Wave[.]zip | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Wave.zip
Size

2.9MB
MD5

2d7379bd161a17bda3775ef2d72c3fab
SHA1

9be2ba8e56ea544364e0dd598fe38b5ec9f7f4d2
SHA256

cebe30d28433cf7a019c10933548a0e183e97c12319b709776dab87de169cad5
SHA512

4d072db7127c46b8bf83a77f2dbb9c60c7d28b7e81f50c6450cbabd99f76376c345b4b310a81f1bc98e96dbf3b17a97167d1e1b25b13c892732bcfb86039bae7
SSDEEP

49152:nfEkBcsjT/TcQvOVnFjfy/AMWQ1XyGZGhLPJhJkwNmRTsfVbJ95hPqYwAqDM:hBcsjfFvWFTyZXhfGpJhJ3A5e9J9v1Hn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Wave.exe

Files

Wave.zip
.zip
Wave.exe
.exe windows:6 windows x86 arch:x86

93a138801d9601e4c36e6274c8b9d111

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

WriteFile
WriteConsoleW
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetUnhandledExceptionFilter
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
ResumeThread
QueryFullProcessImageNameA
ProcessIdToSessionId
PostQueuedCompletionStatus
OpenProcess
LoadLibraryA
LoadLibraryW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateThread
CreateIoCompletionPort
CreateEventA
CloseHandle
AddVectoredExceptionHandler

Sections

.text
Size: 661KB - Virtual size: 661KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 777KB - Virtual size: 777KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 70KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.symtab
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data
.idata
.rdata
.reloc
.rsrc/DIALOG/102
.rsrc/DIALOG/103
.rsrc/DIALOG/105
.rsrc/DIALOG/106
.rsrc/DIALOG/111
.rsrc/DIALOG/202
.rsrc/DIALOG/203
.rsrc/DIALOG/205
.rsrc/DIALOG/206
.rsrc/DIALOG/211
.rsrc/DIALOG/302
.rsrc/DIALOG/303
.rsrc/DIALOG/305
.rsrc/DIALOG/306
.rsrc/DIALOG/311
.rsrc/DIALOG/402
.rsrc/DIALOG/403
.rsrc/DIALOG/405
.rsrc/DIALOG/406
.rsrc/DIALOG/411
.rsrc/DIALOG/502
.rsrc/DIALOG/503
.rsrc/DIALOG/505
.rsrc/DIALOG/506
.rsrc/DIALOG/511
.rsrc/DIALOG/602
.rsrc/DIALOG/603
.rsrc/DIALOG/605
.rsrc/DIALOG/606
.rsrc/DIALOG/611
.rsrc/MANIFEST/1
.xml
.rsrc/version.txt
.symtab
.text
d3d9.dll
.dll windows:10 windows x64 arch:x64

a0727e7bb6ceac431d543d0bd0ca53e5

Code Sign

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:ed
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/12/2020, 21:29

Not After

02/12/2021, 21:29

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

34:66:a0:91:c1:59:1f:f1:c9:72:d3:4b:73:18:c1:82:62:4b:89:af:b1:cd:6c:41:9b:fc:c4:2c:de:d7:f6:c7
Signer

Actual PE Digest

34:66:a0:91:c1:59:1f:f1:c9:72:d3:4b:73:18:c1:82:62:4b:89:af:b1:cd:6c:41:9b:fc:c4:2c:de:d7:f6:c7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

d3d9.pdb

Imports

msvcrt

memcpy
memmove
memset
pow
powf
sinf
sqrt
sqrtf
logf
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBV0@@Z
_vsnprintf_s
_purecall
log10f
_wtoi
wcschr
_wcsnicmp
swprintf_s
swscanf_s
_wcsicmp
wcscpy_s
wcscat_s
_wcslwr
wcsstr
wcsrchr
wcsncmp
toupper
strncmp
wcsspn
qsort
sprintf_s
strcat_s
memmove_s
floorf
floor
memcmp
expf
malloc
free
_CxxThrowException
memcpy_s
_vsnwprintf
_vsnprintf
_stricmp
strcpy_s
strrchr
__C_specific_handler
cosf
cos
ceil
wcstol
??1exception@@UEAA@XZ
abort
sscanf_s
strstr
__iscsym
_XcptFilter
_amsg_exit
__CxxFrameHandler3
_initterm
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_lock
_unlock
__dllonexit
_onexit
strcmp
wcscmp

ntdll

RtlUnicodeStringToAnsiString
ZwQueryDirectoryFile
RtlpEnsureBufferSize
RtlNtPathNameToDosPathName
ZwUnmapViewOfSection
ZwMapViewOfSection
LdrResSearchResource
RtlVerifyVersionInfo
RtlImageDirectoryEntryToData
RtlGetVersion
RtlRunOnceExecuteOnce
NtClose
ZwQueryKey
ZwEnumerateValueKey
RtlUnicodeStringToInteger
RtlCopyUnicodeString
EtwEventWriteNoRegistration
RtlAnsiStringToUnicodeString
RtlxAnsiStringToUnicodeSize
RtlInitString
RtlUpcaseUnicodeString
ZwSetInformationProcess
ZwQueryInformationProcess
ZwCreateSection
ZwQueryInformationFile
ZwCreateFile
RtlFormatCurrentUserKeyPath
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
ZwQueryValueKey
RtlInitUnicodeStringEx
ZwOpenKey
RtlFreeUnicodeString
ZwOpenFile
RtlDosPathNameToNtPathName_U_WithStatus
ZwQuerySystemInformation
RtlGetNativeSystemInformation
RtlUpcaseUnicodeChar
RtlInitUnicodeString
ZwClose
RtlFreeHeap
ZwEnumerateKey
RtlReAllocateHeap
RtlAllocateHeap
NtQueryWnfStateData
NtQueryInformationProcess
RtlGUIDFromString
RtlDllShutdownInProgress
EtwEventWriteTransfer
EtwLogTraceEvent
NtQueryValueKey
EtwEventUnregister
EtwEventRegister
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
EtwUnregisterTraceGuids
EtwGetTraceEnableFlags
EtwGetTraceLoggerHandle
EtwRegisterTraceGuidsA
EtwGetTraceEnableLevel
RtlIsCriticalSectionLockedByThread
RtlPublishWnfStateData
VerSetConditionMask

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyA
RegEnumValueA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegEnumKeyExA
RegCreateKeyExA
RegSetValueExA
RegGetValueA
RegDeleteValueA

api-ms-win-security-base-l1-1-0

AddAccessAllowedAce
SetSecurityDescriptorDacl
GetSidSubAuthority
GetSidLengthRequired
InitializeSid
SetSecurityDescriptorSacl
IsValidSid
InitializeSecurityDescriptor
InitializeAcl
SetKernelObjectSecurity
GetLengthSid
AddMandatoryAce
AllocateLocallyUniqueId

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW

api-ms-win-gdi-dpiinfo-l1-1-0

GetCurrentDpiInfo

user32

SetPropW
AttachThreadInput
MsgWaitForMultipleObjects
RemovePropW
GetPropW
DestroyWindow
DispatchMessageA
GetWindow
GetWindowThreadProcessId
GetWindowLongPtrW
IsWindowUnicode
EnumDisplayMonitors
EqualRect
IsRectEmpty
SetWindowLongA
GetForegroundWindow
SetForegroundWindow
PtInRect
SetCursorPos
GetCursorPos
CreateIconIndirect
GetWindowDC
GetDesktopWindow
NotifyOverlayWindow
DestroyIcon
GetCursor
LoadCursorW
UnionRect
SetRectEmpty
UnregisterHotKey
RegisterHotKey
GetThreadDesktop
CloseDesktop
GetUserObjectInformationA
OpenInputDesktop
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetWindowRect
mouse_event
GetWindowLongA
IsWindow
IsIconic
SetWindowDisplayAffinity
GetWindowDisplayAffinity
GetKeyState
PostMessageA
SendMessageA
CallWindowProcA
SetWindowLongPtrA
CallWindowProcW
SetWindowLongPtrW
KillTimer
TranslateMessage
PeekMessageA
UnregisterClassA
GetWindowLongPtrA
IsWindowVisible
ShowWindow
SetCursor
GetAncestor
MonitorFromWindow
SetTimer
DefWindowProcA
LoadIconA
RegisterClassA
CreateWindowExA
EnumDisplayDevicesA
DisplayConfigGetDeviceInfo
SystemParametersInfoA
SetWindowPos
GetMonitorInfoA
IntersectRect
SetRect
GetClientRect
EnumDisplaySettingsA
ClientToScreen
OffsetRect
GetSystemMetrics
ReleaseDC
GetWindowInfo
GetDC
IsZoomed

api-ms-win-core-versionansi-l1-1-0

VerQueryValueA
GetFileVersionInfoExA
GetFileVersionInfoSizeExA

api-ms-win-appmodel-unlock-l1-1-0

IsDeveloperModeEnabled

win32u

NtUnBindCompositionSurface
NtQueryCompositionSurfaceStatistics
NtBindCompositionSurface
NtNotifyPresentToCompositionSurface

gdi32

DdEntry44
D3DKMTCacheHybridQueryValue
D3DKMTGetCachedHybridQueryValue
CreateDIBitmap
GetNearestColor
GetDeviceCaps
GetSystemPaletteEntries
DdEntry27
DdEntry20
DdEntry2
DdEntry38
DdEntry54
CreateCompatibleBitmap
SelectObject
CreateDIBSection
DdEntry30
DdEntry16
DdEntry42
CreateCompatibleDC
DdEntry25
DdEntry6
DdEntry31
DdEntry29
DdEntry33
StretchBlt
DdEntry43
DdEntry50
DdEntry46
DdEntry24
DdEntry12
DdEntry9
DdEntry26
SetLayout
DdEntry37
DdEntry22
GetDeviceGammaRamp
DdEntry28
DdEntry23
GetDIBits
DdEntry56
DdEntry17
DdEntry35
CreateRectRgn
DdEntry13
DdEntry19
DdEntry21
DdEntry53
GetRegionData
DdEntry45
DdEntry48
DdEntry40
DdEntry4
DdEntry5
GdiEntry1
DdEntry18
DdEntry36
DdEntry34
SetStretchBltMode
DdEntry39
DdEntry3
DdEntry11
DdEntry10
DeleteObject
DdEntry1
GetRandomRgn
DdEntry41
DdEntry49
D3DKMTMakeResident
D3DKMTPresent
D3DKMTEvict
D3DKMTDestroyAllocation2
D3DKMTLock2
D3DKMTCreateAllocation
D3DKMTMapGpuVirtualAddress
D3DKMTDestroyContext
D3DKMTDestroyAllocation
D3DKMTFreeGpuVirtualAddress
D3DKMTCloseAdapter
D3DKMTCreateHwQueue
D3DKMTSharedPrimaryUnLockNotification
D3DKMTRegisterTrimNotification
D3DKMTWaitForSynchronizationObjectFromCpu
D3DKMTEnumAdapters
D3DKMTUnregisterTrimNotification
D3DKMTDestroyOverlay
D3DKMTGetSharedPrimaryHandle
D3DKMTEscape
D3DKMTSubmitPresentToHwQueue
D3DKMTUnlock2
D3DKMTUpdateAllocationProperty
D3DKMTWaitForSynchronizationObject
D3DKMTDestroySynchronizationObject
D3DKMTQueryStatistics
D3DKMTShareObjects
D3DKMTConfigureSharedResource
D3DKMTSetGammaRamp
D3DKMTCreateSynchronizationObject2
D3DKMTCheckOcclusion
D3DKMTGetDisplayModeList
GdiEntry13
D3DKMTReclaimAllocations
D3DKMTCreateSynchronizationObject
D3DKMTUpdateGpuVirtualAddress
D3DKMTOpenAdapterFromHdc
D3DKMTDestroyDCFromMemory
D3DKMTOpenResource
D3DKMTQueryResourceInfoFromNtHandle
D3DKMTDestroyPagingQueue
D3DKMTCreateAllocation2
D3DKMTQueryAllocationResidency
D3DKMTUpdateOverlay
D3DKMTSharedPrimaryLockNotification
D3DKMTSetDisplayPrivateDriverFormat
D3DKMTCreateDevice
D3DKMTSubmitCommand
D3DKMTRender
D3DKMTCheckExclusiveOwnership
D3DKMTQueryVidPnExclusiveOwnership
D3DKMTDestroyHwQueue
D3DKMTInvalidateCache
D3DKMTSignalSynchronizationObjectFromGpu
D3DKMTSetQueuedLimit
D3DKMTWaitForSynchronizationObjectFromGpu
DeleteDC
D3DKMTSetDisplayMode
D3DKMTSubmitSignalSyncObjectsToHwQueue
D3DKMTSetVidPnSourceOwner1
D3DKMTSignalSynchronizationObject
D3DKMTReclaimAllocations2
D3DKMTCreateContext
D3DKMTSubmitCommandToHwQueue
D3DKMTReleaseProcessVidPnSourceOwners
D3DKMTCreatePagingQueue
D3DKMTSubmitWaitForSyncObjectsToHwQueue
D3DKMTCreateDCFromMemory
D3DKMTDestroyDevice
D3DKMTReserveGpuVirtualAddress
D3DKMTGetMultisampleMethodList
D3DKMTCheckMonitorPowerState
D3DKMTSignalSynchronizationObjectFromGpu2
D3DKMTSetAllocationPriority
D3DKMTOpenAdapterFromDeviceName
D3DKMTCreateContextVirtual
D3DKMTQueryResourceInfo
D3DKMTSignalSynchronizationObject2
D3DKMTGetScanLine
D3DKMTMarkDeviceAsError
D3DKMTUnlock
D3DKMTLock
D3DKMTOpenResource2
D3DKMTGetContextSchedulingPriority
D3DKMTWaitForSynchronizationObject2
D3DKMTSignalSynchronizationObjectFromCpu
CreateDCA
D3DKMTGetMultiPlaneOverlayCaps
BitBlt
D3DKMTWaitForVerticalBlankEvent
D3DKMTQueryAdapterInfo
D3DKMTSetContextSchedulingPriority
D3DKMTOpenResourceFromNtHandle
D3DKMTGetDeviceState
D3DKMTGetResourcePresentPrivateDriverData
D3DKMTOfferAllocations
D3DKMTGetOverlayState
D3DKMTOpenSyncObjectFromNtHandle2
D3DKMTFlipOverlay
D3DKMTCreateOverlay

kernel32

GetFileSize
GetVersionExA
GetLogicalProcessorInformation
ResolveDelayLoadedAPI
DelayLoadFailureHook
GetLongPathNameW
GetDriveTypeW
FindClose
FindNextFileW
FindFirstFileW
FreeEnvironmentStringsW
GetEnvironmentStringsW
RegQueryValueExW
InitOnceComplete
OpenProcess
RegOpenKeyExW
RegGetValueW
K32GetModuleFileNameExW
InitOnceBeginInitialize
CreateEventA
CreateThread
SetEvent
GetModuleHandleExA
WaitForMultipleObjects
GetProcessMitigationPolicy
GetModuleFileNameW
GetSystemTimeAsFileTime
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateNamedPipeA
CreateFileA
WaitNamedPipeA
TransactNamedPipe
GetPrivateProfileStringA
WriteFile
PeekNamedPipe
ReadFile
FlushFileBuffers
DisconnectNamedPipe
ConnectNamedPipe
SetNamedPipeHandleState
OpenMutexW
CreateMutexW
CreateSemaphoreA
GlobalAddAtomA
ResetEvent
OpenEventW
GetTickCount
LocalFree
LocalAlloc
VerifyVersionInfoA
DisableThreadLibraryCalls
CreateSemaphoreExA
FreeLibraryAndExitThread
GetModuleHandleA
QueryPerformanceCounter
GetSystemTime
WideCharToMultiByte
LoadLibraryW
QueryPerformanceFrequency
Sleep
GetProcessId
GetCurrentProcess
InitializeSRWLock
lstrcmpA
SetErrorMode
LoadLibraryA
InitializeCriticalSection
LoadLibraryExW
FreeLibrary
OutputDebugStringA
GetNativeSystemInfo
IsDebuggerPresent
GetCurrentProcessId
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
CreateThreadpoolTimer
ReleaseSRWLockShared
SetThreadpoolTimer
CloseHandle
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
CloseThreadpoolTimer
OutputDebugStringW
ReleaseSRWLockExclusive
GetLastError
ReleaseMutex
WaitForSingleObject
WaitForThreadpoolTimerCallbacks
InitializeCriticalSectionEx
LeaveCriticalSection
ReleaseSemaphore
EnterCriticalSection
SetLastError
CreateSemaphoreExW
DebugBreak
GetModuleHandleW
GetProcessHeap
GetProcAddress
HeapAlloc
FormatMessageW
GetCurrentThreadId
GetModuleHandleExW
HeapFree
GetModuleFileNameA
ExpandEnvironmentStringsW

dwmapi

ord100
ord137
ord128
DwmIsCompositionEnabled
ord136

api-ms-win-shell-shellfolders-l1-1-0

SHGetKnownFolderPath

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

kernelbase

GetPackageFamilyName
GetApplicationUserModelId
GetCurrentPackageFamilyName
GetCurrentPackageFullName
CheckIsMSIXPackage
GetCurrentApplicationUserModelId

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventSetInformation
EventUnregister

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoTaskMemFree
CoCreateInstance
CoUninitialize

Exports

Exports

D3DPERF_BeginEvent
D3DPERF_EndEvent
D3DPERF_GetStatus
D3DPERF_QueryRepeatFrame
D3DPERF_SetMarker
D3DPERF_SetOptions
D3DPERF_SetRegion
DebugSetLevel
DebugSetMute
Direct3D9EnableMaximizedWindowedModeShim
Direct3DCreate9
Direct3DCreate9Ex
Direct3DCreate9On12
Direct3DCreate9On12Ex
Direct3DShaderValidatorCreate9
PSGPError
PSGPSampleTexture

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 396KB - Virtual size: 396KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
d3dx9_24.dll
.dll windows:5 windows x64 arch:x64

d320a8edf2203f88abe71ec2dcb43d17

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:0c:ab:11:d8:22:ef:7d:6c:79:7e
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

23/05/2002, 08:00

Not After

25/09/2011, 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:05:87:58:00:03:00:00:00:5a
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/01/2005, 23:20

Not After

05/04/2006, 23:30

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

f7:ba:02:b4:39:d6:a2:de:ef:9d:9c:2a:3f:b5:8a:34:86:53:2a:1e
Signer

Actual PE Digest

f7:ba:02:b4:39:d6:a2:de:ef:9d:9c:2a:3f:b5:8a:34:86:53:2a:1e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

d3dx9_24.pdb

Imports

kernel32

LoadResource
LockResource
SizeofResource
FreeResource
CompareStringA
GetFullPathNameA
LeaveCriticalSection
DeleteCriticalSection
Sleep
InitializeCriticalSection
EnterCriticalSection
lstrcmpiA
IsDBCSLeadByte
WriteFile
GetTempPathA
FindResourceA
CreateFileA
ReadFile
CloseHandle
DeleteFileA
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
WideCharToMultiByte
MultiByteToWideChar
OutputDebugStringA
GetModuleHandleA
LoadLibraryA
GetProcAddress
GetVersionExA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSize
CreateFileW
SetFilePointer
DeleteFileW
MoveFileA
MoveFileW
GetTempFileNameW
GlobalMemoryStatus
FreeLibrary
SetEndOfFile
GetSystemInfo
ExpandEnvironmentStringsA
HeapAlloc
GetProcessHeap
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
DisableThreadLibraryCalls
GetTempFileNameA
FindResourceW

msvcrt

__C_specific_handler
?terminate@@YAXXZ
_initterm
_tempnam
exit
atol
_ultoa
wcstombs
rand
ceilf
fread
_wfopen
fopen
fwrite
fclose
__CxxFrameHandler
isxdigit
atof
tanh
tan
sinh
exp
cosh
_fpclass
strchr
_isnan
atan2
atan
acos
asin
cos
sin
log
floor
isalnum
isalpha
toupper
tolower
atoi
floorf
_strtime
_strdate
sscanf
pow
isspace
isdigit
_setjmp
longjmp
ldexp
frexp
memcmp
calloc
realloc
malloc
logf
setlocale
_strdup
free
ceil
_vsnprintf
asinf
atan2f
acosf
_finite
cosf
sinf
sqrt
memmove
qsort
fmod
_purecall
_stricmp
modff
iswspace
iswalpha
iswdigit
iswpunct
sqrtf
memset
powf
memcpy
??2@YAPEAX_K@Z
??3@YAXPEAX@Z

gdi32

DeleteDC
DeleteObject
SelectObject
GetCharacterPlacementA
GetCharacterPlacementW
SetTextColor
SetBkColor
SetBkMode
CreateFontIndirectW
GetTextMetricsW
CreateDIBSection
CreateFontIndirectA
SetTextAlign
SetMapMode
CreateCompatibleDC
ExtTextOutA
MoveToEx
ExtTextOutW
GetCurrentObject
GetOutlineTextMetricsA
GetGlyphOutlineW
GetObjectA
GetTextMetricsA
GetFontLanguageInfo
GetObjectW
GetGlyphOutlineA

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyA

Exports

Exports

D3DXAssembleShader
D3DXAssembleShaderFromFileA
D3DXAssembleShaderFromFileW
D3DXAssembleShaderFromResourceA
D3DXAssembleShaderFromResourceW
D3DXBoxBoundProbe
D3DXCheckCubeTextureRequirements
D3DXCheckTextureRequirements
D3DXCheckVersion
D3DXCheckVolumeTextureRequirements
D3DXCleanMesh
D3DXColorAdjustContrast
D3DXColorAdjustSaturation
D3DXCompileShader
D3DXCompileShaderFromFileA
D3DXCompileShaderFromFileW
D3DXCompileShaderFromResourceA
D3DXCompileShaderFromResourceW
D3DXComputeBoundingBox
D3DXComputeBoundingSphere
D3DXComputeNormalMap
D3DXComputeNormals
D3DXComputeTangent
D3DXComputeTangentFrame
D3DXComputeTangentFrameEx
D3DXConcatenateMeshes
D3DXConvertMeshSubsetToSingleStrip
D3DXConvertMeshSubsetToStrips
D3DXCpuOptimizations
D3DXCreateAnimationController
D3DXCreateBox
D3DXCreateBuffer
D3DXCreateCompressedAnimationSet
D3DXCreateCubeTexture
D3DXCreateCubeTextureFromFileA
D3DXCreateCubeTextureFromFileExA
D3DXCreateCubeTextureFromFileExW
D3DXCreateCubeTextureFromFileInMemory
D3DXCreateCubeTextureFromFileInMemoryEx
D3DXCreateCubeTextureFromFileW
D3DXCreateCubeTextureFromResourceA
D3DXCreateCubeTextureFromResourceExA
D3DXCreateCubeTextureFromResourceExW
D3DXCreateCubeTextureFromResourceW
D3DXCreateCylinder
D3DXCreateEffect
D3DXCreateEffectCompiler
D3DXCreateEffectCompilerFromFileA
D3DXCreateEffectCompilerFromFileW
D3DXCreateEffectCompilerFromResourceA
D3DXCreateEffectCompilerFromResourceW
D3DXCreateEffectEx
D3DXCreateEffectFromFileA
D3DXCreateEffectFromFileExA
D3DXCreateEffectFromFileExW
D3DXCreateEffectFromFileW
D3DXCreateEffectFromResourceA
D3DXCreateEffectFromResourceExA
D3DXCreateEffectFromResourceExW
D3DXCreateEffectFromResourceW
D3DXCreateEffectPool
D3DXCreateFontA
D3DXCreateFontIndirectA
D3DXCreateFontIndirectW
D3DXCreateFontW
D3DXCreateFragmentLinker
D3DXCreateKeyframedAnimationSet
D3DXCreateLine
D3DXCreateMatrixStack
D3DXCreateMesh
D3DXCreateMeshFVF
D3DXCreateNPatchMesh
D3DXCreatePMeshFromStream
D3DXCreatePRTBuffer
D3DXCreatePRTBufferTex
D3DXCreatePRTCompBuffer
D3DXCreatePRTEngine
D3DXCreatePatchMesh
D3DXCreatePolygon
D3DXCreateRenderToEnvMap
D3DXCreateRenderToSurface
D3DXCreateSPMesh
D3DXCreateSkinInfo
D3DXCreateSkinInfoFVF
D3DXCreateSkinInfoFromBlendedMesh
D3DXCreateSphere
D3DXCreateSprite
D3DXCreateTeapot
D3DXCreateTextA
D3DXCreateTextW
D3DXCreateTexture
D3DXCreateTextureFromFileA
D3DXCreateTextureFromFileExA
D3DXCreateTextureFromFileExW
D3DXCreateTextureFromFileInMemory
D3DXCreateTextureFromFileInMemoryEx
D3DXCreateTextureFromFileW
D3DXCreateTextureFromResourceA
D3DXCreateTextureFromResourceExA
D3DXCreateTextureFromResourceExW
D3DXCreateTextureFromResourceW
D3DXCreateTextureGutterHelper
D3DXCreateTextureShader
D3DXCreateTorus
D3DXCreateVolumeTexture
D3DXCreateVolumeTextureFromFileA
D3DXCreateVolumeTextureFromFileExA
D3DXCreateVolumeTextureFromFileExW
D3DXCreateVolumeTextureFromFileInMemory
D3DXCreateVolumeTextureFromFileInMemoryEx
D3DXCreateVolumeTextureFromFileW
D3DXCreateVolumeTextureFromResourceA
D3DXCreateVolumeTextureFromResourceExA
D3DXCreateVolumeTextureFromResourceExW
D3DXCreateVolumeTextureFromResourceW
D3DXDebugMute
D3DXDeclaratorFromFVF
D3DXDisassembleEffect
D3DXDisassembleShader
D3DXFVFFromDeclarator
D3DXFileCreate
D3DXFillCubeTexture
D3DXFillCubeTextureTX
D3DXFillTexture
D3DXFillTextureTX
D3DXFillVolumeTexture
D3DXFillVolumeTextureTX
D3DXFilterTexture
D3DXFindShaderComment
D3DXFloat16To32Array
D3DXFloat32To16Array
D3DXFrameAppendChild
D3DXFrameCalculateBoundingSphere
D3DXFrameDestroy
D3DXFrameFind
D3DXFrameNumNamedMatrices
D3DXFrameRegisterNamedMatrices
D3DXFresnelTerm
D3DXGatherFragments
D3DXGatherFragmentsFromFileA
D3DXGatherFragmentsFromFileW
D3DXGatherFragmentsFromResourceA
D3DXGatherFragmentsFromResourceW
D3DXGenerateOutputDecl
D3DXGeneratePMesh
D3DXGetDeclLength
D3DXGetDeclVertexSize
D3DXGetDriverLevel
D3DXGetFVFVertexSize
D3DXGetImageInfoFromFileA
D3DXGetImageInfoFromFileInMemory
D3DXGetImageInfoFromFileW
D3DXGetImageInfoFromResourceA
D3DXGetImageInfoFromResourceW
D3DXGetPixelShaderProfile
D3DXGetShaderConstantTable
D3DXGetShaderInputSemantics
D3DXGetShaderOutputSemantics
D3DXGetShaderSamplers
D3DXGetShaderSize
D3DXGetShaderVersion
D3DXGetTargetDescByName
D3DXGetTargetDescByVersion
D3DXGetVertexShaderProfile
D3DXIntersect
D3DXIntersectSubset
D3DXIntersectTri
D3DXLoadMeshFromXA
D3DXLoadMeshFromXInMemory
D3DXLoadMeshFromXResource
D3DXLoadMeshFromXW
D3DXLoadMeshFromXof
D3DXLoadMeshHierarchyFromXA
D3DXLoadMeshHierarchyFromXInMemory
D3DXLoadMeshHierarchyFromXW
D3DXLoadPRTBufferFromFileA
D3DXLoadPRTBufferFromFileW
D3DXLoadPRTCompBufferFromFileA
D3DXLoadPRTCompBufferFromFileW
D3DXLoadPatchMeshFromXof
D3DXLoadSkinMeshFromXof
D3DXLoadSurfaceFromFileA
D3DXLoadSurfaceFromFileInMemory
D3DXLoadSurfaceFromFileW
D3DXLoadSurfaceFromMemory
D3DXLoadSurfaceFromResourceA
D3DXLoadSurfaceFromResourceW
D3DXLoadSurfaceFromSurface
D3DXLoadVolumeFromFileA
D3DXLoadVolumeFromFileInMemory
D3DXLoadVolumeFromFileW
D3DXLoadVolumeFromMemory
D3DXLoadVolumeFromResourceA
D3DXLoadVolumeFromResourceW
D3DXLoadVolumeFromVolume
D3DXMatrixAffineTransformation
D3DXMatrixAffineTransformation2D
D3DXMatrixDecompose
D3DXMatrixDeterminant
D3DXMatrixInverse
D3DXMatrixLookAtLH
D3DXMatrixLookAtRH
D3DXMatrixMultiply
D3DXMatrixMultiplyTranspose
D3DXMatrixOrthoLH
D3DXMatrixOrthoOffCenterLH
D3DXMatrixOrthoOffCenterRH
D3DXMatrixOrthoRH
D3DXMatrixPerspectiveFovLH
D3DXMatrixPerspectiveFovRH
D3DXMatrixPerspectiveLH
D3DXMatrixPerspectiveOffCenterLH
D3DXMatrixPerspectiveOffCenterRH
D3DXMatrixPerspectiveRH
D3DXMatrixReflect
D3DXMatrixRotationAxis
D3DXMatrixRotationQuaternion
D3DXMatrixRotationX
D3DXMatrixRotationY
D3DXMatrixRotationYawPitchRoll
D3DXMatrixRotationZ
D3DXMatrixScaling
D3DXMatrixShadow
D3DXMatrixTransformation
D3DXMatrixTransformation2D
D3DXMatrixTranslation
D3DXMatrixTranspose
D3DXOptimizeFaces
D3DXOptimizeVertices
D3DXPlaneFromPointNormal
D3DXPlaneFromPoints
D3DXPlaneIntersectLine
D3DXPlaneNormalize
D3DXPlaneTransform
D3DXPlaneTransformArray
D3DXQuaternionBaryCentric
D3DXQuaternionExp
D3DXQuaternionInverse
D3DXQuaternionLn
D3DXQuaternionMultiply
D3DXQuaternionNormalize
D3DXQuaternionRotationAxis
D3DXQuaternionRotationMatrix
D3DXQuaternionRotationYawPitchRoll
D3DXQuaternionSlerp
D3DXQuaternionSquad
D3DXQuaternionSquadSetup
D3DXQuaternionToAxisAngle
D3DXRectPatchSize
D3DXSHAdd
D3DXSHDot
D3DXSHEvalConeLight
D3DXSHEvalDirection
D3DXSHEvalDirectionalLight
D3DXSHEvalHemisphereLight
D3DXSHEvalSphericalLight
D3DXSHPRTCompSplitMeshSC
D3DXSHPRTCompSuperCluster
D3DXSHProjectCubeMap
D3DXSHRotate
D3DXSHRotateZ
D3DXSHScale
D3DXSaveMeshHierarchyToFileA
D3DXSaveMeshHierarchyToFileW
D3DXSaveMeshToXA
D3DXSaveMeshToXW
D3DXSavePRTBufferToFileA
D3DXSavePRTBufferToFileW
D3DXSavePRTCompBufferToFileA
D3DXSavePRTCompBufferToFileW
D3DXSaveSurfaceToFileA
D3DXSaveSurfaceToFileInMemory
D3DXSaveSurfaceToFileW
D3DXSaveTextureToFileA
D3DXSaveTextureToFileInMemory
D3DXSaveTextureToFileW
D3DXSaveVolumeToFileA
D3DXSaveVolumeToFileInMemory
D3DXSaveVolumeToFileW
D3DXSimplifyMesh
D3DXSphereBoundProbe
D3DXSplitMesh
D3DXTessellateNPatches
D3DXTessellateRectPatch
D3DXTessellateTriPatch
D3DXTriPatchSize
D3DXValidMesh
D3DXValidPatchMesh
D3DXVec2BaryCentric
D3DXVec2CatmullRom
D3DXVec2Hermite
D3DXVec2Normalize
D3DXVec2Transform
D3DXVec2TransformArray
D3DXVec2TransformCoord
D3DXVec2TransformCoordArray
D3DXVec2TransformNormal
D3DXVec2TransformNormalArray
D3DXVec3BaryCentric
D3DXVec3CatmullRom
D3DXVec3Hermite
D3DXVec3Normalize
D3DXVec3Project
D3DXVec3ProjectArray
D3DXVec3Transform
D3DXVec3TransformArray
D3DXVec3TransformCoord
D3DXVec3TransformCoordArray
D3DXVec3TransformNormal
D3DXVec3TransformNormalArray
D3DXVec3Unproject
D3DXVec3UnprojectArray
D3DXVec4BaryCentric
D3DXVec4CatmullRom
D3DXVec4Cross
D3DXVec4Hermite
D3DXVec4Normalize
D3DXVec4Transform
D3DXVec4TransformArray
D3DXWeldVertices

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 82KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vcruntime140_1.dll
.dll windows:6 windows x64 arch:x64

72707e942878aac770fcc118ce3ec1c9

Code Sign

33:00:00:00:f8:ae:a0:bd:67:8b:63:ac:eb:00:00:00:00:00:f8
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2013,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2023, 19:43

Not After

16/10/2024, 19:43

Subject

CN=Microsoft Windows Software Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:14:9d:fb:c3:1f:1f:63:c3:10:00:00:00:00:00:14
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/05/2013, 20:44

Not After

01/05/2028, 20:54

Subject

CN=Microsoft Windows Third Party Component CA 2013,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:03:a5:41:11:e8:f0:7f:be:0b:75:00:00:00:00:03:a5
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2023, 19:51

Not After

16/10/2024, 19:51

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e6:27:7e:bb:9a:cc:60:db:34:7b:06:95:e9:12:d4:38:2f:d2:3c:72:0f:e8:f6:c6:dc:0f:30:ff:ae:9d:32:69
Signer

Actual PE Digest

e6:27:7e:bb:9a:cc:60:db:34:7b:06:95:e9:12:d4:38:2f:d2:3c:72:0f:e8:f6:c6:dc:0f:30:ff:ae:9d:32:69

Digest Algorithm

sha256

PE Digest Matches

true

e6:27:7e:bb:9a:cc:60:db:34:7b:06:95:e9:12:d4:38:2f:d2:3c:72:0f:e8:f6:c6:dc:0f:30:ff:ae:9d:32:69
Signer

Actual PE Digest

e6:27:7e:bb:9a:cc:60:db:34:7b:06:95:e9:12:d4:38:2f:d2:3c:72:0f:e8:f6:c6:dc:0f:30:ff:ae:9d:32:69

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

terminate
abort

api-ms-win-crt-heap-l1-1-0

malloc
calloc
free

api-ms-win-crt-string-l1-1-0

strcpy_s
wcsncmp

vcruntime140

memcpy
__processing_throw
__C_specific_handler
memmove
__current_exception

kernel32

IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
RtlUnwindEx
RtlLookupFunctionEntry
LoadLibraryExW
GetProcAddress
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
EncodePointer
RaiseException
RtlPcToFileHeader
GetLastError
DeleteCriticalSection
SetLastError

Exports

Exports

__CxxFrameHandler4
__NLG_Dispatch2
__NLG_Return2

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

93a138801d9601e4c36e6274c8b9d111

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 661KB - Virtual size: 661KB

.rdata Size: 777KB - Virtual size: 777KB

.data Size: 70KB - Virtual size: 166KB

.idata Size: 1024B - Virtual size: 1020B

.reloc Size: 54KB - Virtual size: 54KB

.symtab Size: 512B - Virtual size: 4B

.rsrc Size: 12KB - Virtual size: 11KB

a0727e7bb6ceac431d543d0bd0ca53e5

Code Sign

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:edCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

34:66:a0:91:c1:59:1f:f1:c9:72:d3:4b:73:18:c1:82:62:4b:89:af:b1:cd:6c:41:9b:fc:c4:2c:de:d7:f6:c7Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-core-registry-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-gdi-dpiinfo-l1-1-0

user32

api-ms-win-core-versionansi-l1-1-0

api-ms-win-appmodel-unlock-l1-1-0

win32u

gdi32

kernel32

dwmapi

api-ms-win-shell-shellfolders-l1-1-0

api-ms-win-core-apiquery-l1-1-0

kernelbase

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-com-l1-1-0

Exports

Exports

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 396KB - Virtual size: 396KB

.data Size: 3KB - Virtual size: 30KB

.pdata Size: 48KB - Virtual size: 48KB

.didat Size: 512B - Virtual size: 56B

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 7KB - Virtual size: 6KB

d320a8edf2203f88abe71ec2dcb43d17

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

6a:0b:99:4f:c0:00:0c:ab:11:d8:22:ef:7d:6c:79:7eCertificate

Extended Key Usages

Key Usages

61:05:87:58:00:03:00:00:00:5aCertificate

Extended Key Usages

Key Usages

f7:ba:02:b4:39:d6:a2:de:ef:9d:9c:2a:3f:b5:8a:34:86:53:2a:1eSigner

Headers

File Characteristics

PDB Paths

Imports

kernel32

.text
Size: 661KB - Virtual size: 661KB

.rdata
Size: 777KB - Virtual size: 777KB

.data
Size: 70KB - Virtual size: 166KB

.idata
Size: 1024B - Virtual size: 1020B

.reloc
Size: 54KB - Virtual size: 54KB

.symtab
Size: 512B - Virtual size: 4B

.rsrc
Size: 12KB - Virtual size: 11KB

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:ed
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

34:66:a0:91:c1:59:1f:f1:c9:72:d3:4b:73:18:c1:82:62:4b:89:af:b1:cd:6c:41:9b:fc:c4:2c:de:d7:f6:c7
Signer

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 396KB - Virtual size: 396KB

.data
Size: 3KB - Virtual size: 30KB

.pdata
Size: 48KB - Virtual size: 48KB

.didat
Size: 512B - Virtual size: 56B

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 7KB - Virtual size: 6KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:0c:ab:11:d8:22:ef:7d:6c:79:7e
Certificate

61:05:87:58:00:03:00:00:00:5a
Certificate

f7:ba:02:b4:39:d6:a2:de:ef:9d:9c:2a:3f:b5:8a:34:86:53:2a:1e
Signer

.text
Size: 3.2MB - Virtual size: 3.2MB

.data
Size: 82KB - Virtual size: 183KB

.pdata
Size: 104KB - Virtual size: 104KB

.rsrc
Size: 1024B - Virtual size: 904B

.reloc
Size: 19KB - Virtual size: 19KB

33:00:00:00:f8:ae:a0:bd:67:8b:63:ac:eb:00:00:00:00:00:f8
Certificate

33:00:00:00:14:9d:fb:c3:1f:1f:63:c3:10:00:00:00:00:00:14
Certificate

33:00:00:03:a5:41:11:e8:f0:7f:be:0b:75:00:00:00:00:03:a5
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

e6:27:7e:bb:9a:cc:60:db:34:7b:06:95:e9:12:d4:38:2f:d2:3c:72:0f:e8:f6:c6:dc:0f:30:ff:ae:9d:32:69
Signer

e6:27:7e:bb:9a:cc:60:db:34:7b:06:95:e9:12:d4:38:2f:d2:3c:72:0f:e8:f6:c6:dc:0f:30:ff:ae:9d:32:69
Signer

.text
Size: 15KB - Virtual size: 14KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 984B

.reloc
Size: 512B - Virtual size: 324B