waa|iMcOA6,xZY3G*xp/$V1c3#*zTyc9-8vC=!E,)gbj4>C7f>m*c@'yC*~==BH%h4kDa,+`/JZjgA
Overview
overview
10Static
static
3BugSplat64.dll
windows7-x64
10BugSplat64.dll
windows10-2004-x64
10PO202501B.exe
windows7-x64
10PO202501B.exe
windows10-2004-x64
10vcruntime140.dll
windows7-x64
1vcruntime140.dll
windows10-2004-x64
1vcruntime140_1.dll
windows7-x64
1vcruntime140_1.dll
windows10-2004-x64
1vcruntime211.dll
windows7-x64
1vcruntime211.dll
windows10-2004-x64
1Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
BugSplat64.dll
Resource
win7-20241023-en
windows7-x64
13 signatures
150 seconds
Behavioral task
behavioral2
Sample
BugSplat64.dll
Resource
win10v2004-20250217-en
windows10-2004-x64
12 signatures
150 seconds
Behavioral task
behavioral3
Sample
PO202501B.exe
Resource
win7-20241023-en
windows7-x64
13 signatures
150 seconds
Behavioral task
behavioral4
Sample
PO202501B.exe
Resource
win10v2004-20250217-en
windows10-2004-x64
12 signatures
150 seconds
Behavioral task
behavioral5
Sample
vcruntime140.dll
Resource
win7-20241010-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral6
Sample
vcruntime140.dll
Resource
win10v2004-20250217-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral7
Sample
vcruntime140_1.dll
Resource
win7-20240903-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral8
Sample
vcruntime140_1.dll
Resource
win10v2004-20250217-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral9
Sample
vcruntime211.dll
Resource
win7-20240903-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral10
Sample
vcruntime211.dll
Resource
win10v2004-20250217-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
21420893399.zip
-
Size
3.8MB
-
MD5
a50bcdfb411c96dc170cc99a48aab0a7
-
SHA1
ac7205479098631eed2650f3c6b8f19f40e0a431
-
SHA256
0e00c8ece77e51e21526906c710445f03ac38e2f2e4269aff3e0ab31c1cabf8c
-
SHA512
42e55db7f2a207e1fdd46bde9ff1353a3169becdb246228c1cd8f9d07613905808eddf8207dafa909d97f1c867a0a9e9d34433b7852be3f591e413bf0a94edb0
-
SSDEEP
98304:e/Ct4nXedIb9RoiYDnTizmZ+l3gYoDfs696:98LofnGz3Bl0D96
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack002/BugSplat64.dll
Files
-
21420893399.zip.zip
Password: infected
-
244a5d35c3be3ec9640e36b7cc6f75fb76369290b5644451158ca50b6b02a503.zip
-
BugSplat64.dll.dll windows:6 windows x64 arch:x64
b4a6b6612d986f5ef64cd128d9d8d868
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
Imports
advapi32
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegCloseKey
OpenProcessToken
GetTokenInformation
LookupPrivilegeValueW
AdjustTokenPrivileges
RegEnumKeyExW
RegEnumValueW
EventWrite
EventRegister
EventEnabled
bcrypt
BCryptFinishHash
BCryptDecrypt
BCryptGetProperty
BCryptCreateHash
BCryptGenRandom
BCryptHashData
BCryptDestroyHash
BCryptImportKey
BCryptOpenAlgorithmProvider
BCryptSetProperty
BCryptCloseAlgorithmProvider
BCryptDestroyKey
BCryptEncrypt
kernel32
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
EncodePointer
RaiseException
RtlPcToFileHeader
InterlockedFlushSList
RtlUnwindEx
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
SetLastError
FormatMessageW
GetLastError
GetFileAttributesW
CreateDirectoryW
SetFileAttributesW
CreateFileW
WriteFile
CloseHandle
CreateProcessW
GetEnvironmentVariableW
WriteConsoleW
GetStdHandle
LocalFree
ResumeThread
WriteProcessMemory
GetThreadContext
SetThreadContext
VirtualAllocEx
GetTickCount64
GetModuleFileNameW
FreeConsole
QueryPerformanceCounter
GetExitCodeProcess
TerminateProcess
OpenProcess
K32EnumProcesses
GetProcessId
DuplicateHandle
CreatePipe
GetCPInfoExW
GetCurrentProcess
MultiByteToWideChar
WideCharToMultiByte
GetConsoleCP
GetConsoleOutputCP
CloseThreadpoolIo
ExitProcess
GetCurrentProcessId
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToSystemTime
GetSystemTime
GetCalendarInfoEx
CompareStringOrdinal
CompareStringEx
FindNLSStringEx
GetLocaleInfoEx
ResolveLocaleName
GetUserPreferredUILanguages
FindStringOrdinal
GetCurrentProcessorNumber
GetCurrentThread
WaitForSingleObject
Sleep
CreateThreadpoolWork
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
InitializeCriticalSection
InitializeConditionVariable
DeleteCriticalSection
EnterCriticalSection
SleepConditionVariableCS
LeaveCriticalSection
WakeConditionVariable
WaitForMultipleObjectsEx
IsDebuggerPresent
QueryPerformanceFrequency
GetFullPathNameW
GetLongPathNameW
LocalAlloc
GetProcAddress
RaiseFailFastException
CreateThreadpoolIo
StartThreadpoolIo
CancelThreadpoolIo
LocaleNameToLCID
LCMapStringEx
EnumTimeFormatsEx
EnumCalendarInfoExEx
CancelIoEx
CopyFileExW
DeleteFileW
DeviceIoControl
ExpandEnvironmentStringsW
FindClose
FindFirstFileExW
FlushFileBuffers
FreeLibrary
GetCurrentDirectoryW
GetFileAttributesExW
GetFileInformationByHandleEx
GetFileType
GetOverlappedResult
GetSystemDirectoryW
LoadLibraryExW
MoveFileExW
QueryUnbiasedInterruptTime
ReadFile
SetFileInformationByHandle
SetFilePointerEx
SetThreadErrorMode
CreateThread
GetThreadPriority
SetThreadPriority
GetDynamicTimeZoneInformation
GetTimeZoneInformation
SetEvent
ResetEvent
CreateEventExW
GetConsoleMode
ReadConsoleW
FlushProcessWriteBuffers
GetCurrentThreadId
WaitForSingleObjectEx
RtlVirtualUnwind
RtlCaptureContext
RtlRestoreContext
AddVectoredExceptionHandler
FlsAlloc
FlsGetValue
FlsSetValue
CreateEventW
SwitchToThread
SuspendThread
FlushInstructionCache
VirtualAlloc
VirtualProtect
VirtualFree
QueryInformationJobObject
GetModuleHandleW
GetModuleHandleExW
GetProcessAffinityMask
InitializeContext
GetEnabledXStateFeatures
SetXStateFeaturesMask
VirtualQuery
InitializeCriticalSectionEx
GetSystemTimeAsFileTime
DebugBreak
SleepEx
GlobalMemoryStatusEx
GetSystemInfo
GetTickCount
GetLogicalProcessorInformation
GetLogicalProcessorInformationEx
GetLargePageMinimum
VirtualUnlock
GetWriteWatch
ResetWriteWatch
VirtualAllocExNuma
IsProcessInJob
GetNumaHighestNodeNumber
GetProcessGroupAffinity
K32GetProcessMemoryInfo
UnhandledExceptionFilter
RtlLookupFunctionEntry
InitializeSListHead
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
ole32
CoGetApartmentType
CoTaskMemAlloc
CoUninitialize
CoCreateGuid
CoInitializeEx
CoTaskMemFree
CoWaitForMultipleHandles
user32
LoadStringW
api-ms-win-crt-heap-l1-1-0
malloc
_callnewh
calloc
free
api-ms-win-crt-math-l1-1-0
tan
modf
pow
nan
log
nanf
_dclass
_fdclass
fmod
fmodf
sin
floor
cos
ceil
api-ms-win-crt-string-l1-1-0
_stricmp
strncpy_s
_wcsicmp
strcmp
strcpy_s
wcsncmp
api-ms-win-crt-runtime-l1-1-0
_seh_filter_dll
_initterm_e
terminate
_configure_narrow_argv
_cexit
_execute_onexit_table
abort
_initialize_narrow_environment
_initialize_onexit_table
_initterm
api-ms-win-crt-stdio-l1-1-0
__stdio_common_vsprintf_s
__stdio_common_vfprintf
__acrt_iob_func
__stdio_common_vsscanf
Exports
Exports
000y9mJSjZRojby5C
00QqWyMxa4Xew
01IwI1V
01TRGSKYThdoCNNsgMNz
03FQAH2
03Tt3xQH3sQeH9TObyJR7
04NwzUhz
07KlczvF7
09MJnmMUlIDN4M6KY2bc72lbAyPpFT
0BpeXxvnNQSajlr5XoYIz91OA1ZI
0CFnFShtp8bCn06V
0CetPWsOZ
0EeYlyZcT8sLfr7Z5Og7jD0l4
0FNnwsPjw2WypNbkQtDKIc8Bw3ncj
0HNiGxlnH8SotF5g1zS3kzgYG5H
0HimiECRAVsUipD9yeEVkzhB
0IUyiJSBrbw
0JooORnvf0kHsk4Vc
0LxKyEAXu
0NC8oxMmxctkVcU
0OWSWZ68FiMjqq7UtkXR3bTYkTdY0
0PkrCMDNWhRWOPf
0QFwUibJ
0RKwpScNXrQ6qmnM7Ss6LG
0SdOyDqoLHNQR5GDq7lNaSldx6N1Lj
0Tw49CRyzvECO0ZtPm
0V7pFevcHcaU5hxxmxo
0XPinJ738vmjugvZGB2pcq7
0Xk5uIcciCZDiv8
0afDf88
0bK0usPK0RENDzW
0eMudOkJst3kJudLmwcmqJHW7n0OiecX
0iiNsrHTkujAFq8eca
0iuG7r0Gw
0m0e1Aky7pG
0nDMX1Au8nZB
0naWYqGs06n
0oQ6DDeTNiwWCwFxMwUBfuv5mI
0p7qVyMmoLGwGjQPYBI7R4Hv
0q2mLrAHAmY0zvDnBGxtzCxnb
0r2M6zZuBe9sA
0rLuGApBNKq
0uNQJIsHI97HdZ0c
0uVDWtfnJSdSWCDxa3dcK6xA
0vXNLtRo1fcjAAFIA8eFcI
0vsjnor0Ne91Ic
0wYYNb5h8aIGWi3HTm66lxm
0wk27kIZwkORNqE91hofaDGCy8Wa8
0x6WnZ1bv9Xjc3
0xcLWEk1Ogf4AExIpCeHnZ
1042OGT5r
10C8wPWgPY9SFsiFaN
12bgrkOBsuQFhIV8zfvgC6MmF6yX2
13Po3aoknf
14ErDa3Bb4ywus3AxKsMY
14SKIpxLinLl6KJiKq1MPu55BvM2w
151kTyt7vUMOaeaUV3eon9JaRWPpU
15X0wORixfGd9N
17y7kGL1O1LOFnaC3fynLKxk
19yud6IanfD
1AQTRYKUyV
1DIPiVqP19xm
1DfIF7rNexTsSYf
1DvaxYBMDZfEK7Wg92lwABFiIS
1HXVhR73GoD2fQV0rPL8J1IZT
1KfJe9vHZ0baGUF9iJ603epSSen
1LHw298rdQi1yS9xnUq8
1NQEzVW6B3eB41Ung8awyge4LfpxMG
1OJTXkSv4bnN30An8a
1QGW9DcQnVUdakL0jV6RHI6F3sUwv1
1QYrMIiwEjjKF6aGO
1TAje5rnzdl8
1U6T6BsVSf
1UEVwvh
1W22tNm8FlB7hj50zdIhtL
1XKylnTHZ4MEiRSIfUGWwUm
1YIQG9n5nqOtEo
1YRafVvUo0EFn
1ZvM508mns2tXTXvszOtKdMb
1avLBDN2Wh
1aykO78JALBHPBRayOJc
1b3hk53ukL
1cUuGkuMJCq0ho3RebTzJ
1czubhb1AkfeyY8yb
1h0JwNn
1iaxwqnqHlncR
1kMUtmwK76Bw5t
1o1tHsgrOi49r
1tio733Nat
1vz79kAmdMDxt4TArhUUJjTcg5k
1yTjrlmQkS
1zF7KwiT9ol24Lw0A49Ck5g47V
220mUHjZLM9oOUxSGUx2Zbi
23n5uY6W
26Mu0VN2woGy
27YHeuvUnDe0rVZ
27uOyeVPKO6hj8B8C8XMllFITD
28OyVKlvmPrjatFpUn4
2Dm0UWLWQhaEF1vRfB16WSrU8yk
2Eb6OGR
2F5ngAFcLEZw5DbOB
2GdQ9ZCEFW
2I4gvoAAqDs7cUKWJrwPO6i1huvcek9
2JK2suoayQaK9VmA
2KNUzMECpOTV1wbiR7HolwlWVD
2L60D7yhBpqaKhoM7GC8
2LQMSPGWmrBVPsaeRJq27x
2LY2io4lYPxKPmNGwiZY8Xg8qv2gCSK
2NY9fJiP4DiArrWrJHxeySRt
2OiDVBXC72C8IKZ93DiCZjT1fE
2OrJhZOWIEQ3JuZSqXwvrQ2
2PNpSftrjQjswBSyRzKLvC
2QF1WxYSwKdIbqpCCTb
2SBQL1oi0U8pOL5z7
2Tup6D1sTeGIX3hWO
2UXFVZC
2VkNuBJG3y
2Y5jAa228NTOdqXUYT2
2Z3VqCppmmcYOozaDjv3S6XTU1EgFp
2ZeGD4mWb6swnX
2ap9soOVuAaCvCpt8aXty
2bHUT8m1cLijjLDooK9vg8mOM
2cnjWSIVcm
2edgplAZJe
2fYleF8YPoxTEzQFooHOpNHY
2m0nO4N5d88XP3as
2mriwHuvixQfy947mnJunv7v3JE7M
2nSZ8i87Vkt0Gg28GsNNTEVEAZliD
2oEZO9HEc4L
2oRL20UEzmN0yHU
2plcJBADkV0Oc5EW
2qdPF4zGEbrifEoh8
2t4Tb5BDFGzvuqUjkavniSHW
2wAnvBJyKWgZKWGlC3dVhLoVaPBtwf
2wX4l9hmtI0X7E
2xIUpVtHDTB2uNEOn7zn7cH69d
30bwcJ9AA3ORRNHw7rkH8
35I9For8hPfTOQFLkFCReVjtlFuKrBQ
35vlWzvSvEw1enbhtZqQYKbX
36IkTEH6HSV7okMAl8Z
39Wx55nPAJAFeh9OiaELIw5QJw
3BR9q9ir7GUaR07cF14zJFJweg9cHbhu
3BaML3xAijPdMkPXGv
3Bi5kEBKDyVfhWrQvz8
3CGYre0qBb21tu6
3CUO0Y3J24WaSR9QEGsMsRBRKVH
3HAu9OMJZoTIAUMnRMNnA7qNU3Oq7
3HssZS4aj5CX
3IA2NVGdzunVyk6ED
3JHOdWcGSWZBYvME
3JkKzCeCtqc2SJUbIi1E
3JtLDY60a8omh8kAb
3KLkgOFmUZEMorUb
3Kwl28RjJvFsfQJX1oL
3LiGSvo0iHE1LikjwQW
3M8TJWdleNJl5vUBt2uIUio92Nv
3NYgpNk3BlErDKWasOpytavRdQTUSMTh
3NgSLIs9dPZI1alZ4eTfGYQcda7e3ze
3PsDsgDgy1fljfCZ0zBk1gVVjVSvZ7
3Qb2HPEwRHjbhjM90FYnsxKnJUn0nMe1
3RekyiHSQ6zj4WWIgbxGEbc7
3ShpIy1wfAqzVqq2V
3T9AruSwdbdBY3isK
3To5E2XIxdQArAZGyE7n1W9tYzN
3TsP7BVANDT7oIHDMxI9n
3WGy1oV3z81ijblnW2wqmRLvjCP
3WTg1QhcZKdsk00f04
3a7v3IbjqopyE
3aDauYFh9innJIh6AUgqnwybEkvSS
3aMeMekoU3UMHo5G8pzQB4LgAFRzzFs
3djQd0QuEoxKeXjXZKm6gEu
3fHaySeFc0YhL1
3fHoLteVqS
3fNJSKglns42lPUh01AU
3gWIB7Dr1mEq8p0C
3hH5kC6
3ixsYpFFMofUwgRXT0
3jamMzIiuXHM4A5OFlUXMj8m
3jwcWiQFIVAWi1aleFF
3lC1hJjSHygETfx9lY6ILB9aQKD
3nVgvxrECJliPwzZqsJs
3phisJtDJfoMfxz5ubPy
3ptOXgoqmYE
3r2YpG08i
3vecypnMg
3wMnYFcFuMyN
3zXmTJq4o0GOIAqkev3UjX
400ctq0VffCaPMcWONa9UV
40SFQkhULCyt5cDFxkI
41ALS3nvHppjuzvhl
41Slh1AL5wHsL
43OoMMefv
43hzswQQHVnDznClWSkVCZ75Gs88nyM0
43lpvSNcIjlxoN3zh4clmJoJ7sWf
44G9woquSX4
45tqthyY4cKIK0s1ebkCqecvsK
46V1ND8lYBv
46WBQKq6iz
46hc4Nfjaah
47Tn38siWRkfvEifb9Tb4y00t1VUc
47n2YxDfnbwKmQnQLONcGdD1B9d
49FSlGRDMhIIGAlin1
49ltrJTamSu0PCwuOb82
4AIaj34eRnsX9zVFQfUt2QWFCY6
4CQH1D7pvDG
4DswlY5CsBApIeGkHe7KQ5e3Ey
4F3ZGoEKv7r3duLetUE
4JZ9y9nlO4YcXJXBoSsygomXjtrElX
4LJn09O
4O5PfiKsmjwyquAFQFiXriYpDm2UbQ
4Os6Y26waEpjCc
4PA9sdXhrA
4PBO7NOCaM
4PDmZFIjNcBnxcIwP6KUupo
4QqIOChBtv7b
4RFnj5R0R
4S6PY34HpNf
4UEf8EnXXB08xzc7WJgfEjOBOhuzuKe1
4Vvsd4hSOOHeuHQS0XHaz4at
4W9pQ4vfajk3P34j
4WF262iuiFBQ
4XLvY6aWAe5LYm8RhFc
4XnIpllavjD7AXdYrXKqhz
4Y5r5BxqlpH
4YxtXxW1r
4ZOrK1QTimpOnvGkL30G
4ZjfNaQrT1
4Zpc2dwQ1
4cR2youM1GU6zGXQxsz6
4d8STJVMmh628YOmR3o61LKS0udfHUQG
4hMbpEnRDKbEhWE
4iMN5tqnO0UNG
4iXIZUCV0pNCAJy0zDTepws1bQ
4jomoUY9
4p3qpmC2SUg8UzBCzL2eCsXF
4pBXzkxgSwb
4rw3rMiA
4tn1lajmml3I9ef
4tqFwbMVkZwvjzs
4xC4vpqJOHw76
4xua8rWtbXk1mqvFc2Bgql
4yzsuS0uxtfv2t9qwhCh4
4z2VDfJm9nJn
51HOmNZN75adSKDcNrfZdduLTtTg
51I7EUVTE7sE5P
52KRGRo7qUQlO5f3
52p0ETe6vJeMBwPyn59urkBzfYzv2tCz
53jOEUFZHm7pmaMTscvaQdJVsKEu5DU
55R04kwOo0smQjxCzA7Bkv7MV3EvHJ
566Xaqu2oeEHbCxanjM8Ll3S4s
56ouaLxa2K0kB23FCbgSl
58hBGuin6nFsqKEDjPB0IqmujVFwx
59olB43EsynuOs41LCZdXrMZsVh0
5AvEQLd5
5CbrSIw9Xp
5Cn3RRh4HiF2d0E7inZtuQYg8
5Cnh3qHUOQ5PKMGU6VeFBlFl
5CpAUmzhgfD6VUsZORVPNv
5DnwoS4csnh13La3r81to
5FELjAYAk5FCjEDcXq4F
5GnsQOuaqYcTm1leoDsKL5yw87X4Y
5GpFLKYtBxOELl
5HIOK5nybu3lsY5s9
5HjQruMRIlDk4WQ2Gan
5IVcs7Q7vrd7SVi4BdvSDNqirHlZ9eh
5IeW94HVca6bMBll9dRLX4IAQ9CS2Vk
5IlfZJW8iQtYSBYfg7RwCkuJRLhHZ
5JU942NLYEFA8Sf6JM
5Ks4TMDDioqvBE9HDIF4mSgE3
5LYLjt9
5M5YzwDBzZo8fbxTTp6
5MNn8vZ
5N4XAKoChZb1EPIShCbXV2H8b
5OEzbi0UHdJn53
5PvaQxaOYjJqoXxzCp5
5QVxgqnwQXyzcyE23
5RM6NAZekrFCC1TmzGaCPMCA
5RaOkPBn2
5UTyJCCUl8BcvWTNq5I2u9HF08z9
5WNszPeI4Sleuzn8RS7cU4sHD
5X5xM13HygbQ
5XCP0cDSq3pogFrgb
5Y9rmqGj
5ZmH4w4
5bZmobWotU6aArj4SSgSxsS3
5c7VhL8ENlUHnLXEmLei08jReKQJfNXe
5eEwkBb48V9Ra
5fesjc61LpKhCFbnu9OqVoJbyOxxk
5flWdDUeJgp
5hBkEjpPBhRjMsMPXf0cp0d0
5inUJq4L
5kqJo5nVWN6JPkSW0zsHkZdp8BS
5lZwidEtVaq0cuQsgGrG5oSh8xuqo
5lxejNgkSEK4C
5mGYgqxmVqgRv0rbS2HPJ8OV
5mRyRfJAdoyEHGoXaBgkX45q
5pserMlb9pMShJ6Or7
5qWxmTkrWGKF
5rghGkO3a7irYCYU
5s9UJB0g0BZ4oTFergESL62PBBrJcy
5tyjaN2DPKZKILsi3SojjpcQXKHM
5uHSSWGoePR9CeA4jJcm
5vMCJDVOMpgILjmsJzNB6O7
5vNKGad5uzx4tc72NPv66T4x654eLwb0
5vW7xWE1ZqjESFD5Zm
5wxpP3NHxWS4PpC
5zhfiJXYRUTCp
60TAbgcbF9vme
60ouk7mLJ18
63kzwQkiqt0iz
6624UEvEvbDwxC3RfS8OhNVrPcIvfYM
66p2H6Co6tTZcDZ7SUEE
6AAXyycrU50VogrhcH8KvQszSKSRPJgt
6B2wwcQD4cNE7lWKI2JI6
6BKv2fJkaKAMN7i55kCTmY
6Bw9odl8HlRlXtPUikU9KSD4l5oTr
6Bz2vaPs5WrLhwdUVBlV3XIu3
6CrNKdpWetMr8IG86d9
6E7zS4qYjDjTiDjxHq9NTbO8Ia0
6EHzBdKlZzkQXfpiuzKLZC
6FaP83VwCbGSCNTJ4O0Z2sYnbpnpO
6FgxuydDzCL4WzMY9
6Flp8TaIiecVeHCEIOdW
6HDrmm5vMjnOE3gR8g9wqvdNwUC
6HuFmdrshx72JDg9iiDZsI
6Ir7kG64fTc
6KO8B8mUTJr
6KOdaQ5Xs5pWw1F1Lw6qrEeJ9xH
6LaJRLaHesFOOdgRV6mB5GAEX4qz
6Lpoghp2D8EWKwg6ZaV7ST5
6Mm88TYUeXTowJilUMmVqfd
6MuVivVmaS9KWQH
6Ods7ZWi0bz2cOZ007q8
6PhXjFPY
6RyEnv4vUX6
6STnsydFHRpUz
6T42kFfJPRWCv2KgyPjmXztQPYA
6UtfAflMeYg
6WBe06N4A9NuNJ4OCeu8rgKM
6WDysuvMLMVGas0wffdc0UGZ
6XfyhYGl1q
6Y4sflnG
6ZBiffD
6bk869TdE30NglVCSBPWVDLq4V
6cGidrcJxpMzWTShf
6fICVFVrVtcGrg7
6fkiiDIGItGLJCczD
6g7YsUC
6gCylNJzvqIOihrT3JRhCTqIaoIGK
6gJ9NNA1JqdnYvXI
6h4TZxtX
6iP5q79nZd9bghLg
6jUnGywZfDzjMO1leQ8x4ZAY1zvx
6k9egKTgEwtRyWVbBNxci
6lyd2Hpx
6nFOG0Qdx47
6sny2wlabvEQtNPqrX
6tE1IB1LTVOC3
6vliROvIYwzPzTiEFw6KPM9Flfd5B
6voffHz1Cqrd9oPqgqP5JT
6vrXdT7KjTtXILiK9gKRRccz79OSZJ
6wvZUjdusGagRStOPKn5tMASI4XPIcsm
70as71fZw2dfVPMvo47sKwcNvZNPb
71Zfxfh0OgHbw8JG4Uv9axG
71qWeeviNCKNy62Q
73TrRHPZutqEtRQd8WtzE8dXTiQ2A
748paoX3exk2Ew3l7KRPopox2fOKLv
74Vhg8OTFaB6NrTBwFQk1yUpDja8
75ASQNQTKXXf5f9mlJ5
76Tn1uE28YAI1UWyBZJ3Gse4nHPC5m5W
78aNaNHal2AN
79XxYLyLsw3mO2w74bPdkMAbVjWfrU3l
7A8GfCUWSqyaQ
7AGV2dY8IJSYfzov2v9c4
7AnscYDapApZL7PfTbp7EIqx7YT
7AyBpqu8NfwmCVNr
7B4jVpFYdwmIJ6V
7BTHbJKYvP9wXjQcnRwR5TyJ7
7CjDfxWLlb4G2hQuXCFRS
7Cyi3MK7OSIBGh3enQkobQ1tUp
7DFW5PCiE3bMu6TDB2GM5Y6GtPKkZGi
7DKWMVDDQYQ3M5C1Ip1LVRRA3i5inhLr
7DuYvoSFUZodqCDyJ8cVkFg4hC79wu
7JRovx1YdwhAB
7NIh8xSW2s9wMbC7GE
7OMymB9P0umtanY9QAbKjKkH0
7OSYh5lGaz9VW
7UVNQcAtZ6FEP6yBaeormv
7VqZPUprmjiTB05bQYbmfgk
7Wtvh9r52tUnjRNZlclJ2Uk3ERXBc1
7X3FpROl
7XGeUXl6Dj19uJCtRUWSxuj
7XJ4OSnnPyVS2j
7ZgpBx3rcQ21TWnU7rOs
7ZtkUWrRObse7yqJ69fgAhZqEIHnGfBT
7b8MWJSoFNEcLVjYVFTlfRrefF0Kcce4
7cHMVJvGFiCGAgeB4Ao5xvq
7cygZJMzd50VxxFsT4NML
7dLcj9CO0NuOpvJG9
7dg62xc5KyRYEnzkbS6JzOvZecFD5
7fHYPGQcc4PA5KHZbMM8ES4CKmh7o7
7fbP1YqWZWwLsVj
7feteLVQdWlnMoFMGavz07x0Ppq
7j2Utk3BbuYubdvjTB9eZtwoD
7jSsRcI7a9lWGiSaG
7kOmlbs0eDaHiy
7nc1dbCY
7p3gpnoeZtHCarY5lm7u1fREugNI6f
7p7GDnTykh4JfbGOnEMUa3Ts
7t4sBgv
7u7SdAfVRVJBkBl6RHox57hX
7vbau1oI1W5xVUnLKpM74Ld8m2mAcE
7wdTewmnoxUtA1BbFs8pYMGt9B2ah8YU
7xXqfrBrt5e0SdS7I
7zH41AVqFyFSbHu724gVctR
7zmGZN4
86qQ7oLznmryqF6OXA5kx
8IYftgbiYZk16Uw
8KGxLMgLu43kbfaf48iAjCD4QQu
8MPiPgh5eUXxSXQmjWWXF932JcfT
8NSLeUNM2rWfnAbaN
8O0ZAB1yE6xB680HB
8OOlS1gdV2QhFVIS
8OSFyFbeO6DIqz4mjxyjSxknXlP
8OTfsLCiqG3BkQB7tzHf
8OVv2yNbM3kYJP6GP5gcojujs3akvf
8P7O3EZObEF
8Pkc10vO559yGsE
8QeNTA74aKQlap5ngtBkekGjjK0N
8SIixlDJ4CUhMKyXd515t7JCqgG1
8VrbpQqSzYrMON4OtFGPFpWcJz
8WbxAR0DaoAPh6KtRs
8XIvU7g2y9il
8YK0i7fpolZeLqd1xmZ
8YWXOIbfYrF0a41TbUacF
8cG4ZbnWH
8eB7xu3hu9N5rgMZXyuGhG
8eycTjMY1cPCaVhsVl
8fV4gyCK
8iMT32ok
8mFFnFq5ws4xzDTuDtq2STi5nBFW9Z
8nc3p45Jddkl
8poBav0GPVljun2xfIvgeeeGTMqykr58
8r0YKl3XyglNMtC1ycJwfnlDIdIz
8sR4htRtm53fuDPSiQ
8tMI6z0HMNN6owF7aMn
8v1wm2glS35LjBV6GxxjwKxq90QQ5sW
8vlWpSEnajIXN4p5Y7N
8vpxB8WucCfIjaPQFFy9298JkBb
8wJZy7ClshZh6FSK2XNFWz47WbeX
8wiy72X6jEnZ5eFHcTAfVdPggGv
8wjvS8vgpn9yVL
8xA5Oe7
8xRcb8d6QgL
91NNqzf3j
95ucUrmQLmnnYf00iCwmbKXBMd
96EqE0DmKszu
97lwuL1a95gSBlRRkmUi3JUmXFxkx5
97q3fcL8Xmsh8ofNTF3
9A2LiEqP3xltJ6vsCakK
9AftNfxKpYEAn74RDGTHeOX
9BKfWAaVLAWPx0lyqO
9C4JME8Ih4rruYTz1FJoj1
9C5hlaXZG
9FYC4KLdpmLULo9
9G6ba18y2
9GKC8ld9n7juc3aZtCzX8g4dXM2SoazB
9GYlDMjAXEv8
9I7jZoVntnNxUrywC1raIQrQtwIcSOJ
9IBiJHVX5qBof6UlZbGDGFGdZ9fNO
9Ig9Jwj2JQz6WWqlaDI
9JFkF742mhXzvziw5
9Je5Iuc1fGJskRpcof3aLz1pU
9Js5CII00A8abdETm4uyfOfGVc9xlJz
9KaSdSgSq43xgXGOKrWE
9Mi8scQUmtV3Y13
9MryL0hy2dy3lfN6UcHLTjHyNOVc7VKz
9NxhjbGwig9fRMhDEcsr
9SY9oedWWMiqBzyfeGGsv
9TFjjvpzjKTqsb9lXoke
9WvTNS8Si
9XbAkfnKKFf0k1GlPQxcVRsbFTpm7
9XbWPNlS86j9Y1ePvUNUAXg6iX
9ZnqkdSfNM9YMHopsyU
9ZnxIAgHtJHS8KGLQOijXf
9cJooSKQqdhX
9dOQWBtUL6eCCVTNMfsQ0VYGC
9eFmHpmZXHG
9eRi7anafwnBb
9emTuESSQVsntTF
9gbmrUbstWMBeT3Wrf72Uq9m7ai1pT
9gf8smIwoCl3hU3RSEhcH
9hqL0rkPLMEzPJPISD5Zy3Y2TEa2X
9iQ4eGVFzpyUJslDZjdM
9ipfBxMEH9LThgNG
9lnU7ANfgEHy35nXo3gukEu
9mLS3xu6JpkpNNOhBdC
9mP1xjPXYWpAzVtB0h1dz
9oTV36k4KlLeiTQPl1
9rBfiVerBY8f23vTYAreaxFF386oge
Sections
.text Size: 482KB - Virtual size: 482KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.managed Size: 3.2MB - Virtual size: 3.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 3.9MB - Virtual size: 3.9MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 363KB - Virtual size: 481KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 303KB - Virtual size: 302KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 221KB - Virtual size: 221KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
PO202501B.exe.exe windows:6 windows x64 arch:x64
e8db4ac21fda256a31e6fbda49d9dc94
Code Sign
7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before21/12/2012, 00:00Not After30/12/2020, 23:59SubjectCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate
IssuerCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USNot Before18/10/2012, 00:00Not After29/12/2020, 23:59SubjectCN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
03:01Certificate
IssuerOU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=USNot Before16/11/2006, 01:54Not After16/11/2026, 01:54SubjectSERIALNUMBER=07969287,CN=Go Daddy Secure Certification Authority,OU=http://certificates.godaddy.com/repository,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=USKey Usages
KeyUsageCertSign
KeyUsageCRLSign
07:ff:9e:4e:18:62:cfCertificate
IssuerSERIALNUMBER=07969287,CN=Go Daddy Secure Certification Authority,OU=http://certificates.godaddy.com/repository,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=USNot Before02/06/2012, 14:14Not After29/05/2015, 16:45SubjectCN=BugSplat LLC,O=BugSplat LLC,L=Henniker,ST=NH,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
33:d7:77:2f:60:1b:ea:1b:70:6e:51:c0:ff:a2:c4:99:2f:08:7d:50Signer
Actual PE Digest33:d7:77:2f:60:1b:ea:1b:70:6e:51:c0:ff:a2:c4:99:2f:08:7d:50Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
C:\www\src\BugSplat\bin64\BugSplatHD64.pdb
Imports
kernel32
GetCurrentDirectoryA
SetCurrentDirectoryA
UnmapViewOfFile
OpenProcess
CloseHandle
GetLastError
Sleep
GetCurrentThread
TerminateProcess
MapViewOfFile
WritePrivateProfileStringA
CreateProcessA
CreateFileW
ReadConsoleW
WriteConsoleW
SetStdHandle
OutputDebugStringW
LoadLibraryExW
CreateFileMappingA
GetFileInformationByHandle
CreateFileA
WideCharToMultiByte
GetACP
GetModuleFileNameA
GetFullPathNameA
GetFileAttributesA
FreeLibrary
GetTempPathA
LoadLibraryA
SetFilePointerEx
ReadFile
GetConsoleMode
GetConsoleCP
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
GetStringTypeW
HeapFree
IsDebuggerPresent
IsProcessorFeaturePresent
GetCommandLineA
HeapAlloc
RtlPcToFileHeader
RaiseException
RtlLookupFunctionEntry
RtlUnwindEx
GetCPInfo
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetProcAddress
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetProcessHeap
IsValidCodePage
GetOEMCP
GetCurrentThreadId
ExitProcess
GetModuleHandleExW
AreFileApisANSI
DeleteFileW
HeapSize
GetStdHandle
GetFileType
WriteFile
GetModuleFileNameW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapReAlloc
FlushFileBuffers
user32
LoadStringA
SendMessageTimeoutA
GetWindowThreadProcessId
GetTopWindow
MessageBoxA
GetWindow
advapi32
OpenThreadToken
LookupPrivilegeValueA
AdjustTokenPrivileges
ImpersonateSelf
bugsplat64
??1MiniDmpSender@@UEAA@XZ
??0BugSplatImp@@QEAA@XZ
?SuspendAllThreadsInProcess@BugSplatImp@@QEAAXPEAX@Z
??0MiniDmpSender@@QEAA@PEBD000K@Z
?CreateMiniDump@BugSplatImp@@QEAAHPEAUHINSTANCE__@@KPEAXKPEAU_EXCEPTION_POINTERS@@PEBDPEADK@Z
psapi
GetModuleBaseNameA
shlwapi
PathAppendA
PathFileExistsA
Sections
.text Size: 124KB - Virtual size: 124KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 57KB - Virtual size: 57KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 9KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 48KB - Virtual size: 48KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
vcruntime140.dll.dll windows:6 windows x64 arch:x64
2cb5da5225e972a08f32d04b8085dc7e
Code Sign
33:00:00:01:20:f3:38:df:c7:9e:ae:32:ec:00:00:00:00:01:20Certificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before24/10/2018, 21:07Not After10/01/2020, 21:07SubjectCN=Microsoft Time-Stamp Service,OU=Microsoft America Operations+OU=Thales TSS ESN:2264-E33E-780C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51Certificate
IssuerCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before02/05/2019, 21:37Not After02/05/2020, 21:37SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:0e:90:d2:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before08/07/2011, 20:59Not After08/07/2026, 21:09SubjectCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51Certificate
IssuerCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before02/05/2019, 21:37Not After02/05/2020, 21:37SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0e:90:d2:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before08/07/2011, 20:59Not After08/07/2026, 21:09SubjectCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ec:13:be:32:bd:96:8e:c9:a6:3a:bb:fe:39:c5:c7:f1:87:49:2c:bf:1f:f1:e1:cf:20:f6:c6:d4:c6:3d:f2:fdSigner
Actual PE Digestec:13:be:32:bd:96:8e:c9:a6:3a:bb:fe:39:c5:c7:f1:87:49:2c:bf:1f:f1:e1:cf:20:f6:c6:d4:c6:3d:f2:fdDigest Algorithmsha256PE Digest Matchestrue60:4b:77:c5:fd:0e:cc:62:0a:f4:be:c2:85:39:b6:25:a0:7b:19:71Signer
Actual PE Digest60:4b:77:c5:fd:0e:cc:62:0a:f4:be:c2:85:39:b6:25:a0:7b:19:71Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
d:\agent\_work\2\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb
Imports
api-ms-win-crt-runtime-l1-1-0
abort
terminate
api-ms-win-crt-heap-l1-1-0
calloc
malloc
free
api-ms-win-crt-string-l1-1-0
strcpy_s
wcsncmp
api-ms-win-crt-stdio-l1-1-0
__stdio_common_vsprintf_s
api-ms-win-crt-convert-l1-1-0
atol
kernel32
GetLastError
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
RtlLookupFunctionEntry
GetModuleHandleW
GetModuleFileNameW
RtlUnwindEx
RtlUnwind
EncodePointer
RaiseException
RtlPcToFileHeader
InterlockedPushEntrySList
InterlockedFlushSList
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetProcAddress
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
Exports
Exports
_CreateFrameInfo
_CxxThrowException
_FindAndUnlinkFrame
_IsExceptionObjectToBeDestroyed
_SetWinRTOutOfMemoryExceptionCallback
__AdjustPointer
__BuildCatchObject
__BuildCatchObjectHelper
__C_specific_handler
__C_specific_handler_noexcept
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxFrameHandler2
__CxxFrameHandler3
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__FrameUnwindFilter
__GetPlatformExceptionInfo
__NLG_Dispatch2
__NLG_Return2
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__TypeMatch
__current_exception
__current_exception_context
__intrinsic_setjmp
__intrinsic_setjmpex
__processing_throw
__report_gsfailure
__std_exception_copy
__std_exception_destroy
__std_terminate
__std_type_info_compare
__std_type_info_destroy_list
__std_type_info_hash
__std_type_info_name
__telemetry_main_invoke_trigger
__telemetry_main_return_trigger
__unDName
__unDNameEx
__uncaught_exception
__uncaught_exceptions
__vcrt_GetModuleFileNameW
__vcrt_GetModuleHandleW
__vcrt_InitializeCriticalSectionEx
__vcrt_LoadLibraryExW
_get_purecall_handler
_get_unexpected
_is_exception_typeof
_local_unwind
_purecall
_set_purecall_handler
_set_se_translator
longjmp
memchr
memcmp
memcpy
memmove
memset
set_unexpected
strchr
strrchr
strstr
unexpected
wcschr
wcsrchr
wcsstr
Sections
.text Size: 47KB - Virtual size: 47KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 14KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 148B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1024B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 372B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
vcruntime140_1.dll.dll windows:6 windows x64 arch:x64
451bdabc0299e6b9dc317480ef12c3dc
Code Sign
33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51Certificate
IssuerCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before02/05/2019, 21:37Not After02/05/2020, 21:37SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0e:90:d2:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before08/07/2011, 20:59Not After08/07/2026, 21:09SubjectCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
13:6b:39:d4:75:51:9f:0d:ef:8a:84:ee:ff:d7:a8:0d:10:41:16:92:87:33:5a:44:03:4f:8a:65:77:09:d8:17Signer
Actual PE Digest13:6b:39:d4:75:51:9f:0d:ef:8a:84:ee:ff:d7:a8:0d:10:41:16:92:87:33:5a:44:03:4f:8a:65:77:09:d8:17Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
d:\agent\_work\2\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb
Imports
api-ms-win-crt-runtime-l1-1-0
abort
terminate
api-ms-win-crt-heap-l1-1-0
free
calloc
malloc
api-ms-win-crt-string-l1-1-0
strcpy_s
wcsncmp
vcruntime140
__processing_throw
__C_specific_handler
memmove
__current_exception
kernel32
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
RtlUnwindEx
RtlLookupFunctionEntry
LoadLibraryExW
GetProcAddress
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
EncodePointer
RaiseException
RtlPcToFileHeader
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetLastError
SetLastError
TlsAlloc
Exports
Exports
__CxxFrameHandler4
Sections
.text Size: 14KB - Virtual size: 14KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 1024B - Virtual size: 1008B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 272B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
vcruntime211.dll