exm[.]zip | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

exm.zip
Size

34.4MB
MD5

da21f8ec79eb535a331d2a895cef7ef9
SHA1

b74b2aa321175ab5132dacbdd15cb046cc65adc8
SHA256

9cc9678578270690295e1e26ae50c1d3f6647d36650fe3ecfcd3c1db763d4eff
SHA512

331c5b1dc3514b929c00c10775448899aade61f46900038bf7e9ef15f74435e7646e32e181add9f3da8063b5621765d05c895d91f344a8a455c0f8bad439cfde
SSDEEP

786432:S3MHSELiCe3nEneNaCiPYf5RNdrxSxRaUHVRUJPyv3Ut+NgXjy3ge:S3HELiP3ExALNdtSfnHVRr+of

Score

3^/10

pyinstaller

Malware Config

Signatures

Detects Pyinstaller 2 IoCs

pyinstaller

resource	yara_rule
static1/unpack001/EXMservice.exe	pyinstaller
static1/unpack001/FortniteSettings/FortniteSettings.exe	pyinstaller

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/EXMservice.exe
unpack001/FortniteSettings/FortniteSettings.exe
unpack001/NvidiaProfileInspector/nvidiaProfileInspector.exe

Files

exm.zip
.zip
Autoruns/Autoruns.exe
.exe windows:6 windows x86 arch:x86

ee7d0ec49c38d4f4d12574e449f1a355

Code Sign

33:00:00:03:4e:b5:3c:7a:c1:84:6f:eb:2b:00:00:00:00:03:4e
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/03/2023, 18:43

Not After

14/03/2024, 18:43

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bf:30:20:a0:42:0e:26:5e:60:73:43:49:b4:41:b7:ed:c7:d8:97:fa:20:fc:38:12:03:a5:93:53:98:4e:0d:cb
Signer

Actual PE Digest

bf:30:20:a0:42:0e:26:5e:60:73:43:49:b4:41:b7:ed:c7:d8:97:fa:20:fc:38:12:03:a5:93:53:98:4e:0d:cb

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\a\1\s\Win32\Release\Autoruns.pdb

Imports

kernel32

ReadConsoleInputW
SetConsoleMode
GetConsoleMode
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
CompareStringW
GetConsoleCP
ExitProcess
VirtualProtect
GetSystemInfo
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetSystemTimeAsFileTime
FlushFileBuffers
QueryPerformanceCounter
LCMapStringEx
InitOnceBeginInitialize
InitOnceComplete
AcquireSRWLockShared
ReleaseSRWLockShared
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
GetStringTypeW
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
OutputDebugStringW
IsDebuggerPresent
GetFullPathNameW
GetNativeSystemInfo
IsWow64Process
GetFileTime
QueryDosDeviceW
GetLogicalDrives
SearchPathW
K32GetMappedFileNameW
WaitForMultipleObjects
CreateSemaphoreW
CreateEventW
SetEnvironmentVariableW
FindClose
FindNextFileW
FindFirstFileW
ReleaseSemaphore
SetEvent
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileSize
FileTimeToLocalFileTime
TrySubmitThreadpoolCallback
CreateThreadpoolTimer
CloseThreadpoolTimer
SetThreadpoolTimer
GetWindowsDirectoryW
GetSystemWow64DirectoryW
GetSystemWindowsDirectoryW
GetConsoleOutputCP
GetFileSizeEx
SetFilePointerEx
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
ReadFile
WriteConsoleW
LocalAlloc
GetFileType
GetStdHandle
GetVersionExW
GetTickCount64
GetSystemDirectoryW
TerminateThread
CreateThread
WaitForSingleObject
WideCharToMultiByte
OpenProcess
Sleep
ExpandEnvironmentStringsW
GetStartupInfoW
CreateProcessW
GetCommandLineW
VerifyVersionInfoW
GetComputerNameW
lstrcmpW
LocalFree
VirtualQuery
GetCurrentProcessId
VerSetConditionMask
MoveFileW
SetFileAttributesW
RemoveDirectoryW
CreateDirectoryW
GetNumberFormatEx
GetLocaleInfoW
GetTimeFormatW
GlobalAlloc
GetDateFormatW
Wow64RevertWow64FsRedirection
Wow64DisableWow64FsRedirection
GetFileInformationByHandle
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
MultiByteToWideChar
lstrcmpiW
LoadLibraryExW
ReadConsoleW
SetThreadPriority
GetCurrentThread
DecodePointer
SetCurrentDirectoryW
FormatMessageW
GetModuleHandleExW
GetModuleFileNameA
DebugBreak
lstrlenW
MulDiv
LoadLibraryW
FreeLibrary
GetThreadId
CloseHandle
GetTempPathW
WriteFile
GetTempFileNameW
DeleteFileW
CreateFileW
GetModuleFileNameW
GetCurrentThreadId
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetLastError
RaiseException
GetPrivateProfileStringW
GetPrivateProfileIntW
GetFileAttributesW
GetProcAddress
GetModuleHandleW
GetCurrentProcess
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GlobalLock
GlobalUnlock

user32

CloseClipboard
SendMessageW
SetClipboardData
EmptyClipboard
IsRectEmpty
EnumDisplaySettingsW
FindWindowExW
FindWindowW
SetForegroundWindow
WaitForInputIdle
IsDlgButtonChecked
CheckDlgButton
EnableWindow
GetDlgItemTextW
DestroyMenu
SetMenuItemInfoW
GetSysColor
LoadImageW
DialogBoxIndirectParamW
OpenClipboard
DrawIconEx
DefWindowProcW
CallWindowProcW
UnregisterClassW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
SetFocus
GetFocus
SetTimer
KillTimer
DrawTextW
BeginPaint
EndPaint
InvalidateRect
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
GetClientRect
MonitorFromPoint
IsDialogMessageW
CheckMenuRadioItem
GetWindowThreadProcessId
GetDesktopWindow
SetRectEmpty
SetRect
WindowFromPoint
ClientToScreen
GetCursorPos
SetCursor
SetCursorPos
MessageBeep
AdjustWindowRectEx
SetMenuDefaultItem
GetMenuItemInfoW
SetMenuInfo
GetMenuInfo
TrackPopupMenuEx
DeleteMenu
RemoveMenu
ModifyMenuW
AppendMenuW
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetSubMenu
EnableMenuItem
CreatePopupMenu
GetMenuStringW
SetMenu
GetMenu
TranslateAcceleratorW
ReleaseCapture
SetCapture
GetCapture
GetKeyState
GetActiveWindow
CharLowerW
GetDlgCtrlID
DialogBoxParamW
CreateDialogParamW
SetWindowPlacement
GetWindowPlacement
IsMenu
PostQuitMessage
GetMessagePos
DrawFrameControl
DrawEdge
TrackMouseEvent
RegisterWindowMessageW
LoadStringA
EnumChildWindows
MessageBoxW
LoadMenuW
LoadAcceleratorsW
CharNextW
DestroyWindow
IsWindow
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
LoadStringW
LoadIconW
GetDlgItem
GetWindow
MapWindowPoints
GetWindowRect
SetDlgItemTextW
EndDialog
GetAncestor
GetWindowModuleFileNameW
GetMonitorInfoW
MonitorFromWindow
SystemParametersInfoW
GetScrollInfo
SetScrollInfo
DestroyIcon
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetClassNameW
SetClassLongW
PtInRect
OffsetRect
InflateRect
CopyRect
FrameRect
FillRect
DrawFocusRect
ScreenToClient
ShowScrollBar
SetScrollPos
RedrawWindow
ReleaseDC
GetWindowDC
GetDC
UpdateWindow
GetSystemMetrics
IsWindowEnabled
IsZoomed
IsWindowVisible
SetWindowPos
MoveWindow
ShowWindow
IsChild
PostMessageW
GetSysColorBrush
LoadCursorW
GetParent
SetWindowLongW
GetWindowLongW

gdi32

SetBkColor
SelectObject
DeleteObject
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
ExtTextOutW
SetViewportOrgEx
CreateFontIndirectW
SetBkMode
SetTextColor
GetObjectW
CreateSolidBrush
CreatePen
GetDeviceCaps
GetStockObject
GetTextExtentPoint32W
LineTo
Rectangle
SetTextAlign
MoveToEx
TextOutW
Polyline
CreateBitmap
CreatePatternBrush
ExcludeClipRect
PatBlt
CreateDIBSection
SetBrushOrgEx
SetMapMode
StartDocW
EndDoc
StartPage
EndPage
Polygon
GetCurrentObject

comdlg32

PrintDlgW
ChooseFontW
FindTextW
GetOpenFileNameW
GetSaveFileNameW

advapi32

RegEnumKeyExW
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
RegLoadMUIStringW
LookupPrivilegeValueW
AdjustTokenPrivileges
QueryServiceConfig2W
GetServiceDisplayNameW
CryptDestroyHash
RegGetValueW
RegOpenKeyW
RegCreateKeyW
RegRenameKey
RegEnumValueW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
DeleteService
ControlService
CloseServiceHandle
ConvertStringSidToSidW
LookupAccountSidW
RegCopyTreeW
RegDeleteTreeW
RegQueryValueExW
ConvertSidToStringSidW
RegLoadKeyW
IsValidSid
GetTokenInformation
GetLengthSid
CopySid
OpenProcessToken
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
CryptReleaseContext

shell32

ShellExecuteW
SHEvaluateSystemCommandTemplate
SHGetStockIconInfo
ExtractIconExW
SHGetKnownFolderPath
ExtractAssociatedIconW
CommandLineToArgvW
ShellExecuteExW

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance
StringFromGUID2
CLSIDFromString
CoTaskMemFree
CoTaskMemRealloc
StgCreateStorageEx
StgOpenStorageEx
CoTaskMemAlloc

oleaut32

SysStringLen
VariantClear
VarUI4FromStr
SysFreeString
SysAllocString
VariantInit

shlwapi

SHCreateStreamOnFileW
SHAutoComplete

comctl32

ImageList_Destroy
ImageList_DrawIndirect
ImageList_GetImageCount
ImageList_Create
ImageList_WriteEx
ImageList_Read
ImageList_GetIcon
ImageList_ReplaceIcon
InitCommonControlsEx
ImageList_GetIconSize
ImageList_Duplicate
ImageList_DrawEx
CreateStatusWindowW
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_AddMasked
ImageList_Draw

uxtheme

IsThemeActive
SetWindowTheme
IsAppThemed

msimg32

GradientFill

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

dwmapi

DwmSetWindowAttribute
DwmDefWindowProc

winhttp

WinHttpGetProxyForUrl
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpOpen
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpOpenRequest
WinHttpSetOption
WinHttpSendRequest
WinHttpWriteData
WinHttpReceiveResponse
WinHttpConnect

crypt32

CertGetNameStringW

Sections

.text
Size: 720KB - Virtual size: 720KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 211KB - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 727KB - Virtual size: 726KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Autoruns/Autoruns64.exe
.exe windows:6 windows x64 arch:x64

4b05847b4dcacb7d4c02d8fdd78d6b50

Code Sign

33:00:00:03:4d:4e:91:a6:1a:28:b0:78:8f:00:00:00:00:03:4d
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/03/2023, 18:43

Not After

14/03/2024, 18:43

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ea:ae:ce:db:cf:43:3c:f5:8b:9a:8a:39:89:c6:a3:1e:d8:f5:b4:9f:59:9c:4f:30:e5:c4:23:1e:9d:5e:a8:9d
Signer

Actual PE Digest

ea:ae:ce:db:cf:43:3c:f5:8b:9a:8a:39:89:c6:a3:1e:d8:f5:b4:9f:59:9c:4f:30:e5:c4:23:1e:9d:5e:a8:9d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\1\s\x64\Release\Autoruns64.pdb

Imports

kernel32

ReadConsoleInputW
SetConsoleMode
GetConsoleMode
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
CompareStringW
GetConsoleCP
ExitProcess
VirtualProtect
GetSystemInfo
RtlUnwind
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwindEx
RtlPcToFileHeader
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
ResetEvent
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetSystemTimeAsFileTime
FlushFileBuffers
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
QueryPerformanceCounter
LCMapStringEx
InitOnceBeginInitialize
InitOnceComplete
AcquireSRWLockShared
ReleaseSRWLockShared
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
GetStringTypeW
LoadLibraryExA
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
OutputDebugStringW
IsDebuggerPresent
GetFullPathNameW
GetNativeSystemInfo
IsWow64Process
GetFileTime
QueryDosDeviceW
GetLogicalDrives
SearchPathW
K32GetMappedFileNameW
WaitForMultipleObjects
CreateSemaphoreW
CreateEventW
SetEnvironmentVariableW
FindClose
FindNextFileW
FindFirstFileW
ReleaseSemaphore
SetEvent
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileSize
FileTimeToLocalFileTime
TrySubmitThreadpoolCallback
CreateThreadpoolTimer
CloseThreadpoolTimer
SetThreadpoolTimer
GetWindowsDirectoryW
GetSystemWow64DirectoryW
GetSystemWindowsDirectoryW
GetConsoleOutputCP
GetFileSizeEx
SetFilePointerEx
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
ReadFile
WriteConsoleW
LocalAlloc
GetFileType
GetStdHandle
GetVersionExW
GetTickCount64
GetSystemDirectoryW
TerminateThread
CreateThread
WaitForSingleObject
WideCharToMultiByte
OpenProcess
Sleep
ExpandEnvironmentStringsW
GetStartupInfoW
CreateProcessW
GetCommandLineW
VerifyVersionInfoW
GetComputerNameW
lstrcmpW
LocalFree
VirtualQuery
GetCurrentProcessId
VerSetConditionMask
MoveFileW
SetFileAttributesW
RemoveDirectoryW
CreateDirectoryW
GetNumberFormatEx
GetLocaleInfoW
GlobalAlloc
GetTimeFormatW
GetDateFormatW
Wow64RevertWow64FsRedirection
Wow64DisableWow64FsRedirection
GetFileInformationByHandle
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
ReadConsoleW
MultiByteToWideChar
lstrcmpiW
LoadLibraryExW
SetThreadPriority
GetCurrentThread
DecodePointer
SetCurrentDirectoryW
FormatMessageW
GetModuleHandleExW
GetModuleFileNameA
DebugBreak
lstrlenW
MulDiv
LoadLibraryW
FreeLibrary
GetThreadId
CloseHandle
GetTempPathW
WriteFile
GetTempFileNameW
DeleteFileW
CreateFileW
GetModuleFileNameW
GetCurrentThreadId
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetLastError
RaiseException
GetPrivateProfileStringW
GetPrivateProfileIntW
GetFileAttributesW
GetProcAddress
GetModuleHandleW
GetCurrentProcess
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GlobalLock
GlobalUnlock

user32

SetClipboardData
CloseClipboard
OpenClipboard
DialogBoxIndirectParamW
IsRectEmpty
EnumDisplaySettingsW
FindWindowExW
FindWindowW
SetForegroundWindow
WaitForInputIdle
IsDlgButtonChecked
DestroyMenu
SetMenuItemInfoW
GetSysColor
LoadImageW
EmptyClipboard
SendMessageW
DrawIconEx
DefWindowProcW
CallWindowProcW
UnregisterClassW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
SetFocus
GetFocus
SetTimer
KillTimer
DrawTextW
BeginPaint
EndPaint
InvalidateRect
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
GetClientRect
CheckDlgButton
EnableWindow
GetDlgItemTextW
MonitorFromPoint
IsDialogMessageW
CheckMenuRadioItem
GetWindowThreadProcessId
GetDesktopWindow
SetRectEmpty
SetRect
WindowFromPoint
ClientToScreen
GetCursorPos
SetCursor
SetCursorPos
MessageBeep
AdjustWindowRectEx
SetMenuDefaultItem
GetMenuItemInfoW
SetMenuInfo
GetMenuInfo
TrackPopupMenuEx
DeleteMenu
RemoveMenu
ModifyMenuW
AppendMenuW
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetSubMenu
EnableMenuItem
CreatePopupMenu
GetMenuStringW
SetMenu
GetMenu
TranslateAcceleratorW
ReleaseCapture
SetCapture
GetCapture
GetKeyState
GetActiveWindow
CharLowerW
GetDlgCtrlID
DialogBoxParamW
CreateDialogParamW
SetWindowPlacement
GetWindowPlacement
IsMenu
PostQuitMessage
GetMessagePos
DrawFrameControl
DrawEdge
TrackMouseEvent
RegisterWindowMessageW
LoadStringA
EnumChildWindows
MessageBoxW
LoadMenuW
LoadAcceleratorsW
CharNextW
DestroyWindow
IsWindow
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
LoadStringW
LoadIconW
GetDlgItem
GetWindow
MapWindowPoints
GetWindowRect
SetDlgItemTextW
EndDialog
GetAncestor
GetWindowModuleFileNameW
GetMonitorInfoW
MonitorFromWindow
SystemParametersInfoW
GetScrollInfo
SetScrollInfo
DestroyIcon
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetClassNameW
SetClassLongPtrW
SetWindowLongW
GetWindowLongW
PtInRect
OffsetRect
InflateRect
CopyRect
FrameRect
FillRect
DrawFocusRect
ScreenToClient
ShowScrollBar
SetScrollPos
RedrawWindow
ReleaseDC
GetWindowDC
GetDC
UpdateWindow
GetSystemMetrics
IsWindowEnabled
IsZoomed
IsWindowVisible
SetWindowPos
MoveWindow
ShowWindow
IsChild
PostMessageW
GetSysColorBrush
LoadCursorW
GetParent
SetWindowLongPtrW
GetWindowLongPtrW

gdi32

CreateFontIndirectW
SetViewportOrgEx
ExtTextOutW
SetBkColor
SelectObject
DeleteObject
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
SetBkMode
SetTextColor
GetObjectW
CreateSolidBrush
CreatePen
GetDeviceCaps
GetStockObject
GetTextExtentPoint32W
LineTo
Rectangle
SetTextAlign
MoveToEx
TextOutW
Polyline
CreateBitmap
CreatePatternBrush
ExcludeClipRect
GetCurrentObject
PatBlt
Polygon
SetBrushOrgEx
SetMapMode
EndDoc
StartPage
EndPage
StartDocW
CreateDIBSection

comdlg32

FindTextW
PrintDlgW
ChooseFontW
ReplaceTextW
GetOpenFileNameW
GetSaveFileNameW

advapi32

RegSetValueExW
CryptDestroyHash
GetServiceDisplayNameW
QueryServiceConfig2W
AdjustTokenPrivileges
LookupPrivilegeValueW
RegLoadMUIStringW
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW
CryptReleaseContext
RegCloseKey
RegCreateKeyExW
RegGetValueW
RegOpenKeyW
RegCreateKeyW
RegRenameKey
RegEnumValueW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
DeleteService
ControlService
CloseServiceHandle
ConvertStringSidToSidW
LookupAccountSidW
RegCopyTreeW
RegDeleteTreeW
RegQueryValueExW
ConvertSidToStringSidW
RegLoadKeyW
IsValidSid
GetTokenInformation
GetLengthSid
CopySid
OpenProcessToken
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW

shell32

SHGetKnownFolderPath
SHEvaluateSystemCommandTemplate
CommandLineToArgvW
ShellExecuteExW
SHGetStockIconInfo
ExtractIconExW
ShellExecuteW
ExtractAssociatedIconW

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
StgCreateStorageEx
StgOpenStorageEx
CLSIDFromString

oleaut32

VarUI4FromStr
VariantInit
VariantClear
SysStringLen
SysAllocString
SysFreeString

shlwapi

SHAutoComplete
SHCreateStreamOnFileW

comctl32

ImageList_DrawIndirect
ImageList_DrawEx
ImageList_GetIconSize
InitCommonControlsEx
ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_Read
ImageList_WriteEx
ImageList_Create
ImageList_GetImageCount
ImageList_Draw
ImageList_AddMasked
ImageList_BeginDrag
ImageList_EndDrag
ImageList_Duplicate
CreateStatusWindowW
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_Destroy

uxtheme

IsThemeActive
SetWindowTheme
IsAppThemed

msimg32

GradientFill

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

dwmapi

DwmSetWindowAttribute
DwmDefWindowProc

winhttp

WinHttpGetProxyForUrl
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpOpen
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpOpenRequest
WinHttpSetOption
WinHttpSendRequest
WinHttpWriteData
WinHttpReceiveResponse
WinHttpConnect

crypt32

CertGetNameStringW

Sections

.text
Size: 845KB - Virtual size: 844KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 271KB - Virtual size: 270KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 727KB - Virtual size: 726KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Autoruns/Autoruns64a.exe
Autoruns/Eula.txt
Autoruns/autoruns.chm
.chm
Autoruns/autorunsc.exe
.exe windows:6 windows x86 arch:x86

b41d6e6ce42874adf85f48ff789bfa9b

Code Sign

33:00:00:03:4d:4e:91:a6:1a:28:b0:78:8f:00:00:00:00:03:4d
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/03/2023, 18:43

Not After

14/03/2024, 18:43

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c5:b0:8e:d3:4f:03:0f:e9:d9:36:8f:14:df:64:2b:72:fa:b9:38:47:70:b5:f7:82:f3:de:fa:fc:c5:f9:4c:c1
Signer

Actual PE Digest

c5:b0:8e:d3:4f:03:0f:e9:d9:36:8f:14:df:64:2b:72:fa:b9:38:47:70:b5:f7:82:f3:de:fa:fc:c5:f9:4c:c1

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\a\1\s\Win32\Release Console\autorunsc.pdb

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

comctl32

ImageList_ReplaceIcon
ImageList_Add

crypt32

CryptSIPLoad
CryptSIPRetrieveSubjectGuidForCatalogFile
CertGetNameStringW
CertDuplicateCertificateContext

wintrust

CryptCATAdminCalcHashFromFileHandle

ntdll

RtlUnwind
NtOpenKey
NtCreateKey

kernel32

GetSystemWow64DirectoryW
FormatMessageA
lstrlenW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetPrivateProfileStringW
FreeLibrary
MultiByteToWideChar
DecodePointer
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionEx
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetEvent
WaitForSingleObject
CreateEventW
WaitForMultipleObjects
GetCurrentThread
SetThreadPriority
CreateThread
GetTimeFormatW
FindResourceExW
LoadResource
LockResource
IsWow64Process
FindResourceW
InitializeSRWLock
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetStringTypeW
SetFilePointerEx
ReadConsoleW
ReadConsoleInputW
SetConsoleMode
GetConsoleMode
GetFileTime
FlushFileBuffers
LCMapStringW
CompareStringW
GetCommandLineA
FreeLibraryAndExitThread
SetStdHandle
GetConsoleCP
GetModuleHandleExW
ExitProcess
TlsFree
EncodePointer
RaiseException
OutputDebugStringW
WideCharToMultiByte
GetSystemWindowsDirectoryW
GetVersion
OpenProcess
TlsSetValue
TlsAlloc
ExitThread
GetCurrentProcess
InitializeCriticalSection
SetErrorMode
WriteFile
GetLongPathNameW
SizeofResource
GetFileSize
ExpandEnvironmentStringsW
GetDateFormatW
FileTimeToSystemTime
FormatMessageW
MulDiv
GetModuleHandleW
FileTimeToLocalFileTime
LoadLibraryW
InitializeSListHead
GetProcAddress
Sleep
GetLastError
ReadFile
GetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
CreateFileW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CloseHandle
GetFileSizeEx
LoadLibraryExW
GetVersionExW
SetLastError
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
GetFullPathNameW
SetEnvironmentVariableW
TlsGetValue
GetModuleFileNameW
LocalFree
LocalAlloc
GetCommandLineW
GetFileType
GetConsoleOutputCP
GetStdHandle
SetEndOfFile
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetExitCodeThread
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
WaitForSingleObjectEx
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
TryAcquireSRWLockExclusive

user32

GetSysColorBrush
InflateRect
LoadCursorW
SetCursor
SetWindowTextW
GetDlgItem
EndDialog
DialogBoxIndirectParamW
GetMenu
CheckMenuItem
GetSubMenu
InsertMenuW
SendMessageW
MessageBoxW
GetParent
SetDlgItemTextW
PostMessageW
LoadStringW
DestroyIcon
LoadIconW
DeleteMenu

gdi32

DeleteObject
EndPage
StartPage
EndDoc
StartDocW
SetMapMode
GetDeviceCaps
DeleteDC
CreateCompatibleDC

comdlg32

PrintDlgW

advapi32

RegOpenKeyExW
QueryServiceConfig2W
GetServiceDisplayNameW
RegQueryValueW
RegUnLoadKeyW
RegQueryInfoKeyW
RegLoadKeyW
RegEnumValueW
RegEnumKeyW
RegDeleteKeyW
LookupPrivilegeValueW
LookupAccountNameW
LookupAccountSidW
RevertToSelf
ImpersonateLoggedOnUser
GetTokenInformation
FreeSid
EqualSid
DuplicateTokenEx
AllocateAndInitializeSid
AdjustTokenPrivileges
OpenProcessToken
RegOpenKeyW
RegCreateKeyW
RegSetValueExW
RegDeleteValueW
RegCreateKeyExW
OpenServiceW
OpenSCManagerW
CloseServiceHandle
RegQueryValueExW
RegCloseKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW

shell32

SHGetFileInfoW
SHGetFolderPathW
ShellExecuteW

ole32

CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoTaskMemFree
CoUninitialize
CoInitializeEx
CoCreateInstance

oleaut32

SysAllocStringByteLen
SysStringLen
VariantInit
SysFreeString
SysAllocString
VariantClear
VariantChangeType

shlwapi

ord176
UrlUnescapeW

winhttp

WinHttpGetProxyForUrl
WinHttpReceiveResponse
WinHttpSetOption
WinHttpSendRequest
WinHttpOpenRequest
WinHttpQueryDataAvailable
WinHttpOpen
WinHttpCloseHandle
WinHttpConnect
WinHttpReadData
WinHttpWriteData
WinHttpQueryHeaders

Sections

.text
Size: 413KB - Virtual size: 412KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Autoruns/autorunsc64.exe
.exe windows:6 windows x64 arch:x64

065a7e996133a13a5e539ef6d19c7a5a

Code Sign

33:00:00:03:4e:b5:3c:7a:c1:84:6f:eb:2b:00:00:00:00:03:4e
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/03/2023, 18:43

Not After

14/03/2024, 18:43

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1c:b1:8f:88:16:c4:91:eb:86:ce:d5:41:b0:57:fa:4e:8c:69:6a:d3:23:92:47:57:f7:2d:b6:ac:e1:f3:13:93
Signer

Actual PE Digest

1c:b1:8f:88:16:c4:91:eb:86:ce:d5:41:b0:57:fa:4e:8c:69:6a:d3:23:92:47:57:f7:2d:b6:ac:e1:f3:13:93

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\1\s\x64\Release Console\autorunsc64.pdb

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

comctl32

ImageList_ReplaceIcon
ImageList_Add

crypt32

CryptSIPLoad
CryptSIPRetrieveSubjectGuidForCatalogFile
CertGetNameStringW
CertDuplicateCertificateContext

wintrust

CryptCATAdminCalcHashFromFileHandle

ntdll

RtlUnwindEx
RtlPcToFileHeader
RtlUnwind
NtOpenKey
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
NtCreateKey

kernel32

GetSystemWow64DirectoryW
FormatMessageA
lstrlenW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetPrivateProfileStringW
FreeLibrary
MultiByteToWideChar
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionEx
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetEvent
WaitForSingleObject
CreateEventW
WaitForMultipleObjects
GetCurrentThread
SetThreadPriority
CreateThread
GetTimeFormatW
FindResourceExW
LoadResource
LockResource
IsWow64Process
FindResourceW
QueryPerformanceCounter
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetStringTypeW
SetFilePointerEx
ReadConsoleW
ReadConsoleInputW
SetConsoleMode
GetConsoleMode
GetFileTime
FlushFileBuffers
LCMapStringW
CompareStringW
GetCommandLineA
FreeLibraryAndExitThread
SetStdHandle
GetConsoleCP
GetModuleHandleExW
ExitProcess
TlsFree
EncodePointer
RaiseException
OutputDebugStringW
WideCharToMultiByte
GetSystemWindowsDirectoryW
GetVersion
OpenProcess
TlsSetValue
TlsAlloc
ExitThread
GetCurrentProcess
InitializeCriticalSection
SetErrorMode
WriteFile
GetLongPathNameW
SizeofResource
GetFileSize
ExpandEnvironmentStringsW
GetDateFormatW
FileTimeToSystemTime
FormatMessageW
MulDiv
GetModuleHandleW
FileTimeToLocalFileTime
LoadLibraryW
GetProcAddress
Sleep
GetStartupInfoW
GetLastError
ReadFile
GetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
CreateFileW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CloseHandle
GetFileSizeEx
LoadLibraryExW
GetVersionExW
SetLastError
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
GetFullPathNameW
SetEnvironmentVariableW
TlsGetValue
GetModuleFileNameW
LocalFree
LocalAlloc
GetCommandLineW
GetFileType
GetConsoleOutputCP
GetStdHandle
SetEndOfFile
GetCurrentProcessId
GetCurrentThreadId
GetExitCodeThread
IsDebuggerPresent
WaitForSingleObjectEx
ResetEvent
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
InitializeSListHead
GetSystemTimeAsFileTime

user32

SetCursor
GetSysColorBrush
InflateRect
LoadCursorW
SendMessageW
SetWindowTextW
DialogBoxIndirectParamW
GetDlgItem
EndDialog
MessageBoxW
GetSubMenu
InsertMenuW
DeleteMenu
CheckMenuItem
DestroyIcon
GetMenu
GetParent
SetDlgItemTextW
PostMessageW
LoadStringW
LoadIconW

gdi32

DeleteObject
EndPage
StartPage
EndDoc
StartDocW
SetMapMode
GetDeviceCaps
DeleteDC
CreateCompatibleDC

comdlg32

PrintDlgW

advapi32

CloseServiceHandle
QueryServiceConfig2W
GetServiceDisplayNameW
RegQueryValueW
RegUnLoadKeyW
RegQueryInfoKeyW
RegLoadKeyW
RegEnumValueW
RegEnumKeyW
RegDeleteKeyW
LookupPrivilegeValueW
LookupAccountNameW
LookupAccountSidW
RevertToSelf
ImpersonateLoggedOnUser
GetTokenInformation
FreeSid
EqualSid
DuplicateTokenEx
AllocateAndInitializeSid
AdjustTokenPrivileges
OpenProcessToken
RegOpenKeyW
RegCreateKeyW
RegSetValueExW
RegDeleteValueW
RegCreateKeyExW
OpenServiceW
OpenSCManagerW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW

shell32

SHGetFolderPathW
SHGetFileInfoW
ShellExecuteW

ole32

CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoTaskMemFree
CoUninitialize
CoInitializeEx
CoCreateInstance

oleaut32

SysAllocStringByteLen
SysStringLen
VariantInit
SysFreeString
SysAllocString
VariantClear
VariantChangeType

shlwapi

UrlUnescapeW
ord176

winhttp

WinHttpQueryHeaders
WinHttpGetProxyForUrl
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpOpenRequest
WinHttpSetOption
WinHttpOpen
WinHttpCloseHandle
WinHttpConnect
WinHttpReadData
WinHttpWriteData
WinHttpQueryDataAvailable

Sections

.text
Size: 469KB - Virtual size: 469KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 167KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Autoruns/autorunsc64a.exe
EXMservice.exe
.exe windows:5 windows x64 arch:x64

1e92fd54d65284238a0e3b74b2715062

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

CreateWindowExW
MessageBoxW
MessageBoxA
SystemParametersInfoW
DestroyIcon
SetWindowLongPtrW
GetWindowLongPtrW
GetClientRect
InvalidateRect
ReleaseDC
GetDC
DrawTextW
GetDialogBaseUnits
EndDialog
DialogBoxIndirectParamW
MoveWindow
SendMessageW

comctl32

ord380

kernel32

IsValidCodePage
GetStringTypeW
GetFileAttributesExW
HeapReAlloc
FlushFileBuffers
GetCurrentDirectoryW
GetACP
GetOEMCP
GetModuleHandleW
MulDiv
GetLastError
SetDllDirectoryW
GetModuleFileNameW
GetProcAddress
GetCommandLineW
GetCPInfo
SetEnvironmentVariableW
ExpandEnvironmentStringsW
CreateDirectoryW
GetTempPathW
WaitForSingleObject
Sleep
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
FreeLibrary
LoadLibraryExW
FindClose
FindFirstFileExW
CloseHandle
GetCurrentProcess
LocalFree
FormatMessageW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetTimeZoneInformation
HeapSize
WriteConsoleW
SetEndOfFile
GetEnvironmentVariableW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
RtlUnwindEx
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
RaiseException
RtlPcToFileHeader
GetCommandLineA
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFullPathNameW
RemoveDirectoryW
FindNextFileW
SetStdHandle
SetConsoleCtrlHandler
DeleteFileW
ReadFile
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
HeapFree
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleOutputCP
GetFileSizeEx
HeapAlloc
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW

advapi32

OpenProcessToken
GetTokenInformation
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

gdi32

SelectObject
DeleteObject
CreateFontIndirectW

Sections

.text
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
main.pyc
FortniteSettings/FortniteSettings.exe
.exe windows:5 windows x64 arch:x64

0b5552dccd9d0a834cea55c0c8fc05be

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

CreateWindowExW
MessageBoxW
MessageBoxA
SystemParametersInfoW
DestroyIcon
SetWindowLongPtrW
GetWindowLongPtrW
GetClientRect
InvalidateRect
ReleaseDC
GetDC
DrawTextW
GetDialogBaseUnits
EndDialog
DialogBoxIndirectParamW
MoveWindow
SendMessageW

comctl32

ord380

kernel32

GetStringTypeW
GetFileAttributesExW
HeapReAlloc
FlushFileBuffers
GetCurrentDirectoryW
IsValidCodePage
GetACP
GetModuleHandleW
MulDiv
GetLastError
SetDllDirectoryW
GetModuleFileNameW
GetProcAddress
GetCommandLineW
GetEnvironmentVariableW
GetOEMCP
ExpandEnvironmentStringsW
CreateDirectoryW
GetTempPathW
WaitForSingleObject
Sleep
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
FreeLibrary
LoadLibraryExW
SetConsoleCtrlHandler
FindClose
FindFirstFileExW
CloseHandle
GetCurrentProcess
LocalFree
FormatMessageW
MultiByteToWideChar
WideCharToMultiByte
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetTimeZoneInformation
HeapSize
WriteConsoleW
SetEnvironmentVariableW
RtlUnwindEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
SetEndOfFile
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
RaiseException
RtlPcToFileHeader
GetCommandLineA
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFullPathNameW
RemoveDirectoryW
FindNextFileW
SetStdHandle
DeleteFileW
ReadFile
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
HeapFree
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleOutputCP
GetFileSizeEx
HeapAlloc
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW

advapi32

OpenProcessToken
GetTokenInformation
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

gdi32

SelectObject
DeleteObject
CreateFontIndirectW

Sections

.text
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 174KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FortniteSettingsManager.pyc
NvidiaProfileInspector/Exm_Premium_Profile_V4.nip
NvidiaProfileInspector/Reference.xml
.xml
NvidiaProfileInspector/nv.config
.xml
NvidiaProfileInspector/nvidiaProfileInspector.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 517KB - Virtual size: 517KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PowerPlan/Exm_Premium_Power_Plan_V3.pow
WindowsUpdateBlocker/Wub.exe
.exe windows:5 windows x86 arch:x86

870b8e75c7190e202e9c6c81dff1040c

Code Sign

79:9e:5f:0f:69:be:cb:93:49:4a:b3:10:ef:62:cc:c3
Certificate

Issuer

CN=Sordum Software

Not Before

15/08/2021, 21:00

Not After

31/07/2032, 21:00

Subject

CN=Sordum Software

Extended Key Usages

ExtKeyUsageCodeSigning

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:48:90:3d:c2:8a:bc:a7:a1:19:4d:0c:1c:57:b8:29
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:41

Not After

08/05/2033, 07:41

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

ce:a3:d7:4e:89:0b:26:a8:99:dd:81:85:cf:0e:ee:ee:5d:3b:1e:98
Signer

Actual PE Digest

ce:a3:d7:4e:89:0b:26:a8:99:dd:81:85:cf:0e:ee:ee:5d:3b:1e:98

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

__WSAFDIsSet
setsockopt
ntohs
recvfrom
sendto
htons
select
listen
WSAStartup
bind
closesocket
connect
socket
send
WSACleanup
ioctlsocket
accept
WSAGetLastError
inet_addr
gethostbyname
gethostname
recv

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

winmm

timeGetTime
waveOutSetVolume
mciSendStringW

comctl32

ImageList_Remove
ImageList_SetDragCursorImage
ImageList_BeginDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_EndDrag
ImageList_DragMove
ImageList_ReplaceIcon
ImageList_Create
InitCommonControlsEx
ImageList_Destroy

mpr

WNetCancelConnection2W
WNetGetConnectionW
WNetAddConnection2W
WNetUseConnectionW

wininet

InternetReadFile
InternetCloseHandle
InternetOpenW
InternetSetOptionW
InternetCrackUrlW
HttpQueryInfoW
InternetConnectW
HttpOpenRequestW
HttpSendRequestW
FtpOpenFileW
FtpGetFileSize
InternetOpenUrlW
InternetQueryOptionW
InternetQueryDataAvailable

psapi

EnumProcesses
GetModuleBaseNameW
GetProcessMemoryInfo
EnumProcessModules

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock
UnloadUserProfile
LoadUserProfileW

kernel32

HeapAlloc
Sleep
GetCurrentThreadId
RaiseException
MulDiv
GetVersionExW
GetSystemInfo
MultiByteToWideChar
WideCharToMultiByte
GetModuleHandleW
QueryPerformanceCounter
VirtualFreeEx
OpenProcess
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
CreateFileW
SetFilePointerEx
ReadFile
WriteFile
FlushFileBuffers
TerminateProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SetFileTime
GetFileAttributesW
FindFirstFileW
FindClose
DeleteFileW
FindNextFileW
lstrcmpiW
MoveFileW
CopyFileW
CreateDirectoryW
RemoveDirectoryW
SetSystemPowerState
QueryPerformanceFrequency
FindResourceW
LoadResource
LockResource
SizeofResource
GetProcessHeap
OutputDebugStringW
GetLocalTime
CompareStringW
CompareStringA
InterlockedIncrement
InterlockedDecrement
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
GetStdHandle
CreatePipe
InterlockedExchange
TerminateThread
GetTempPathW
GetTempFileNameW
VirtualFree
FormatMessageW
GetExitCodeProcess
SetErrorMode
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileSectionW
WritePrivateProfileSectionW
GetPrivateProfileSectionNamesW
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetDriveTypeW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetVolumeInformationW
SetVolumeLabelW
CreateHardLinkW
DeviceIoControl
SetFileAttributesW
GetShortPathNameW
CreateEventW
SetEvent
GetEnvironmentVariableW
SetEnvironmentVariableW
GlobalLock
GlobalUnlock
GlobalAlloc
GetFileSize
GlobalFree
GlobalMemoryStatusEx
Beep
GetComputerNameW
GetWindowsDirectoryW
GetSystemDirectoryW
GetCurrentProcessId
GetCurrentThread
GetProcessIoCounters
CreateProcessW
SetPriorityClass
LoadLibraryW
VirtualAlloc
LoadLibraryExW
HeapFree
WaitForSingleObject
CreateThread
DuplicateHandle
GetLastError
CloseHandle
GetCurrentProcess
GetProcAddress
LoadLibraryA
FreeLibrary
GetModuleFileNameW
GetFullPathNameW
ExitProcess
ExitThread
GetSystemTimeAsFileTime
SetCurrentDirectoryW
IsDebuggerPresent
GetCurrentDirectoryW
ResumeThread
GetStartupInfoW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetModuleFileNameA
HeapReAlloc
HeapCreate
SetHandleCount
GetFileType
GetStartupInfoA
SetStdHandle
GetConsoleCP
GetConsoleMode
LCMapStringW
LCMapStringA
RtlUnwind
SetFilePointer
GetTimeZoneInformation
GetTimeFormatA
GetDateFormatA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetTickCount
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetModuleHandleA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEndOfFile
EnumResourceNamesW
SetEnvironmentVariableA

user32

SetWindowPos
GetCursorInfo
RegisterHotKey
ClientToScreen
GetKeyboardLayoutNameW
IsCharAlphaW
IsCharAlphaNumericW
IsCharLowerW
IsCharUpperW
GetMenuStringW
GetSubMenu
GetCaretPos
IsZoomed
MonitorFromPoint
GetMonitorInfoW
SetWindowLongW
SetLayeredWindowAttributes
FlashWindow
GetClassLongW
TranslateAcceleratorW
IsDialogMessageW
GetSysColor
InflateRect
DrawFocusRect
DrawTextW
FrameRect
DrawFrameControl
FillRect
PtInRect
DestroyAcceleratorTable
CreateAcceleratorTableW
SetCursor
GetWindowDC
GetSystemMetrics
GetActiveWindow
CharNextW
wsprintfW
RedrawWindow
DrawMenuBar
DestroyMenu
SetMenu
GetWindowTextLengthW
CreateMenu
IsDlgButtonChecked
DefDlgProcW
ReleaseCapture
SetCapture
WindowFromPoint
CreateIconFromResourceEx
mouse_event
ExitWindowsEx
SetActiveWindow
FindWindowExW
EnumThreadWindows
SetMenuDefaultItem
InsertMenuItemW
IsMenu
TrackPopupMenuEx
GetCursorPos
DeleteMenu
CheckMenuRadioItem
CopyImage
GetMenuItemCount
SetMenuItemInfoW
GetMenuItemInfoW
SetForegroundWindow
IsIconic
FindWindowW
SystemParametersInfoW
PeekMessageW
SendInput
GetAsyncKeyState
SetKeyboardState
GetKeyboardState
GetKeyState
VkKeyScanW
LoadStringW
DialogBoxParamW
MessageBeep
EndDialog
SendDlgItemMessageW
GetDlgItem
SetWindowTextW
CopyRect
ReleaseDC
GetDC
EndPaint
BeginPaint
GetClientRect
GetMenu
DestroyWindow
EnumWindows
GetDesktopWindow
IsWindow
IsWindowEnabled
IsWindowVisible
EnableWindow
InvalidateRect
GetWindowThreadProcessId
AttachThreadInput
GetFocus
GetWindowTextW
ScreenToClient
SendMessageTimeoutW
EnumChildWindows
CharUpperBuffW
GetClassNameW
GetParent
GetDlgCtrlID
SendMessageW
MapVirtualKeyW
PostMessageW
GetWindowRect
SetUserObjectSecurity
GetUserObjectSecurity
CloseDesktop
CloseWindowStation
OpenDesktopW
SetProcessWindowStation
GetProcessWindowStation
OpenWindowStationW
MessageBoxW
DefWindowProcW
MoveWindow
AdjustWindowRectEx
SetRect
SetClipboardData
EmptyClipboard
CountClipboardFormats
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
BlockInput
GetMessageW
LockWindowUpdate
DispatchMessageW
GetMenuItemID
TranslateMessage
SetFocus
PostQuitMessage
KillTimer
CreatePopupMenu
RegisterWindowMessageW
SetTimer
ShowWindow
CreateWindowExW
RegisterClassExW
LoadIconW
LoadCursorW
GetSysColorBrush
GetForegroundWindow
MessageBoxA
DestroyIcon
UnregisterHotKey
CharLowerBuffW
MonitorFromRect
keybd_event
LoadImageW
GetWindowLongW

gdi32

DeleteObject
GetObjectW
GetTextExtentPoint32W
ExtCreatePen
StrokeAndFillPath
StrokePath
EndPath
SetPixel
CloseFigure
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
StretchBlt
GetDIBits
LineTo
AngleArc
MoveToEx
Ellipse
PolyDraw
BeginPath
Rectangle
GetDeviceCaps
SetBkMode
RoundRect
SetBkColor
CreatePen
CreateSolidBrush
SetTextColor
CreateFontW
GetTextFaceW
GetStockObject
CreateDCW
GetPixel
DeleteDC
SetViewportOrgEx

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegEnumValueW
RegDeleteValueW
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
GetUserNameW
RegConnectRegistryW
RegEnumKeyExW
CloseServiceHandle
UnlockServiceDatabase
LockServiceDatabase
OpenSCManagerW
InitiateSystemShutdownExW
AdjustTokenPrivileges
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueW
DuplicateTokenEx
CreateProcessAsUserW
CreateProcessWithLogonW
InitializeSecurityDescriptor
InitializeAcl
GetLengthSid
SetSecurityDescriptorDacl
CopySid
LogonUserW
GetTokenInformation
GetAclInformation
GetAce
AddAce
GetSecurityDescriptorDacl

shell32

DragQueryPoint
ShellExecuteExW
SHGetFolderPathW
DragQueryFileW
SHEmptyRecycleBinW
SHBrowseForFolderW
SHFileOperationW
SHGetPathFromIDListW
SHGetDesktopFolder
SHGetMalloc
ExtractIconExW
Shell_NotifyIconW
ShellExecuteW
DragFinish

ole32

OleSetMenuDescriptor
MkParseDisplayName
OleSetContainedObject
CoInitialize
CoUninitialize
CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
StringFromCLSID
IIDFromString
StringFromIID
OleInitialize
CreateBindCtx
CLSIDFromProgID
CoInitializeSecurity
CoCreateInstanceEx
CoSetProxyBlanket
OleUninitialize

oleaut32

SafeArrayAllocData
SafeArrayAllocDescriptorEx
SysAllocString
OleLoadPicture
SafeArrayGetVartype
SafeArrayDestroyData
SafeArrayAccessData
VarR8FromDec
VariantTimeToSystemTime
VariantClear
VariantCopy
VariantInit
SafeArrayDestroyDescriptor
LoadRegTypeLi
GetActiveObject
SafeArrayUnaccessData

Sections

.text
Size: 512KB - Virtual size: 512KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
WindowsUpdateBlocker/Wub.ini
WindowsUpdateBlocker/Wub_x64.exe
.exe windows:5 windows x64 arch:x64

42b8d4fa3bc2c4336a20de1bdf1422d8

Code Sign

79:9e:5f:0f:69:be:cb:93:49:4a:b3:10:ef:62:cc:c3
Certificate

Issuer

CN=Sordum Software

Not Before

15/08/2021, 21:00

Not After

31/07/2032, 21:00

Subject

CN=Sordum Software

Extended Key Usages

ExtKeyUsageCodeSigning

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:48:90:3d:c2:8a:bc:a7:a1:19:4d:0c:1c:57:b8:29
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:41

Not After

08/05/2033, 07:41

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

22:8c:20:21:a8:7d:2d:05:97:59:54:86:c4:a2:59:bc:a7:2f:99:ef
Signer

Actual PE Digest

22:8c:20:21:a8:7d:2d:05:97:59:54:86:c4:a2:59:bc:a7:2f:99:ef

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

wsock32

__WSAFDIsSet
setsockopt
ntohs
recvfrom
sendto
htons
select
listen
WSAStartup
bind
closesocket
connect
socket
send
WSACleanup
ioctlsocket
accept
WSAGetLastError
inet_addr
gethostbyname
gethostname
recv

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

winmm

timeGetTime
waveOutSetVolume
mciSendStringW

comctl32

ImageList_Remove
ImageList_SetDragCursorImage
ImageList_BeginDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_EndDrag
ImageList_DragMove
ImageList_ReplaceIcon
ImageList_Create
InitCommonControlsEx
ImageList_Destroy

mpr

WNetCancelConnection2W
WNetGetConnectionW
WNetAddConnection2W
WNetUseConnectionW

wininet

InternetReadFile
InternetCloseHandle
InternetOpenW
InternetSetOptionW
InternetCrackUrlW
HttpQueryInfoW
InternetConnectW
HttpOpenRequestW
HttpSendRequestW
FtpOpenFileW
FtpGetFileSize
InternetOpenUrlW
InternetQueryOptionW
InternetQueryDataAvailable

psapi

EnumProcesses
GetModuleBaseNameW
GetProcessMemoryInfo
EnumProcessModules

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock
UnloadUserProfile
LoadUserProfileW

kernel32

HeapAlloc
Sleep
GetCurrentThreadId
RaiseException
MulDiv
GetVersionExW
GetSystemInfo
MultiByteToWideChar
WideCharToMultiByte
GetModuleHandleW
QueryPerformanceCounter
VirtualFreeEx
OpenProcess
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
CreateFileW
SetFilePointerEx
ReadFile
WriteFile
FlushFileBuffers
TerminateProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SetFileTime
GetFileAttributesW
FindFirstFileW
FindClose
DeleteFileW
FindNextFileW
lstrcmpiW
MoveFileW
CopyFileW
CreateDirectoryW
RemoveDirectoryW
SetSystemPowerState
QueryPerformanceFrequency
FindResourceW
LoadResource
LockResource
SizeofResource
EnumResourceNamesW
OutputDebugStringW
GetProcessHeap
CompareStringW
CompareStringA
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
GetStdHandle
CreatePipe
TerminateThread
GetTempPathW
GetTempFileNameW
VirtualFree
FormatMessageW
GetExitCodeProcess
SetErrorMode
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileSectionW
WritePrivateProfileSectionW
GetPrivateProfileSectionNamesW
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetDriveTypeW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetVolumeInformationW
SetVolumeLabelW
CreateHardLinkW
DeviceIoControl
SetFileAttributesW
GetShortPathNameW
CreateEventW
SetEvent
GetEnvironmentVariableW
SetEnvironmentVariableW
GlobalLock
GlobalUnlock
GlobalAlloc
GetFileSize
GlobalFree
GlobalMemoryStatusEx
Beep
GetComputerNameW
GetWindowsDirectoryW
GetSystemDirectoryW
GetCurrentProcessId
GetCurrentThread
GetProcessIoCounters
CreateProcessW
SetPriorityClass
LoadLibraryW
VirtualAlloc
LoadLibraryExW
HeapFree
WaitForSingleObject
CreateThread
DuplicateHandle
GetLastError
CloseHandle
GetCurrentProcess
GetProcAddress
LoadLibraryA
FreeLibrary
GetModuleFileNameW
GetFullPathNameW
ExitProcess
ExitThread
GetSystemTimeAsFileTime
ResumeThread
GetStartupInfoW
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
SetCurrentDirectoryW
IsDebuggerPresent
GetCurrentDirectoryW
FlsFree
SetLastError
FlsAlloc
HeapSize
RtlUnwindEx
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlPcToFileHeader
GetModuleFileNameA
HeapSetInformation
HeapCreate
SetHandleCount
GetFileType
GetStartupInfoA
SetStdHandle
GetConsoleCP
GetConsoleMode
LCMapStringW
LCMapStringA
SetFilePointer
GetTimeZoneInformation
GetDateFormatA
GetTimeFormatA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetTickCount
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEndOfFile
GetLocalTime
SetEnvironmentVariableA

user32

IsCharLowerW
IsCharUpperW
GetMenuStringW
GetSubMenu
GetCaretPos
IsZoomed
GetWindowLongW
MonitorFromPoint
GetMonitorInfoW
SetWindowLongW
SetLayeredWindowAttributes
FlashWindow
GetClassLongPtrW
TranslateAcceleratorW
IsDialogMessageW
GetSysColor
InflateRect
DrawFocusRect
DrawTextW
FrameRect
DrawFrameControl
FillRect
PtInRect
DestroyAcceleratorTable
CreateAcceleratorTableW
SetCursor
GetWindowDC
GetSystemMetrics
SetWindowLongPtrW
GetActiveWindow
CharNextW
wsprintfW
RedrawWindow
DrawMenuBar
DestroyMenu
SetMenu
GetWindowTextLengthW
CreateMenu
IsDlgButtonChecked
DefDlgProcW
ReleaseCapture
SetCapture
WindowFromPoint
DispatchMessageW
TranslateMessage
PeekMessageW
UnregisterHotKey
CharLowerBuffW
MonitorFromRect
LoadImageW
CreateIconFromResourceEx
mouse_event
ExitWindowsEx
SetActiveWindow
FindWindowExW
EnumThreadWindows
SetMenuDefaultItem
InsertMenuItemW
IsMenu
IsCharAlphaNumericW
GetCursorPos
DeleteMenu
CheckMenuRadioItem
GetMenuItemID
GetMenuItemCount
SetMenuItemInfoW
GetMenuItemInfoW
SetForegroundWindow
IsIconic
FindWindowW
IsClipboardFormatAvailable
keybd_event
SendInput
GetAsyncKeyState
SetKeyboardState
GetKeyboardState
GetKeyState
VkKeyScanW
LoadStringW
DialogBoxParamW
MessageBeep
EndDialog
SendDlgItemMessageW
GetDlgItem
SetWindowTextW
CopyRect
ReleaseDC
GetDC
EndPaint
BeginPaint
GetClientRect
GetMenu
DestroyWindow
EnumWindows
IsWindow
IsWindowEnabled
IsWindowVisible
EnableWindow
InvalidateRect
GetWindowLongPtrW
GetWindowThreadProcessId
AttachThreadInput
GetFocus
GetWindowTextW
ScreenToClient
SendMessageTimeoutW
EnumChildWindows
CharUpperBuffW
GetClassNameW
GetParent
GetDlgCtrlID
SendMessageW
MapVirtualKeyW
PostMessageW
GetWindowRect
SetUserObjectSecurity
GetUserObjectSecurity
CloseDesktop
CloseWindowStation
IsCharAlphaW
GetKeyboardLayoutNameW
ClientToScreen
RegisterHotKey
GetCursorInfo
SetWindowPos
CopyImage
AdjustWindowRectEx
SetRect
SetClipboardData
EmptyClipboard
CountClipboardFormats
CloseClipboard
TrackPopupMenuEx
GetClipboardData
OpenDesktopW
SetProcessWindowStation
GetProcessWindowStation
OpenWindowStationW
MessageBoxW
DefWindowProcW
MoveWindow
SetFocus
PostQuitMessage
KillTimer
CreatePopupMenu
RegisterWindowMessageW
SetTimer
ShowWindow
CreateWindowExW
RegisterClassExW
LoadIconW
LoadCursorW
GetSysColorBrush
GetForegroundWindow
MessageBoxA
DestroyIcon
OpenClipboard
BlockInput
GetMessageW
SystemParametersInfoW
LockWindowUpdate
GetDesktopWindow

gdi32

DeleteObject
GetObjectW
GetTextExtentPoint32W
ExtCreatePen
StrokeAndFillPath
StrokePath
EndPath
SetPixel
CloseFigure
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
StretchBlt
GetDIBits
LineTo
AngleArc
MoveToEx
Ellipse
PolyDraw
BeginPath
Rectangle
GetDeviceCaps
SetBkMode
RoundRect
SetBkColor
CreatePen
CreateSolidBrush
SetTextColor
CreateFontW
GetTextFaceW
GetStockObject
CreateDCW
GetPixel
DeleteDC
SetViewportOrgEx

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegEnumValueW
RegDeleteValueW
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
GetUserNameW
RegConnectRegistryW
RegEnumKeyExW
CloseServiceHandle
UnlockServiceDatabase
LockServiceDatabase
OpenSCManagerW
InitiateSystemShutdownExW
AdjustTokenPrivileges
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueW
DuplicateTokenEx
CreateProcessAsUserW
CreateProcessWithLogonW
InitializeSecurityDescriptor
InitializeAcl
GetLengthSid
CopySid
SetSecurityDescriptorDacl
LogonUserW
GetTokenInformation
GetAclInformation
GetAce
AddAce
GetSecurityDescriptorDacl

shell32

DragQueryPoint
ShellExecuteExW
SHGetFolderPathW
DragQueryFileW
SHEmptyRecycleBinW
SHBrowseForFolderW
SHFileOperationW
SHGetPathFromIDListW
SHGetDesktopFolder
SHGetMalloc
ExtractIconExW
Shell_NotifyIconW
ShellExecuteW
DragFinish

ole32

OleSetMenuDescriptor
MkParseDisplayName
OleSetContainedObject
CoInitialize
CoUninitialize
CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
StringFromCLSID
IIDFromString
StringFromIID
OleInitialize
CreateBindCtx
CLSIDFromProgID
CoInitializeSecurity
CoCreateInstanceEx
CoSetProxyBlanket
OleUninitialize

oleaut32

SafeArrayAllocData
SafeArrayAllocDescriptorEx
SysAllocString
OleLoadPicture
SafeArrayGetVartype
SafeArrayDestroyData
SafeArrayAccessData
VariantInit
VariantCopy
VariantClear
VariantTimeToSystemTime
SafeArrayDestroyDescriptor
LoadRegTypeLi
GetActiveObject
SafeArrayUnaccessData
VarR8FromDec

Sections

.text
Size: 599KB - Virtual size: 598KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ee7d0ec49c38d4f4d12574e449f1a355

Code Sign

33:00:00:03:4e:b5:3c:7a:c1:84:6f:eb:2b:00:00:00:00:03:4eCertificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

bf:30:20:a0:42:0e:26:5e:60:73:43:49:b4:41:b7:ed:c7:d8:97:fa:20:fc:38:12:03:a5:93:53:98:4e:0d:cbSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

uxtheme

msimg32

version

dwmapi

winhttp

crypt32

Sections

.text Size: 720KB - Virtual size: 720KB

.rdata Size: 211KB - Virtual size: 211KB

.data Size: 30KB - Virtual size: 106KB

.rsrc Size: 727KB - Virtual size: 726KB

.reloc Size: 41KB - Virtual size: 41KB

4b05847b4dcacb7d4c02d8fdd78d6b50

Code Sign

33:00:00:03:4d:4e:91:a6:1a:28:b0:78:8f:00:00:00:00:03:4dCertificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

ea:ae:ce:db:cf:43:3c:f5:8b:9a:8a:39:89:c6:a3:1e:d8:f5:b4:9f:59:9c:4f:30:e5:c4:23:1e:9d:5e:a8:9dSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

uxtheme

msimg32

version

dwmapi

winhttp

crypt32

Sections

.text Size: 845KB - Virtual size: 844KB

.rdata Size: 271KB - Virtual size: 270KB

.data Size: 43KB - Virtual size: 115KB

.pdata Size: 31KB - Virtual size: 31KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 727KB - Virtual size: 726KB

.reloc Size: 5KB - Virtual size: 4KB

b41d6e6ce42874adf85f48ff789bfa9b

Code Sign

33:00:00:03:4d:4e:91:a6:1a:28:b0:78:8f:00:00:00:00:03:4dCertificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

33:00:00:03:4e:b5:3c:7a:c1:84:6f:eb:2b:00:00:00:00:03:4e
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

bf:30:20:a0:42:0e:26:5e:60:73:43:49:b4:41:b7:ed:c7:d8:97:fa:20:fc:38:12:03:a5:93:53:98:4e:0d:cb
Signer

.text
Size: 720KB - Virtual size: 720KB

.rdata
Size: 211KB - Virtual size: 211KB

.data
Size: 30KB - Virtual size: 106KB

.rsrc
Size: 727KB - Virtual size: 726KB

.reloc
Size: 41KB - Virtual size: 41KB

33:00:00:03:4d:4e:91:a6:1a:28:b0:78:8f:00:00:00:00:03:4d
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

ea:ae:ce:db:cf:43:3c:f5:8b:9a:8a:39:89:c6:a3:1e:d8:f5:b4:9f:59:9c:4f:30:e5:c4:23:1e:9d:5e:a8:9d
Signer

.text
Size: 845KB - Virtual size: 844KB

.rdata
Size: 271KB - Virtual size: 270KB

.data
Size: 43KB - Virtual size: 115KB

.pdata
Size: 31KB - Virtual size: 31KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 727KB - Virtual size: 726KB

.reloc
Size: 5KB - Virtual size: 4KB

33:00:00:03:4d:4e:91:a6:1a:28:b0:78:8f:00:00:00:00:03:4d
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

c5:b0:8e:d3:4f:03:0f:e9:d9:36:8f:14:df:64:2b:72:fa:b9:38:47:70:b5:f7:82:f3:de:fa:fc:c5:f9:4c:c1
Signer

.text
Size: 413KB - Virtual size: 412KB

.rdata
Size: 136KB - Virtual size: 135KB

.data
Size: 12KB - Virtual size: 22KB

.rsrc
Size: 105KB - Virtual size: 104KB

.reloc
Size: 24KB - Virtual size: 23KB

33:00:00:03:4e:b5:3c:7a:c1:84:6f:eb:2b:00:00:00:00:03:4e
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

1c:b1:8f:88:16:c4:91:eb:86:ce:d5:41:b0:57:fa:4e:8c:69:6a:d3:23:92:47:57:f7:2d:b6:ac:e1:f3:13:93
Signer

.text
Size: 469KB - Virtual size: 469KB

.rdata
Size: 167KB - Virtual size: 167KB

.data
Size: 13KB - Virtual size: 26KB

.pdata
Size: 15KB - Virtual size: 15KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 105KB - Virtual size: 104KB

.reloc
Size: 2KB - Virtual size: 2KB