mimikatz | MIMIMI[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

MIMIMI.zip
Size

3.7MB
MD5

0b3e92b13fcf8d8d65621f92d32cad0e
SHA1

1ba2e04f536cad882970a0ecc1d9c65d6cbd7f21
SHA256

4d6b7a20e7b1f482eb72da51ad88767f3621867f3de10985c2260869c4193ba1
SHA512

9381cd520b40ae83cd5c343044f573356aa3608fbc4e86656a352febf9494442963de5826600c2ecaf33ffe32f1687f498a724d62e660cabf5d49f9306ec8cf7
SSDEEP

98304:sZdOGp1eUBwJ2kV2jnb2J6T3zIs0PViUCOgZsnv+R1F:6sie5J2kVB0J0PVvHg+Y

Score

10^/10

upx mimikatz

Malware Config

Signatures

Mimikatz family
mimikatz

Nirsoft 15 IoCs

resource	yara_rule
static1/unpack001/MIMIMI/mimikatz/passrecpk/BulletsPassView.exe	Nirsoft
static1/unpack001/MIMIMI/mimikatz/passrecpk/BulletsPassView64.exe	Nirsoft
static1/unpack001/MIMIMI/mimikatz/passrecpk/ChromePass.exe	Nirsoft
static1/unpack001/MIMIMI/mimikatz/passrecpk/Dialupass.exe	Nirsoft
static1/unpack001/MIMIMI/mimikatz/passrecpk/PasswordFox.exe	Nirsoft
static1/unpack001/MIMIMI/mimikatz/passrecpk/PasswordFox64.exe	Nirsoft
static1/unpack001/MIMIMI/mimikatz/passrecpk/SniffPass.exe	Nirsoft
static1/unpack001/MIMIMI/mimikatz/passrecpk/SniffPass64.exe	Nirsoft
static1/unpack001/MIMIMI/mimikatz/passrecpk/VNCPassView.exe	Nirsoft
static1/unpack001/MIMIMI/mimikatz/passrecpk/WebBrowserPassView.exe	Nirsoft
static1/unpack001/MIMIMI/mimikatz/passrecpk/WirelessKeyView.exe	Nirsoft
static1/unpack001/MIMIMI/mimikatz/passrecpk/WirelessKeyView64.exe	Nirsoft
static1/unpack001/MIMIMI/mimikatz/passrecpk/mailpv.exe	Nirsoft
static1/unpack001/MIMIMI/mimikatz/passrecpk/netpass64.exe	Nirsoft
static1/unpack001/MIMIMI/mimikatz/passrecpk/pspv.exe	Nirsoft

mimikatz is an open source tool to dump credentials on Windows 6 IoCs

resource	yara_rule
static1/unpack001/MIMIMI/mimikatz/mimikatz/x32/mimidrv.sys	mimikatz
static1/unpack001/MIMIMI/mimikatz/mimikatz/x32/mimikatz.exe	mimikatz
static1/unpack001/MIMIMI/mimikatz/mimikatz/x32/mimilib.dll	mimikatz
static1/unpack001/MIMIMI/mimikatz/mimikatz/x64/mimidrv.sys	mimikatz
static1/unpack001/MIMIMI/mimikatz/mimikatz/x64/mimikatz.exe	mimikatz
static1/unpack001/MIMIMI/mimikatz/mimikatz/x64/mimilib.dll	mimikatz

NirSoft MailPassView 1 IoCs

Password recovery tool for various email clients

resource	yara_rule
static1/unpack001/MIMIMI/mimikatz/passrecpk/mailpv.exe	MailPassView

NirSoft WebBrowserPassView 1 IoCs

Password recovery tool for various web browsers

resource	yara_rule
static1/unpack001/MIMIMI/mimikatz/passrecpk/WebBrowserPassView.exe	WebBrowserPassView

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/MIMIMI/mimikatz/kiwi parser.exe	upx
static1/unpack001/MIMIMI/mimikatz/passrecpk/OperaPassView.exe	upx
static1/unpack001/MIMIMI/mimikatz/passrecpk/PstPassword.exe	upx
static1/unpack001/MIMIMI/mimikatz/passrecpk/RouterPassView.exe	upx
static1/unpack001/MIMIMI/mimikatz/passrecpk/iepv.exe	upx
static1/unpack001/MIMIMI/mimikatz/passrecpk/mspass.exe	upx
static1/unpack001/MIMIMI/mimikatz/passrecpk/netpass.exe	upx
static1/unpack001/MIMIMI/mimikatz/passrecpk/rdpv.exe	upx

Files

MIMIMI.zip
.zip
MIMIMI/mimikatz/!logs/NTLM.txt
MIMIMI/mimikatz/!logs/Passwords.txt
MIMIMI/mimikatz/!logs/Result.txt
MIMIMI/mimikatz/!logs/SHA.txt
MIMIMI/mimikatz/!logs/Users.txt
MIMIMI/mimikatz/!start.cmd
MIMIMI/mimikatz/DirLister.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 392KB - Virtual size: 391KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
MIMIMI/mimikatz/ExtPassword.exe
.exe windows x86

516b1be091cf42d5bde1f47ba6a5a81f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_msize
_beginthreadex
realloc
__dllonexit
_onexit
_c_exit
_exit
_XcptFilter
_cexit
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
qsort
_endthreadex
memmove
malloc
free
modf
wcstoul
strcat
_wtoi64
strcmp
strcpy
??3@YAXPAX@Z
??2@YAPAXI@Z
_wtoi
wcschr
_wcsicmp
strftime
_gmtime64
_itow
wcscmp
wcsncmp
wcslen
_wcsnicmp
memcpy
wcsrchr
memcmp
wcscpy
memset
strlen
_snwprintf
wcsncat
wcscat
__set_app_type
_controlfp
_except_handler3
_vsnwprintf
_purecall
_wcslwr

comctl32

CreateStatusWindowW
ImageList_AddMasked
ImageList_SetImageCount
ImageList_Create
ImageList_Add
ord17
ImageList_ReplaceIcon
CreateToolbarEx

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

GetSystemInfo
UnlockFile
HeapValidate
InterlockedCompareExchange
FlushViewOfFile
HeapCreate
WaitForSingleObject
GetFileAttributesA
LeaveCriticalSection
DeleteFileA
HeapFree
HeapDestroy
AreFileApisANSI
CreateFileMappingA
QueryPerformanceCounter
GetSystemTime
GetTempPathA
Sleep
HeapAlloc
EnterCriticalSection
LockFileEx
SetEndOfFile
GetFullPathNameW
LockFile
GetFullPathNameA
WaitForSingleObjectEx
GetModuleHandleA
GetDiskFreeSpaceA
GetStartupInfoW
GetDiskFreeSpaceW
InitializeCriticalSection
GetVersionExA
HeapSize
OutputDebugStringA
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFree
LoadLibraryW
GetLastError
GetProcAddress
FreeLibrary
LocalAlloc
CloseHandle
GetFileSize
GetModuleHandleW
MultiByteToWideChar
GetDriveTypeW
GetLogicalDrives
GetTickCount
CompareFileTime
CreateThread
WideCharToMultiByte
FormatMessageW
FindClose
FindFirstFileW
GetVersionExW
SetFilePointer
GetWindowsDirectoryW
GetFileAttributesW
WriteFile
FindResourceW
ReadFile
LockResource
GetModuleFileNameW
LoadResource
lstrcpyW
CreateFileW
GlobalAlloc
GetSystemDirectoryW
LoadLibraryExW
lstrlenW
GlobalUnlock
GetTempPathW
GetCurrentProcess
FindNextFileW
GlobalLock
SizeofResource
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
WritePrivateProfileStringW
GetPrivateProfileIntW
EnumResourceNamesW
GetPrivateProfileStringW
GetStdHandle
GetSystemTimeAsFileTime
DeleteFileW
SetErrorMode
ReadProcessMemory
GetCurrentProcessId
ExitProcess
OpenProcess
EnumResourceTypesW
OutputDebugStringW
HeapReAlloc
FlushFileBuffers
CreateFileA
GetFileAttributesExW
UnlockFileEx
GetProcessHeap
DeleteCriticalSection
CreateMutexW
HeapCompact
GetCurrentThreadId
FormatMessageA

user32

GetMonitorInfoW
MonitorFromWindow
GetKeyState
DispatchMessageW
DrawTextExW
TranslateMessage
IsDialogMessageW
GetMessageW
PostQuitMessage
TrackPopupMenu
RegisterWindowMessageW
GetDesktopWindow
DestroyWindow
LoadStringW
EnumChildWindows
CreateDialogParamW
DialogBoxParamW
DestroyMenu
GetDlgCtrlID
GetMenuItemInfoW
LoadCursorW
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
GetDC
SetCursor
ReleaseDC
SetWindowPos
SendDlgItemMessageW
GetWindow
EndDialog
SetWindowLongW
GetDlgItem
GetWindowRect
DrawFrameControl
GetDlgItemInt
SetWindowTextW
InvalidateRect
UpdateWindow
GetWindowTextLengthW
SendMessageW
SetDlgItemTextW
GetDlgItemTextW
EndPaint
GetWindowPlacement
GetSystemMetrics
SetDlgItemInt
DeferWindowPos
BeginPaint
GetClientRect
CreateWindowExW
GetForegroundWindow
LoadAcceleratorsW
PostMessageW
DefWindowProcW
RegisterClassW
TranslateAcceleratorW
MessageBoxW
SetMenu
GetParent
LoadImageW
LoadIconW
GetSysColor
GetWindowLongW
SetFocus
EndDeferWindowPos
BeginDeferWindowPos
KillTimer
SetTimer
CheckMenuItem
GetMenuStringW
GetMenuItemCount
CloseClipboard
GetCursorPos
SetClipboardData
CheckMenuRadioItem
EnableWindow
MapWindowPoints
GetSubMenu
GetMenu
EmptyClipboard
EnableMenuItem
GetClassNameW
OpenClipboard
MoveWindow
GetWindowTextW
LoadMenuW
ModifyMenuW

gdi32

GetPixel
DeleteDC
SetPixel
SelectObject
CreateCompatibleDC
GetObjectW
GetDeviceCaps
SetBkMode
DeleteObject
SetTextColor
CreateFontIndirectW
SetBkColor
GetStockObject
GetTextExtentPoint32W

comdlg32

GetSaveFileNameW
FindTextW

shell32

SHGetFileInfoW
ShellExecuteW

Sections

.text
Size: 316KB - Virtual size: 316KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
MIMIMI/mimikatz/LostMyPassword.exe
.exe windows x64

afd1ea827e09162133fb1936031cdc40

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

wininet

FindCloseUrlCache
FindNextUrlCacheEntryW
FindFirstUrlCacheEntryW

comctl32

ImageList_Add
ImageList_SetImageCount
ImageList_AddMasked
CreateToolbarEx
CreateStatusWindowW
ord17
ImageList_ReplaceIcon
ImageList_Create

msvcrt

_cexit
_exit
_c_exit
_XcptFilter
__C_specific_handler
_onexit
__dllonexit
strftime
realloc
_gmtime64
qsort
_itow
strchr
_memicmp
_strlwr
_wcsupr
_wcslwr
memmove
exit
free
modf
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
wcstoul
malloc
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
_wcsicmp
wcschr
wcsncmp
_wcsnicmp
_wtoi
_purecall
wcsrchr
_wtoi64
_snwprintf
wcsncat
_commode
_fmode
__set_app_type
memset
memcpy
memcmp

kernel32

FormatMessageA
LockFileEx
GetFullPathNameW
InitializeCriticalSection
EnterCriticalSection
GetFullPathNameA
GetDiskFreeSpaceW
GetTempPathA
GetSystemTime
AreFileApisANSI
CreateFileA
DeleteFileA
GetStartupInfoW
GetSystemTimeAsFileTime
UnlockFileEx
DeleteCriticalSection
FlushFileBuffers
GetFileAttributesExW
LockFile
UnlockFile
QueryPerformanceCounter
GetSystemInfo
GetFileAttributesA
LeaveCriticalSection
SetEndOfFile
GetDiskFreeSpaceA
FileTimeToSystemTime
SystemTimeToFileTime
CloseHandle
FileTimeToLocalFileTime
DeleteFileW
CopyFileW
LocalFree
CreateFileW
CompareFileTime
FreeLibrary
LoadLibraryW
GetProcAddress
GetLastError
GetModuleHandleW
MultiByteToWideChar
GetFileSize
GetTickCount
SetFilePointerEx
WideCharToMultiByte
ExpandEnvironmentStringsW
FormatMessageW
GetVersionExW
FindClose
FindFirstFileW
GetTimeFormatW
GetWindowsDirectoryW
SetFilePointer
GetFileAttributesW
lstrcpyW
WriteFile
ReadFile
GetModuleFileNameW
FindResourceW
LockResource
LoadResource
GlobalAlloc
SystemTimeToTzSpecificLocalTime
GetSystemDirectoryW
lstrlenW
LoadLibraryExW
GlobalUnlock
GetTempPathW
GetCurrentProcess
GetDateFormatW
FindNextFileW
GetTempFileNameW
SizeofResource
GlobalLock
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
DuplicateHandle
OpenProcess
GetCurrentProcessId
GetPrivateProfileStringW
WritePrivateProfileStringW
EnumResourceNamesW
GetPrivateProfileIntW
GetStdHandle
VirtualAllocEx
LocalAlloc
WaitForSingleObject
VirtualFreeEx
ReadProcessMemory
WriteProcessMemory
ResumeThread
SetErrorMode
ExitProcess
Process32NextW
CreateToolhelp32Snapshot
Process32FirstW
CreateRemoteThread
EnumResourceTypesW
Sleep

user32

PostQuitMessage
MonitorFromWindow
GetMonitorInfoW
DispatchMessageW
GetMessageW
TranslateMessage
IsDialogMessageW
TrackPopupMenu
RegisterWindowMessageW
GetKeyState
SetCursor
GetSysColorBrush
ShowWindow
ReleaseDC
ChildWindowFromPoint
LoadCursorW
GetDC
SetWindowTextW
InvalidateRect
UpdateWindow
SendMessageW
SetDlgItemTextW
GetDlgItemTextW
GetWindowRect
SetWindowLongPtrW
GetWindowPlacement
GetDlgItemInt
GetSystemMetrics
SetDlgItemInt
DeferWindowPos
BeginPaint
EndPaint
CreateWindowExW
GetClientRect
SetWindowPos
GetWindow
SendDlgItemMessageW
EndDialog
GetDlgItem
DrawFrameControl
GetForegroundWindow
LoadAcceleratorsW
DefWindowProcW
RegisterClassW
MessageBoxW
PostMessageW
SetMenu
TranslateAcceleratorW
LoadImageW
LoadIconW
GetSysColor
SetWindowLongW
GetWindowLongW
SetFocus
SetTimer
EndDeferWindowPos
KillTimer
GetParent
BeginDeferWindowPos
GetMenuItemCount
CheckMenuItem
GetMenuStringW
CloseClipboard
GetCursorPos
SetClipboardData
EnableWindow
MapWindowPoints
GetMenu
GetSubMenu
EmptyClipboard
EnableMenuItem
GetClassNameW
MoveWindow
OpenClipboard
GetDlgCtrlID
DestroyMenu
CreateDialogParamW
DialogBoxParamW
EnumChildWindows
LoadStringW
GetDesktopWindow
DestroyWindow
GetWindowTextW
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
DrawTextExW

gdi32

GetStockObject
GetTextExtentPoint32W
CreateCompatibleDC
GetObjectW
DeleteDC
GetPixel
DeleteObject
SetPixel
SelectObject
CreateFontIndirectW
GetDeviceCaps
SetBkMode
SetTextColor
SetBkColor

comdlg32

FindTextW
GetSaveFileNameW

advapi32

OpenProcessToken
RegDeleteValueW
RegEnumValueW
RegOpenKeyExW
RegEnumKeyW
RegQueryValueExW
GetTokenInformation
RegEnumKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegCloseKey

shell32

SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
ShellExecuteExW

ole32

CoTaskMemFree

Sections

.text
Size: 465KB - Virtual size: 464KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
MIMIMI/mimikatz/enable_dump_pass.reg
MIMIMI/mimikatz/kiwi parser.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 580KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 343KB - Virtual size: 344KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
MIMIMI/mimikatz/mimikatz/miparser.vbs
.vbs
MIMIMI/mimikatz/mimikatz/x32/mimidrv.sys
.exe windows x86

25862203800205f80fd8b3a6634ea1c6

Code Sign

11:21:69:41:7a:1c:3e:f4:6a:30:1f:99:38:5f:50:68:0f:a0
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

28/06/2011, 09:46

Not After

28/06/2014, 09:46

Subject

CN=Benjamin Delpy,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

75:1e:3e:e9:c5:dc:2f:3e:8f:04:e5:9d:ee:5e:d4:09
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2026, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:00

Not After

23/05/2016, 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5b:aa:6d:09:45:6d:63:63:1b:10:4d:d6:30:ee:0e:db:55:04:13:da
Signer

Actual PE Digest

5b:aa:6d:09:45:6d:63:63:1b:10:4d:d6:30:ee:0e:db:55:04:13:da

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Benjamin Delpy,C=FR

15/09/2022, 14:52
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

NtBuildNumber
IofCompleteRequest
KeBugCheck
IoCreateSymbolicLink
IoCreateDevice
PsInitialSystemProcess
ObfDereferenceObject
PsLookupProcessByProcessId
PsGetProcessImageFileName
PsGetProcessId
ZwClose
ZwSetInformationProcess
ZwDuplicateToken
ObOpenObjectByPointer
PsProcessType
RtlInitUnicodeString
PsReferencePrimaryToken
IoGetCurrentProcess
RtlCompareMemory
ZwOpenProcessTokenEx
ExFreePoolWithTag
ExAllocatePoolWithTag
IoFreeMdl
MmUnlockPages
MmProbeAndLockPages
IoAllocateMdl
memcpy
KeServiceDescriptorTable
IoEnumerateRegisteredFiltersList
KeTickCount
MmGetSystemRoutineAddress
IoDeleteSymbolicLink
IoDeleteDevice
memset
PsDereferencePrimaryToken
_vsnwprintf
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwind
KeBugCheckEx

fltmgr.sys

FltGetFilterInformation
FltEnumerateInstances
FltGetVolumeFromInstance
FltObjectDereference
FltEnumerateFilters

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 1024B - Virtual size: 614B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MIMIMI/mimikatz/mimikatz/x32/mimikatz.exe
.exe windows x86

ca37f3f3e8c3bc5843cfddf0de356d3a

Code Sign

0f:10:c0:55:a6:79:3b:59:c7:d8:f5:2d:64:b3:98:8d
Certificate

Issuer

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

29/05/2021, 04:32

Not After

29/05/2022, 04:32

Subject

CN=Open Source Developer\, Benjamin Delpy,O=Open Source Developer,L=Montreuil,C=FR,1.2.840.113549.1.9.1=#0c1762656e6a616d696e4067656e74696c6b6977692e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f1:64:25:8c:09:b6:e2:7b:e2:0e:32:60:8e:4b:f4:a8
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

19/05/2021, 05:42

Not After

18/05/2032, 05:42

Subject

CN=Certum Timestamp 2021,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0f:10:c0:55:a6:79:3b:59:c7:d8:f5:2d:64:b3:98:8d
Certificate

Issuer

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

29/05/2021, 04:32

Not After

29/05/2022, 04:32

Subject

CN=Open Source Developer\, Benjamin Delpy,O=Open Source Developer,L=Montreuil,C=FR,1.2.840.113549.1.9.1=#0c1762656e6a616d696e4067656e74696c6b6977692e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f1:64:25:8c:09:b6:e2:7b:e2:0e:32:60:8e:4b:f4:a8
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

19/05/2021, 05:42

Not After

18/05/2032, 05:42

Subject

CN=Certum Timestamp 2021,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

26:c4:63:f1:5b:51:8f:9d:18:5e:b3:f3:1f:30:81:15:4e:26:8d:b6:87:d4:c1:fa:45:45:8d:f5:ac:a6:9b:cd
Signer

Actual PE Digest

26:c4:63:f1:5b:51:8f:9d:18:5e:b3:f3:1f:30:81:15:4e:26:8d:b6:87:d4:c1:fa:45:45:8d:f5:ac:a6:9b:cd

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Open Source Developer\, Benjamin Delpy,O=Open Source Developer,L=Montreuil,C=FR,1.2.840.113549.1.9.1=#0c1762656e6a616d696e4067656e74696c6b6977692e636f6d

15/09/2022, 14:52
Valid: false

92:e5:5f:17:b1:ee:ba:6a:77:97:4b:d7:9b:5c:ef:1d:91:77:5d:a0
Signer

Actual PE Digest

92:e5:5f:17:b1:ee:ba:6a:77:97:4b:d7:9b:5c:ef:1d:91:77:5d:a0

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Open Source Developer\, Benjamin Delpy,O=Open Source Developer,L=Montreuil,C=FR,1.2.840.113549.1.9.1=#0c1762656e6a616d696e4067656e74696c6b6977692e636f6d

15/09/2022, 14:52
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptSetHashParam
CryptGetHashParam
CryptExportKey
CryptAcquireContextW
CryptSetKeyParam
CryptGetKeyParam
CryptReleaseContext
CryptDuplicateKey
CryptAcquireContextA
CryptGetProvParam
CryptImportKey
SystemFunction007
CryptEncrypt
CryptCreateHash
CryptGenKey
CryptDestroyKey
CryptDecrypt
CryptDestroyHash
CryptHashData
CopySid
GetLengthSid
LsaQueryInformationPolicy
LsaOpenPolicy
LsaClose
CreateWellKnownSid
CreateProcessWithLogonW
CreateProcessAsUserW
RegQueryValueExW
RegQueryInfoKeyW
RegEnumValueW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegSetValueExW
SystemFunction033
SystemFunction032
ConvertSidToStringSidW
CreateServiceW
CloseServiceHandle
DeleteService
OpenSCManagerW
SetServiceObjectSecurity
OpenServiceW
BuildSecurityDescriptorW
QueryServiceObjectSecurity
StartServiceW
AllocateAndInitializeSid
QueryServiceStatusEx
FreeSid
ControlService
IsTextUnicode
OpenProcessToken
GetTokenInformation
LookupAccountNameW
LookupAccountSidW
DuplicateTokenEx
CheckTokenMembership
CryptSetProvParam
CryptEnumProvidersW
ConvertStringSidToSidW
LsaFreeMemory
GetSidSubAuthority
GetSidSubAuthorityCount
IsValidSid
SetThreadToken
CryptEnumProviderTypesW
SystemFunction006
CryptGetUserKey
OpenEventLogW
GetNumberOfEventLogRecords
ClearEventLogW
SystemFunction001
CryptDeriveKey
SystemFunction005
LsaQueryTrustedDomainInfoByName
CryptSignHashW
LsaSetSecret
SystemFunction023
LsaOpenSecret
LsaQuerySecret
LsaRetrievePrivateData
LsaEnumerateTrustedDomainsEx
LookupPrivilegeValueW
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerW
LookupPrivilegeNameW
OpenThreadToken
EqualSid
CredFree
CredEnumerateW
SystemFunction026
ConvertStringSecurityDescriptorToSecurityDescriptorW
SystemFunction027
CredIsMarshaledCredentialW
CredUnmarshalCredentialW
A_SHAFinal
A_SHAInit
A_SHAUpdate

cabinet

ord11
ord14
ord10
ord13

crypt32

CryptSignAndEncodeCertificate
CertEnumSystemStore
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CryptDecodeObjectEx
CryptStringToBinaryA
CertAddEncodedCertificateToStore
CertOpenStore
CertFreeCertificateContext
CertCloseStore
CryptStringToBinaryW
CertSetCertificateContextProperty
PFXExportCertStoreEx
CryptUnprotectData
CryptBinaryToStringW
CryptBinaryToStringA
CryptExportPublicKeyInfo
CryptFindOIDInfo
CryptAcquireCertificatePrivateKey
CertNameToStrW
CertFindCertificateInStore
CertGetCertificateContextProperty
CertGetNameStringW
CryptEncodeObject
CryptProtectData
CryptQueryObject

cryptdll

MD5Update
MD5Final
CDLocateCSystem
MD5Init
CDLocateCheckSum
CDGenerateRandomBits

dnsapi

DnsFree
DnsQuery_A

fltlib

FilterFindFirst
FilterFindNext

mpr

WNetCancelConnection2W
WNetAddConnection2W

netapi32

NetStatisticsGet
DsGetDcNameW
NetApiBufferFree
NetRemoteTOD
NetSessionEnum
NetServerGetInfo
DsEnumerateDomainTrustsW
NetShareEnum
NetWkstaUserEnum
I_NetServerAuthenticate2
I_NetServerTrustPasswordsGet
I_NetServerReqChallenge

odbc32

ord75
ord9
ord43
ord24
ord31
ord111
ord141
ord13

ole32

CoTaskMemFree
CoSetProxyBlanket
CoInitializeEx
CoUninitialize
CoCreateInstance

oleaut32

SysAllocString
VariantInit
SysFreeString
VariantClear

rpcrt4

RpcBindingFree
RpcBindingFromStringBindingW
RpcStringBindingComposeW
MesEncodeIncrementalHandleCreate
RpcBindingSetAuthInfoExW
RpcBindingInqAuthClientW
RpcBindingSetOption
RpcImpersonateClient
RpcStringFreeW
RpcRevertToSelf
MesDecodeIncrementalHandleCreate
MesHandleFree
MesIncrementalHandleReset
NdrMesTypeDecode2
NdrMesTypeAlignSize2
NdrMesTypeFree2
NdrMesTypeEncode2
RpcServerUnregisterIfEx
I_RpcBindingInqSecurityContext
RpcServerInqBindings
RpcServerListen
RpcMgmtWaitServerListen
RpcEpRegisterW
RpcMgmtStopServerListening
RpcBindingToStringBindingW
RpcServerRegisterIf2
RpcServerRegisterAuthInfoW
RpcBindingVectorFree
UuidToStringW
RpcServerUseProtseqEpW
RpcEpUnregister
NdrServerCall2
NdrClientCall2
UuidCreate
RpcEpResolveBinding
RpcBindingSetObject
RpcBindingSetAuthInfoW
RpcMgmtEpEltInqDone
RpcMgmtEpEltInqNextW
RpcMgmtEpEltInqBegin
I_RpcGetCurrentCallHandle

shlwapi

PathIsDirectoryW
PathFindFileNameW
PathIsRelativeW
PathCanonicalizeW
PathCombineW

samlib

SamEnumerateAliasesInDomain
SamQueryInformationUser
SamCloseHandle
SamEnumerateDomainsInSamServer
SamFreeMemory
SamEnumerateUsersInDomain
SamOpenUser
SamLookupDomainInSamServer
SamLookupNamesInDomain
SamLookupIdsInDomain
SamOpenDomain
SamConnect
SamSetInformationUser
SamiChangePasswordUser
SamEnumerateGroupsInDomain
SamGetGroupsForUser
SamGetMembersInGroup
SamRidToSid
SamGetMembersInAlias
SamGetAliasMembership
SamOpenGroup
SamOpenAlias

secur32

InitializeSecurityContextW
FreeContextBuffer
LsaLookupAuthenticationPackage
LsaFreeReturnBuffer
LsaDeregisterLogonProcess
QueryContextAttributesW
AcquireCredentialsHandleW
EnumerateSecurityPackagesW
FreeCredentialsHandle
DeleteSecurityContext
LsaCallAuthenticationPackage
LsaConnectUntrusted

shell32

CommandLineToArgvW

user32

SetClipboardViewer
DefWindowProcW
GetClipboardSequenceNumber
OpenClipboard
CreateWindowExW
ChangeClipboardChain
GetClipboardData
TranslateMessage
EnumClipboardFormats
PostMessageW
DispatchMessageW
GetKeyboardLayout
IsCharAlphaNumericW
SendMessageW
UnregisterClassW
GetMessageW
CloseClipboard
DestroyWindow
RegisterClassExW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

hid

HidD_GetFeature
HidD_GetPreparsedData
HidP_GetCaps
HidD_FreePreparsedData
HidD_SetFeature
HidD_GetAttributes
HidD_GetHidGuid

setupapi

SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList

winscard

SCardControl
SCardTransmit
SCardDisconnect
SCardGetAttrib
SCardEstablishContext
SCardFreeMemory
SCardListReadersW
SCardReleaseContext
SCardGetCardTypeProviderNameW
SCardListCardsW
SCardConnectW

winsta

WinStationCloseServer
WinStationOpenServerW
WinStationFreeMemory
WinStationConnectW
WinStationQueryInformationW
WinStationEnumerateW

wldap32

ord208
ord145
ord36
ord13
ord41
ord73
ord310
ord77
ord142
ord54
ord309
ord304
ord79
ord301
ord127
ord26
ord167
ord147
ord27
ord88
ord157
ord14
ord122
ord140
ord203
ord69
ord139
ord97
ord223
ord12
ord113
ord224
ord96
ord133

msasn1

ASN1_CreateEncoder
ASN1BERDotVal2Eoid
ASN1_CloseEncoder
ASN1_CreateDecoder
ASN1_FreeEncoded
ASN1_CloseModule
ASN1_CloseDecoder
ASN1_CreateModule

ntdll

RtlIpv6AddressToStringW
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
RtlDowncaseUnicodeString
RtlFreeUnicodeString
RtlInitUnicodeString
RtlEqualUnicodeString
NtQueryObject
RtlCompressBuffer
RtlGetCompressionWorkSpaceSize
NtQuerySystemInformation
RtlGetCurrentPeb
NtQueryInformationProcess
RtlCreateUserThread
RtlGUIDFromString
RtlStringFromGUID
NtCompareTokens
RtlGetNtVersionNumbers
RtlEqualString
RtlUpcaseUnicodeString
RtlAppendUnicodeStringToString
RtlAnsiStringToUnicodeString
RtlFreeOemString
RtlUpcaseUnicodeStringToOemString
NtQueryDirectoryObject
NtResumeProcess
NtOpenDirectoryObject
RtlAdjustPrivilege
NtSuspendProcess
NtTerminateProcess
NtQuerySystemEnvironmentValueEx
NtSetSystemEnvironmentValueEx
NtEnumerateSystemEnvironmentValuesEx
RtlIpv4AddressToStringW

kernel32

SystemTimeToFileTime
lstrlenA
GetDateFormatW
GetSystemTimeAsFileTime
ClearCommError
CreateRemoteThread
WaitForSingleObject
CreateProcessW
SetConsoleOutputCP
GetConsoleOutputCP
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
WriteProcessMemory
VirtualProtect
InterlockedExchange
SetFilePointerEx
GetProcessId
GetComputerNameW
ProcessIdToSessionId
VirtualAllocEx
VirtualProtectEx
VirtualAlloc
SetLastError
ReadProcessMemory
VirtualFreeEx
VirtualQueryEx
VirtualFree
VirtualQuery
GetComputerNameExW
DeviceIoControl
DuplicateHandle
OpenProcess
GetCurrentProcess
ExpandEnvironmentStringsW
FindNextFileW
FindClose
GetCurrentDirectoryW
GetFileSizeEx
FlushFileBuffers
GetFileAttributesW
FindFirstFileW
lstrlenW
GetProcAddress
LoadLibraryW
GetModuleHandleW
FreeLibrary
DeleteFileA
GetTempPathA
GetFileInformationByHandle
FileTimeToLocalFileTime
GetCurrentDirectoryA
GetTempFileNameA
SetFilePointer
CreateFileA
FileTimeToDosDateTime
CreateThread
LocalFree
CloseHandle
LocalAlloc
GetLastError
CreateFileW
ReadFile
Sleep
TerminateThread
WriteFile
FileTimeToSystemTime
GetTimeFormatW
GetFullPathNameW
GetFullPathNameA
HeapReAlloc
GetFileSize
CreateMutexW
HeapCompact
SetEndOfFile
HeapAlloc
QueryPerformanceCounter
HeapFree
InterlockedCompareExchange
UnlockFile
FlushViewOfFile
LockFile
WaitForSingleObjectEx
OutputDebugStringW
GetTickCount
UnlockFileEx
GetProcessHeap
FormatMessageA
FormatMessageW
GetVersionExW
WideCharToMultiByte
HeapDestroy
GetFileAttributesA
HeapCreate
HeapValidate
MultiByteToWideChar
GetTempPathW
HeapSize
LockFileEx
GetDiskFreeSpaceW
LoadLibraryA
CreateFileMappingA
GetDiskFreeSpaceA
GetSystemInfo
GetFileAttributesExW
OutputDebugStringA
GetVersionExA
DeleteFileW
GetCurrentProcessId
GetSystemTime
AreFileApisANSI
ExitProcess
ExitThread
RaiseException
SetConsoleCtrlHandler
SetConsoleTitleW
SetFileAttributesW
GlobalSize
SetHandleInformation
CreatePipe
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
SetEvent
CreateEventW
GetSystemDirectoryW
SetConsoleCursorPosition
GetTimeZoneInformation
GetStdHandle
FillConsoleOutputCharacterW
GetConsoleScreenBufferInfo
IsWow64Process
SetCurrentDirectoryW
GetCurrentThread
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetVersion
GetModuleHandleA
GetCurrentThreadId
PurgeComm

msvcrt

calloc
__set_app_type
_lseeki64
wctomb
__setusermatherr
isspace
mbtowc
__mb_cur_max
_itoa
isleadbyte
isxdigit
localeconv
_snprintf
__p__fmode
ferror
iswctype
wcstombs
?terminate@@YAXXZ
_write
_isatty
ungetc
_controlfp
__badioinfo
__pioinfo
__p__commode
_read
isdigit
_vsnprintf
_amsg_exit
_initterm
exit
_XcptFilter
_exit
_cexit
_errno
free
_wcsdup
_except_handler3
strrchr
_wcsicmp
vfwprintf
_vscwprintf
fflush
_wfopen
wprintf
_fileno
_iob
vwprintf
_setmode
fclose
_stricmp
wcsrchr
wcschr
wcsstr
strtoul
_wcsnicmp
_vscprintf
memmove
strncmp
malloc
_msize
strcspn
realloc
fgetws
wcstoul
strchr
wcstol
wcsncmp
_wcstoui64
towupper
_wpgmptr
strstr
_strcmpi
getchar
memset
memcpy
__wgetmainargs

Sections

.text
Size: 622KB - Virtual size: 621KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 356KB - Virtual size: 356KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MIMIMI/mimikatz/mimikatz/x32/mimilib.dll
.dll windows x86

721f5090ab31a091c5b9778028cc974c

Code Sign

0f:10:c0:55:a6:79:3b:59:c7:d8:f5:2d:64:b3:98:8d
Certificate

Issuer

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

29/05/2021, 04:32

Not After

29/05/2022, 04:32

Subject

CN=Open Source Developer\, Benjamin Delpy,O=Open Source Developer,L=Montreuil,C=FR,1.2.840.113549.1.9.1=#0c1762656e6a616d696e4067656e74696c6b6977692e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f1:64:25:8c:09:b6:e2:7b:e2:0e:32:60:8e:4b:f4:a8
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

19/05/2021, 05:42

Not After

18/05/2032, 05:42

Subject

CN=Certum Timestamp 2021,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0f:10:c0:55:a6:79:3b:59:c7:d8:f5:2d:64:b3:98:8d
Certificate

Issuer

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

29/05/2021, 04:32

Not After

29/05/2022, 04:32

Subject

CN=Open Source Developer\, Benjamin Delpy,O=Open Source Developer,L=Montreuil,C=FR,1.2.840.113549.1.9.1=#0c1762656e6a616d696e4067656e74696c6b6977692e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f1:64:25:8c:09:b6:e2:7b:e2:0e:32:60:8e:4b:f4:a8
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

19/05/2021, 05:42

Not After

18/05/2032, 05:42

Subject

CN=Certum Timestamp 2021,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

36:e1:ed:78:91:fc:18:1f:6a:51:ec:d9:2a:16:1f:e4:35:73:8b:cb:e5:8c:0b:50:bd:2b:81:9e:e6:24:52:c8
Signer

Actual PE Digest

36:e1:ed:78:91:fc:18:1f:6a:51:ec:d9:2a:16:1f:e4:35:73:8b:cb:e5:8c:0b:50:bd:2b:81:9e:e6:24:52:c8

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Open Source Developer\, Benjamin Delpy,O=Open Source Developer,L=Montreuil,C=FR,1.2.840.113549.1.9.1=#0c1762656e6a616d696e4067656e74696c6b6977692e636f6d

15/09/2022, 14:52
Valid: false

a9:3a:10:6c:84:4d:4a:52:55:2b:fc:dc:20:49:cb:82:be:ce:33:0e
Signer

Actual PE Digest

a9:3a:10:6c:84:4d:4a:52:55:2b:fc:dc:20:49:cb:82:be:ce:33:0e

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Open Source Developer\, Benjamin Delpy,O=Open Source Developer,L=Montreuil,C=FR,1.2.840.113549.1.9.1=#0c1762656e6a616d696e4067656e74696c6b6977692e636f6d

15/09/2022, 14:52
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CreateRestrictedToken
CreateProcessAsUserW
ConvertSidToStringSidA
IsTextUnicode
OpenProcessToken

ntdll

RtlFreeUnicodeString
RtlStringFromGUID
RtlEqualString

rpcrt4

MesDecodeIncrementalHandleCreate
MesIncrementalHandleReset
NdrMesTypeDecode2
NdrMesTypeFree2
MesHandleFree

ole32

CoCreateInstance

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
Sleep
RtlUnwind
QueryPerformanceCounter
GetCurrentProcess
CloseHandle
FreeLibrary
LoadLibraryW
lstrlenW
GetProcAddress
InterlockedIncrement
InterlockedDecrement
GetLastError
VirtualProtect
LocalAlloc
LocalFree
GetTimeFormatA
GetDateFormatA
FileTimeToSystemTime
FileTimeToLocalFileTime
RaiseException
InterlockedExchange
LoadLibraryA
SetUnhandledExceptionFilter

msvcrt

fclose
free
malloc
_stricmp
vfwprintf
fflush
memset
memcpy
_XcptFilter
_initterm
_amsg_exit
_wfopen
_except_handler3

Exports

Exports

DhcpNewPktHook
DhcpServerCalloutEntry
DllCanUnloadNow
DllGetClassObject
DnsPluginCleanup
DnsPluginInitialize
DnsPluginQuery
ExtensionApiVersion
InitializeChangeNotify
Msv1_0SubAuthenticationFilter
Msv1_0SubAuthenticationRoutine
NPGetCaps
NPLogonNotify
PasswordChangeNotify
SpLsaModeInitialize
WinDbgExtensionDllInit
coffee
mimikatz
startW

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MIMIMI/mimikatz/mimikatz/x32/mimilove.exe
.exe windows x86

4e1492696c43305d97c6c6a4e8958cdf

Code Sign

0f:10:c0:55:a6:79:3b:59:c7:d8:f5:2d:64:b3:98:8d
Certificate

Issuer

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

29/05/2021, 04:32

Not After

29/05/2022, 04:32

Subject

CN=Open Source Developer\, Benjamin Delpy,O=Open Source Developer,L=Montreuil,C=FR,1.2.840.113549.1.9.1=#0c1762656e6a616d696e4067656e74696c6b6977692e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f1:64:25:8c:09:b6:e2:7b:e2:0e:32:60:8e:4b:f4:a8
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

19/05/2021, 05:42

Not After

18/05/2032, 05:42

Subject

CN=Certum Timestamp 2021,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0f:10:c0:55:a6:79:3b:59:c7:d8:f5:2d:64:b3:98:8d
Certificate

Issuer

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

29/05/2021, 04:32

Not After

29/05/2022, 04:32

Subject

CN=Open Source Developer\, Benjamin Delpy,O=Open Source Developer,L=Montreuil,C=FR,1.2.840.113549.1.9.1=#0c1762656e6a616d696e4067656e74696c6b6977692e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f1:64:25:8c:09:b6:e2:7b:e2:0e:32:60:8e:4b:f4:a8
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

19/05/2021, 05:42

Not After

18/05/2032, 05:42

Subject

CN=Certum Timestamp 2021,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d0:f3:10:03:5d:1a:01:27:da:39:a2:32:dc:1f:08:8d:e6:1c:92:19:a7:a3:81:8c:0c:31:e5:25:ef:d0:dc:43
Signer

Actual PE Digest

d0:f3:10:03:5d:1a:01:27:da:39:a2:32:dc:1f:08:8d:e6:1c:92:19:a7:a3:81:8c:0c:31:e5:25:ef:d0:dc:43

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Open Source Developer\, Benjamin Delpy,O=Open Source Developer,L=Montreuil,C=FR,1.2.840.113549.1.9.1=#0c1762656e6a616d696e4067656e74696c6b6977692e636f6d

15/09/2022, 14:52
Valid: false

e8:2f:31:f9:54:24:02:3a:af:f1:ff:2e:a0:b1:72:55:9c:55:b9:48
Signer

Actual PE Digest

e8:2f:31:f9:54:24:02:3a:af:f1:ff:2e:a0:b1:72:55:9c:55:b9:48

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Open Source Developer\, Benjamin Delpy,O=Open Source Developer,L=Montreuil,C=FR,1.2.840.113549.1.9.1=#0c1762656e6a616d696e4067656e74696c6b6977692e636f6d

15/09/2022, 14:52
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

IsTextUnicode
ConvertSidToStringSidW

user32

IsCharAlphaNumericW

ntdll

RtlEqualUnicodeString
NtQueryInformationProcess
RtlInitUnicodeString
NtQuerySystemInformation
RtlEqualString
RtlRunDecodeUnicodeString

kernel32

GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
RtlUnwind
GetCurrentProcessId
GetLastError
LocalAlloc
DeviceIoControl
CloseHandle
LocalFree
SetFilePointer
WriteFile
ReadProcessMemory
ReadFile
WriteProcessMemory
UnmapViewOfFile
GetCurrentProcess
GetDateFormatW
GetSystemTimeAsFileTime
GetTimeFormatW
FileTimeToSystemTime
FileTimeToLocalFileTime
OpenProcess
GetVersionExW

msvcrt

vfwprintf
fflush
_iob
wcsrchr
memset
memcpy
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_initterm
_amsg_exit
__setusermatherr
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
_controlfp
vwprintf

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MIMIMI/mimikatz/mimikatz/x32/mimispool.dll
.dll windows x86

3d9268f54e37cd480a12f0595aa6b437

Code Sign

0f:10:c0:55:a6:79:3b:59:c7:d8:f5:2d:64:b3:98:8d
Certificate

Issuer

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

29/05/2021, 04:32

Not After

29/05/2022, 04:32

Subject

CN=Open Source Developer\, Benjamin Delpy,O=Open Source Developer,L=Montreuil,C=FR,1.2.840.113549.1.9.1=#0c1762656e6a616d696e4067656e74696c6b6977692e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f1:64:25:8c:09:b6:e2:7b:e2:0e:32:60:8e:4b:f4:a8
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

19/05/2021, 05:42

Not After

18/05/2032, 05:42

Subject

CN=Certum Timestamp 2021,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0f:10:c0:55:a6:79:3b:59:c7:d8:f5:2d:64:b3:98:8d
Certificate

Issuer

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

29/05/2021, 04:32

Not After

29/05/2022, 04:32

Subject

CN=Open Source Developer\, Benjamin Delpy,O=Open Source Developer,L=Montreuil,C=FR,1.2.840.113549.1.9.1=#0c1762656e6a616d696e4067656e74696c6b6977692e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f1:64:25:8c:09:b6:e2:7b:e2:0e:32:60:8e:4b:f4:a8
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

19/05/2021, 05:42

Not After

18/05/2032, 05:42

Subject

CN=Certum Timestamp 2021,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9f:3d:f9:69:c3:30:b1:df:0f:5b:ce:bd:02:36:99:38:05:58:5a:28:44:7c:5c:6b:c7:95:90:37:c5:3d:10:f3
Signer

Actual PE Digest

9f:3d:f9:69:c3:30:b1:df:0f:5b:ce:bd:02:36:99:38:05:58:5a:28:44:7c:5c:6b:c7:95:90:37:c5:3d:10:f3

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Open Source Developer\, Benjamin Delpy,O=Open Source Developer,L=Montreuil,C=FR,1.2.840.113549.1.9.1=#0c1762656e6a616d696e4067656e74696c6b6977692e636f6d

15/09/2022, 14:52
Valid: false

da:c1:3f:a8:ff:0f:d7:c3:cc:6c:78:27:c9:dd:b7:69:a7:03:c8:a9
Signer

Actual PE Digest

da:c1:3f:a8:ff:0f:d7:c3:cc:6c:78:27:c9:dd:b7:69:a7:03:c8:a9

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Open Source Developer\, Benjamin Delpy,O=Open Source Developer,L=Montreuil,C=FR,1.2.840.113549.1.9.1=#0c1762656e6a616d696e4067656e74696c6b6977692e636f6d

15/09/2022, 14:52
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CreateProcessAsUserW
SetTokenInformation
DuplicateTokenEx
OpenProcessToken

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

winsta

WinStationEnumerateW
WinStationFreeMemory

kernel32

GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetCurrentProcess
SetLastError
CloseHandle
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
RtlUnwind
GetSystemTimeAsFileTime

msvcrt

memset
_XcptFilter
malloc
free
_initterm
_amsg_exit

Exports

Exports

DrvDisableDriver
DrvEnableDriver
DrvQueryDriverInfo
DrvResetConfigCache
GenerateCopyFilePaths
SpoolerCopyFileEvent

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MIMIMI/mimikatz/mimikatz/x64/mimidrv.sys
.exe windows x64

a63c276e82b09fa57509d7958aa9d208

Code Sign

11:21:69:41:7a:1c:3e:f4:6a:30:1f:99:38:5f:50:68:0f:a0
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

28/06/2011, 09:46

Not After

28/06/2014, 09:46

Subject

CN=Benjamin Delpy,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

75:1e:3e:e9:c5:dc:2f:3e:8f:04:e5:9d:ee:5e:d4:09
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2026, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:00

Not After

23/05/2016, 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

40:f1:5e:7c:89:ab:3f:c6:6c:d5:65:2b:f1:8d:20:54:40:3d:e9:d2
Signer

Actual PE Digest

40:f1:5e:7c:89:ab:3f:c6:6c:d5:65:2b:f1:8d:20:54:40:3d:e9:d2

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Benjamin Delpy,C=FR

15/09/2022, 14:52
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

KeBugCheck
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
PsProcessType
PsGetProcessImageFileName
PsLookupProcessByProcessId
PsReferencePrimaryToken
ZwOpenProcessTokenEx
IoGetCurrentProcess
ZwSetInformationProcess
ZwClose
ZwDuplicateToken
PsInitialSystemProcess
_vsnwprintf
ObfDereferenceObject
ObOpenObjectByPointer
PsGetProcessId
PsDereferencePrimaryToken
ExAllocatePoolWithTag
ExFreePoolWithTag
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwUnloadKey
IoEnumerateRegisteredFiltersList
KeBugCheckEx
MmGetSystemRoutineAddress
IoDeleteDevice
RtlInitUnicodeString
NtBuildNumber
RtlCompareMemory
IoDeleteSymbolicLink
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
RtlUnwindEx

fltmgr.sys

FltGetFilterInformation
FltEnumerateInstances
FltEnumerateFilters
FltObjectDereference
FltGetVolumeFromInstance

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 1024B - Virtual size: 651B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MIMIMI/mimikatz/mimikatz/x64/mimikatz.exe
.exe windows x64

9528a0e91e28fbb88ad433feabca2456

Code Sign

0f:10:c0:55:a6:79:3b:59:c7:d8:f5:2d:64:b3:98:8d
Certificate

Issuer

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

29/05/2021, 04:32

Not After

29/05/2022, 04:32

Subject

CN=Open Source Developer\, Benjamin Delpy,O=Open Source Developer,L=Montreuil,C=FR,1.2.840.113549.1.9.1=#0c1762656e6a616d696e4067656e74696c6b6977692e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f1:64:25:8c:09:b6:e2:7b:e2:0e:32:60:8e:4b:f4:a8
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

19/05/2021, 05:42

Not After

18/05/2032, 05:42

Subject

CN=Certum Timestamp 2021,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0f:10:c0:55:a6:79:3b:59:c7:d8:f5:2d:64:b3:98:8d
Certificate

Issuer

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

29/05/2021, 04:32

Not After

29/05/2022, 04:32

Subject

CN=Open Source Developer\, Benjamin Delpy,O=Open Source Developer,L=Montreuil,C=FR,1.2.840.113549.1.9.1=#0c1762656e6a616d696e4067656e74696c6b6977692e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f1:64:25:8c:09:b6:e2:7b:e2:0e:32:60:8e:4b:f4:a8
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

19/05/2021, 05:42

Not After

18/05/2032, 05:42

Subject

CN=Certum Timestamp 2021,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

aa:5a:c9:c2:d2:8f:59:fa:9a:50:19:17:bf:ad:15:4c:3d:dd:24:56:cd:76:42:c6:31:c2:8f:3e:8d:8c:bf:38
Signer

Actual PE Digest

aa:5a:c9:c2:d2:8f:59:fa:9a:50:19:17:bf:ad:15:4c:3d:dd:24:56:cd:76:42:c6:31:c2:8f:3e:8d:8c:bf:38

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Open Source Developer\, Benjamin Delpy,O=Open Source Developer,L=Montreuil,C=FR,1.2.840.113549.1.9.1=#0c1762656e6a616d696e4067656e74696c6b6977692e636f6d

15/09/2022, 14:52
Valid: false

1b:25:cd:ce:a9:20:5c:60:9a:6c:d7:44:15:85:a7:00:ca:93:ad:10
Signer

Actual PE Digest

1b:25:cd:ce:a9:20:5c:60:9a:6c:d7:44:15:85:a7:00:ca:93:ad:10

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Open Source Developer\, Benjamin Delpy,O=Open Source Developer,L=Montreuil,C=FR,1.2.840.113549.1.9.1=#0c1762656e6a616d696e4067656e74696c6b6977692e636f6d

15/09/2022, 14:52
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

CryptSetHashParam
CryptGetHashParam
CryptExportKey
CryptAcquireContextW
CryptSetKeyParam
CryptGetKeyParam
CryptReleaseContext
CryptDuplicateKey
CryptAcquireContextA
CryptGetProvParam
CryptImportKey
SystemFunction007
CryptEncrypt
CryptCreateHash
CryptGenKey
CryptDestroyKey
CryptDecrypt
CryptDestroyHash
CryptHashData
CopySid
GetLengthSid
LsaQueryInformationPolicy
LsaOpenPolicy
LsaClose
CreateWellKnownSid
CreateProcessWithLogonW
CreateProcessAsUserW
RegQueryValueExW
RegQueryInfoKeyW
RegEnumValueW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegSetValueExW
SystemFunction033
SystemFunction032
ConvertSidToStringSidW
CreateServiceW
CloseServiceHandle
DeleteService
OpenSCManagerW
SetServiceObjectSecurity
OpenServiceW
BuildSecurityDescriptorW
QueryServiceObjectSecurity
StartServiceW
AllocateAndInitializeSid
QueryServiceStatusEx
FreeSid
ControlService
IsTextUnicode
OpenProcessToken
GetTokenInformation
LookupAccountNameW
LookupAccountSidW
DuplicateTokenEx
CheckTokenMembership
CryptSetProvParam
CryptEnumProvidersW
ConvertStringSidToSidW
LsaFreeMemory
GetSidSubAuthority
GetSidSubAuthorityCount
IsValidSid
SetThreadToken
CryptEnumProviderTypesW
SystemFunction006
CryptGetUserKey
OpenEventLogW
GetNumberOfEventLogRecords
ClearEventLogW
SystemFunction001
CryptDeriveKey
SystemFunction005
LsaQueryTrustedDomainInfoByName
CryptSignHashW
LsaSetSecret
SystemFunction023
LsaOpenSecret
LsaQuerySecret
LsaRetrievePrivateData
LsaEnumerateTrustedDomainsEx
LookupPrivilegeValueW
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerW
LookupPrivilegeNameW
OpenThreadToken
EqualSid
CredFree
CredEnumerateW
SystemFunction026
ConvertStringSecurityDescriptorToSecurityDescriptorW
SystemFunction027
CredIsMarshaledCredentialW
CredUnmarshalCredentialW
A_SHAFinal
A_SHAInit
A_SHAUpdate

cabinet

ord11
ord14
ord10
ord13

crypt32

CryptSignAndEncodeCertificate
CertEnumSystemStore
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CryptDecodeObjectEx
CryptStringToBinaryA
CertAddEncodedCertificateToStore
CertOpenStore
CertFreeCertificateContext
CertCloseStore
CryptStringToBinaryW
CertSetCertificateContextProperty
PFXExportCertStoreEx
CryptUnprotectData
CryptBinaryToStringW
CryptBinaryToStringA
CryptExportPublicKeyInfo
CryptFindOIDInfo
CryptAcquireCertificatePrivateKey
CertNameToStrW
CertFindCertificateInStore
CertGetCertificateContextProperty
CertGetNameStringW
CryptEncodeObject
CryptProtectData
CryptQueryObject

cryptdll

MD5Init
MD5Final
CDLocateCSystem
CDGenerateRandomBits
CDLocateCheckSum
MD5Update

dnsapi

DnsFree
DnsQuery_A

fltlib

FilterFindFirst
FilterFindNext

mpr

WNetCancelConnection2W
WNetAddConnection2W

netapi32

NetStatisticsGet
DsGetDcNameW
NetApiBufferFree
NetRemoteTOD
NetSessionEnum
NetServerGetInfo
DsEnumerateDomainTrustsW
NetShareEnum
NetWkstaUserEnum
I_NetServerAuthenticate2
I_NetServerTrustPasswordsGet
I_NetServerReqChallenge

odbc32

ord75
ord9
ord43
ord24
ord31
ord111
ord141
ord13

ole32

CoInitializeEx
CoSetProxyBlanket
CoTaskMemFree
CoUninitialize
CoCreateInstance

oleaut32

SysAllocString
VariantInit
SysFreeString
VariantClear

rpcrt4

RpcBindingFree
RpcBindingFromStringBindingW
RpcStringBindingComposeW
MesEncodeIncrementalHandleCreate
RpcBindingSetAuthInfoExW
RpcBindingInqAuthClientW
RpcBindingSetOption
RpcImpersonateClient
RpcStringFreeW
RpcRevertToSelf
MesDecodeIncrementalHandleCreate
MesHandleFree
MesIncrementalHandleReset
NdrMesTypeDecode2
NdrMesTypeAlignSize2
NdrMesTypeFree2
NdrMesTypeEncode2
RpcServerUnregisterIfEx
I_RpcBindingInqSecurityContext
RpcServerInqBindings
RpcServerListen
RpcMgmtWaitServerListen
RpcEpRegisterW
RpcMgmtStopServerListening
RpcBindingToStringBindingW
RpcServerRegisterIf2
RpcServerRegisterAuthInfoW
RpcBindingVectorFree
UuidToStringW
RpcServerUseProtseqEpW
RpcEpUnregister
NdrServerCall2
NdrClientCall2
UuidCreate
RpcEpResolveBinding
RpcBindingSetObject
RpcBindingSetAuthInfoW
RpcMgmtEpEltInqDone
RpcMgmtEpEltInqNextW
RpcMgmtEpEltInqBegin
I_RpcGetCurrentCallHandle

shlwapi

PathIsDirectoryW
PathFindFileNameW
PathIsRelativeW
PathCanonicalizeW
PathCombineW

samlib

SamEnumerateAliasesInDomain
SamQueryInformationUser
SamCloseHandle
SamEnumerateDomainsInSamServer
SamFreeMemory
SamEnumerateUsersInDomain
SamOpenUser
SamLookupDomainInSamServer
SamLookupNamesInDomain
SamLookupIdsInDomain
SamOpenDomain
SamConnect
SamSetInformationUser
SamiChangePasswordUser
SamEnumerateGroupsInDomain
SamGetGroupsForUser
SamGetMembersInGroup
SamRidToSid
SamGetMembersInAlias
SamGetAliasMembership
SamOpenGroup
SamOpenAlias

secur32

InitializeSecurityContextW
FreeContextBuffer
LsaLookupAuthenticationPackage
LsaFreeReturnBuffer
LsaDeregisterLogonProcess
QueryContextAttributesW
AcquireCredentialsHandleW
EnumerateSecurityPackagesW
FreeCredentialsHandle
DeleteSecurityContext
LsaCallAuthenticationPackage
LsaConnectUntrusted

shell32

CommandLineToArgvW

user32

SetClipboardViewer
DefWindowProcW
GetClipboardSequenceNumber
OpenClipboard
CreateWindowExW
ChangeClipboardChain
RegisterClassExW
TranslateMessage
EnumClipboardFormats
PostMessageW
DispatchMessageW
GetKeyboardLayout
IsCharAlphaNumericW
SendMessageW
UnregisterClassW
GetMessageW
DestroyWindow
CloseClipboard
GetClipboardData

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

hid

HidD_GetFeature
HidD_GetPreparsedData
HidD_GetHidGuid
HidP_GetCaps
HidD_SetFeature
HidD_FreePreparsedData
HidD_GetAttributes

setupapi

SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList

winscard

SCardReleaseContext
SCardListCardsW
SCardGetCardTypeProviderNameW
SCardListReadersW
SCardFreeMemory
SCardEstablishContext
SCardControl
SCardConnectW
SCardTransmit
SCardDisconnect
SCardGetAttrib

winsta

WinStationCloseServer
WinStationOpenServerW
WinStationFreeMemory
WinStationConnectW
WinStationQueryInformationW
WinStationEnumerateW

wldap32

ord145
ord36
ord208
ord41
ord73
ord310
ord13
ord77
ord142
ord54
ord309
ord79
ord304
ord301
ord127
ord26
ord167
ord147
ord133
ord157
ord88
ord14
ord122
ord140
ord203
ord69
ord139
ord97
ord223
ord12
ord113
ord224
ord96
ord27

msasn1

ASN1_CreateModule
ASN1_CloseEncoder
ASN1_CreateDecoder
ASN1_FreeEncoded
ASN1_CloseModule
ASN1_CreateEncoder
ASN1_CloseDecoder
ASN1BERDotVal2Eoid

ntdll

_strcmpi
strstr
towupper
_wcstoui64
wcsncmp
wcstol
strchr
strcspn
strncmp
memmove
_wcsnicmp
strtoul
wcsstr
wcschr
wcsrchr
_stricmp
_vscwprintf
_wcsicmp
strrchr
_vsnprintf
log
memcmp
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
RtlDowncaseUnicodeString
RtlFreeUnicodeString
RtlInitUnicodeString
RtlEqualUnicodeString
NtQueryObject
RtlCompressBuffer
RtlGetCompressionWorkSpaceSize
NtQuerySystemInformation
RtlGetCurrentPeb
NtQueryInformationProcess
RtlCreateUserThread
RtlGUIDFromString
RtlStringFromGUID
NtCompareTokens
RtlGetNtVersionNumbers
RtlEqualString
RtlUpcaseUnicodeString
RtlAppendUnicodeStringToString
RtlAnsiStringToUnicodeString
RtlFreeOemString
RtlUpcaseUnicodeStringToOemString
NtQueryDirectoryObject
NtResumeProcess
NtOpenDirectoryObject
RtlAdjustPrivilege
NtSuspendProcess
NtTerminateProcess
NtQuerySystemEnvironmentValueEx
NtSetSystemEnvironmentValueEx
NtEnumerateSystemEnvironmentValuesEx
RtlIpv4AddressToStringW
RtlIpv6AddressToStringW
wcstoul
__chkstk

kernel32

lstrlenA
GetDateFormatW
PurgeComm
SystemTimeToFileTime
CreateRemoteThread
WaitForSingleObject
CreateProcessW
SetConsoleOutputCP
GetConsoleOutputCP
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
WriteProcessMemory
VirtualAllocEx
VirtualProtectEx
RtlVirtualUnwind
SetFilePointerEx
GetProcessId
GetComputerNameW
IsWow64Process
VirtualAlloc
SetLastError
ReadProcessMemory
VirtualFreeEx
VirtualQueryEx
VirtualFree
VirtualQuery
GetComputerNameExW
DeviceIoControl
DuplicateHandle
OpenProcess
GetCurrentProcess
ExpandEnvironmentStringsW
FindNextFileW
FindClose
GetCurrentDirectoryW
GetFileSizeEx
FlushFileBuffers
GetFileAttributesW
FindFirstFileW
lstrlenW
GetProcAddress
LoadLibraryW
GetModuleHandleW
FreeLibrary
DeleteFileA
GetTempPathA
GetFileInformationByHandle
FileTimeToLocalFileTime
GetCurrentDirectoryA
GetTempFileNameA
SetFilePointer
CreateFileA
FileTimeToDosDateTime
CreateThread
LocalFree
CloseHandle
LocalAlloc
GetLastError
CreateFileW
ReadFile
TerminateThread
WriteFile
FileTimeToSystemTime
Sleep
VirtualProtect
WideCharToMultiByte
GetTimeFormatW
GetFullPathNameW
GetFullPathNameA
HeapReAlloc
GetFileSize
CreateMutexW
HeapCompact
SetEndOfFile
HeapAlloc
QueryPerformanceCounter
HeapFree
UnlockFile
FlushViewOfFile
LockFile
WaitForSingleObjectEx
OutputDebugStringW
GetTickCount
UnlockFileEx
GetProcessHeap
FormatMessageA
FormatMessageW
GetVersionExW
HeapDestroy
GetSystemTimeAsFileTime
GetFileAttributesA
HeapCreate
HeapValidate
MultiByteToWideChar
GetTempPathW
HeapSize
LockFileEx
GetDiskFreeSpaceW
LoadLibraryA
CreateFileMappingA
GetDiskFreeSpaceA
GetSystemInfo
GetFileAttributesExW
OutputDebugStringA
GetVersionExA
DeleteFileW
GetCurrentProcessId
GetSystemTime
AreFileApisANSI
ExitProcess
ExitThread
RaiseException
SetConsoleCtrlHandler
SetConsoleTitleW
SetFileAttributesW
GlobalSize
SetHandleInformation
CreatePipe
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
SetEvent
CreateEventW
GetSystemDirectoryW
SetConsoleCursorPosition
GetTimeZoneInformation
GetStdHandle
FillConsoleOutputCharacterW
GetConsoleScreenBufferInfo
SetCurrentDirectoryW
GetCurrentThread
ProcessIdToSessionId
RtlLookupFunctionEntry
RtlCaptureContext
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentThreadId
ClearCommError

msvcrt

calloc
isdigit
_fmode
_commode
__setusermatherr
isspace
mbtowc
__mb_cur_max
isleadbyte
isxdigit
localeconv
_snprintf
__set_app_type
_itoa
wctomb
ferror
iswctype
wcstombs
?terminate@@YAXXZ
__badioinfo
__pioinfo
_read
_lseeki64
_write
_isatty
ungetc
_amsg_exit
_initterm
_vscprintf
fclose
_setmode
exit
_cexit
_exit
_XcptFilter
__wgetmainargs
__C_specific_handler
memset
memcpy
vwprintf
getchar
_wpgmptr
fgetws
realloc
_msize
malloc
_errno
free
_wcsdup
vfwprintf
fflush
_wfopen
wprintf
_fileno
_iob

Sections

.text
Size: 821KB - Virtual size: 820KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 404KB - Virtual size: 403KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MIMIMI/mimikatz/mimikatz/x64/mimilib.dll
.dll windows x64

eaa79f1d9e8a00542b09cb462d0658ef

Code Sign

0f:10:c0:55:a6:79:3b:59:c7:d8:f5:2d:64:b3:98:8d
Certificate

Issuer

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

29/05/2021, 04:32

Not After

29/05/2022, 04:32

Subject

CN=Open Source Developer\, Benjamin Delpy,O=Open Source Developer,L=Montreuil,C=FR,1.2.840.113549.1.9.1=#0c1762656e6a616d696e4067656e74696c6b6977692e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f1:64:25:8c:09:b6:e2:7b:e2:0e:32:60:8e:4b:f4:a8
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

19/05/2021, 05:42

Not After

18/05/2032, 05:42

Subject

CN=Certum Timestamp 2021,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0f:10:c0:55:a6:79:3b:59:c7:d8:f5:2d:64:b3:98:8d
Certificate

Issuer

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

29/05/2021, 04:32

Not After

29/05/2022, 04:32

Subject

CN=Open Source Developer\, Benjamin Delpy,O=Open Source Developer,L=Montreuil,C=FR,1.2.840.113549.1.9.1=#0c1762656e6a616d696e4067656e74696c6b6977692e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f1:64:25:8c:09:b6:e2:7b:e2:0e:32:60:8e:4b:f4:a8
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

19/05/2021, 05:42

Not After

18/05/2032, 05:42

Subject

CN=Certum Timestamp 2021,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

fe:e9:b0:08:25:36:78:44:27:37:03:57:7e:8a:e5:70:30:40:5d:1b:4b:90:6b:6d:f8:54:86:72:08:c5:e9:4a
Signer

Actual PE Digest

fe:e9:b0:08:25:36:78:44:27:37:03:57:7e:8a:e5:70:30:40:5d:1b:4b:90:6b:6d:f8:54:86:72:08:c5:e9:4a

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Open Source Developer\, Benjamin Delpy,O=Open Source Developer,L=Montreuil,C=FR,1.2.840.113549.1.9.1=#0c1762656e6a616d696e4067656e74696c6b6977692e636f6d

15/09/2022, 14:52
Valid: false

95:c7:10:49:29:80:7c:d9:84:5b:b4:63:d5:56:ce:aa:10:5f:f4:ce
Signer

Actual PE Digest

95:c7:10:49:29:80:7c:d9:84:5b:b4:63:d5:56:ce:aa:10:5f:f4:ce

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Open Source Developer\, Benjamin Delpy,O=Open Source Developer,L=Montreuil,C=FR,1.2.840.113549.1.9.1=#0c1762656e6a616d696e4067656e74696c6b6977692e636f6d

15/09/2022, 14:52
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

CreateRestrictedToken
CreateProcessAsUserW
ConvertSidToStringSidA
IsTextUnicode
OpenProcessToken

ntdll

_stricmp
memcmp
RtlEqualString
RtlFreeUnicodeString
RtlStringFromGUID

rpcrt4

NdrMesTypeFree2
NdrMesTypeDecode2
MesIncrementalHandleReset
MesHandleFree
MesDecodeIncrementalHandleCreate

ole32

CoCreateInstance

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
TerminateProcess
QueryPerformanceCounter
SetUnhandledExceptionFilter
VirtualProtect
Sleep
GetCurrentProcess
CloseHandle
FreeLibrary
LoadLibraryW
lstrlenW
GetProcAddress
GetLastError
LocalAlloc
LocalFree
GetTimeFormatA
GetDateFormatA
FileTimeToSystemTime
FileTimeToLocalFileTime
RaiseException
LoadLibraryA
UnhandledExceptionFilter

msvcrt

_wfopen
fclose
free
vfwprintf
fflush
memcpy
memset
__C_specific_handler
_XcptFilter
_initterm
_amsg_exit
malloc

Exports

Exports

DhcpNewPktHook
DhcpServerCalloutEntry
DllCanUnloadNow
DllGetClassObject
DnsPluginCleanup
DnsPluginInitialize
DnsPluginQuery
ExtensionApiVersion
InitializeChangeNotify
Msv1_0SubAuthenticationFilter
Msv1_0SubAuthenticationRoutine
NPGetCaps
NPLogonNotify
PasswordChangeNotify
SpLsaModeInitialize
WinDbgExtensionDllInit
coffee
mimikatz
startW

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MIMIMI/mimikatz/mimikatz/x64/mimispool.dll
.dll windows x64

c38ebbf4627ca2303746c77210e5a12e

Code Sign

0f:10:c0:55:a6:79:3b:59:c7:d8:f5:2d:64:b3:98:8d
Certificate

Issuer

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

29/05/2021, 04:32

Not After

29/05/2022, 04:32

Subject

CN=Open Source Developer\, Benjamin Delpy,O=Open Source Developer,L=Montreuil,C=FR,1.2.840.113549.1.9.1=#0c1762656e6a616d696e4067656e74696c6b6977692e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f1:64:25:8c:09:b6:e2:7b:e2:0e:32:60:8e:4b:f4:a8
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

19/05/2021, 05:42

Not After

18/05/2032, 05:42

Subject

CN=Certum Timestamp 2021,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0f:10:c0:55:a6:79:3b:59:c7:d8:f5:2d:64:b3:98:8d
Certificate

Issuer

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

29/05/2021, 04:32

Not After

29/05/2022, 04:32

Subject

CN=Open Source Developer\, Benjamin Delpy,O=Open Source Developer,L=Montreuil,C=FR,1.2.840.113549.1.9.1=#0c1762656e6a616d696e4067656e74696c6b6977692e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f1:64:25:8c:09:b6:e2:7b:e2:0e:32:60:8e:4b:f4:a8
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

19/05/2021, 05:42

Not After

18/05/2032, 05:42

Subject

CN=Certum Timestamp 2021,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e4:a9:18:58:4b:6e:2f:10:ae:50:99:22:cf:dd:27:1c:67:38:c1:4d:0d:8d:60:63:2e:1f:a4:7b:99:b0:8a:71
Signer

Actual PE Digest

e4:a9:18:58:4b:6e:2f:10:ae:50:99:22:cf:dd:27:1c:67:38:c1:4d:0d:8d:60:63:2e:1f:a4:7b:99:b0:8a:71

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Open Source Developer\, Benjamin Delpy,O=Open Source Developer,L=Montreuil,C=FR,1.2.840.113549.1.9.1=#0c1762656e6a616d696e4067656e74696c6b6977692e636f6d

15/09/2022, 14:52
Valid: false

6c:54:2e:16:51:d0:ac:ed:61:79:5f:37:65:24:56:e6:58:b9:c3:7e
Signer

Actual PE Digest

6c:54:2e:16:51:d0:ac:ed:61:79:5f:37:65:24:56:e6:58:b9:c3:7e

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Open Source Developer\, Benjamin Delpy,O=Open Source Developer,L=Montreuil,C=FR,1.2.840.113549.1.9.1=#0c1762656e6a616d696e4067656e74696c6b6977692e636f6d

15/09/2022, 14:52
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

CreateProcessAsUserW
SetTokenInformation
DuplicateTokenEx
OpenProcessToken

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

winsta

WinStationEnumerateW
WinStationFreeMemory

kernel32

GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
GetCurrentProcess
SetLastError
CloseHandle
TerminateProcess
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
GetSystemTimeAsFileTime

msvcrt

memset
__C_specific_handler
_XcptFilter
malloc
free
_amsg_exit
_initterm

Exports

Exports

DrvDisableDriver
DrvEnableDriver
DrvQueryDriverInfo
DrvResetConfigCache
GenerateCopyFilePaths
SpoolerCopyFileEvent

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MIMIMI/mimikatz/mimikatz/x64/zero.bat
MIMIMI/mimikatz/passrecpk/BasicProg.cfg
MIMIMI/mimikatz/passrecpk/BulletsPassView.exe
.exe windows x86

2f550747902157c689fe92e5b19add46

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/09/2014, 00:00

Not After

12/09/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:d5:52:4a:14:f5:56:2a:8e:fd:5b:96:dc:69:d9:25:3f:92:46:73
Signer

Actual PE Digest

3d:d5:52:4a:14:f5:56:2a:8e:fd:5b:96:dc:69:d9:25:3f:92:46:73

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

01/03/2015, 14:05
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
_onexit
__dllonexit
strcpy
_wcslwr
strlen
qsort
_purecall
_itow
__p__commode
__p__fmode
__set_app_type
_controlfp
_except_handler3
wcsrchr
_wcsicmp
malloc
wcschr
free
modf
_memicmp
_wtoi
memcmp
wcstoul
??2@YAPAXI@Z
??3@YAXPAX@Z
wcslen
memcpy
wcscmp
wcscpy
memset
_snwprintf
wcscat
wcsncat

comctl32

ImageList_Create
ImageList_SetImageCount
ImageList_AddMasked
CreateStatusWindowW
CreateToolbarEx
ord17

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

kernel32

CreateRemoteThread
EnumResourceTypesW
WriteProcessMemory
OpenProcess
GetCurrentProcess
ExitProcess
GetCurrentProcessId
ResumeThread
WaitForSingleObject
VirtualFreeEx
Sleep
VirtualAllocEx
GetModuleHandleA
GetStartupInfoW
GetProcAddress
ReadProcessMemory
DeleteFileW
SetErrorMode
GetStdHandle
GetSystemTimeAsFileTime
FileTimeToLocalFileTime
CompareFileTime
FreeLibrary
LoadLibraryW
FileTimeToSystemTime
GetModuleFileNameW
WriteFile
LocalFree
CreateFileW
LockResource
FindResourceW
lstrcpyW
LoadResource
GlobalAlloc
lstrlenW
LoadLibraryExW
WideCharToMultiByte
GlobalUnlock
GetTempPathW
GetLastError
SizeofResource
GlobalLock
FormatMessageW
GetDateFormatW
GetTempFileNameW
GetVersionExW
GetFileSize
GetModuleHandleW
GetTimeFormatW
CloseHandle
GetFileAttributesW
GetWindowsDirectoryW
ReadFile
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
EnumResourceNamesW

user32

EnumWindows
SendMessageTimeoutW
SetForegroundWindow
EndDeferWindowPos
SetCursor
LoadCursorW
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
EndDialog
GetDlgItem
InvalidateRect
SetDlgItemInt
SetWindowTextW
GetClientRect
UpdateWindow
SetDlgItemTextW
GetSystemMetrics
DeferWindowPos
CreateWindowExW
GetWindowRect
GetDlgItemInt
SendDlgItemMessageW
SetMenu
SetWindowPos
GetWindowPlacement
LoadAcceleratorsW
PostMessageW
DefWindowProcW
SendMessageW
TranslateAcceleratorW
RegisterClassW
MessageBoxW
MessageBeep
GetWindowThreadProcessId
LoadImageW
SetWindowLongW
GetWindowLongW
SetFocus
EnableWindow
MapWindowPoints
GetMenu
GetSubMenu
GetDC
EmptyClipboard
EnableMenuItem
ReleaseDC
GetClassNameW
OpenClipboard
MoveWindow
GetMenuItemCount
GetMenuStringW
CheckMenuItem
CloseClipboard
GetCursorPos
GetSysColor
SetClipboardData
GetParent
GetWindowTextW
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
DialogBoxParamW
GetDlgCtrlID
DestroyMenu
DestroyWindow
CreateDialogParamW
EnumChildWindows
LoadStringW
DestroyIcon
LoadIconW
KillTimer
BeginDeferWindowPos
RegisterWindowMessageW
TrackPopupMenu
PostQuitMessage
GetMessageW
SetTimer
IsDialogMessageW
TranslateMessage
DispatchMessageW
DrawTextExW

gdi32

CreateFontIndirectW
SetBkMode
DeleteObject
SetTextColor
GetTextExtentPoint32W
SetBkColor
GetStockObject
GetDeviceCaps
SelectObject

comdlg32

ChooseFontW
FindTextW
GetSaveFileNameW

shell32

Shell_NotifyIconW
SHGetFileInfoW
ShellExecuteW
ShellExecuteExW

ole32

CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysFreeString

Sections

.text
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
MIMIMI/mimikatz/passrecpk/BulletsPassView64.cfg
MIMIMI/mimikatz/passrecpk/BulletsPassView64.exe
.exe windows x64

569268acae49b073e0ccf59bb9d69615

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/09/2014, 00:00

Not After

12/09/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

78:a1:b6:fd:ef:64:ce:73:5a:84:1d:0e:58:c9:9f:eb:86:c8:a1:e5
Signer

Actual PE Digest

78:a1:b6:fd:ef:64:ce:73:5a:84:1d:0e:58:c9:9f:eb:86:c8:a1:e5

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

01/03/2015, 14:05
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

__wgetmainargs
_wcmdln
exit
_cexit
_exit
_c_exit
_XcptFilter
__C_specific_handler
_onexit
__dllonexit
strcpy
_wcslwr
strlen
qsort
_purecall
_itow
_initterm
__setusermatherr
_commode
_fmode
__set_app_type
_memicmp
malloc
_wcsicmp
free
wcschr
modf
_wtoi
memcmp
wcstoul
wcsrchr
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
wcslen
memcpy
wcscmp
wcscpy
memset
_snwprintf
wcscat
wcsncat

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_SetImageCount
CreateStatusWindowW
CreateToolbarEx
ord17

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

OpenProcess
CreateRemoteThread
EnumResourceTypesW
ReadProcessMemory
GetCurrentProcess
WaitForSingleObject
ResumeThread
VirtualFreeEx
Sleep
VirtualAllocEx
WriteProcessMemory
GetStartupInfoW
LoadLibraryW
GetCurrentProcessId
ExitProcess
DeleteFileW
SetErrorMode
GetSystemTimeAsFileTime
FileTimeToLocalFileTime
CompareFileTime
FileTimeToSystemTime
GetProcAddress
FreeLibrary
FormatMessageW
GetLastError
GetVersionExW
GetModuleHandleW
GetTimeFormatW
GetFileAttributesW
WriteFile
ReadFile
FindResourceW
GetModuleFileNameW
LoadResource
CreateFileW
LoadLibraryExW
GlobalAlloc
CloseHandle
GetWindowsDirectoryW
WideCharToMultiByte
lstrlenW
LocalFree
lstrcpyW
LockResource
GlobalUnlock
GetDateFormatW
GetTempFileNameW
GetTempPathW
GlobalLock
SizeofResource
GetFileSize
WritePrivateProfileStringW
GetPrivateProfileIntW
EnumResourceNamesW
GetPrivateProfileStringW
GetStdHandle

user32

EnumWindows
SendMessageTimeoutW
ChildWindowFromPoint
SetCursor
LoadCursorW
GetSysColorBrush
ShowWindow
UpdateWindow
SetDlgItemTextW
GetClientRect
GetSystemMetrics
DeferWindowPos
CreateWindowExW
SendDlgItemMessageW
EndDialog
GetWindowRect
GetDlgItem
GetDlgItemInt
InvalidateRect
SetWindowTextW
SetDlgItemInt
GetWindowPlacement
LoadAcceleratorsW
DefWindowProcW
SendMessageW
PostMessageW
RegisterClassW
MessageBoxW
TranslateAcceleratorW
SetMenu
SetWindowPos
GetWindowThreadProcessId
MessageBeep
LoadImageW
GetWindowLongW
SetWindowLongW
SetFocus
CheckMenuItem
GetMenuItemCount
GetCursorPos
SetClipboardData
EnableWindow
GetSysColor
GetMenuStringW
MapWindowPoints
CloseClipboard
GetMenu
EmptyClipboard
GetParent
EnableMenuItem
ReleaseDC
GetDC
MoveWindow
OpenClipboard
GetClassNameW
GetSubMenu
GetWindowTextW
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
DialogBoxParamW
CreateDialogParamW
EnumChildWindows
LoadStringW
DestroyWindow
LoadMenuW
LoadIconW
DestroyIcon
BeginDeferWindowPos
KillTimer
RegisterWindowMessageW
TrackPopupMenu
PostQuitMessage
GetMessageW
SetTimer
IsDialogMessageW
DispatchMessageW
TranslateMessage
DrawTextExW
EndDeferWindowPos
SetForegroundWindow

gdi32

CreateFontIndirectW
SetBkMode
DeleteObject
SetTextColor
SetBkColor
GetStockObject
GetTextExtentPoint32W
SelectObject
GetDeviceCaps

comdlg32

ChooseFontW
FindTextW
GetSaveFileNameW

shell32

Shell_NotifyIconW
ShellExecuteExW
ShellExecuteW
SHGetFileInfoW

ole32

CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysFreeString

Sections

.text
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
MIMIMI/mimikatz/passrecpk/ChromePass.cfg
MIMIMI/mimikatz/passrecpk/ChromePass.exe
.exe windows x86

550f30023107c27802c269535dc454b7

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/09/2014, 00:00

Not After

12/09/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

bd:1b:1e:45:0b:bd:d5:df:88:67:8e:7d:da:22:3d:17
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

30/03/2016, 00:00

Not After

30/06/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

08:62:cd:4e:fa:3b:4b:9e:1a:fc:45:da:0a:0f:c3:1e:b4:ea:4b:4b:6a:a5:fc:38:79:f4:89:9d:b5:ab:50:85
Signer

Actual PE Digest

08:62:cd:4e:fa:3b:4b:9e:1a:fc:45:da:0a:0f:c3:1e:b4:ea:4b:4b:6a:a5:fc:38:79:f4:89:9d:b5:ab:50:85

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

27/01/2018, 09:24
Valid: true

Chain 1

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

c2:cf:96:fb:0e:d0:4c:03:0b:cf:a7:9a:cf:9b:14:07:4e:88:a9:38
Signer

Actual PE Digest

c2:cf:96:fb:0e:d0:4c:03:0b:cf:a7:9a:cf:9b:14:07:4e:88:a9:38

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

27/01/2018, 09:24
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

realloc
isalnum
_gmtime64
isxdigit
tolower
_ftol
strcmp
isspace
isdigit
strftime
atoi
__dllonexit
_onexit
_c_exit
_exit
_XcptFilter
_cexit
toupper
_wcmdln
__wgetmainargs
wcstoul
_memicmp
wcsrchr
malloc
wcschr
free
modf
??2@YAPAXI@Z
??3@YAXPAX@Z
memcmp
_wcsicmp
_purecall
_wcslwr
_itow
exit
wcslen
wcscmp
log
strlen
abs
memcpy
wcscpy
memset
wcscat
_snwprintf
wcsncat
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_except_handler3

comctl32

CreateToolbarEx
ImageList_SetImageCount
ImageList_Create
ImageList_AddMasked
ord17
ImageList_ReplaceIcon
CreateStatusWindowW

kernel32

LockFile
UnlockFile
DeleteFileA
QueryPerformanceCounter
GetSystemTime
FlushFileBuffers
GetTempPathA
InterlockedIncrement
LockFileEx
GetFileAttributesA
LeaveCriticalSection
GetCurrentThreadId
DeleteCriticalSection
CreateFileA
Sleep
GetFullPathNameA
GetFullPathNameW
InitializeCriticalSection
EnumResourceTypesW
OpenProcess
ReadProcessMemory
GetCurrentProcess
GetSystemTimeAsFileTime
EnterCriticalSection
GetModuleHandleA
GetStartupInfoW
SetEndOfFile
GetTickCount
AreFileApisANSI
CloseHandle
FileTimeToLocalFileTime
DeleteFileW
SystemTimeToFileTime
LocalFree
CopyFileW
CreateFileW
CompareFileTime
WriteFile
WideCharToMultiByte
GetProcAddress
FreeLibrary
LoadLibraryW
GetFileSize
GetLastError
LocalAlloc
FileTimeToSystemTime
FindResourceW
GetTempPathW
LoadResource
LoadLibraryExW
FindNextFileW
SizeofResource
FormatMessageW
FindClose
GlobalLock
GetVersionExW
GetWindowsDirectoryW
GetDateFormatW
GetTimeFormatW
GetTempFileNameW
GetFileAttributesW
GetModuleHandleW
FindFirstFileW
ReadFile
LockResource
SetFilePointer
GetModuleFileNameW
MultiByteToWideChar
GlobalAlloc
GlobalUnlock
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
EnumResourceNamesW
SetErrorMode
GetCurrentProcessId
ExitProcess

user32

GetMessageW
PostQuitMessage
TrackPopupMenu
BeginDeferWindowPos
RegisterWindowMessageW
EndDeferWindowPos
DispatchMessageW
DrawTextExW
TranslateMessage
IsDialogMessageW
LoadStringW
EnumChildWindows
DestroyWindow
CreateDialogParamW
DestroyMenu
GetDlgCtrlID
SetCursor
LoadCursorW
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
SendDlgItemMessageW
EndDialog
GetDlgItem
InvalidateRect
SetDlgItemInt
SetWindowTextW
GetClientRect
UpdateWindow
SetDlgItemTextW
GetDlgItemTextW
GetSystemMetrics
DeferWindowPos
CreateWindowExW
GetWindowRect
GetDlgItemInt
SetMenu
SetWindowPos
GetWindowPlacement
LoadAcceleratorsW
PostMessageW
DefWindowProcW
SendMessageW
TranslateAcceleratorW
RegisterClassW
MessageBoxW
LoadIconW
LoadImageW
GetWindowLongW
SetWindowLongW
SetFocus
EmptyClipboard
EnableMenuItem
ReleaseDC
GetClassNameW
OpenClipboard
GetMenuStringW
CloseClipboard
MoveWindow
GetMenuItemCount
GetParent
CheckMenuItem
GetCursorPos
GetSysColor
GetMenu
GetSubMenu
SetClipboardData
EnableWindow
MapWindowPoints
GetDC
GetWindowTextW
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
DialogBoxParamW

gdi32

SetBkColor
SelectObject
GetDeviceCaps
SetTextColor
CreateFontIndirectW
SetBkMode
DeleteObject
GetStockObject
GetTextExtentPoint32W

comdlg32

GetSaveFileNameW
FindTextW

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

shell32

SHGetPathFromIDListW
SHGetMalloc
ShellExecuteExW
SHBrowseForFolderW
SHGetFileInfoW
ShellExecuteW

ole32

CoUninitialize
CoInitialize

Sections

.text
Size: 173KB - Virtual size: 173KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
MIMIMI/mimikatz/passrecpk/Dialupass.cfg
MIMIMI/mimikatz/passrecpk/Dialupass.exe
.exe windows x86

ac08b01dd374a6cd6b814bb41500762c

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/09/2014, 00:00

Not After

12/09/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

bd:1b:1e:45:0b:bd:d5:df:88:67:8e:7d:da:22:3d:17
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

30/03/2016, 00:00

Not After

30/06/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

9d:61:80:51:27:44:5a:1f:7d:83:40:30:b5:28:69:c1:b5:b6:fd:48:ed:de:a6:14:bf:27:6a:8e:73:ae:b6:6b
Signer

Actual PE Digest

9d:61:80:51:27:44:5a:1f:7d:83:40:30:b5:28:69:c1:b5:b6:fd:48:ed:de:a6:14:bf:27:6a:8e:73:ae:b6:6b

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

26/07/2016, 06:08
Valid: true

Chain 1

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

6e:c5:b3:da:95:20:d2:16:7b:60:6d:95:b1:66:44:3f:29:13:aa:fd
Signer

Actual PE Digest

6e:c5:b3:da:95:20:d2:16:7b:60:6d:95:b1:66:44:3f:29:13:aa:fd

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

26/07/2016, 06:08
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_XcptFilter
_exit
__p__fmode
_onexit
__dllonexit
_purecall
_wcslwr
_itow
wcsrchr
malloc
free
modf
__set_app_type
_controlfp
_except_handler3
_c_exit
memcmp
wcstoul
_memicmp
??2@YAPAXI@Z
??3@YAXPAX@Z
_wcsnicmp
_wtoi
wcschr
memcpy
strlen
abs
_wcsicmp
wcslen
wcscmp
log
wcscpy
memset
wcscat
_snwprintf
wcsncat

comctl32

ImageList_SetImageCount
ImageList_ReplaceIcon
ord17
ImageList_Create
ImageList_AddMasked
CreateStatusWindowW
CreateToolbarEx

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

rasapi32

RasSetEntryDialParamsW
RasGetEntryDialParamsW

kernel32

ExitProcess
GetCurrentProcessId
ReadProcessMemory
GetCurrentProcess
DeleteFileW
SetErrorMode
GetPrivateProfileIntW
WritePrivateProfileStringW
GetPrivateProfileStringW
EnumResourceNamesW
CreateFileW
GetModuleFileNameW
OpenProcess
EnumResourceTypesW
GetModuleHandleA
GetStartupInfoW
WriteFile
lstrcpyW
ReadFile
LockResource
FindFirstFileW
LocalFree
WideCharToMultiByte
LoadLibraryW
GetProcAddress
FreeLibrary
MultiByteToWideChar
GetFileSize
CloseHandle
lstrlenW
GlobalAlloc
GlobalUnlock
FindResourceW
GetTempPathW
LoadResource
LoadLibraryExW
GetLastError
FindNextFileW
SizeofResource
FormatMessageW
FindClose
GlobalLock
GetVersionExW
GetWindowsDirectoryW
GetTempFileNameW
GetFileAttributesW
GetModuleHandleW

user32

IsDialogMessageW
TranslateMessage
DrawTextExW
GetMessageW
PostQuitMessage
TrackPopupMenu
RegisterWindowMessageW
DispatchMessageW
ModifyMenuW
SetCursor
LoadCursorW
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
LoadMenuW
EndDialog
EndPaint
GetDlgItem
InvalidateRect
GetWindow
SetDlgItemInt
DrawFrameControl
BeginPaint
SetWindowTextW
GetClientRect
UpdateWindow
SetDlgItemTextW
GetDlgItemTextW
GetSystemMetrics
DeferWindowPos
CreateWindowExW
GetWindowRect
GetDlgItemInt
SetMenu
GetWindowPlacement
LoadAcceleratorsW
PostMessageW
DefWindowProcW
TranslateAcceleratorW
SendMessageW
SetWindowPlacement
RegisterClassW
MessageBoxW
LoadImageW
LoadIconW
SetWindowLongW
GetWindowLongW
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
EnableWindow
MapWindowPoints
GetDC
EmptyClipboard
EnableMenuItem
ReleaseDC
GetClassNameW
OpenClipboard
GetMenuStringW
CloseClipboard
MoveWindow
GetMenuItemCount
CheckMenuItem
GetCursorPos
GetSysColor
GetSubMenu
GetMenu
SetClipboardData
GetMenuItemInfoW
GetDlgCtrlID
GetParent
DestroyMenu
DialogBoxParamW
CreateDialogParamW
DestroyWindow
EnumChildWindows
LoadStringW
SetWindowPos
GetWindowTextW
SendDlgItemMessageW

gdi32

DeleteObject
GetStockObject
GetTextExtentPoint32W
SetBkColor
GetDeviceCaps
SelectObject
SetTextColor
CreateFontIndirectW
SetBkMode

comdlg32

FindTextW
GetOpenFileNameW
GetSaveFileNameW

advapi32

RegOpenKeyExW
RegEnumKeyExW
RegQueryValueExW
RegCloseKey

shell32

SHGetMalloc
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW

ole32

CoUninitialize
CoInitialize

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
MIMIMI/mimikatz/passrecpk/OperaPassView.cfg
MIMIMI/mimikatz/passrecpk/OperaPassView.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
MIMIMI/mimikatz/passrecpk/PasswordFox.exe
.exe windows x86

830c22d616f9ac1efb0fe5fc97a41067

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/09/2014, 00:00

Not After

12/09/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

bd:1b:1e:45:0b:bd:d5:df:88:67:8e:7d:da:22:3d:17
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

30/03/2016, 00:00

Not After

30/06/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

88:30:53:b0:a8:ae:48:3d:f0:de:5f:e4:d7:b2:b7:64:d3:e7:8f:c0:92:7b:f7:02:95:d8:3b:c9:c0:b5:4f:ec
Signer

Actual PE Digest

88:30:53:b0:a8:ae:48:3d:f0:de:5f:e4:d7:b2:b7:64:d3:e7:8f:c0:92:7b:f7:02:95:d8:3b:c9:c0:b5:4f:ec

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

05/11/2017, 10:21
Valid: true

Chain 1

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

5c:e9:26:7b:bc:15:f7:e5:70:c4:89:f0:69:bd:f8:ef:8a:dc:e1:cd
Signer

Actual PE Digest

5c:e9:26:7b:bc:15:f7:e5:70:c4:89:f0:69:bd:f8:ef:8a:dc:e1:cd

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

05/11/2017, 10:21
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

CreateToolbarEx
CreateStatusWindowW
ImageList_ReplaceIcon
ImageList_AddMasked
ImageList_SetImageCount
ImageList_Create
ord17

msvcrt

__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
_onexit
__dllonexit
__p__fmode
_wcslwr
_itow
memmove
free
modf
memcmp
wcstoul
_memicmp
malloc
wcschr
strcpy
__set_app_type
_controlfp
_purecall
_except_handler3
_wtoi
_wtoi64
strcmp
_wcsnicmp
wcsrchr
??2@YAPAXI@Z
??3@YAXPAX@Z
memcpy
_wcsicmp
wcslen
_ultow
wcscmp
log
abs
wcscpy
memset
strlen
wcscat
_snwprintf
wcsncat

kernel32

GetStartupInfoW
GetModuleHandleA
EnumResourceTypesW
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
OpenProcess
SetCurrentDirectoryW
ReadProcessMemory
ExitProcess
GetCurrentProcessId
SetErrorMode
DeleteFileW
GetPrivateProfileStringW
EnumResourceNamesW
GetPrivateProfileIntW
WritePrivateProfileStringW
SizeofResource
GetCurrentProcess
GetFileTime
CompareFileTime
WriteFile
WideCharToMultiByte
FileTimeToSystemTime
GetProcAddress
FreeLibrary
SystemTimeToFileTime
LoadLibraryW
GetCurrentDirectoryW
ExpandEnvironmentStringsW
MultiByteToWideChar
GetFileSize
CloseHandle
FormatMessageW
FindClose
GlobalLock
GetVersionExW
GetWindowsDirectoryW
GetDateFormatW
FileTimeToLocalFileTime
GetTempFileNameW
GetTimeFormatW
GetModuleHandleW
GetFileAttributesW
FindFirstFileW
LocalFree
ReadFile
LockResource
GetModuleFileNameW
CreateFileW
FindResourceW
LoadResource
GlobalUnlock
GlobalAlloc
SystemTimeToTzSpecificLocalTime
GetTempPathW
LoadLibraryExW
GetLastError
FindNextFileW

user32

PostQuitMessage
TrackPopupMenu
RegisterWindowMessageW
DispatchMessageW
DrawTextExW
TranslateMessage
IsDialogMessageW
GetMessageW
SetCursor
LoadCursorW
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
DrawFrameControl
BeginPaint
SetWindowTextW
GetClientRect
UpdateWindow
SetDlgItemTextW
GetDlgItemTextW
GetSystemMetrics
DeferWindowPos
CreateWindowExW
GetWindowRect
GetDlgItemInt
SendDlgItemMessageW
EndDialog
EndPaint
GetDlgItem
InvalidateRect
GetWindow
SetDlgItemInt
LoadAcceleratorsW
PostMessageW
DefWindowProcW
SendMessageW
TranslateAcceleratorW
RegisterClassW
MessageBoxW
SetMenu
SetWindowPos
GetWindowPlacement
GetParent
LoadImageW
LoadIconW
SetWindowLongW
GetWindowLongW
SetFocus
EndDeferWindowPos
BeginDeferWindowPos
GetMenuStringW
CloseClipboard
MoveWindow
GetMenuItemCount
CheckMenuItem
GetCursorPos
GetSysColor
SetClipboardData
EnableWindow
GetMenu
GetSubMenu
MapWindowPoints
GetDC
EmptyClipboard
EnableMenuItem
ReleaseDC
GetClassNameW
OpenClipboard
ModifyMenuW
GetMenuItemInfoW
DialogBoxParamW
GetDlgCtrlID
DestroyMenu
CreateDialogParamW
DestroyWindow
EnumChildWindows
LoadStringW
GetWindowTextW
LoadMenuW

gdi32

SetBkMode
CreateFontIndirectW
SetTextColor
GetDeviceCaps
SelectObject
SetBkColor
DeleteObject
GetStockObject
GetTextExtentPoint32W

comdlg32

GetSaveFileNameW
FindTextW

advapi32

RegQueryValueExW
RegEnumKeyExW
RegOpenKeyExW
RegCloseKey

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
SHGetFileInfoW
ShellExecuteW

ole32

CoUninitialize
CoInitialize

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
MIMIMI/mimikatz/passrecpk/PasswordFox64.cfg
MIMIMI/mimikatz/passrecpk/PasswordFox64.exe
.exe windows x64

dbb40f8cbd296a97d55674032d14649c

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/09/2014, 00:00

Not After

12/09/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

bd:1b:1e:45:0b:bd:d5:df:88:67:8e:7d:da:22:3d:17
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

30/03/2016, 00:00

Not After

30/06/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

7d:7d:1b:9e:26:66:9d:17:d6:07:b9:29:ee:5a:77:ae:a2:60:4c:77:5f:b4:6d:a3:e1:74:65:7e:01:0d:fd:2b
Signer

Actual PE Digest

7d:7d:1b:9e:26:66:9d:17:d6:07:b9:29:ee:5a:77:ae:a2:60:4c:77:5f:b4:6d:a3:e1:74:65:7e:01:0d:fd:2b

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

05/11/2017, 10:21
Valid: true

Chain 1

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

4c:c1:11:dc:44:35:78:ac:bc:1f:59:40:8e:75:dd:a0:6f:d9:5a:40
Signer

Actual PE Digest

4c:c1:11:dc:44:35:78:ac:bc:1f:59:40:8e:75:dd:a0:6f:d9:5a:40

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

05/11/2017, 10:21
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

comctl32

CreateToolbarEx
CreateStatusWindowW
ImageList_ReplaceIcon
ImageList_AddMasked
ImageList_SetImageCount
ImageList_Create
ord17

msvcrt

_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_exit
_c_exit
_XcptFilter
__C_specific_handler
_onexit
__dllonexit
_wcslwr
__setusermatherr
_purecall
_itow
memmove
_memicmp
free
wcschr
modf
memcmp
wcstoul
malloc
strcpy
_commode
_fmode
__set_app_type
_wtoi
_wtoi64
strcmp
_wcsnicmp
wcsrchr
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
memcpy
wcscmp
_wcsicmp
wcslen
_ultow
abs
log
wcscpy
memset
strlen
_snwprintf
wcsncat
wcscat

kernel32

GetStartupInfoW
EnumResourceTypesW
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
SetCurrentDirectoryW
GetCurrentProcessId
ExitProcess
ReadProcessMemory
GetCurrentProcess
SetErrorMode
DeleteFileW
EnumResourceNamesW
GetPrivateProfileIntW
WritePrivateProfileStringW
GetPrivateProfileStringW
CompareFileTime
WriteFile
WideCharToMultiByte
LoadLibraryW
FileTimeToSystemTime
GetProcAddress
FreeLibrary
SystemTimeToFileTime
GetCurrentDirectoryW
ExpandEnvironmentStringsW
MultiByteToWideChar
GetFileSize
CloseHandle
GetDateFormatW
SizeofResource
GetLastError
GetTempFileNameW
GlobalLock
FormatMessageW
GetVersionExW
FindNextFileW
FindFirstFileW
GetModuleHandleW
GetFileTime
FindClose
GetTimeFormatW
GetFileAttributesW
ReadFile
GetModuleFileNameW
GetWindowsDirectoryW
CreateFileW
FileTimeToLocalFileTime
FindResourceW
LoadResource
LocalFree
SystemTimeToTzSpecificLocalTime
GlobalAlloc
LockResource
LoadLibraryExW
GlobalUnlock
GetTempPathW

user32

RegisterWindowMessageW
DispatchMessageW
DrawTextExW
TranslateMessage
IsDialogMessageW
GetMessageW
PostQuitMessage
ChildWindowFromPoint
SetCursor
LoadCursorW
GetSysColorBrush
ShowWindow
InvalidateRect
EndPaint
GetWindow
DrawFrameControl
SetDlgItemInt
SetWindowTextW
UpdateWindow
SetDlgItemTextW
BeginPaint
GetDlgItemTextW
GetClientRect
GetSystemMetrics
DeferWindowPos
CreateWindowExW
SendDlgItemMessageW
EndDialog
GetWindowRect
GetDlgItem
GetDlgItemInt
TranslateAcceleratorW
SetMenu
SetWindowPos
GetWindowPlacement
LoadAcceleratorsW
DefWindowProcW
SendMessageW
PostMessageW
RegisterClassW
MessageBoxW
GetParent
LoadImageW
LoadIconW
GetWindowLongW
SetWindowLongW
SetFocus
EndDeferWindowPos
BeginDeferWindowPos
GetMenuItemCount
CheckMenuItem
GetMenuStringW
GetCursorPos
SetClipboardData
GetSysColor
EnableWindow
CloseClipboard
MapWindowPoints
GetMenu
GetDC
EmptyClipboard
GetSubMenu
EnableMenuItem
ReleaseDC
GetClassNameW
OpenClipboard
MoveWindow
GetDlgCtrlID
DestroyMenu
DialogBoxParamW
CreateDialogParamW
EnumChildWindows
LoadStringW
DestroyWindow
GetWindowTextW
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
TrackPopupMenu

gdi32

SetBkMode
CreateFontIndirectW
SetTextColor
GetDeviceCaps
SelectObject
SetBkColor
DeleteObject
GetStockObject
GetTextExtentPoint32W

comdlg32

GetSaveFileNameW
FindTextW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegEnumKeyExW

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
SHGetFileInfoW
ShellExecuteW

ole32

CoUninitialize
CoInitialize

Sections

.text
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
MIMIMI/mimikatz/passrecpk/PstPassword.cfg
MIMIMI/mimikatz/passrecpk/PstPassword.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
MIMIMI/mimikatz/passrecpk/RouterPassView.cfg
MIMIMI/mimikatz/passrecpk/RouterPassView.exe
.exe windows x86

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/09/2014, 00:00

Not After

12/09/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

bd:1b:1e:45:0b:bd:d5:df:88:67:8e:7d:da:22:3d:17
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

30/03/2016, 00:00

Not After

30/06/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

ab:e4:be:00:5e:90:bc:18:0f:0a:7b:8a:05:33:cf:60:4d:9b:39:5d:29:0c:33:40:43:ae:9c:1c:77:e7:43:d6
Signer

Actual PE Digest

ab:e4:be:00:5e:90:bc:18:0f:0a:7b:8a:05:33:cf:60:4d:9b:39:5d:29:0c:33:40:43:ae:9c:1c:77:e7:43:d6

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

25/03/2018, 11:13
Valid: true

Chain 1

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

25:c9:78:88:bb:91:16:c3:8c:a9:f0:6d:05:8b:fb:05:52:b8:8e:4c
Signer

Actual PE Digest

25:c9:78:88:bb:91:16:c3:8c:a9:f0:6d:05:8b:fb:05:52:b8:8e:4c

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

25/03/2018, 11:13
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 100KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 64KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
MIMIMI/mimikatz/passrecpk/SniffPass.exe
.exe windows x86

ad6726d15faee2a539b2822732b3874f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAIoctl
setsockopt
WSAGetLastError
htons
recv
bind
socket
WSASetLastError
closesocket
WSAAsyncSelect
connect
WSAStartup
WSACleanup
inet_addr
inet_ntoa

msvcrt

_strcmpi
_memicmp
memset
_ultoa
strcpy
strlen
strcmp
_stricmp
strncat
strrchr
strcat
strtoul
memcmp
modf
free
malloc
_strnicmp
strchr
??2@YAPAXI@Z
??3@YAXPAX@Z
memcpy
sprintf
_itoa
_strlwr
_purecall
__dllonexit
_onexit
_c_exit
_exit
_XcptFilter
_cexit
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_except_handler3

comctl32

CreateToolbarEx
ImageList_SetImageCount
ImageList_Create
ImageList_AddMasked
ord17
ImageList_ReplaceIcon
ord6

kernel32

OpenProcess
GlobalFree
ReadProcessMemory
GetCurrentProcess
ExitProcess
GetCurrentProcessId
GetPrivateProfileIntA
EnumResourceNamesA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetTempPathA
GetTimeFormatA
GetFileAttributesA
CloseHandle
GetTempFileNameA
GlobalLock
GetVersionExA
GetLastError
GlobalAlloc
GlobalUnlock
LoadLibraryExA
MultiByteToWideChar
GetStartupInfoA
DeleteFileA
WriteFile
GetModuleHandleA
GetTickCount
WideCharToMultiByte
SystemTimeToFileTime
CompareFileTime
GetLocalTime
FileTimeToSystemTime
GetProcAddress
LoadLibraryA
FreeLibrary
WinExec
LocalFree
CreateFileA
GetFileSize
ReadFile
FormatMessageA
GetWindowsDirectoryA
GetModuleFileNameA
GetDateFormatA

user32

RegisterWindowMessageA
OpenClipboard
BeginDeferWindowPos
IsDialogMessageA
TranslateMessage
SetTimer
EndDeferWindowPos
PostQuitMessage
TrackPopupMenu
KillTimer
GetFocus
DispatchMessageA
DeferWindowPos
GetMenuItemInfoA
EnumChildWindows
DestroyMenu
GetDlgCtrlID
DestroyWindow
DialogBoxParamA
ModifyMenuA
CreateDialogParamA
LoadStringA
PeekMessageA
SendMessageTimeoutA
GetSysColorBrush
SetCursor
ShowWindow
LoadCursorA
ChildWindowFromPoint
SetWindowTextA
EndDialog
GetDlgItem
CreateWindowExA
SetDlgItemInt
SendDlgItemMessageA
GetDlgItemInt
SetDlgItemTextA
DefWindowProcA
TranslateAcceleratorA
MessageBoxA
GetWindowPlacement
SendMessageA
GetWindowRect
RegisterClassA
UpdateWindow
GetSystemMetrics
PostMessageA
SetMenu
LoadAcceleratorsA
SetWindowPos
LoadImageA
MessageBeep
LoadIconA
GetWindowLongA
SetWindowLongA
SetFocus
InvalidateRect
GetMenuStringA
CheckMenuItem
GetSubMenu
GetCursorPos
GetMenu
GetSysColor
SetClipboardData
GetDC
EnableWindow
MapWindowPoints
EmptyClipboard
EnableMenuItem
ReleaseDC
GetParent
GetClientRect
GetClassNameA
CloseClipboard
GetMenuItemCount
MoveWindow
GetWindowTextA
LoadMenuA
GetMessageA

gdi32

GetTextExtentPoint32A
SetBkColor
GetStockObject
GetDeviceCaps
SetBkMode
DeleteObject
SetTextColor
CreateFontIndirectA

comdlg32

FindTextA
GetOpenFileNameA
GetSaveFileNameA

advapi32

RegDeleteKeyA
RegCloseKey
RegOpenKeyExA
RegEnumKeyExA
RegQueryValueExA

shell32

ShellExecuteA

ole32

CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

SysFreeString
SysAllocString

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
MIMIMI/mimikatz/passrecpk/SniffPass64.cfg
MIMIMI/mimikatz/passrecpk/SniffPass64.exe
.exe windows x64

fe1703ebe1a11b60b7459b2ce858e5ce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

WSAIoctl
setsockopt
recv
bind
socket
WSASetLastError
closesocket
connect
WSAAsyncSelect
WSAGetLastError
htons
WSACleanup
WSAStartup
inet_ntoa
inet_addr

msvcrt

_memicmp
_ultoa
strcpy
strlen
_stricmp
strcmp
strncat
sprintf
memcmp
modf
free
malloc
strtoul
strchr
_strcmpi
strrchr
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
strcat
memcpy
memset
_strnicmp
_itoa
_purecall
_strlwr
__dllonexit
_onexit
__C_specific_handler
_XcptFilter
_c_exit
_exit
_cexit
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_commode
__set_app_type
_fmode

comctl32

CreateToolbarEx
ImageList_SetImageCount
ImageList_Create
ImageList_AddMasked
ord17
ImageList_ReplaceIcon
ord6

kernel32

OpenProcess
GetTickCount
GlobalFree
ReadProcessMemory
GetCurrentProcess
ExitProcess
DeleteFileA
GetPrivateProfileIntA
EnumResourceNamesA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetDateFormatA
GetVersionExA
GetWindowsDirectoryA
FormatMessageA
ReadFile
GetFileSize
CreateFileA
GetFileAttributesA
GetCurrentProcessId
GetTimeFormatA
GetStartupInfoA
WideCharToMultiByte
GetLocalTime
SystemTimeToFileTime
CompareFileTime
LoadLibraryA
FreeLibrary
FileTimeToSystemTime
GetProcAddress
WinExec
MultiByteToWideChar
WriteFile
CloseHandle
GlobalUnlock
GetTempPathA
LocalFree
GlobalAlloc
GetModuleFileNameA
GetLastError
GetModuleHandleA
LoadLibraryExA
GlobalLock
GetTempFileNameA

user32

SendMessageTimeoutA
CheckMenuItem
KillTimer
GetFocus
GetMessageA
RegisterWindowMessageA
SetTimer
DispatchMessageA
DeferWindowPos
IsDialogMessageA
TranslateMessage
BeginDeferWindowPos
PostQuitMessage
TrackPopupMenu
EndDeferWindowPos
GetWindowTextA
GetMenuItemInfoA
DestroyWindow
EnumChildWindows
CreateDialogParamA
DestroyMenu
GetDlgCtrlID
ChildWindowFromPoint
GetSysColorBrush
ShowWindow
LoadCursorA
SetCursor
SetWindowTextA
SendDlgItemMessageA
GetDlgItemInt
EndDialog
GetDlgItem
CreateWindowExA
SetDlgItemInt
SetDlgItemTextA
GetSystemMetrics
GetWindowRect
PostMessageA
SetMenu
LoadAcceleratorsA
SetWindowPos
DefWindowProcA
TranslateAcceleratorA
MessageBoxA
GetWindowPlacement
SendMessageA
RegisterClassA
UpdateWindow
MessageBeep
LoadIconA
LoadImageA
GetWindowLongA
SetWindowLongA
InvalidateRect
SetFocus
GetSubMenu
SetClipboardData
GetDC
EnableWindow
MapWindowPoints
EmptyClipboard
EnableMenuItem
ReleaseDC
OpenClipboard
GetClientRect
MoveWindow
GetMenuItemCount
GetMenuStringA
DialogBoxParamA
GetCursorPos
GetMenu
GetSysColor
GetClassNameA
CloseClipboard
LoadMenuA
GetParent
ModifyMenuA
LoadStringA
PeekMessageA

gdi32

GetStockObject
GetTextExtentPoint32A
SetBkColor
GetDeviceCaps
CreateFontIndirectA
SetBkMode
DeleteObject
SetTextColor

comdlg32

GetOpenFileNameA
GetSaveFileNameA
FindTextA

advapi32

RegEnumKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA

shell32

ShellExecuteA

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysAllocString
SysFreeString

Sections

.text
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
MIMIMI/mimikatz/passrecpk/VNCPassView.exe
.exe windows x86

14ccc05e3f89d437c608fcb108c4d108

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_cexit
_XcptFilter
_exit
__p__fmode
_onexit
__dllonexit
_purecall
_mbslwr
strtoul
_mbschr
_memicmp
_mbscmp
__set_app_type
_controlfp
_c_exit
_except_handler3
malloc
_mbsicmp
memset
free
modf
_mbsrchr
memcmp
??3@YAXPAX@Z
??2@YAPAXI@Z
strlen
memcpy
_itoa
strcpy
strcat
_mbsnbcat
_snprintf

comctl32

ImageList_Create
ImageList_SetImageCount
CreateToolbarEx
ord6
ImageList_AddMasked
ord17
ImageList_ReplaceIcon

kernel32

GetCurrentProcess
ExitProcess
ReadProcessMemory
GetCurrentProcessId
DeleteFileA
SetErrorMode
EnumResourceNamesA
GetPrivateProfileIntA
WritePrivateProfileStringA
GetPrivateProfileStringA
OpenProcess
EnumResourceTypesA
GetStartupInfoA
GetWindowsDirectoryA
FreeLibrary
GetProcAddress
LoadLibraryA
WriteFile
GetTempFileNameA
ReadFile
GlobalAlloc
GetVersionExA
CreateFileA
GlobalLock
GetFileSize
CloseHandle
LockResource
FindResourceA
GetTempPathA
SizeofResource
GlobalUnlock
LocalFree
GetModuleFileNameA
GetFileAttributesA
GetLastError
GetModuleHandleA
LoadLibraryExA
FormatMessageA
LoadResource

user32

PostQuitMessage
TrackPopupMenu
EndDeferWindowPos
RegisterWindowMessageA
GetSysColorBrush
LoadCursorA
ShowWindow
ChildWindowFromPoint
SetCursor
SetDlgItemTextA
SendDlgItemMessageA
GetDlgItemInt
SetWindowTextA
SetDlgItemInt
EndDialog
GetDlgItem
CreateWindowExA
DefWindowProcA
RegisterClassA
TranslateAcceleratorA
GetWindowRect
MessageBoxA
UpdateWindow
GetWindowPlacement
GetSystemMetrics
PostMessageA
SendMessageA
SetMenu
LoadAcceleratorsA
SetWindowPos
LoadImageA
LoadIconA
GetWindowLongA
SetWindowLongA
SetFocus
InvalidateRect
GetSysColor
OpenClipboard
MoveWindow
GetMenu
EmptyClipboard
GetClassNameA
EnableMenuItem
CloseClipboard
CheckMenuItem
ReleaseDC
GetDC
GetMenuItemCount
GetSubMenu
SetClipboardData
GetMenuStringA
EnableWindow
MapWindowPoints
GetCursorPos
GetClientRect
EnumChildWindows
GetMenuItemInfoA
LoadMenuA
GetParent
LoadStringA
ModifyMenuA
CreateDialogParamA
DialogBoxParamA
GetDlgCtrlID
GetWindowTextA
DestroyMenu
DestroyWindow
BeginDeferWindowPos
TranslateMessage
GetMessageA
IsDialogMessageA
DeferWindowPos
DispatchMessageA
DrawTextExA

gdi32

GetStockObject
GetTextExtentPoint32A
SetBkColor
SelectObject
GetDeviceCaps
SetBkMode
DeleteObject
SetTextColor
CreateFontIndirectA

comdlg32

GetSaveFileNameA

advapi32

RegDeleteKeyA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA

shell32

ShellExecuteA

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
MIMIMI/mimikatz/passrecpk/WebBrowserPassView.cfg
MIMIMI/mimikatz/passrecpk/WebBrowserPassView.exe
.exe windows x86

72f8577f4311144f53af1bd738fb6e13

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/09/2014, 00:00

Not After

12/09/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

bd:1b:1e:45:0b:bd:d5:df:88:67:8e:7d:da:22:3d:17
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

30/03/2016, 00:00

Not After

30/06/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

f6:dd:f7:75:a0:10:39:c7:27:97:ae:42:9f:f9:1c:09:f0:de:93:0d:f0:11:ee:d1:8b:8a:69:25:99:9d:2b:0e
Signer

Actual PE Digest

f6:dd:f7:75:a0:10:39:c7:27:97:ae:42:9f:f9:1c:09:f0:de:93:0d:f0:11:ee:d1:8b:8a:69:25:99:9d:2b:0e

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

01/07/2017, 18:36
Valid: true

Chain 1

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

bd:f0:16:10:fc:87:d0:8b:99:d6:8d:b4:4a:ce:52:a8:80:fe:27:90
Signer

Actual PE Digest

bd:f0:16:10:fc:87:d0:8b:99:d6:8d:b4:4a:ce:52:a8:80:fe:27:90

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

01/07/2017, 18:36
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
wcscat
__set_app_type
_controlfp
_gmtime64
_itow
_wcslwr
strchr
_strlwr
_initterm
wcsncmp
memmove
free
modf
_memicmp
wcstoul
malloc
_XcptFilter
_wtoi64
strcmp
strcpy
wcsrchr
__wgetmainargs
_wcmdln
exit
_wcsupr
_cexit
_wcsnicmp
??2@YAPAXI@Z
??3@YAXPAX@Z
memcmp
_purecall
wcslen
wcscmp
abs
log
_wtoi
_wcsicmp
wcschr
memcpy
wcscpy
memset
strlen
wcsncat
_snwprintf
_except_handler3
_exit
_c_exit
_onexit
__dllonexit
memchr
strftime
realloc

comctl32

ord17
ImageList_Create
ImageList_AddMasked
ImageList_SetImageCount
ImageList_ReplaceIcon
CreateToolbarEx
CreateStatusWindowW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

wininet

FindFirstUrlCacheEntryW
FindCloseUrlCache
FindNextUrlCacheEntryW

kernel32

GetFullPathNameW
AreFileApisANSI
EnterCriticalSection
GetSystemTime
LockFileEx
FormatMessageA
GetSystemTimeAsFileTime
GetTempPathA
UnlockFileEx
LockFile
UnlockFile
InterlockedCompareExchange
DeleteCriticalSection
GetFileAttributesExW
GetDiskFreeSpaceW
DeleteFileA
GetFullPathNameA
InitializeCriticalSection
GetModuleHandleA
GetStartupInfoW
FlushFileBuffers
QueryPerformanceCounter
GetFileAttributesA
LeaveCriticalSection
SetEndOfFile
GetSystemInfo
Sleep
GetDiskFreeSpaceA
CreateFileA
EnumResourceTypesW
CreateToolhelp32Snapshot
LocalFree
GetFileSize
SystemTimeToFileTime
CloseHandle
FileTimeToLocalFileTime
DeleteFileW
CopyFileW
CreateFileW
CompareFileTime
LoadLibraryW
GetProcAddress
FreeLibrary
GetLastError
FileTimeToSystemTime
GetTickCount
SetFilePointerEx
GetCurrentDirectoryW
ExpandEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GlobalLock
GetFileTime
GetDateFormatW
FormatMessageW
GetTempFileNameW
GetVersionExW
FindClose
FindFirstFileW
GetModuleHandleW
GetTimeFormatW
SetFilePointer
GetWindowsDirectoryW
GetFileAttributesW
ReadFile
GetModuleFileNameW
WriteFile
LockResource
lstrcpyW
FindResourceW
lstrlenW
LoadResource
SystemTimeToTzSpecificLocalTime
LoadLibraryExW
GlobalAlloc
GlobalUnlock
GetTempPathW
FindNextFileW
SizeofResource
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetCurrentProcess
DuplicateHandle
GetCurrentProcessId
OpenProcess
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
EnumResourceNamesW
GetStdHandle
SetErrorMode
ReadProcessMemory
ExitProcess
SetCurrentDirectoryW
Process32FirstW
Process32NextW

user32

DrawTextExW
GetMessageW
PostQuitMessage
TrackPopupMenu
RegisterWindowMessageW
GetKeyState
DispatchMessageW
TranslateMessage
IsDialogMessageW
DestroyMenu
GetDlgCtrlID
GetMenuItemInfoW
ModifyMenuW
LoadMenuW
ChildWindowFromPoint
LoadCursorW
SetCursor
GetSysColorBrush
ShowWindow
SetWindowTextW
SetDlgItemInt
UpdateWindow
SetDlgItemTextW
GetDlgItemTextW
GetClientRect
GetSystemMetrics
DeferWindowPos
CreateWindowExW
GetWindowRect
SendDlgItemMessageW
GetDlgItemInt
EndDialog
SetWindowLongW
GetDlgItem
GetWindow
InvalidateRect
GetWindowPlacement
LoadAcceleratorsW
DefWindowProcW
SendMessageW
PostMessageW
RegisterClassW
MessageBoxW
TranslateAcceleratorW
SetMenu
SetWindowPlacement
LoadImageW
LoadIconW
GetWindowLongW
SetFocus
KillTimer
GetParent
SetTimer
BeginDeferWindowPos
EndDeferWindowPos
GetMenuStringW
CheckMenuItem
GetMenuItemCount
CloseClipboard
CheckMenuRadioItem
GetCursorPos
SetClipboardData
EnableWindow
GetSysColor
MapWindowPoints
GetMenu
GetDC
GetSubMenu
EmptyClipboard
EnableMenuItem
ReleaseDC
GetClassNameW
OpenClipboard
MoveWindow
DialogBoxParamW
CreateDialogParamW
EnumChildWindows
LoadStringW
DestroyWindow
SetWindowPos
GetWindowTextW

gdi32

SetBkColor
SelectObject
GetDeviceCaps
SetBkMode
SetTextColor
DeleteObject
CreateFontIndirectW
GetTextExtentPoint32W
GetStockObject

comdlg32

GetSaveFileNameW
GetOpenFileNameW
FindTextW

advapi32

RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegEnumValueW
RegCloseKey

shell32

SHGetMalloc
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
ShellExecuteW

ole32

CoUninitialize
CoInitialize
CoTaskMemFree

Sections

.text
Size: 270KB - Virtual size: 270KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
MIMIMI/mimikatz/passrecpk/WirelessKeyView.exe
.exe windows x86

1d7e7846ad75aa9f575074eb1d52195d

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/09/2014, 00:00

Not After

12/09/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

bd:1b:1e:45:0b:bd:d5:df:88:67:8e:7d:da:22:3d:17
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

30/03/2016, 00:00

Not After

30/06/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

cb:ed:e4:ea:df:18:92:5b:0c:e6:4c:94:9c:19:b6:04:1b:9a:79:9a:b8:1c:7f:bf:9a:6c:a8:61:88:c0:73:f9
Signer

Actual PE Digest

cb:ed:e4:ea:df:18:92:5b:0c:e6:4c:94:9c:19:b6:04:1b:9a:79:9a:b8:1c:7f:bf:9a:6c:a8:61:88:c0:73:f9

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

10/11/2016, 07:44
Valid: true

Chain 1

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

6a:b3:4c:18:62:83:a8:01:0d:cb:3d:cc:2e:2a:20:77:59:3c:d2:3b
Signer

Actual PE Digest

6a:b3:4c:18:62:83:a8:01:0d:cb:3d:cc:2e:2a:20:77:59:3c:d2:3b

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

10/11/2016, 07:44
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord6
CreateToolbarEx
ImageList_Create
ImageList_AddMasked
ImageList_SetImageCount
ord17
ImageList_ReplaceIcon

msvcrt

_mbschr
strncmp
__dllonexit
_onexit
_c_exit
_exit
_XcptFilter
_cexit
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_mbsicmp
strtoul
strchr
_memicmp
_mbscmp
strrchr
malloc
_strcmpi
free
??3@YAXPAX@Z
??2@YAPAXI@Z
strlen
qsort
_strlwr
_itoa
modf
wcslen
_snprintf
memcmp
memcpy
atoi
_purecall
strcmp
memset
strcpy
strcat
strncat
sprintf
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_except_handler3

kernel32

GetStartupInfoA
OpenFileMappingA
Sleep
GetTickCount
CreateFileMappingA
CopyFileA
UnmapViewOfFile
MapViewOfFile
EnumResourceTypesA
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
GetCurrentProcessId
ReadProcessMemory
ExitProcess
CreateProcessA
SetErrorMode
DeleteFileA
FreeLibrary
GetProcAddress
LoadLibraryA
CompareFileTime
CloseHandle
LocalFree
GetFileSize
GetLastError
LocalAlloc
SystemTimeToFileTime
FileTimeToSystemTime
FindClose
GetCurrentProcess
ReadFile
GetSystemDirectoryA
CreateFileA
GlobalAlloc
GlobalLock
GetVersionExA
FindResourceA
MultiByteToWideChar
LockResource
FileTimeToLocalFileTime
GetTimeFormatA
GetTempPathA
SizeofResource
GlobalUnlock
FindFirstFileA
GetModuleFileNameA
FindNextFileA
GetFileAttributesA
GetModuleHandleA
LoadResource
SystemTimeToTzSpecificLocalTime
LoadLibraryExA
FormatMessageA
GetWindowsDirectoryA
GetDateFormatA
WriteFile
GetTempFileNameA
WideCharToMultiByte
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
EnumResourceNamesA
GetStdHandle

user32

RegisterWindowMessageA
GetMessageA
DrawTextExA
IsDialogMessageA
DispatchMessageA
TranslateMessage
DeferWindowPos
PostQuitMessage
TrackPopupMenu
BeginDeferWindowPos
SetCursor
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
LoadCursorA
SetDlgItemInt
SendDlgItemMessageA
GetDlgItemInt
SetDlgItemTextA
GetDlgItemTextA
SetWindowTextA
EndDialog
GetDlgItem
CreateWindowExA
RegisterClassA
UpdateWindow
GetSystemMetrics
PostMessageA
SetMenu
LoadAcceleratorsA
SetWindowPos
DefWindowProcA
TranslateAcceleratorA
MessageBoxA
GetWindowPlacement
SendMessageA
GetWindowRect
LoadIconA
LoadImageA
GetWindowLongA
SetWindowLongA
InvalidateRect
SetFocus
MoveWindow
OpenClipboard
GetMenu
CheckMenuItem
EmptyClipboard
GetParent
GetClassNameA
EnableMenuItem
CloseClipboard
ReleaseDC
GetDC
GetMenuItemCount
GetSubMenu
SetClipboardData
EnableWindow
MapWindowPoints
GetMenuStringA
GetCursorPos
GetKeyState
GetSysColor
GetWindowTextA
LoadMenuA
LoadStringA
CreateDialogParamA
ModifyMenuA
DialogBoxParamA
DestroyWindow
GetDlgCtrlID
DestroyMenu
EnumChildWindows
GetMenuItemInfoA
EndDeferWindowPos
GetFocus
GetClientRect

gdi32

GetTextExtentPoint32A
SetBkColor
GetStockObject
SelectObject
GetDeviceCaps
SetTextColor
CreateFontIndirectA
SetBkMode
DeleteObject

comdlg32

FindTextA
GetSaveFileNameA
GetOpenFileNameA

advapi32

RegDeleteValueA
RegEnumValueA
RegCloseKey
RegQueryValueExA
RegEnumKeyExA
RegOpenKeyExA
RegDeleteKeyA

shell32

SHGetPathFromIDListA
SHGetMalloc
SHBrowseForFolderA
ShellExecuteA

ole32

CoInitialize
CoUninitialize

Sections

.text
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
MIMIMI/mimikatz/passrecpk/WirelessKeyView64.cfg
MIMIMI/mimikatz/passrecpk/WirelessKeyView64.exe
.exe windows x64

7b0b401486306306eb59fe988779fbd8

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/09/2014, 00:00

Not After

12/09/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

bd:1b:1e:45:0b:bd:d5:df:88:67:8e:7d:da:22:3d:17
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

30/03/2016, 00:00

Not After

30/06/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

86:5e:13:d5:18:b2:72:7e:26:7e:25:08:66:2e:4a:4d:62:e6:83:d4:57:3d:33:8d:7b:3a:fa:14:3e:9b:22:a1
Signer

Actual PE Digest

86:5e:13:d5:18:b2:72:7e:26:7e:25:08:66:2e:4a:4d:62:e6:83:d4:57:3d:33:8d:7b:3a:fa:14:3e:9b:22:a1

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

10/11/2016, 07:44
Valid: true

Chain 1

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

45:c5:25:79:d4:ad:9a:01:87:83:7a:fa:8b:6c:ae:6a:9f:1d:6b:68
Signer

Actual PE Digest

45:c5:25:79:d4:ad:9a:01:87:83:7a:fa:8b:6c:ae:6a:9f:1d:6b:68

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

10/11/2016, 07:44
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

comctl32

CreateToolbarEx
ord6
ImageList_SetImageCount
ImageList_Create
ImageList_AddMasked
ord17
ImageList_ReplaceIcon

msvcrt

qsort
strncmp
__dllonexit
_onexit
__C_specific_handler
_XcptFilter
_c_exit
_exit
_cexit
exit
_acmdln
_strcmpi
_strlwr
_mbscmp
modf
_memicmp
strrchr
strchr
strtoul
malloc
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
strlen
_mbschr
_mbsicmp
_itoa
free
wcslen
_snprintf
memcmp
memcpy
atoi
_purecall
strcmp
strcpy
memset
strcat
strncat
sprintf
__getmainargs
_initterm
__setusermatherr
_commode
_fmode
__set_app_type

kernel32

GetStartupInfoA
OpenFileMappingA
UnmapViewOfFile
MapViewOfFile
Sleep
CreateFileMappingA
GetTickCount
CopyFileA
EnumResourceTypesA
CreateToolhelp32Snapshot
OpenProcess
Process32Next
Process32First
ReadProcessMemory
ExitProcess
GetCurrentProcessId
CreateProcessA
FreeLibrary
GetProcAddress
LoadLibraryA
CompareFileTime
GetLastError
LocalAlloc
GetFileSize
CloseHandle
LocalFree
SystemTimeToFileTime
FileTimeToSystemTime
LoadLibraryExA
FindResourceA
GlobalLock
GlobalAlloc
MultiByteToWideChar
GetTimeFormatA
SizeofResource
GlobalUnlock
LockResource
GetFileAttributesA
FindFirstFileA
GetVersionExA
LoadResource
FormatMessageA
SystemTimeToTzSpecificLocalTime
GetWindowsDirectoryA
FileTimeToLocalFileTime
GetDateFormatA
GetTempPathA
GetModuleFileNameA
WriteFile
FindNextFileA
GetCurrentProcess
ReadFile
GetSystemDirectoryA
CreateFileA
GetTempFileNameA
FindClose
GetModuleHandleA
WideCharToMultiByte
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
EnumResourceNamesA
GetStdHandle
DeleteFileA
SetErrorMode

user32

DrawTextExA
PostQuitMessage
TrackPopupMenu
IsDialogMessageA
TranslateMessage
DispatchMessageA
DeferWindowPos
BeginDeferWindowPos
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
SetCursor
LoadCursorA
EndDialog
GetDlgItem
CreateWindowExA
SetDlgItemInt
SetDlgItemTextA
GetDlgItemTextA
SetWindowTextA
SendDlgItemMessageA
GetDlgItemInt
LoadAcceleratorsA
SetWindowPos
DefWindowProcA
TranslateAcceleratorA
MessageBoxA
GetWindowPlacement
SendMessageA
RegisterClassA
UpdateWindow
GetSystemMetrics
GetWindowRect
PostMessageA
SetMenu
LoadIconA
LoadImageA
GetWindowLongA
SetWindowLongA
InvalidateRect
SetFocus
CheckMenuItem
GetMenu
EmptyClipboard
EnableMenuItem
ReleaseDC
GetMenuItemCount
GetDC
GetParent
SetClipboardData
EnableWindow
GetMenuStringA
MapWindowPoints
GetSubMenu
GetCursorPos
GetClassNameA
CloseClipboard
GetClientRect
GetKeyState
MoveWindow
OpenClipboard
CreateDialogParamA
DestroyWindow
EnumChildWindows
GetMenuItemInfoA
GetWindowTextA
LoadMenuA
ModifyMenuA
LoadStringA
DialogBoxParamA
GetDlgCtrlID
DestroyMenu
RegisterWindowMessageA
GetMessageA
EndDeferWindowPos
GetFocus
GetSysColor

gdi32

GetTextExtentPoint32A
SetBkColor
GetStockObject
SelectObject
GetDeviceCaps
SetTextColor
CreateFontIndirectA
SetBkMode
DeleteObject

comdlg32

FindTextA
GetSaveFileNameA
GetOpenFileNameA

advapi32

RegQueryValueExA
RegEnumKeyExA
RegOpenKeyExA
RegDeleteValueA
RegEnumValueA
RegCloseKey
RegDeleteKeyA

shell32

SHGetPathFromIDListA
SHGetMalloc
SHBrowseForFolderA
ShellExecuteA

ole32

CoInitialize
CoUninitialize

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
MIMIMI/mimikatz/passrecpk/iepv.cfg
MIMIMI/mimikatz/passrecpk/iepv.exe
.exe windows x86

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/09/2014, 00:00

Not After

12/09/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

bd:1b:1e:45:0b:bd:d5:df:88:67:8e:7d:da:22:3d:17
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

30/03/2016, 00:00

Not After

30/06/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

f7:0b:40:1c:b7:ae:f3:ab:25:d5:3a:ff:55:09:f9:7b:2f:64:6f:5d:34:2d:87:ce:25:f3:e0:c2:91:c8:88:fe
Signer

Actual PE Digest

f7:0b:40:1c:b7:ae:f3:ab:25:d5:3a:ff:55:09:f9:7b:2f:64:6f:5d:34:2d:87:ce:25:f3:e0:c2:91:c8:88:fe

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

16/08/2016, 19:51
Valid: true

Chain 1

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

2f:5a:bf:f4:29:a5:38:4f:42:5e:04:0f:42:7c:3a:a5:65:5d:15:d9
Signer

Actual PE Digest

2f:5a:bf:f4:29:a5:38:4f:42:5e:04:0f:42:7c:3a:a5:65:5d:15:d9

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

16/08/2016, 19:51
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 68KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 44KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
MIMIMI/mimikatz/passrecpk/mailpv.cfg
MIMIMI/mimikatz/passrecpk/mailpv.exe
.exe windows x86

54db291fe92057b8dcd2eca2f82f7be8

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/09/2014, 00:00

Not After

12/09/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

bd:1b:1e:45:0b:bd:d5:df:88:67:8e:7d:da:22:3d:17
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

30/03/2016, 00:00

Not After

30/06/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

1d:df:68:53:3a:4a:8f:29:c0:84:64:80:ef:dd:f3:0d:7b:59:8a:73:b6:a6:53:77:1f:6a:84:69:b1:5c:d7:e2
Signer

Actual PE Digest

1d:df:68:53:3a:4a:8f:29:c0:84:64:80:ef:dd:f3:0d:7b:59:8a:73:b6:a6:53:77:1f:6a:84:69:b1:5c:d7:e2

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

26/06/2016, 09:53
Valid: true

Chain 1

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

8c:8b:24:84:e3:e5:d1:15:8a:b3:8f:f2:e0:82:2c:77:63:a1:5b:43
Signer

Actual PE Digest

8c:8b:24:84:e3:e5:d1:15:8a:b3:8f:f2:e0:82:2c:77:63:a1:5b:43

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

26/06/2016, 09:53
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memmove
wcschr
wcslen
wcsncmp
_itoa
_strlwr
strncmp
_mbsnbicmp
_snprintf
_mbsrchr
__dllonexit
_onexit
_c_exit
_exit
_XcptFilter
_cexit
_strnicmp
_acmdln
__getmainargs
_initterm
_memicmp
malloc
strrchr
_stricmp
free
modf
memcmp
strtoul
??3@YAXPAX@Z
??2@YAPAXI@Z
memcpy
sprintf
_mbsicmp
atoi
_strcmpi
strlen
strcmp
exit
_adjust_fdiv
wcsstr
log
_mbscmp
strchr
_purecall
strncat
abs
strcat
_ultoa
strcpy
memset
__p__commode
__p__fmode
__set_app_type
_controlfp
_except_handler3
__setusermatherr

comctl32

CreateToolbarEx
ImageList_Create
ImageList_AddMasked
ImageList_SetImageCount
ord17
ImageList_ReplaceIcon
ord6

rpcrt4

UuidFromStringA

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
GetModuleHandleA
ExitProcess
GetCurrentProcessId
ReadProcessMemory
GetCurrentProcess
GetStdHandle
GetPrivateProfileIntA
EnumResourceNamesA
WritePrivateProfileStringA
GetComputerNameA
GetFileSize
CreateFileA
GlobalUnlock
GlobalLock
GetTempPathA
GlobalAlloc
CloseHandle
FindResourceA
LoadResource
EnumResourceTypesA
SizeofResource
LockResource
DeleteFileA
OpenProcess
GetStartupInfoA
GetPrivateProfileStringA
MultiByteToWideChar
WideCharToMultiByte
ExpandEnvironmentStringsA
LocalFree
WriteFile
GetPrivateProfileSectionA
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleFileNameA
FindFirstFileA
FindNextFileA
SetFilePointer
GetLastError
LoadLibraryExA
GetFileAttributesA
GetTempFileNameA
FindClose
FormatMessageA
GetWindowsDirectoryA
ReadFile
GetVersionExA

user32

GetClassNameA
TrackPopupMenu
PostMessageA
GetFocus
DispatchMessageA
DrawTextExA
IsDialogMessageA
GetMessageA
TranslateMessage
RegisterWindowMessageA
PostQuitMessage
GetWindowTextA
GetMenuItemInfoA
EnumChildWindows
DestroyMenu
GetDlgCtrlID
DialogBoxParamA
ShowWindow
SetCursor
LoadCursorA
ChildWindowFromPoint
GetSysColorBrush
EndDialog
GetDlgItem
CreateWindowExA
InvalidateRect
SetDlgItemInt
BeginPaint
GetClientRect
GetWindow
SetDlgItemTextA
DrawFrameControl
GetDlgItemTextA
SendDlgItemMessageA
SetWindowTextA
GetWindowRect
GetSystemMetrics
GetDlgItemInt
DeferWindowPos
EndPaint
DefWindowProcA
TranslateAcceleratorA
MessageBoxA
GetWindowPlacement
RegisterClassA
UpdateWindow
SetMenu
LoadAcceleratorsA
SetWindowPos
SendMessageA
LoadIconA
GetWindowLongA
SetWindowLongA
SetFocus
BeginDeferWindowPos
EndDeferWindowPos
CheckMenuItem
GetMenuItemCount
SetClipboardData
GetMenuStringA
EnableWindow
DestroyWindow
GetCursorPos
LoadImageA
GetSysColor
MapWindowPoints
GetMenu
CloseClipboard
GetParent
OpenClipboard
GetDC
EmptyClipboard
MoveWindow
GetSubMenu
EnableMenuItem
ReleaseDC
LoadMenuA
LoadStringA
CreateDialogParamA
ModifyMenuA

gdi32

GetDeviceCaps
SetTextColor
CreateFontIndirectA
SetBkMode
DeleteObject
GetTextExtentPoint32A
SetBkColor
SelectObject

comdlg32

GetOpenFileNameA
GetSaveFileNameA
FindTextA

advapi32

RegEnumKeyA
RegEnumKeyExA
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
GetUserNameA
RegCloseKey

shell32

SHGetPathFromIDListA
SHGetMalloc
SHBrowseForFolderA
ShellExecuteA

ole32

CoInitialize
CoTaskMemFree
CoUninitialize

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
MIMIMI/mimikatz/passrecpk/mspass.cfg
MIMIMI/mimikatz/passrecpk/mspass.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 76KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 59KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
MIMIMI/mimikatz/passrecpk/netpass.exe
.exe windows x86

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/09/2014, 00:00

Not After

12/09/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

bd:1b:1e:45:0b:bd:d5:df:88:67:8e:7d:da:22:3d:17
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

30/03/2016, 00:00

Not After

30/06/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

34:ee:ce:55:0e:17:95:a4:f8:7c:90:16:d5:d0:07:9a:4d:14:3f:e3:40:d2:34:ad:6d:7b:83:c3:75:4c:94:f0
Signer

Actual PE Digest

34:ee:ce:55:0e:17:95:a4:f8:7c:90:16:d5:d0:07:9a:4d:14:3f:e3:40:d2:34:ad:6d:7b:83:c3:75:4c:94:f0

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

02/08/2016, 07:20
Valid: true

Chain 1

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

b1:39:77:59:aa:ea:b6:26:f5:cf:c8:44:20:16:d8:08:e5:8b:4d:72
Signer

Actual PE Digest

b1:39:77:59:aa:ea:b6:26:f5:cf:c8:44:20:16:d8:08:e5:8b:4d:72

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

02/08/2016, 07:20
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 35KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
MIMIMI/mimikatz/passrecpk/netpass64.cfg
MIMIMI/mimikatz/passrecpk/netpass64.exe
.exe windows x64

23f3b457054ba53b07f4aab58d53a431

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/09/2014, 00:00

Not After

12/09/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

bd:1b:1e:45:0b:bd:d5:df:88:67:8e:7d:da:22:3d:17
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

30/03/2016, 00:00

Not After

30/06/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

ba:01:48:8f:b3:1d:e0:34:57:eb:42:9b:72:39:84:b4:86:5f:c8:dd:85:a8:1e:66:f8:93:75:a4:11:56:f1:21
Signer

Actual PE Digest

ba:01:48:8f:b3:1d:e0:34:57:eb:42:9b:72:39:84:b4:86:5f:c8:dd:85:a8:1e:66:f8:93:75:a4:11:56:f1:21

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

02/08/2016, 07:20
Valid: true

Chain 1

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

56:aa:7f:1f:d9:8d:6c:d7:42:43:1a:3e:a6:68:27:61:12:a5:c1:7e
Signer

Actual PE Digest

56:aa:7f:1f:d9:8d:6c:d7:42:43:1a:3e:a6:68:27:61:12:a5:c1:7e

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

02/08/2016, 07:20
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_initterm
__getmainargs
_acmdln
exit
_cexit
_exit
_c_exit
_XcptFilter
__C_specific_handler
_onexit
__dllonexit
_strlwr
_purecall
__setusermatherr
_memicmp
strchr
strrchr
_strcmpi
malloc
free
strtoul
strcmp
_snprintf
memcmp
_commode
_fmode
__set_app_type
??2@YAPEAX_K@Z
??3@YAXPEAX@Z
_strnicmp
wcscpy
wcschr
wcsncmp
_mbsicmp
log
strlen
memcpy
abs
wcslen
_mbscmp
strcpy
memset
_itoa
sprintf
strcat
strncat

comctl32

ImageList_Create
ImageList_SetImageCount
CreateToolbarEx
ord6
ImageList_AddMasked
ord17
ImageList_ReplaceIcon

kernel32

ExitProcess
GetCurrentProcessId
GetCurrentProcess
DeleteFileA
EnumResourceNamesA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
MultiByteToWideChar
FormatMessageA
GetSystemDirectoryA
LockResource
ReadFile
GetTempPathA
GetTimeFormatA
CreateRemoteThread
SizeofResource
EnumResourceTypesA
GetStartupInfoA
CloseHandle
FreeLibrary
GetProcAddress
LoadLibraryA
WideCharToMultiByte
CompareFileTime
FileTimeToLocalFileTime
GetModuleHandleA
GetFileSize
VirtualAllocEx
LocalFree
OpenProcess
WriteProcessMemory
ResumeThread
VirtualFreeEx
ReadProcessMemory
WaitForSingleObject
GetLastError
LocalAlloc
FileTimeToSystemTime
GetModuleFileNameA
CreateFileA
GetWindowsDirectoryA
FindNextFileA
FindResourceA
GetDateFormatA
GlobalUnlock
WriteFile
LoadLibraryExA
FindFirstFileA
GlobalAlloc
LoadResource
GetTempFileNameA
GetFileAttributesA
FindClose
GetVersionExA
GlobalLock

user32

GetMessageA
RegisterWindowMessageA
EndDeferWindowPos
GetFocus
DrawTextExA
IsDialogMessageA
DispatchMessageA
TranslateMessage
PostQuitMessage
BeginDeferWindowPos
TrackPopupMenu
GetSysColorBrush
ShowWindow
SetCursor
LoadCursorA
MessageBoxA
GetDlgItem
CreateWindowExA
InvalidateRect
SetDlgItemInt
GetClientRect
SetDlgItemTextA
GetDlgItemTextA
SetWindowTextA
GetSystemMetrics
DeferWindowPos
SendDlgItemMessageA
GetWindowRect
GetDlgItemInt
EndDialog
TranslateAcceleratorA
GetWindowPlacement
SendMessageA
RegisterClassA
UpdateWindow
PostMessageA
SetMenu
LoadAcceleratorsA
SetWindowPos
DefWindowProcA
LoadImageA
LoadIconA
GetWindowLongA
SetWindowLongA
SetFocus
GetDC
GetSysColor
CheckMenuItem
SetClipboardData
EnableWindow
EmptyClipboard
MapWindowPoints
EnableMenuItem
ReleaseDC
OpenClipboard
GetClassNameA
CloseClipboard
GetMenuItemCount
GetSubMenu
GetMenuStringA
GetMenu
GetCursorPos
MoveWindow
GetWindowTextA
LoadMenuA
GetParent
ModifyMenuA
LoadStringA
DialogBoxParamA
GetDlgCtrlID
DestroyMenu
CreateDialogParamA
DestroyWindow
EnumChildWindows
GetMenuItemInfoA
ChildWindowFromPoint

gdi32

GetStockObject
GetTextExtentPoint32A
SetBkColor
GetDeviceCaps
SelectObject
SetTextColor
CreateFontIndirectA
SetBkMode
DeleteObject

comdlg32

FindTextA
GetSaveFileNameA

advapi32

RegDeleteKeyA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA

shell32

SHGetMalloc
SHBrowseForFolderA
ShellExecuteA
SHGetPathFromIDListA

ole32

CoInitialize
CoUninitialize

Sections

.text
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
MIMIMI/mimikatz/passrecpk/pspv.exe
.exe windows x86

a625442ad6eaa488d197846f8b30467b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesA
GetModuleFileNameA
GetTempPathA
FreeLibrary
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
LoadLibraryA
GetVersionExA
MultiByteToWideChar
GetProcAddress
DeleteFileA
GetStartupInfoA
GetModuleHandleA
GetWindowsDirectoryA
GetTempFileNameA
EnumResourceNamesA
WideCharToMultiByte
CreateFileA
WriteFile
FormatMessageA
GetLastError
SetFilePointer
ReadFile
GlobalLock
GlobalAlloc
GlobalUnlock
CloseHandle
LocalFree
GetFileSize

user32

TranslateMessage
DispatchMessageA
PostQuitMessage
TrackPopupMenu
IsDialogMessageA
TranslateAcceleratorA
DefWindowProcA
LoadIconA
RegisterWindowMessageA
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
PostMessageA
CreateWindowExA
ShowWindow
DestroyMenu
DestroyWindow
GetWindowTextA
CreateDialogParamA
GetDlgCtrlID
EnumChildWindows
GetClientRect
SetWindowPos
LoadMenuA
GetMenuItemCount
GetMenuItemInfoA
ModifyMenuA
UpdateWindow
GetMessageA
GetMenuStringA
GetWindowLongA
GetWindowRect
GetCursorPos
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
CheckMenuItem
GetMenu
GetSubMenu
EnableMenuItem
MessageBoxA
SetFocus
DialogBoxParamA
ChildWindowFromPoint
GetDlgItem
LoadCursorA
SetCursor
GetSysColorBrush
EndDialog
SetDlgItemTextA
SendMessageA
LoadAcceleratorsA
GetWindowPlacement
GetSystemMetrics
LoadStringA
SetWindowLongA
SetMenu
RegisterClassA

gdi32

SetTextColor
CreateFontIndirectA
DeleteObject
SetBkMode

comdlg32

GetOpenFileNameA
GetSaveFileNameA
FindTextA

advapi32

RegSetValueExA
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA
RegEnumKeyExA
RegEnumValueA

shell32

ShellExecuteA

ole32

CoTaskMemFree

comctl32

ImageList_ReplaceIcon
ImageList_SetImageCount
ImageList_Create
CreateToolbarEx
ord6
InitCommonControlsEx

msvcrt

free
__dllonexit
strrchr
strchr
??2@YAPAXI@Z
??3@YAXPAX@Z
strcmp
strncmp
strcpy
__p__commode
strcat
sprintf
__CxxFrameHandler
__set_app_type
_onexit
_exit
malloc
memcpy
__getmainargs
_strcmpi
_memicmp
__p__fmode
_acmdln
_adjust_fdiv
_initterm
__setusermatherr
memcmp
_except_handler3
strlen
_itoa
strncat
_CxxThrowException
??1type_info@@UAE@XZ
_controlfp
_strnicmp
memset
exit
_XcptFilter

oleaut32

GetErrorInfo

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
MIMIMI/mimikatz/passrecpk/rdpv.cfg
MIMIMI/mimikatz/passrecpk/rdpv.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

CODE Size: 392KB - Virtual size: 391KB

DATA Size: 5KB - Virtual size: 4KB

BSS Size: - Virtual size: 3KB

.idata Size: 9KB - Virtual size: 8KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 29KB - Virtual size: 29KB

.rsrc Size: 37KB - Virtual size: 37KB

516b1be091cf42d5bde1f47ba6a5a81f

Headers

File Characteristics

Imports

msvcrt

comctl32

version

kernel32

user32

gdi32

comdlg32

shell32

Sections

.text Size: 316KB - Virtual size: 316KB

.rdata Size: 43KB - Virtual size: 43KB

.data Size: 7KB - Virtual size: 25KB

.rsrc Size: 22KB - Virtual size: 22KB

afd1ea827e09162133fb1936031cdc40

Headers

DLL Characteristics

File Characteristics

Imports

version

wininet

comctl32

msvcrt

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 465KB - Virtual size: 464KB

.rdata Size: 74KB - Virtual size: 74KB

.data Size: 8KB - Virtual size: 26KB

.pdata Size: 20KB - Virtual size: 19KB

.rsrc Size: 31KB - Virtual size: 31KB

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 580KB

UPX1 Size: 343KB - Virtual size: 344KB

.rsrc Size: 64KB - Virtual size: 68KB

25862203800205f80fd8b3a6634ea1c6

Code Sign

11:21:69:41:7a:1c:3e:f4:6a:30:1f:99:38:5f:50:68:0f:a0Certificate

Extended Key Usages

Key Usages

75:1e:3e:e9:c5:dc:2f:3e:8f:04:e5:9d:ee:5e:d4:09Certificate

Extended Key Usages

Key Usages

61:0b:7f:6b:00:00:00:00:00:19Certificate

Key Usages

5b:aa:6d:09:45:6d:63:63:1b:10:4d:d6:30:ee:0e:db:55:04:13:daSigner

Signature Validations

Verification

15/09/2022, 14:52 Valid: false

Headers

File Characteristics

Imports

ntoskrnl.exe

CODE
Size: 392KB - Virtual size: 391KB

DATA
Size: 5KB - Virtual size: 4KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 9KB - Virtual size: 8KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 29KB - Virtual size: 29KB

.rsrc
Size: 37KB - Virtual size: 37KB

.text
Size: 316KB - Virtual size: 316KB

.rdata
Size: 43KB - Virtual size: 43KB

.data
Size: 7KB - Virtual size: 25KB

.rsrc
Size: 22KB - Virtual size: 22KB

.text
Size: 465KB - Virtual size: 464KB

.rdata
Size: 74KB - Virtual size: 74KB

.data
Size: 8KB - Virtual size: 26KB

.pdata
Size: 20KB - Virtual size: 19KB

.rsrc
Size: 31KB - Virtual size: 31KB

UPX0
Size: - Virtual size: 580KB

UPX1
Size: 343KB - Virtual size: 344KB

.rsrc
Size: 64KB - Virtual size: 68KB

11:21:69:41:7a:1c:3e:f4:6a:30:1f:99:38:5f:50:68:0f:a0
Certificate

75:1e:3e:e9:c5:dc:2f:3e:8f:04:e5:9d:ee:5e:d4:09
Certificate

61:0b:7f:6b:00:00:00:00:00:19
Certificate

5b:aa:6d:09:45:6d:63:63:1b:10:4d:d6:30:ee:0e:db:55:04:13:da
Signer

15/09/2022, 14:52
Valid: false

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 5KB - Virtual size: 5KB

PAGE
Size: 1024B - Virtual size: 614B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB

0f:10:c0:55:a6:79:3b:59:c7:d8:f5:2d:64:b3:98:8d
Certificate

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

f1:64:25:8c:09:b6:e2:7b:e2:0e:32:60:8e:4b:f4:a8
Certificate

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

0f:10:c0:55:a6:79:3b:59:c7:d8:f5:2d:64:b3:98:8d
Certificate

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

f1:64:25:8c:09:b6:e2:7b:e2:0e:32:60:8e:4b:f4:a8
Certificate

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

26:c4:63:f1:5b:51:8f:9d:18:5e:b3:f3:1f:30:81:15:4e:26:8d:b6:87:d4:c1:fa:45:45:8d:f5:ac:a6:9b:cd
Signer

15/09/2022, 14:52
Valid: false

92:e5:5f:17:b1:ee:ba:6a:77:97:4b:d7:9b:5c:ef:1d:91:77:5d:a0
Signer

15/09/2022, 14:52
Valid: false