ezyZip[.]zip | Triage

Resubmissions

01-07-2024 19:00

240701-xnp9zstfnc 5

01-07-2024 18:54

240701-xkj9kaxflj 4

01-07-2024 18:53

240701-xjrbgstdrf 10

01-07-2024 18:44

240701-xdytdatbqe 7

Sharing

Copy URL

Twitter E-mail

General

Target

ezyZip.zip
Size

1.0MB
MD5

78bd0901f4a5a3476c8887c73e730d30
SHA1

3c04901951285ada89943d42eda7020c54e24e84
SHA256

9d0547070e294e4158e6c446fa2295f5ae170f31cc64d677c5261d14caf38ab8
SHA512

383e5fde5928dd91526832934a0ed7e34b502be370407e8f05c6c67a427decc328e44c0ffe6aeb0357f51c7acc751a4f8167e6e043e744186821eaec5e619c07
SSDEEP

24576:DxladE0NO6cWgTzE3+3pLVuLOhkC1xepCJ1FvNJW:DxlWE0NO6cbQ3+dVuG1uM1FVs

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs
Checks for missing Authenticode signature.

Processes:

resource

unpack001/JudgeLZT.exe
unpack001/WpcMigration.Uplevel.dll
unpack001/WsUpgrade.dll

resource
unpack001/JudgeLZT.exe
unpack001/WpcMigration.Uplevel.dll
unpack001/WsUpgrade.dll

Files

ezyZip.zip
.zip
ARSoft.Tools.Net.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19-09-2018 00:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:f4:b4:91:12:3a:c4:cd:bd:68:04:2d
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

29-10-2020 09:57

Not After

30-10-2023 09:57

Subject

SERIALNUMBER=CHE-354.686.492,CN=Proton Technologies AG,O=Proton Technologies AG,STREET=Route de la Galaise 32,L=Plan-les-Ouates,ST=Geneva,C=CH,1.2.840.113549.1.9.1=#0c0f61646d696e4070726f746f6e2e6d65,1.3.6.1.4.1.311.60.2.1.2=#130647656e657661,1.3.6.1.4.1.311.60.2.1.3=#13024348,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06-04-2022 07:45

Not After

08-05-2033 07:45

Subject

CN=Globalsign TSA for CodeSign1 - R6,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20-06-2018 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10-12-2014 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:e3:92:11:53:fe:8b:85:8f:a3:26:20:da:0d:88:84:dd:77:64:5e:70:6b:02:2e:ad:f9:b3:8e:d3:75:c0:03
Signer

Actual PE Digest

5d:e3:92:11:53:fe:8b:85:8f:a3:26:20:da:0d:88:84:dd:77:64:5e:70:6b:02:2e:ad:f9:b3:8e:d3:75:c0:03

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 290KB - Virtual size: 289KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Autofac.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19-09-2018 00:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:f4:b4:91:12:3a:c4:cd:bd:68:04:2d
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

29-10-2020 09:57

Not After

30-10-2023 09:57

Subject

SERIALNUMBER=CHE-354.686.492,CN=Proton Technologies AG,O=Proton Technologies AG,STREET=Route de la Galaise 32,L=Plan-les-Ouates,ST=Geneva,C=CH,1.2.840.113549.1.9.1=#0c0f61646d696e4070726f746f6e2e6d65,1.3.6.1.4.1.311.60.2.1.2=#130647656e657661,1.3.6.1.4.1.311.60.2.1.3=#13024348,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06-04-2022 07:45

Not After

08-05-2033 07:45

Subject

CN=Globalsign TSA for CodeSign1 - R6,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20-06-2018 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10-12-2014 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

bf:8c:79:6e:cc:31:be:c1:0c:0b:42:15:e8:2b:c6:82:b5:e0:54:24:37:64:54:33:88:ae:09:73:2b:ba:45:c5
Signer

Actual PE Digest

bf:8c:79:6e:cc:31:be:c1:0c:0b:42:15:e8:2b:c6:82:b5:e0:54:24:37:64:54:33:88:ae:09:73:2b:ba:45:c5

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\projects\autofac\src\Autofac\obj\Release\net45\Autofac.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 224KB - Virtual size: 223KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GalaSoft.MvvmLight.Platform.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19-09-2018 00:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:f4:b4:91:12:3a:c4:cd:bd:68:04:2d
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

29-10-2020 09:57

Not After

30-10-2023 09:57

Subject

SERIALNUMBER=CHE-354.686.492,CN=Proton Technologies AG,O=Proton Technologies AG,STREET=Route de la Galaise 32,L=Plan-les-Ouates,ST=Geneva,C=CH,1.2.840.113549.1.9.1=#0c0f61646d696e4070726f746f6e2e6d65,1.3.6.1.4.1.311.60.2.1.2=#130647656e657661,1.3.6.1.4.1.311.60.2.1.3=#13024348,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06-04-2022 07:45

Not After

08-05-2033 07:45

Subject

CN=Globalsign TSA for CodeSign1 - R6,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20-06-2018 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10-12-2014 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

49:ed:c7:af:11:6a:ef:46:45:d6:df:8d:15:39:b0:88:cc:53:e2:b9:c5:27:be:4d:b2:ae:86:f9:5d:cf:3d:8b
Signer

Actual PE Digest

49:ed:c7:af:11:6a:ef:46:45:d6:df:8d:15:39:b0:88:cc:53:e2:b9:c5:27:be:4d:b2:ae:86:f9:5d:cf:3d:8b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\lbugn\Documents\MVVMLight\GalaSoft.MvvmLight\GalaSoft.MvvmLight.Platform (NET45Std)\obj\Release\GalaSoft.MvvmLight.Platform.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GalaSoft.MvvmLight.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19-09-2018 00:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:f4:b4:91:12:3a:c4:cd:bd:68:04:2d
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

29-10-2020 09:57

Not After

30-10-2023 09:57

Subject

SERIALNUMBER=CHE-354.686.492,CN=Proton Technologies AG,O=Proton Technologies AG,STREET=Route de la Galaise 32,L=Plan-les-Ouates,ST=Geneva,C=CH,1.2.840.113549.1.9.1=#0c0f61646d696e4070726f746f6e2e6d65,1.3.6.1.4.1.311.60.2.1.2=#130647656e657661,1.3.6.1.4.1.311.60.2.1.3=#13024348,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06-04-2022 07:45

Not After

08-05-2033 07:45

Subject

CN=Globalsign TSA for CodeSign1 - R6,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20-06-2018 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10-12-2014 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a6:a4:8e:05:59:32:3d:1d:4f:63:a2:c5:17:4e:ed:af:17:af:cc:23:35:1a:98:4a:a7:cd:1e:40:2f:20:e0:c5
Signer

Actual PE Digest

a6:a4:8e:05:59:32:3d:1d:4f:63:a2:c5:17:4e:ed:af:17:af:cc:23:35:1a:98:4a:a7:cd:1e:40:2f:20:e0:c5

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\lbugn\Documents\MVVMLight\GalaSoft.MvvmLight\GalaSoft.MvvmLight.STD10\obj\Release\netstandard1.0\GalaSoft.MvvmLight.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
JudgeLZT.exe
.exe windows:6 windows x86 arch:x86

56baef533a2c1ed14f3f4ef31918aea1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\6mjfdw6nhe7bv\output.pdb

Imports

gdi32

SetPixel

user32

OffsetRect
ReleaseDC
GetDC

kernel32

CreateFileW
HeapSize
GetProcessHeap
SetStdHandle
VirtualAlloc
WaitForSingleObject
GetModuleHandleA
CreateThread
GetProcAddress
FormatMessageA
WideCharToMultiByte
GetCurrentThreadId
CloseHandle
WaitForSingleObjectEx
Sleep
SwitchToThread
GetExitCodeThread
GetNativeSystemInfo
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LocalFree
GetLocaleInfoEx
MultiByteToWideChar
LCMapStringEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
QueryPerformanceCounter
QueryPerformanceFrequency
SetFileInformationByHandle
GetTempPathW
InitOnceExecuteOnce
CreateEventExW
CreateSemaphoreExW
FlushProcessWriteBuffers
GetCurrentProcessorNumber
GetSystemTimeAsFileTime
GetTickCount64
FreeLibraryWhenCallbackReturns
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
GetModuleHandleW
GetFileInformationByHandleEx
CreateSymbolicLinkW
GetStringTypeW
CompareStringEx
GetCPInfo
IsProcessorFeaturePresent
GetCurrentProcessId
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetCurrentProcess
TerminateProcess
SetEnvironmentVariableW
RaiseException
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitThread
ResumeThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
GetCurrentThread
SetConsoleCtrlHandler
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
ReadFile
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
HeapReAlloc
GetTimeZoneInformation
OutputDebugStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW

Exports

Exports

AwakeSound

Sections

.text
Size: 534KB - Virtual size: 533KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 322KB - Virtual size: 328KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TapInstaller.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19-09-2018 00:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:f4:b4:91:12:3a:c4:cd:bd:68:04:2d
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

29-10-2020 09:57

Not After

30-10-2023 09:57

Subject

SERIALNUMBER=CHE-354.686.492,CN=Proton Technologies AG,O=Proton Technologies AG,STREET=Route de la Galaise 32,L=Plan-les-Ouates,ST=Geneva,C=CH,1.2.840.113549.1.9.1=#0c0f61646d696e4070726f746f6e2e6d65,1.3.6.1.4.1.311.60.2.1.2=#130647656e657661,1.3.6.1.4.1.311.60.2.1.3=#13024348,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06-04-2022 07:45

Not After

08-05-2033 07:45

Subject

CN=Globalsign TSA for CodeSign1 - R6,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20-06-2018 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10-12-2014 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a9:f6:fa:0f:84:66:3f:c3:46:a8:aa:20:53:ad:a6:cf:96:f8:74:2e:97:2d:f5:07:3c:4b:9f:c1:e0:f0:63:7b
Signer

Actual PE Digest

a9:f6:fa:0f:84:66:3f:c3:46:a8:aa:20:53:ad:a6:cf:96:f8:74:2e:97:2d:f5:07:3c:4b:9f:c1:e0:f0:63:7b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Gitlab-Runner\builds\uWGXS1dc\0\ProtonVPN\Windows\win-app\src\ProtonVPN.TapInstaller\obj\x86\Release\TapInstaller.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WSearchMigPlugin.dll
.dll regsvr32 windows:10 windows x64 arch:x64

21438ba29a45a5e6f86523b4d07c6854

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-11-2023 19:20

Not After

14-11-2024 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:58:a2:0e:21:5b:64:12:e1:80:3f:99:db:b4:25:d5:eb:33:b1:2c:e7:e3:32:24:40:5b:06:f6:05:3e:48:58
Signer

Actual PE Digest

33:58:a2:0e:21:5b:64:12:e1:80:3f:99:db:b4:25:d5:eb:33:b1:2c:e7:e3:32:24:40:5b:06:f6:05:3e:48:58

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

WSearchMigPlugin.pdb

Imports

msvcrt

_CxxThrowException
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
?terminate@@YAXXZ
??0exception@@QEAA@AEBQEBD@Z
_lock
_callnewh
_wcsicmp
_wcsnicmp
memmove_s
malloc
memmove
_XcptFilter
_unlock
_amsg_exit
_onexit
??1type_info@@UEAA@XZ
_errno
realloc
wcsncpy_s
wcscat_s
free
wcscpy_s
_purecall
__C_specific_handler
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
memcpy_s
_vsnwprintf
??_V@YAXPEAX@Z
memcmp
__CxxFrameHandler3
memcpy
__dllonexit
??3@YAXPEAX@Z
_initterm
memset

kernel32

HeapDestroy
HeapReAlloc
HeapSize
GetSystemDefaultLCID
GetSystemPreferredUILanguages
VerSetConditionMask
VerifyVersionInfoW
LocalFree
RtlCaptureContext
Sleep
GetTickCount64
GetModuleFileNameA
CreateSemaphoreExW
HeapFree
RtlLookupFunctionEntry
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
LockResource
GetLastError
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
HeapAlloc
RtlVirtualUnwind
GetProcAddress
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitOnceBeginInitialize
InitOnceComplete
FreeLibrary
GetCurrentProcess
GetThreadLocale
SetThreadLocale
DeleteCriticalSection
RaiseException
TerminateProcess
QueryPerformanceCounter
CreateEventW
GetSystemTimeAsFileTime
GetModuleFileNameW
LoadLibraryExW
GetTickCount
OutputDebugStringA
SizeofResource
LoadResource
LocaleNameToLCID
SetLastError
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
lstrcmpiW
FindResourceExW
FormatMessageW

oleaut32

SysStringLen
RegisterTypeLi
SysAllocStringByteLen
VarUI4FromStr
GetErrorInfo
LoadTypeLi
SysAllocString
UnRegisterTypeLi
SysFreeString
LoadRegTypeLi

advapi32

RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey
RegQueryValueExW
EnumDependentServicesW
OpenServiceW
EventRegister
EventWriteTransfer
EventUnregister
ControlService
RegEnumKeyExW
QueryServiceStatus
CloseServiceHandle
OpenSCManagerW
QueryServiceConfigW
StartServiceW
RegGetValueW
RegDeleteValueW

user32

CharNextW

ole32

StringFromGUID2
CoTaskMemFree
CoCreateInstance
StringFromCLSID

shell32

SHGetFileInfoW

shlwapi

SHSetValueW
SHDeleteValueW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WpcMigration.Uplevel.dll
.dll windows:10 windows x64 arch:x64

bfbca9b8d50e954bd17d06c0d4c4155a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

WpcMigration.Uplevel.pdb

Imports

msvcp_win

?id@?$collate@G@std@@2V0locale@2@A
??0_Locinfo@std@@QEAA@PEBD@Z
??1_Lockit@std@@QEAA@XZ
??1_Locinfo@std@@QEAA@XZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?is@?$ctype@G@std@@QEBA_NFG@Z
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Incref@facet@locale@std@@UEAAXXZ
_Wcscoll
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
??Bid@locale@std@@QEAA_KXZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?tolower@?$ctype@G@std@@QEBAGG@Z
?id@?$ctype@G@std@@2V0locale@2@A
?_Xbad_alloc@std@@YAXXZ
?tolower@?$ctype@G@std@@QEBAPEBGPEAGPEBG@Z
??1facet@locale@std@@MEAA@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
_Wcsxfrm
??0_Lockit@std@@QEAA@H@Z
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__i64tow_s
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__itoa_s
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__ui64tow_s
memmove
_o__wcstoui64
_o_free
_o_malloc
_o_realloc
_o_towlower
__C_specific_handler
_CxxThrowException
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
strchr
wcschr
__std_type_info_compare
_o___stdio_common_vswprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_type_info_name
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableLevel
TraceMessage
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceLoggerHandle

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-processthreads-l1-1-0

TlsGetValue
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
TlsAlloc
TlsFree
TlsSetValue
QueueUserAPC
OpenThread

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleHandleExW
GetProcAddress
GetModuleFileNameA

samcli

NetUserSetInfo

api-ms-win-core-registry-l1-1-0

RegEnumValueW
RegGetValueW
RegDeleteTreeW
RegDeleteValueW
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumKeyExW

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoTaskMemFree
CLSIDFromString
StringFromCLSID

advapi32

SaferSetLevelInformation
SaferiChangeRegistryScope
SaferSetPolicyInformation
SaferCreateLevel
SaferCloseLevel

kernel32

PackageFamilyNameFromFullName

ole32

OleRun

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-1-0

CreateMutexExW
ReleaseSemaphore
ReleaseMutex
WaitForSingleObjectEx
WaitForSingleObject
OpenSemaphoreW
EnterCriticalSection
CreateSemaphoreExW
InitializeCriticalSection
DeleteCriticalSection
ReleaseSRWLockExclusive
LeaveCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockShared
InitializeSRWLock
AcquireSRWLockShared

api-ms-win-core-synch-l1-2-0

Sleep
WakeAllConditionVariable
SleepConditionVariableSRW

api-ms-win-core-threadpool-l1-2-0

CloseThreadpool

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-file-l1-1-0

GetFileSizeEx
SetFilePointerEx
ReadFile
CreateFileW
GetFileAttributesW

api-ms-win-security-base-l1-1-0

CopySid
CreateWellKnownSid

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventSetInformation

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

ntdll

EtwTraceMessage

shlwapi

PathCombineW

user32

PostThreadMessageW

api-ms-win-security-lsalookup-l1-1-0

LookupAccountSidLocalW

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WsUpgrade.dll
.dll regsvr32 windows:10 windows x64 arch:x64

30ae43715c9ec65454cd7a4ef5927068

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

WsUpgrade.pdb

Imports

oleaut32

SysFreeString
LoadRegTypeLi
VarUI4FromStr
SysStringLen
RegisterTypeLi
UnRegisterTypeLi
SysAllocString
LoadTypeLi

api-ms-win-core-libraryloader-l1-2-0

FindResourceExW
SizeofResource
LoadResource
LockResource
LoadLibraryExA
GetProcAddress
FreeLibrary
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleW
GetModuleHandleExW

api-ms-win-core-com-l1-1-0

CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
StringFromGUID2
StringFromCLSID

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegGetKeySecurity
RegSetKeySecurity
RegDeleteValueW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
RegEnumValueW
RegSetValueExA
RegQueryValueExW
RegQueryValueExA

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte
GetStringTypeW

api-ms-win-core-localization-l1-2-0

SetThreadLocale
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
LCMapStringW
GetThreadLocale

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
InitializeCriticalSection

ntdll

RtlCreateUnicodeString
RtlFreeUnicodeString
RtlFreeHeap
RtlNtStatusToDosError
RtlAllocateHeap
RtlCompareUnicodeString
NtQueryKey

api-ms-win-core-heap-l1-1-0

HeapSize
HeapAlloc
HeapReAlloc
HeapDestroy
GetProcessHeap
HeapFree

ws2_32

WahEnableNonIFSHandleSupport

api-ms-win-core-rtlsupport-l1-1-0

RtlUnwindEx
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlCaptureContext
RtlCompareMemory
RtlVirtualUnwind

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
ExpandEnvironmentStringsA
SetStdHandle
GetCommandLineW
GetStdHandle

api-ms-win-core-versionansi-l1-1-1

GetFileVersionInfoSizeA
GetFileVersionInfoA

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCurrentProcessId
ExitProcess
GetCurrentThreadId
TerminateProcess
GetCurrentProcess

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-file-l1-1-0

GetFileSizeEx
FlushFileBuffers
FindFirstFileExW
CreateFileW
WriteFile
FindNextFileW
SetFilePointerEx
GetFileType
FindClose

api-ms-win-core-console-l1-1-0

GetConsoleMode
GetConsoleOutputCP
WriteConsoleW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedFlushSList

api-ms-win-core-fibers-l1-1-0

FlsAlloc
FlsFree
FlsGetValue
FlsSetValue

shell32

SHGetFileInfoW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

dae02f32a21e03ce65412f6e56942daa

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6aCertificate

Key Usages

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0fCertificate

Extended Key Usages

Key Usages

23:f4:b4:91:12:3a:c4:cd:bd:68:04:2dCertificate

Extended Key Usages

Key Usages

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6aCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

5d:e3:92:11:53:fe:8b:85:8f:a3:26:20:da:0d:88:84:dd:77:64:5e:70:6b:02:2e:ad:f9:b3:8e:d3:75:c0:03Signer

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 290KB - Virtual size: 289KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6aCertificate

Key Usages

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0fCertificate

Extended Key Usages

Key Usages

23:f4:b4:91:12:3a:c4:cd:bd:68:04:2dCertificate

Extended Key Usages

Key Usages

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6aCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

bf:8c:79:6e:cc:31:be:c1:0c:0b:42:15:e8:2b:c6:82:b5:e0:54:24:37:64:54:33:88:ae:09:73:2b:ba:45:c5Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 224KB - Virtual size: 223KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6aCertificate

Key Usages

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0fCertificate

Extended Key Usages

Key Usages

23:f4:b4:91:12:3a:c4:cd:bd:68:04:2dCertificate

Extended Key Usages

Key Usages

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6aCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

49:ed:c7:af:11:6a:ef:46:45:d6:df:8d:15:39:b0:88:cc:53:e2:b9:c5:27:be:4d:b2:ae:86:f9:5d:cf:3d:8bSigner

Headers

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

23:f4:b4:91:12:3a:c4:cd:bd:68:04:2d
Certificate

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

5d:e3:92:11:53:fe:8b:85:8f:a3:26:20:da:0d:88:84:dd:77:64:5e:70:6b:02:2e:ad:f9:b3:8e:d3:75:c0:03
Signer

.text
Size: 290KB - Virtual size: 289KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

23:f4:b4:91:12:3a:c4:cd:bd:68:04:2d
Certificate

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

bf:8c:79:6e:cc:31:be:c1:0c:0b:42:15:e8:2b:c6:82:b5:e0:54:24:37:64:54:33:88:ae:09:73:2b:ba:45:c5
Signer

.text
Size: 224KB - Virtual size: 223KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

23:f4:b4:91:12:3a:c4:cd:bd:68:04:2d
Certificate

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

49:ed:c7:af:11:6a:ef:46:45:d6:df:8d:15:39:b0:88:cc:53:e2:b9:c5:27:be:4d:b2:ae:86:f9:5d:cf:3d:8b
Signer

.text
Size: 10KB - Virtual size: 10KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

23:f4:b4:91:12:3a:c4:cd:bd:68:04:2d
Certificate

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

a6:a4:8e:05:59:32:3d:1d:4f:63:a2:c5:17:4e:ed:af:17:af:cc:23:35:1a:98:4a:a7:cd:1e:40:2f:20:e0:c5
Signer

.text
Size: 38KB - Virtual size: 37KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 534KB - Virtual size: 533KB

.bss
Size: 4KB - Virtual size: 3KB

.rdata
Size: 71KB - Virtual size: 70KB

.data
Size: 322KB - Virtual size: 328KB

.reloc
Size: 19KB - Virtual size: 18KB

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

23:f4:b4:91:12:3a:c4:cd:bd:68:04:2d
Certificate

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate