lumma | Exitlaginfected[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Exitlaginfected.zip
Size

958KB
MD5

b45796f1bd592d9b6b8c224fe289a712
SHA1

aa2f9b451b5d8d52d2f562bfd6da3d366d936179
SHA256

f497fcc25b5e1992ed5e9887363049dcf2163b91bc0eef4a66755ae6ff5283db
SHA512

4b7494690fc117e40805d043a400c5f49b3f045880befaec0e12d4a408559146ae3b71c8a4415b493d8e42edf13c4216800a7ceabbb9a4dc0c6e245e265d1ea1
SSDEEP

24576:YTY95kYpQrbsS6VAFlyhBup/nrqs70XOddXf:YTY95kYpqsSIAF8L0/rT0edlf

Score

10^/10

stealer lumma

Malware Config

Extracted

Family

lumma

https://servicedny.site/api

https://authorisev.site/api

https://faulteyotk.site/api

https://dilemmadu.site/api

https://contemteny.site/api

https://goalyfeastz.site/api

https://opposezmny.site/api

https://seallysl.site/api

https://forbidstow.site/api

Signatures

Lumma family
lumma

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Exitlag/Exitlag.exe
unpack001/Exitlag/assets/WpcMigration.Uplevel.dll
unpack001/Exitlag/assets/WsUpgrade.dll

Files

Exitlaginfected.zip
.zip

Password: infected
Exitlag/Exitlag.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\TonySoprano\Pictures\Launchers\testmylow\launcher2files\obj\Release\Out\Installer_sharp.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 71.0MB - Virtual size: 71.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Exitlag/WindowsManager.dll
Exitlag/assets/TapInstaller.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19-09-2018 00:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:f4:b4:91:12:3a:c4:cd:bd:68:04:2d
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

29-10-2020 09:57

Not After

30-10-2023 09:57

Subject

SERIALNUMBER=CHE-354.686.492,CN=Proton Technologies AG,O=Proton Technologies AG,STREET=Route de la Galaise 32,L=Plan-les-Ouates,ST=Geneva,C=CH,1.2.840.113549.1.9.1=#0c0f61646d696e4070726f746f6e2e6d65,1.3.6.1.4.1.311.60.2.1.2=#130647656e657661,1.3.6.1.4.1.311.60.2.1.3=#13024348,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06-04-2022 07:45

Not After

08-05-2033 07:45

Subject

CN=Globalsign TSA for CodeSign1 - R6,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20-06-2018 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10-12-2014 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a9:f6:fa:0f:84:66:3f:c3:46:a8:aa:20:53:ad:a6:cf:96:f8:74:2e:97:2d:f5:07:3c:4b:9f:c1:e0:f0:63:7b
Signer

Actual PE Digest

a9:f6:fa:0f:84:66:3f:c3:46:a8:aa:20:53:ad:a6:cf:96:f8:74:2e:97:2d:f5:07:3c:4b:9f:c1:e0:f0:63:7b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Gitlab-Runner\builds\uWGXS1dc\0\ProtonVPN\Windows\win-app\src\ProtonVPN.TapInstaller\obj\x86\Release\TapInstaller.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Exitlag/assets/WSearchMigPlugin.dll
.dll regsvr32 windows:10 windows x64 arch:x64

21438ba29a45a5e6f86523b4d07c6854

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-11-2023 19:20

Not After

14-11-2024 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:58:a2:0e:21:5b:64:12:e1:80:3f:99:db:b4:25:d5:eb:33:b1:2c:e7:e3:32:24:40:5b:06:f6:05:3e:48:58
Signer

Actual PE Digest

33:58:a2:0e:21:5b:64:12:e1:80:3f:99:db:b4:25:d5:eb:33:b1:2c:e7:e3:32:24:40:5b:06:f6:05:3e:48:58

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

WSearchMigPlugin.pdb

Imports

msvcrt

_CxxThrowException
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
?terminate@@YAXXZ
??0exception@@QEAA@AEBQEBD@Z
_lock
_callnewh
_wcsicmp
_wcsnicmp
memmove_s
malloc
memmove
_XcptFilter
_unlock
_amsg_exit
_onexit
??1type_info@@UEAA@XZ
_errno
realloc
wcsncpy_s
wcscat_s
free
wcscpy_s
_purecall
__C_specific_handler
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
memcpy_s
_vsnwprintf
??_V@YAXPEAX@Z
memcmp
__CxxFrameHandler3
memcpy
__dllonexit
??3@YAXPEAX@Z
_initterm
memset

kernel32

HeapDestroy
HeapReAlloc
HeapSize
GetSystemDefaultLCID
GetSystemPreferredUILanguages
VerSetConditionMask
VerifyVersionInfoW
LocalFree
RtlCaptureContext
Sleep
GetTickCount64
GetModuleFileNameA
CreateSemaphoreExW
HeapFree
RtlLookupFunctionEntry
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
LockResource
GetLastError
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
HeapAlloc
RtlVirtualUnwind
GetProcAddress
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitOnceBeginInitialize
InitOnceComplete
FreeLibrary
GetCurrentProcess
GetThreadLocale
SetThreadLocale
DeleteCriticalSection
RaiseException
TerminateProcess
QueryPerformanceCounter
CreateEventW
GetSystemTimeAsFileTime
GetModuleFileNameW
LoadLibraryExW
GetTickCount
OutputDebugStringA
SizeofResource
LoadResource
LocaleNameToLCID
SetLastError
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
lstrcmpiW
FindResourceExW
FormatMessageW

oleaut32

SysStringLen
RegisterTypeLi
SysAllocStringByteLen
VarUI4FromStr
GetErrorInfo
LoadTypeLi
SysAllocString
UnRegisterTypeLi
SysFreeString
LoadRegTypeLi

advapi32

RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey
RegQueryValueExW
EnumDependentServicesW
OpenServiceW
EventRegister
EventWriteTransfer
EventUnregister
ControlService
RegEnumKeyExW
QueryServiceStatus
CloseServiceHandle
OpenSCManagerW
QueryServiceConfigW
StartServiceW
RegGetValueW
RegDeleteValueW

user32

CharNextW

ole32

StringFromGUID2
CoTaskMemFree
CoCreateInstance
StringFromCLSID

shell32

SHGetFileInfoW

shlwapi

SHSetValueW
SHDeleteValueW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Exitlag/assets/WpcMigration.Uplevel.dll
.dll windows:10 windows x64 arch:x64

bfbca9b8d50e954bd17d06c0d4c4155a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

WpcMigration.Uplevel.pdb

Imports

msvcp_win

?id@?$collate@G@std@@2V0locale@2@A
??0_Locinfo@std@@QEAA@PEBD@Z
??1_Lockit@std@@QEAA@XZ
??1_Locinfo@std@@QEAA@XZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?is@?$ctype@G@std@@QEBA_NFG@Z
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Incref@facet@locale@std@@UEAAXXZ
_Wcscoll
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
??Bid@locale@std@@QEAA_KXZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?tolower@?$ctype@G@std@@QEBAGG@Z
?id@?$ctype@G@std@@2V0locale@2@A
?_Xbad_alloc@std@@YAXXZ
?tolower@?$ctype@G@std@@QEBAPEBGPEAGPEBG@Z
??1facet@locale@std@@MEAA@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
_Wcsxfrm
??0_Lockit@std@@QEAA@H@Z
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__i64tow_s
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__itoa_s
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__ui64tow_s
memmove
_o__wcstoui64
_o_free
_o_malloc
_o_realloc
_o_towlower
__C_specific_handler
_CxxThrowException
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
strchr
wcschr
__std_type_info_compare
_o___stdio_common_vswprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_type_info_name
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableLevel
TraceMessage
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceLoggerHandle

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-processthreads-l1-1-0

TlsGetValue
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
TlsAlloc
TlsFree
TlsSetValue
QueueUserAPC
OpenThread

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleHandleExW
GetProcAddress
GetModuleFileNameA

samcli

NetUserSetInfo

api-ms-win-core-registry-l1-1-0

RegEnumValueW
RegGetValueW
RegDeleteTreeW
RegDeleteValueW
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumKeyExW

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoTaskMemFree
CLSIDFromString
StringFromCLSID

advapi32

SaferSetLevelInformation
SaferiChangeRegistryScope
SaferSetPolicyInformation
SaferCreateLevel
SaferCloseLevel

kernel32

PackageFamilyNameFromFullName

ole32

OleRun

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-1-0

CreateMutexExW
ReleaseSemaphore
ReleaseMutex
WaitForSingleObjectEx
WaitForSingleObject
OpenSemaphoreW
EnterCriticalSection
CreateSemaphoreExW
InitializeCriticalSection
DeleteCriticalSection
ReleaseSRWLockExclusive
LeaveCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockShared
InitializeSRWLock
AcquireSRWLockShared

api-ms-win-core-synch-l1-2-0

Sleep
WakeAllConditionVariable
SleepConditionVariableSRW

api-ms-win-core-threadpool-l1-2-0

CloseThreadpool

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-file-l1-1-0

GetFileSizeEx
SetFilePointerEx
ReadFile
CreateFileW
GetFileAttributesW

api-ms-win-security-base-l1-1-0

CopySid
CreateWellKnownSid

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventSetInformation

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

ntdll

EtwTraceMessage

shlwapi

PathCombineW

user32

PostThreadMessageW

api-ms-win-security-lsalookup-l1-1-0

LookupAccountSidLocalW

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Exitlag/assets/WsUpgrade.dll
.dll regsvr32 windows:10 windows x64 arch:x64

30ae43715c9ec65454cd7a4ef5927068

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

WsUpgrade.pdb

Imports

oleaut32

SysFreeString
LoadRegTypeLi
VarUI4FromStr
SysStringLen
RegisterTypeLi
UnRegisterTypeLi
SysAllocString
LoadTypeLi

api-ms-win-core-libraryloader-l1-2-0

FindResourceExW
SizeofResource
LoadResource
LockResource
LoadLibraryExA
GetProcAddress
FreeLibrary
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleW
GetModuleHandleExW

api-ms-win-core-com-l1-1-0

CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
StringFromGUID2
StringFromCLSID

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegGetKeySecurity
RegSetKeySecurity
RegDeleteValueW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
RegEnumValueW
RegSetValueExA
RegQueryValueExW
RegQueryValueExA

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte
GetStringTypeW

api-ms-win-core-localization-l1-2-0

SetThreadLocale
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
LCMapStringW
GetThreadLocale

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
InitializeCriticalSection

ntdll

RtlCreateUnicodeString
RtlFreeUnicodeString
RtlFreeHeap
RtlNtStatusToDosError
RtlAllocateHeap
RtlCompareUnicodeString
NtQueryKey

api-ms-win-core-heap-l1-1-0

HeapSize
HeapAlloc
HeapReAlloc
HeapDestroy
GetProcessHeap
HeapFree

ws2_32

WahEnableNonIFSHandleSupport

api-ms-win-core-rtlsupport-l1-1-0

RtlUnwindEx
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlCaptureContext
RtlCompareMemory
RtlVirtualUnwind

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
ExpandEnvironmentStringsA
SetStdHandle
GetCommandLineW
GetStdHandle

api-ms-win-core-versionansi-l1-1-1

GetFileVersionInfoSizeA
GetFileVersionInfoA

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCurrentProcessId
ExitProcess
GetCurrentThreadId
TerminateProcess
GetCurrentProcess

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-file-l1-1-0

GetFileSizeEx
FlushFileBuffers
FindFirstFileExW
CreateFileW
WriteFile
FindNextFileW
SetFilePointerEx
GetFileType
FindClose

api-ms-win-core-console-l1-1-0

GetConsoleMode
GetConsoleOutputCP
WriteConsoleW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedFlushSList

api-ms-win-core-fibers-l1-1-0

FlsAlloc
FlsFree
FlsGetValue
FlsSetValue

shell32

SHGetFileInfoW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Exitlag/library/ARSoft.Tools.Net.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19-09-2018 00:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:f4:b4:91:12:3a:c4:cd:bd:68:04:2d
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

29-10-2020 09:57

Not After

30-10-2023 09:57

Subject

SERIALNUMBER=CHE-354.686.492,CN=Proton Technologies AG,O=Proton Technologies AG,STREET=Route de la Galaise 32,L=Plan-les-Ouates,ST=Geneva,C=CH,1.2.840.113549.1.9.1=#0c0f61646d696e4070726f746f6e2e6d65,1.3.6.1.4.1.311.60.2.1.2=#130647656e657661,1.3.6.1.4.1.311.60.2.1.3=#13024348,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06-04-2022 07:45

Not After

08-05-2033 07:45

Subject

CN=Globalsign TSA for CodeSign1 - R6,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20-06-2018 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10-12-2014 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:e3:92:11:53:fe:8b:85:8f:a3:26:20:da:0d:88:84:dd:77:64:5e:70:6b:02:2e:ad:f9:b3:8e:d3:75:c0:03
Signer

Actual PE Digest

5d:e3:92:11:53:fe:8b:85:8f:a3:26:20:da:0d:88:84:dd:77:64:5e:70:6b:02:2e:ad:f9:b3:8e:d3:75:c0:03

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 290KB - Virtual size: 289KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Exitlag/library/Autofac.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19-09-2018 00:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:f4:b4:91:12:3a:c4:cd:bd:68:04:2d
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

29-10-2020 09:57

Not After

30-10-2023 09:57

Subject

SERIALNUMBER=CHE-354.686.492,CN=Proton Technologies AG,O=Proton Technologies AG,STREET=Route de la Galaise 32,L=Plan-les-Ouates,ST=Geneva,C=CH,1.2.840.113549.1.9.1=#0c0f61646d696e4070726f746f6e2e6d65,1.3.6.1.4.1.311.60.2.1.2=#130647656e657661,1.3.6.1.4.1.311.60.2.1.3=#13024348,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06-04-2022 07:45

Not After

08-05-2033 07:45

Subject

CN=Globalsign TSA for CodeSign1 - R6,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20-06-2018 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10-12-2014 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

bf:8c:79:6e:cc:31:be:c1:0c:0b:42:15:e8:2b:c6:82:b5:e0:54:24:37:64:54:33:88:ae:09:73:2b:ba:45:c5
Signer

Actual PE Digest

bf:8c:79:6e:cc:31:be:c1:0c:0b:42:15:e8:2b:c6:82:b5:e0:54:24:37:64:54:33:88:ae:09:73:2b:ba:45:c5

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\projects\autofac\src\Autofac\obj\Release\net45\Autofac.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 224KB - Virtual size: 223KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Exitlag/library/GalaSoft.MvvmLight.Platform.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19-09-2018 00:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:f4:b4:91:12:3a:c4:cd:bd:68:04:2d
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

29-10-2020 09:57

Not After

30-10-2023 09:57

Subject

SERIALNUMBER=CHE-354.686.492,CN=Proton Technologies AG,O=Proton Technologies AG,STREET=Route de la Galaise 32,L=Plan-les-Ouates,ST=Geneva,C=CH,1.2.840.113549.1.9.1=#0c0f61646d696e4070726f746f6e2e6d65,1.3.6.1.4.1.311.60.2.1.2=#130647656e657661,1.3.6.1.4.1.311.60.2.1.3=#13024348,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06-04-2022 07:45

Not After

08-05-2033 07:45

Subject

CN=Globalsign TSA for CodeSign1 - R6,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20-06-2018 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10-12-2014 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

49:ed:c7:af:11:6a:ef:46:45:d6:df:8d:15:39:b0:88:cc:53:e2:b9:c5:27:be:4d:b2:ae:86:f9:5d:cf:3d:8b
Signer

Actual PE Digest

49:ed:c7:af:11:6a:ef:46:45:d6:df:8d:15:39:b0:88:cc:53:e2:b9:c5:27:be:4d:b2:ae:86:f9:5d:cf:3d:8b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\lbugn\Documents\MVVMLight\GalaSoft.MvvmLight\GalaSoft.MvvmLight.Platform (NET45Std)\obj\Release\GalaSoft.MvvmLight.Platform.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Exitlag/library/GalaSoft.MvvmLight.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19-09-2018 00:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:f4:b4:91:12:3a:c4:cd:bd:68:04:2d
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

29-10-2020 09:57

Not After

30-10-2023 09:57

Subject

SERIALNUMBER=CHE-354.686.492,CN=Proton Technologies AG,O=Proton Technologies AG,STREET=Route de la Galaise 32,L=Plan-les-Ouates,ST=Geneva,C=CH,1.2.840.113549.1.9.1=#0c0f61646d696e4070726f746f6e2e6d65,1.3.6.1.4.1.311.60.2.1.2=#130647656e657661,1.3.6.1.4.1.311.60.2.1.3=#13024348,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06-04-2022 07:45

Not After

08-05-2033 07:45

Subject

CN=Globalsign TSA for CodeSign1 - R6,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20-06-2018 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10-12-2014 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a6:a4:8e:05:59:32:3d:1d:4f:63:a2:c5:17:4e:ed:af:17:af:cc:23:35:1a:98:4a:a7:cd:1e:40:2f:20:e0:c5
Signer

Actual PE Digest

a6:a4:8e:05:59:32:3d:1d:4f:63:a2:c5:17:4e:ed:af:17:af:cc:23:35:1a:98:4a:a7:cd:1e:40:2f:20:e0:c5

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\lbugn\Documents\MVVMLight\GalaSoft.MvvmLight\GalaSoft.MvvmLight.STD10\obj\Release\netstandard1.0\GalaSoft.MvvmLight.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Exitlag/settings.ini

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 71.0MB - Virtual size: 71.0MB

.rsrc Size: 133KB - Virtual size: 133KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6aCertificate

Key Usages

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0fCertificate

Extended Key Usages

Key Usages

23:f4:b4:91:12:3a:c4:cd:bd:68:04:2dCertificate

Extended Key Usages

Key Usages

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6aCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

a9:f6:fa:0f:84:66:3f:c3:46:a8:aa:20:53:ad:a6:cf:96:f8:74:2e:97:2d:f5:07:3c:4b:9f:c1:e0:f0:63:7bSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 13KB - Virtual size: 13KB

.rsrc Size: 1024B - Virtual size: 880B

.reloc Size: 512B - Virtual size: 12B

21438ba29a45a5e6f86523b4d07c6854

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5fCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

33:58:a2:0e:21:5b:64:12:e1:80:3f:99:db:b4:25:d5:eb:33:b1:2c:e7:e3:32:24:40:5b:06:f6:05:3e:48:58Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

oleaut32

advapi32

user32

ole32

shell32

shlwapi

Exports

Exports

Sections

.text Size: 65KB - Virtual size: 65KB

.rdata Size: 46KB - Virtual size: 46KB

.data Size: 5KB - Virtual size: 6KB

.pdata Size: 4KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

bfbca9b8d50e954bd17d06c0d4c4155a

Headers

DLL Characteristics

File Characteristics

PDB Paths

.text
Size: 71.0MB - Virtual size: 71.0MB

.rsrc
Size: 133KB - Virtual size: 133KB

.reloc
Size: 512B - Virtual size: 12B

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

23:f4:b4:91:12:3a:c4:cd:bd:68:04:2d
Certificate

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

a9:f6:fa:0f:84:66:3f:c3:46:a8:aa:20:53:ad:a6:cf:96:f8:74:2e:97:2d:f5:07:3c:4b:9f:c1:e0:f0:63:7b
Signer

.text
Size: 13KB - Virtual size: 13KB

.rsrc
Size: 1024B - Virtual size: 880B

.reloc
Size: 512B - Virtual size: 12B

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

33:58:a2:0e:21:5b:64:12:e1:80:3f:99:db:b4:25:d5:eb:33:b1:2c:e7:e3:32:24:40:5b:06:f6:05:3e:48:58
Signer

.text
Size: 65KB - Virtual size: 65KB

.rdata
Size: 46KB - Virtual size: 46KB

.data
Size: 5KB - Virtual size: 6KB

.pdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 132KB - Virtual size: 132KB

.rdata
Size: 54KB - Virtual size: 53KB

.data
Size: 32KB - Virtual size: 34KB

.pdata
Size: 8KB - Virtual size: 7KB

.didat
Size: 512B - Virtual size: 24B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB