: 220KB - Virtual size: 220KB

.rdata
Size: 81KB - Virtual size: 80KB

.data
Size: 202KB - Virtual size: 213KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 11KB - Virtual size: 11KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

06:89:b3:bc:eb:44:09:89:0a:32:d7:19:76:b1:32:a4
Certificate

8c:35:75:1a:61:a5:4e:44:43:5b:de:7b:64:85:3f:f8:60:03:0e:c2:86:bf:14:3b:bf:8a:37:f6:92:cd:60:c7
Signer

.text
Size: 278KB - Virtual size: 278KB

.rdata
Size: 108KB - Virtual size: 107KB

.data
Size: 272KB - Virtual size: 289KB

.pdata
Size: 14KB - Virtual size: 13KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB