master[.]zip | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

master.zip
Size

3.3MB
MD5

b545225ee45209daee6c1e5a24d2fbe4
SHA1

81efd59294d1d14605198a688db777243e9e104d
SHA256

748d8690bbd95248e5ef77961a4baa8c87aa70a38e5fcd465a37b24e65558527
SHA512

7b9da12a92f902cac29cb9720c4217418d02128d917d4028ccbd2b82e487931fc9878ccee023d109ae7bdb9a22413a6746219710edd6d4392f69c1d6110e7663
SSDEEP

49152:3uL+BV4Fo+JbzL5xSySHtpVIgSICTEA8s0lQ59H26DE0UYTBg0BOu82ieVEPLeOj:3udFoQ+nLC9BXnH2ABXBxMeVERHT3

Score

N/A

Malware Config

Signatures

Files

master.zip
.zip
Installer/Config.bcfg
Installer/Config.ini
Installer/Installer.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 576KB - Virtual size: 575KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 948B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Installer/README.md
Installer/browser.dll
.dll windows x64

c51103b3a80c30bc7ab06eb2c2299369

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_ultoa
wcscat_s
sprintf_s
wcsncpy_s
vsprintf_s
_wcsnicmp
wcsspn
swprintf_s
strnlen
memcpy
_beginthreadex
memmove
_XcptFilter
_amsg_exit
free
malloc
_initterm
wcstoul
strcpy_s
_itow_s
memset
wcschr
__C_specific_handler
memcmp
_ultow
??3@YAXPEAX@Z
isdigit
qsort
strchr
wcscpy_s
_wcsicmp
mbstowcs
_local_unwind

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlAcquireResourceShared
RtlOemStringToUnicodeString
NtOpenProcessToken
RtlLengthRequiredSid
RtlInitializeSid
RtlSubAuthoritySid
RtlSubAuthorityCountSid
RtlLengthSid
RtlCopySid
RtlCreateAcl
RtlAddAce
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlSetSaclSecurityDescriptor
RtlNewSecurityObject
RtlDeleteSecurityObject
RtlCompareMemoryUlong
NtQueryInformationToken
RtlInitAnsiString
RtlUnicodeStringToOemString
RtlxUnicodeStringToOemSize
RtlUnicodeToOemN
NlsMbOemCodePageTag
NtImpersonateAnonymousToken
NtSetInformationThread
NtCreateFile
NtFsControlFile
RtlFreeOemString
RtlInitString
RtlDeleteResource
RtlInitializeResource
RtlEqualUnicodeString
RtlGetNtProductType
RtlTimeToSecondsSince1980
NtQuerySystemTime
NtQuerySystemInformation
RtlCompareMemory
RtlUpcaseUnicodeToOemN
NtQueryPerformanceCounter
NtDeviceIoControlFile
RtlCopyUnicodeString
NtCancelIoFile
NtOpenFile
RtlNtStatusToDosError
RtlUpcaseUnicodeStringToOemString
NtClose
RtlReleaseResource
RtlAcquireResourceExclusive
NtOpenEvent
RtlInitUnicodeString
NtOpenThreadToken

api-ms-win-core-synch-l1-2-0

DeleteCriticalSection
Sleep
CreateSemaphoreExW
CreateEventW
SetEvent
ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection
WaitForMultipleObjectsEx
WaitForSingleObject
WaitForSingleObjectEx
InitializeCriticalSection

api-ms-win-core-errorhandling-l1-1-1

RaiseException
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processthreads-l1-1-2

GetCurrentProcess
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
GetCurrentThread
SetThreadPriority
OpenThreadToken

api-ms-win-service-winsvc-l1-2-0

RegisterServiceCtrlHandlerW
QueryServiceStatus

rpcrt4

RpcStringFreeW
RpcRevertToSelf
RpcImpersonateClient
I_RpcExceptionFilter
RpcServerUseProtseqEpW
RpcServerRegisterIfEx
NdrServerCallAll
NdrServerCall2
RpcServerUnregisterIf
RpcBindingFree
RpcStringBindingParseW
RpcBindingToStringBindingW
RpcBindingServerFromClient

api-ms-win-service-core-l1-1-1

SetServiceStatus

api-ms-win-service-management-l1-1-0

OpenSCManagerW
OpenServiceW
CloseServiceHandle

api-ms-win-service-management-l2-1-0

QueryServiceConfigW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegQueryValueExA
RegOpenKeyExW
RegOpenKeyExA
RegQueryInfoKeyW
RegCloseKey
RegNotifyChangeKeyValue

netutils

NetpIsRemote
NetapipBufferAllocate
NetpIsUncComputerNameValid
NetApiBufferAllocate
NetpwNameCanonicalize
NetApiBufferFree
NetpIsRemoteNameValid

api-ms-win-core-sysinfo-l1-2-1

GetSystemDirectoryW
GetTickCount
GetSystemTimeAsFileTime
GetComputerNameExW
GetLocalTime

api-ms-win-core-file-l1-2-1

SetFilePointer
CreateFileW
DeleteFileW
WriteFile

api-ms-win-core-file-l2-1-1

MoveFileExW

api-ms-win-core-io-l1-1-1

DeviceIoControl

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetProcAddress
LoadLibraryExW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-threadpool-legacy-l1-1-0

DeleteTimerQueueEx
CreateTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueue
DeleteTimerQueueTimer

api-ms-win-core-heap-obsolete-l1-1-0

LocalAlloc
LocalSize
LocalReAlloc
LocalFree

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpA
lstrcmpW

api-ms-win-security-base-l1-2-0

EqualSid
GetLengthSid
AccessCheck

api-ms-win-core-processenvironment-l1-2-0

ExpandEnvironmentStringsW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI
DelayLoadFailureHook

api-ms-win-core-timezone-l1-1-0

GetTimeZoneInformation

Exports

Exports

I_BrowserServerEnumForXactsrv
ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Installer/en-US/winload.efi.mui
.dll windows x86

Code Sign

33:00:00:00:24:18:fc:0b:68:9e:73:99:d0:00:00:00:00:00:24
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

17-06-2013 21:43

Not After

17-09-2014 21:43

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8d:02:59:b4:bb:1e:c0:0f:66:a2:65:e9:5f:e9:db:9c:ec:1d:ba:4c:2a:5a:71:86:ef:d2:15:ef:38:4e:6c:fa
Signer

Actual PE Digest

8d:02:59:b4:bb:1e:c0:0f:66:a2:65:e9:5f:e9:db:9c:ec:1d:ba:4c:2a:5a:71:86:ef:d2:15:ef:38:4e:6c:fa

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

16-06-2022 11:52
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.rsrc
Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Installer/en-US/winload.exe.mui
.dll windows x86

Code Sign

33:00:00:00:24:18:fc:0b:68:9e:73:99:d0:00:00:00:00:00:24
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

17-06-2013 21:43

Not After

17-09-2014 21:43

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:42:7b:01:bc:2b:26:41:cd:51:4c:c8:6f:96:31:62:df:d4:4c:e5:09:0e:17:a3:75:9a:81:01:6d:a0:6a:98
Signer

Actual PE Digest

05:42:7b:01:bc:2b:26:41:cd:51:4c:c8:6f:96:31:62:df:d4:4c:e5:09:0e:17:a3:75:9a:81:01:6d:a0:6a:98

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

16-06-2022 11:52
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.rsrc
Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Installer/en-US/winresume.efi.mui
.dll windows x86

Code Sign

33:00:00:00:24:18:fc:0b:68:9e:73:99:d0:00:00:00:00:00:24
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

17-06-2013 21:43

Not After

17-09-2014 21:43

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7d:93:45:1b:d1:ad:c0:01:55:72:44:e9:19:75:a3:ce:e6:89:c7:07:e9:af:95:3d:dc:e1:d2:06:57:6a:d5:68
Signer

Actual PE Digest

7d:93:45:1b:d1:ad:c0:01:55:72:44:e9:19:75:a3:ce:e6:89:c7:07:e9:af:95:3d:dc:e1:d2:06:57:6a:d5:68

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

16-06-2022 11:52
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Installer/en-US/winresume.exe.mui
.dll windows x86

Code Sign

33:00:00:00:24:18:fc:0b:68:9e:73:99:d0:00:00:00:00:00:24
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

17-06-2013 21:43

Not After

17-09-2014 21:43

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:1e:0d:91:bf:c3:87:1f:8b:6a:df:90:17:c3:48:68:ce:c8:76:f5:f2:a9:3c:82:e3:8e:ee:70:00:bc:5f:ed
Signer

Actual PE Digest

7b:1e:0d:91:bf:c3:87:1f:8b:6a:df:90:17:c3:48:68:ce:c8:76:f5:f2:a9:3c:82:e3:8e:ee:70:00:bc:5f:ed

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

16-06-2022 11:52
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Installer/locales/am.pak
Installer/locales/ar.pak
Installer/locales/bg.pak
Installer/locales/bn.pak
Installer/locales/ca.pak
Installer/locales/cs.pak
Installer/locales/da.pak
Installer/locales/de.pak
Installer/locales/el.pak
Installer/locales/en-GB.pak
Installer/locales/en-US.pak
Installer/locales/es-419.pak
Installer/locales/es.pak
Installer/locales/et.pak
Installer/locales/fa.pak
Installer/locales/fi.pak
Installer/locales/fil.pak
Installer/locales/fr.pak
Installer/locales/gu.pak
Installer/locales/he.pak
Installer/locales/hi.pak
Installer/locales/hr.pak
Installer/locales/hu.pak
Installer/locales/id.pak
Installer/locales/it.pak
Installer/locales/ja.pak
Installer/locales/kn.pak
Installer/locales/ko.pak
Installer/locales/lt.pak
Installer/locales/lv.pak
Installer/locales/ml.pak
Installer/locales/mr.pak
Installer/locales/ms.pak
Installer/locales/nb.pak
Installer/locales/nl.pak
Installer/locales/pl.pak
Installer/locales/pt-BR.pak
Installer/locales/pt-PT.pak
Installer/locales/ro.pak
Installer/locales/ru.pak
Installer/locales/sk.pak
Installer/locales/sl.pak
Installer/locales/sr.pak
Installer/locales/sv.pak
Installer/locales/sw.pak
Installer/locales/ta.pak
Installer/locales/te.pak
Installer/locales/th.pak
Installer/locales/tr.pak
Installer/locales/uk.pak
Installer/locales/vi.pak
Installer/locales/zh-CN.pak
Installer/locales/zh-TW.pak
Installer/ssleay32.dll
.dll windows x64

abe532a87e9e47f40cf2ad81713ab58f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29-10-2015 11:30

Not After

09-06-2027 11:30

Subject

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

59:a8:b7:38:89:26:40:1a:ab:a0:91:62:2f:b9:31:33
Certificate

Issuer

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

20-11-2017 06:10

Not After

20-11-2018 06:10

Subject

CN=Open Source Developer\, François PIETTE,O=Open Source Developer,L=EMBOURG,C=BE,1.2.840.113549.1.9.1=#0c1b6672616e636f69732e706965747465406f766572627974652e6265

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29-10-2015 11:30

Not After

09-06-2027 11:30

Subject

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

59:a8:b7:38:89:26:40:1a:ab:a0:91:62:2f:b9:31:33
Certificate

Issuer

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

20-11-2017 06:10

Not After

20-11-2018 06:10

Subject

CN=Open Source Developer\, François PIETTE,O=Open Source Developer,L=EMBOURG,C=BE,1.2.840.113549.1.9.1=#0c1b6672616e636f69732e706965747465406f766572627974652e6265

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02-01-2017 00:00

Not After

01-04-2028 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

2a:4d:2d:bc:99:7c:49:be:df:61:db:08:f4:b7:fd:da:25:c2:88:7f:3d:17:d6:a9:8a:6b:96:7c:e2:d7:4f:88
Signer

Actual PE Digest

2a:4d:2d:bc:99:7c:49:be:df:61:db:08:f4:b7:fd:da:25:c2:88:7f:3d:17:d6:a9:8a:6b:96:7c:e2:d7:4f:88

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Open Source Developer\, François PIETTE,O=Open Source Developer,L=EMBOURG,C=BE,1.2.840.113549.1.9.1=#0c1b6672616e636f69732e706965747465406f766572627974652e6265

15-08-2018 10:00
Valid: true

Chain 1

CN=Open Source Developer\, François PIETTE,O=Open Source Developer,L=EMBOURG,C=BE,1.2.840.113549.1.9.1=#0c1b6672616e636f69732e706965747465406f766572627974652e6265

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

20:74:81:ae:bf:4b:2f:fd:ff:e9:64:cf:24:4a:33:56:be:91:f1:8a
Signer

Actual PE Digest

20:74:81:ae:bf:4b:2f:fd:ff:e9:64:cf:24:4a:33:56:be:91:f1:8a

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Open Source Developer\, François PIETTE,O=Open Source Developer,L=EMBOURG,C=BE,1.2.840.113549.1.9.1=#0c1b6672616e636f69732e706965747465406f766572627974652e6265

15-08-2018 10:00
Valid: true

Chain 1

CN=Open Source Developer\, François PIETTE,O=Open Source Developer,L=EMBOURG,C=BE,1.2.840.113549.1.9.1=#0c1b6672616e636f69732e706965747465406f766572627974652e6265

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

libeay32

ord3459
ord3480
ord3550
ord3666
ord3644
ord866
ord641
ord754
ord654
ord635
ord2747
ord2784
ord2572
ord964
ord965
ord464
ord2201
ord3489
ord907
ord904
ord176
ord87
ord150
ord125
ord1000
ord124
ord129
ord486
ord493
ord484
ord205
ord216
ord363
ord2712
ord2925
ord3165
ord268
ord333
ord316
ord4470
ord1010
ord282
ord4125
ord4262
ord4164
ord1071
ord2877
ord3711
ord3682
ord3719
ord577
ord763
ord572
ord4046
ord481
ord2063
ord2107
ord3450
ord283
ord3418
ord3244
ord1096
ord1097
ord78
ord109
ord95
ord3816
ord3873
ord3836
ord3888
ord3891
ord3874
ord2589
ord2915
ord323
ord3906
ord1144
ord1145
ord3823
ord3866
ord3846
ord89
ord2292
ord1081
ord3857
ord2400
ord187
ord267
ord503
ord1012
ord3631
ord3479
ord3664
ord3737
ord3633
ord3675
ord341
ord1011
ord359
ord365
ord4210
ord3067
ord266
ord264
ord3314
ord3312
ord3313
ord2568
ord3528
ord4684
ord3388
ord541
ord3925
ord3922
ord4701
ord653
ord4692
ord3192
ord3124
ord2702
ord2898
ord1202
ord4144
ord4372
ord3782
ord4174
ord193
ord3767
ord3758
ord3704
ord3647
ord3365
ord3766
ord3460
ord4114
ord3783
ord3454
ord3394
ord3754
ord1655
ord914
ord1041
ord1027
ord1025
ord3512
ord1007
ord1005
ord3826
ord53
ord85
ord67
ord65
ord74
ord98
ord58
ord497
ord206
ord892
ord890
ord897
ord2257
ord248
ord364
ord4331
ord4513
ord629
ord626
ord628
ord630
ord3437
ord3527
ord3378
ord3610
ord3414
ord3495
ord3399
ord3559
ord575
ord636
ord2051
ord2478
ord246
ord3657
ord3396
ord908
ord911
ord93
ord128
ord623
ord622
ord624
ord1100
ord1023
ord1016
ord2204
ord2451
ord2524
ord3505
ord3595
ord680
ord857
ord657
ord4693
ord2135
ord679
ord401
ord3205
ord891
ord887
ord889
ord4045
ord2475
ord368
ord370
ord367
ord369
ord1671
ord189
ord1147
ord314
ord315
ord4383
ord4320
ord956
ord750
ord279
ord748
ord280
ord774
ord751
ord2181
ord394
ord1959
ord400
ord399
ord716
ord822
ord718
ord824
ord8
ord7
ord3700
ord3623
ord37
ord35
ord703
ord1091
ord88
ord2426
ord86
ord1101
ord313
ord3724
ord299
ord304
ord329
ord318
ord325
ord959
ord4601
ord3155
ord2996
ord4615
ord4637
ord4656
ord4731
ord4740
ord3795
ord3807
ord3914
ord292
ord293
ord395
ord2252
ord91
ord955
ord225
ord247
ord4572
ord4580
ord4576
ord4570
ord4578
ord4582
ord4573
ord4577
ord4581
ord4575
ord4584
ord3575
ord3729
ord3422
ord3353
ord3663
ord2578
ord3178
ord3010
ord2929
ord2924
ord3570
ord3695
ord4488
ord1070
ord4245
ord4369
ord4474
ord4233
ord4430
ord4119
ord967
ord3608
ord281
ord2128
ord285
ord2927
ord3315
ord256
ord961
ord290
ord289
ord274
ord276
ord2894
ord2936
ord269
ord3109
ord3883
ord2821
ord2630
ord3899
ord3896
ord3844
ord3837
ord222
ord252
ord219
ord201
ord203
ord202
ord4540
ord498
ord495
ord2760
ord490
ord32
ord165
ord120
ord118
ord123
ord151
ord110
ord111
ord52
ord66
ord3245
ord181
ord188
ord903
ord912
ord910
ord909
ord905
ord2411
ord1653
ord1654
ord3513
ord170
ord3239
ord168
ord167
ord1004
ord169

kernel32

RtlPcToFileHeader
WriteConsoleW
CreateFileW
SetFilePointerEx
CloseHandle
HeapReAlloc
HeapSize
GetStringTypeW
SetStdHandle
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetFileType
GetStdHandle
LCMapStringW
HeapAlloc
HeapFree
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
LoadLibraryExW
GetProcAddress
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InterlockedFlushSList
RtlUnwindEx
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetLastError
SystemTimeToFileTime
GetSystemTime
SetLastError
EncodePointer
RaiseException

Exports

Exports

BIO_f_ssl
BIO_new_buffer_ssl_connect
BIO_new_ssl
BIO_new_ssl_connect
BIO_ssl_copy_session_id
BIO_ssl_shutdown
DTLS_client_method
DTLS_method
DTLS_server_method
DTLSv1_2_client_method
DTLSv1_2_method
DTLSv1_2_server_method
DTLSv1_client_method
DTLSv1_method
DTLSv1_server_method
ERR_load_SSL_strings
PEM_read_SSL_SESSION
PEM_read_bio_SSL_SESSION
PEM_write_SSL_SESSION
PEM_write_bio_SSL_SESSION
SRP_Calc_A_param
SRP_generate_client_master_secret
SRP_generate_server_master_secret
SSL_CIPHER_description
SSL_CIPHER_find
SSL_CIPHER_get_bits
SSL_CIPHER_get_id
SSL_CIPHER_get_name
SSL_CIPHER_get_version
SSL_COMP_add_compression_method
SSL_COMP_free_compression_methods
SSL_COMP_get_compression_methods
SSL_COMP_get_name
SSL_COMP_set0_compression_methods
SSL_CONF_CTX_clear_flags
SSL_CONF_CTX_finish
SSL_CONF_CTX_free
SSL_CONF_CTX_new
SSL_CONF_CTX_set1_prefix
SSL_CONF_CTX_set_flags
SSL_CONF_CTX_set_ssl
SSL_CONF_CTX_set_ssl_ctx
SSL_CONF_cmd
SSL_CONF_cmd_argv
SSL_CONF_cmd_value_type
SSL_CTX_SRP_CTX_free
SSL_CTX_SRP_CTX_init
SSL_CTX_add_client_CA
SSL_CTX_add_client_custom_ext
SSL_CTX_add_server_custom_ext
SSL_CTX_add_session
SSL_CTX_callback_ctrl
SSL_CTX_check_private_key
SSL_CTX_ctrl
SSL_CTX_flush_sessions
SSL_CTX_free
SSL_CTX_get0_certificate
SSL_CTX_get0_param
SSL_CTX_get0_privatekey
SSL_CTX_get_cert_store
SSL_CTX_get_client_CA_list
SSL_CTX_get_client_cert_cb
SSL_CTX_get_ex_data
SSL_CTX_get_ex_new_index
SSL_CTX_get_info_callback
SSL_CTX_get_quiet_shutdown
SSL_CTX_get_ssl_method
SSL_CTX_get_timeout
SSL_CTX_get_verify_callback
SSL_CTX_get_verify_depth
SSL_CTX_get_verify_mode
SSL_CTX_load_verify_locations
SSL_CTX_new
SSL_CTX_remove_session
SSL_CTX_sess_get_get_cb
SSL_CTX_sess_get_new_cb
SSL_CTX_sess_get_remove_cb
SSL_CTX_sess_set_get_cb
SSL_CTX_sess_set_new_cb
SSL_CTX_sess_set_remove_cb
SSL_CTX_sessions
SSL_CTX_set1_param
SSL_CTX_set_alpn_protos
SSL_CTX_set_alpn_select_cb
SSL_CTX_set_cert_cb
SSL_CTX_set_cert_store
SSL_CTX_set_cert_verify_callback
SSL_CTX_set_cipher_list
SSL_CTX_set_client_CA_list
SSL_CTX_set_client_cert_cb
SSL_CTX_set_client_cert_engine
SSL_CTX_set_cookie_generate_cb
SSL_CTX_set_cookie_verify_cb
SSL_CTX_set_default_passwd_cb
SSL_CTX_set_default_passwd_cb_userdata
SSL_CTX_set_default_verify_paths
SSL_CTX_set_ex_data
SSL_CTX_set_generate_session_id
SSL_CTX_set_info_callback
SSL_CTX_set_msg_callback
SSL_CTX_set_next_proto_select_cb
SSL_CTX_set_next_protos_advertised_cb
SSL_CTX_set_psk_client_callback
SSL_CTX_set_psk_server_callback
SSL_CTX_set_purpose
SSL_CTX_set_quiet_shutdown
SSL_CTX_set_session_id_context
SSL_CTX_set_srp_cb_arg
SSL_CTX_set_srp_client_pwd_callback
SSL_CTX_set_srp_password
SSL_CTX_set_srp_strength
SSL_CTX_set_srp_username
SSL_CTX_set_srp_username_callback
SSL_CTX_set_srp_verify_param_callback
SSL_CTX_set_ssl_version
SSL_CTX_set_timeout
SSL_CTX_set_tlsext_use_srtp
SSL_CTX_set_tmp_dh_callback
SSL_CTX_set_tmp_ecdh_callback
SSL_CTX_set_tmp_rsa_callback
SSL_CTX_set_trust
SSL_CTX_set_verify
SSL_CTX_set_verify_depth
SSL_CTX_use_PrivateKey
SSL_CTX_use_PrivateKey_ASN1
SSL_CTX_use_PrivateKey_file
SSL_CTX_use_RSAPrivateKey
SSL_CTX_use_RSAPrivateKey_ASN1
SSL_CTX_use_RSAPrivateKey_file
SSL_CTX_use_certificate
SSL_CTX_use_certificate_ASN1
SSL_CTX_use_certificate_chain_file
SSL_CTX_use_certificate_file
SSL_CTX_use_psk_identity_hint
SSL_CTX_use_serverinfo
SSL_CTX_use_serverinfo_file
SSL_SESSION_free
SSL_SESSION_get0_peer
SSL_SESSION_get_compress_id
SSL_SESSION_get_ex_data
SSL_SESSION_get_ex_new_index
SSL_SESSION_get_id
SSL_SESSION_get_time
SSL_SESSION_get_timeout
SSL_SESSION_new
SSL_SESSION_print
SSL_SESSION_print_fp
SSL_SESSION_set1_id_context
SSL_SESSION_set_ex_data
SSL_SESSION_set_time
SSL_SESSION_set_timeout
SSL_SRP_CTX_free
SSL_SRP_CTX_init
SSL_accept
SSL_add_client_CA
SSL_add_dir_cert_subjects_to_stack
SSL_add_file_cert_subjects_to_stack
SSL_alert_desc_string
SSL_alert_desc_string_long
SSL_alert_type_string
SSL_alert_type_string_long
SSL_cache_hit
SSL_callback_ctrl
SSL_certs_clear
SSL_check_chain
SSL_check_private_key
SSL_clear
SSL_connect
SSL_copy_session_id
SSL_ctrl
SSL_do_handshake
SSL_dup
SSL_dup_CA_list
SSL_export_keying_material
SSL_extension_supported
SSL_free
SSL_get0_alpn_selected
SSL_get0_next_proto_negotiated
SSL_get0_param
SSL_get1_session
SSL_get_SSL_CTX
SSL_get_certificate
SSL_get_cipher_list
SSL_get_ciphers
SSL_get_client_CA_list
SSL_get_current_cipher
SSL_get_current_compression
SSL_get_current_expansion
SSL_get_default_timeout
SSL_get_error
SSL_get_ex_data
SSL_get_ex_data_X509_STORE_CTX_idx
SSL_get_ex_new_index
SSL_get_fd
SSL_get_finished
SSL_get_info_callback
SSL_get_peer_cert_chain
SSL_get_peer_certificate
SSL_get_peer_finished
SSL_get_privatekey
SSL_get_psk_identity
SSL_get_psk_identity_hint
SSL_get_quiet_shutdown
SSL_get_rbio
SSL_get_read_ahead
SSL_get_rfd
SSL_get_selected_srtp_profile
SSL_get_servername
SSL_get_servername_type
SSL_get_session
SSL_get_shared_ciphers
SSL_get_shared_sigalgs
SSL_get_shutdown
SSL_get_sigalgs
SSL_get_srp_N
SSL_get_srp_g
SSL_get_srp_userinfo
SSL_get_srp_username
SSL_get_srtp_profiles
SSL_get_ssl_method
SSL_get_verify_callback
SSL_get_verify_depth
SSL_get_verify_mode
SSL_get_verify_result
SSL_get_version
SSL_get_wbio
SSL_get_wfd
SSL_has_matching_session_id
SSL_is_server
SSL_library_init
SSL_load_client_CA_file
SSL_load_error_strings
SSL_new
SSL_peek
SSL_pending
SSL_read
SSL_renegotiate
SSL_renegotiate_abbreviated
SSL_renegotiate_pending
SSL_rstate_string
SSL_rstate_string_long
SSL_select_next_proto
SSL_set1_param
SSL_set_SSL_CTX
SSL_set_accept_state
SSL_set_alpn_protos
SSL_set_bio
SSL_set_cert_cb
SSL_set_cipher_list
SSL_set_client_CA_list
SSL_set_connect_state
SSL_set_debug
SSL_set_ex_data
SSL_set_fd
SSL_set_generate_session_id
SSL_set_info_callback
SSL_set_msg_callback
SSL_set_psk_client_callback
SSL_set_psk_server_callback
SSL_set_purpose
SSL_set_quiet_shutdown
SSL_set_read_ahead
SSL_set_rfd
SSL_set_session
SSL_set_session_id_context
SSL_set_session_secret_cb
SSL_set_session_ticket_ext
SSL_set_session_ticket_ext_cb
SSL_set_shutdown
SSL_set_srp_server_param
SSL_set_srp_server_param_pw
SSL_set_ssl_method
SSL_set_state
SSL_set_tlsext_use_srtp
SSL_set_tmp_dh_callback
SSL_set_tmp_ecdh_callback
SSL_set_tmp_rsa_callback
SSL_set_trust
SSL_set_verify
SSL_set_verify_depth
SSL_set_verify_result
SSL_set_wfd
SSL_shutdown
SSL_srp_server_param_with_username
SSL_state
SSL_state_string
SSL_state_string_long
SSL_use_PrivateKey
SSL_use_PrivateKey_ASN1
SSL_use_PrivateKey_file
SSL_use_RSAPrivateKey
SSL_use_RSAPrivateKey_ASN1
SSL_use_RSAPrivateKey_file
SSL_use_certificate
SSL_use_certificate_ASN1
SSL_use_certificate_file
SSL_use_psk_identity_hint
SSL_version
SSL_want
SSL_write
SSLv23_client_method
SSLv23_method
SSLv23_server_method
SSLv3_client_method
SSLv3_method
SSLv3_server_method
TLSv1_1_client_method
TLSv1_1_method
TLSv1_1_server_method
TLSv1_2_client_method
TLSv1_2_method
TLSv1_2_server_method
TLSv1_client_method
TLSv1_method
TLSv1_server_method
d2i_SSL_SESSION
i2d_SSL_SESSION
ssl3_ciphers

Sections

.text
Size: 306KB - Virtual size: 305KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 63KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 576KB - Virtual size: 575KB

.rsrc Size: 1024B - Virtual size: 948B

.reloc Size: 512B - Virtual size: 12B

c51103b3a80c30bc7ab06eb2c2299369

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

api-ms-win-core-synch-l1-2-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-handle-l1-1-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-service-winsvc-l1-2-0

rpcrt4

api-ms-win-service-core-l1-1-1

api-ms-win-service-management-l1-1-0

api-ms-win-service-management-l2-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-registry-l1-1-0

netutils

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-file-l1-2-1

api-ms-win-core-file-l2-1-1

api-ms-win-core-io-l1-1-1

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-security-base-l1-2-0

api-ms-win-core-processenvironment-l1-2-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-timezone-l1-1-0

Exports

Exports

Sections

.text Size: 114KB - Virtual size: 114KB

.data Size: 1KB - Virtual size: 3KB

.pdata Size: 3KB - Virtual size: 3KB

.idata Size: 8KB - Virtual size: 8KB

.didat Size: 512B - Virtual size: 216B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 536B

Code Sign

33:00:00:00:24:18:fc:0b:68:9e:73:99:d0:00:00:00:00:00:24Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

8d:02:59:b4:bb:1e:c0:0f:66:a2:65:e9:5f:e9:db:9c:ec:1d:ba:4c:2a:5a:71:86:ef:d2:15:ef:38:4e:6c:faSigner

Signature Validations

Verification

16-06-2022 11:52 Valid: false

Headers

DLL Characteristics

File Characteristics

Sections

.rsrc Size: 20KB - Virtual size: 24KB

Code Sign

33:00:00:00:24:18:fc:0b:68:9e:73:99:d0:00:00:00:00:00:24Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

05:42:7b:01:bc:2b:26:41:cd:51:4c:c8:6f:96:31:62:df:d4:4c:e5:09:0e:17:a3:75:9a:81:01:6d:a0:6a:98Signer

Signature Validations

Verification

16-06-2022 11:52 Valid: false

.text
Size: 576KB - Virtual size: 575KB

.rsrc
Size: 1024B - Virtual size: 948B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 114KB - Virtual size: 114KB

.data
Size: 1KB - Virtual size: 3KB

.pdata
Size: 3KB - Virtual size: 3KB

.idata
Size: 8KB - Virtual size: 8KB

.didat
Size: 512B - Virtual size: 216B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 536B

33:00:00:00:24:18:fc:0b:68:9e:73:99:d0:00:00:00:00:00:24
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

8d:02:59:b4:bb:1e:c0:0f:66:a2:65:e9:5f:e9:db:9c:ec:1d:ba:4c:2a:5a:71:86:ef:d2:15:ef:38:4e:6c:fa
Signer

16-06-2022 11:52
Valid: false

.rsrc
Size: 20KB - Virtual size: 24KB

33:00:00:00:24:18:fc:0b:68:9e:73:99:d0:00:00:00:00:00:24
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

05:42:7b:01:bc:2b:26:41:cd:51:4c:c8:6f:96:31:62:df:d4:4c:e5:09:0e:17:a3:75:9a:81:01:6d:a0:6a:98
Signer

16-06-2022 11:52
Valid: false

.rsrc
Size: 20KB - Virtual size: 24KB

33:00:00:00:24:18:fc:0b:68:9e:73:99:d0:00:00:00:00:00:24
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

7d:93:45:1b:d1:ad:c0:01:55:72:44:e9:19:75:a3:ce:e6:89:c7:07:e9:af:95:3d:dc:e1:d2:06:57:6a:d5:68
Signer

16-06-2022 11:52
Valid: false

.rsrc
Size: 11KB - Virtual size: 12KB

33:00:00:00:24:18:fc:0b:68:9e:73:99:d0:00:00:00:00:00:24
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

7b:1e:0d:91:bf:c3:87:1f:8b:6a:df:90:17:c3:48:68:ce:c8:76:f5:f2:a9:3c:82:e3:8e:ee:70:00:bc:5f:ed
Signer

16-06-2022 11:52
Valid: false

.rsrc
Size: 11KB - Virtual size: 12KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

59:a8:b7:38:89:26:40:1a:ab:a0:91:62:2f:b9:31:33
Certificate

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

59:a8:b7:38:89:26:40:1a:ab:a0:91:62:2f:b9:31:33
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

2a:4d:2d:bc:99:7c:49:be:df:61:db:08:f4:b7:fd:da:25:c2:88:7f:3d:17:d6:a9:8a:6b:96:7c:e2:d7:4f:88
Signer

15-08-2018 10:00
Valid: true

20:74:81:ae:bf:4b:2f:fd:ff:e9:64:cf:24:4a:33:56:be:91:f1:8a
Signer