Installer[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

Installer.rar
Size

10.5MB
MD5

4c367abb5cb6d0ca329fb6936d159da0
SHA1

510ae3acc22b8b8bb4dcf9b3cd627229096a8ab0
SHA256

8b60c0e7d6241f662be73c8a2e99fd5e8928344b88ad2bcff59e89e6317129b2
SHA512

506449ca0afc22aa9fe0d67dfcf43d0997eb48ccb795cd77fc67866435c9fbc068126a34a4e331e9b0c1fd11187a2d59234cdb0d54cd987b5d431ddca09c4d51
SSDEEP

196608:+/4UJOXVtCG7EUJZVt6NfOCqufxPwiBEitZ8Ck1W3Mw4M+1aPwpbp/K:kd+JYNRP7aylv3v4Mmaolp/K

Score

N/A

Malware Config

Signatures

Files

Installer.rar
.rar

Password: setup
Set-up.exe
.exe windows x86

Password: setup

b5af53b96a03972def1a5f287c0c1d5c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

ole32

CoInitialize

user32

CharUpperBuffW

Sections

.text
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.|,A
Size: - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.^Y<
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.@U+
Size: 5.9MB - Virtual size: 5.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 393KB - Virtual size: 393KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
packages/LetterEngine.pdb
packages/x64/SQLite.Interop.dll
.dll windows x64

Password: setup

a42f73521c784fa06f1d886fcbcefcba

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:0c:c7:2c:cf:31:ae:9b:2e:36:41:0a:d0:ee:98:92
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

01/10/2021, 00:00

Not After

12/12/2024, 23:59

Subject

SERIALNUMBER=364617-96,CN=Mistachkin Systems (Joseph Mistachkin),O=Mistachkin Systems (Joseph Mistachkin),L=Beaverton,ST=Oregon,C=US,1.3.6.1.4.1.311.60.2.1.2=#13064f7265676f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#130f427573696e65737320456e74697479

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:0c:c7:2c:cf:31:ae:9b:2e:36:41:0a:d0:ee:98:92
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

01/10/2021, 00:00

Not After

12/12/2024, 23:59

Subject

SERIALNUMBER=364617-96,CN=Mistachkin Systems (Joseph Mistachkin),O=Mistachkin Systems (Joseph Mistachkin),L=Beaverton,ST=Oregon,C=US,1.3.6.1.4.1.311.60.2.1.2=#13064f7265676f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#130f427573696e65737320456e74697479

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

3e:e8:ad:96:a2:e1:d0:66:85:77:ae:c2:41:dc:ef:f3:d5:76:58:fd
Signer

Actual PE Digest

3e:e8:ad:96:a2:e1:d0:66:85:77:ae:c2:41:dc:ef:f3:d5:76:58:fd

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=364617-96,CN=Mistachkin Systems (Joseph Mistachkin),O=Mistachkin Systems (Joseph Mistachkin),L=Beaverton,ST=Oregon,C=US,1.3.6.1.4.1.311.60.2.1.2=#13064f7265676f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#130f427573696e65737320456e74697479

02/11/2021, 17:47
Valid: true

Chain 1

SERIALNUMBER=364617-96,CN=Mistachkin Systems (Joseph Mistachkin),O=Mistachkin Systems (Joseph Mistachkin),L=Beaverton,ST=Oregon,C=US,1.3.6.1.4.1.311.60.2.1.2=#13064f7265676f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#130f427573696e65737320456e74697479

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

StrongNameSignatureVerificationEx
StrongNameTokenFromAssembly
StrongNameFreeBuffer
CorBindToRuntimeEx
StrongNameErrorInfo

wintrust

WinVerifyTrust

kernel32

TryEnterCriticalSection
HeapCreate
HeapFree
EnterCriticalSection
GetFullPathNameW
lstrlenW
WriteFile
GetDiskFreeSpaceW
OutputDebugStringA
GetModuleFileNameW
SetEnvironmentVariableW
LockFile
LeaveCriticalSection
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
GetEnvironmentVariableW
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
WaitForSingleObject
CreateFileW
GetFileAttributesW
GetCurrentThreadId
UnmapViewOfFile
HeapValidate
HeapSize
MultiByteToWideChar
Sleep
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetLastError
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
ReadFile
CreateFileA
LoadLibraryA
lstrcatW
WaitForSingleObjectEx
DeleteFileA
DeleteFileW
HeapReAlloc
CloseHandle
GetSystemInfo
LoadLibraryW
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
GetProcAddress
CreateFileMappingA
LocalFree
LockFileEx
GetFileSize
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
SystemTimeToFileTime
GetModuleHandleW
FreeLibrary
WideCharToMultiByte
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
WriteConsoleW
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
FreeEnvironmentStringsW
GetEnvironmentStringsW
AreFileApisANSI
SetEnvironmentVariableA
RaiseException
SetStdHandle
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushViewOfFile
lstrcmpiW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwindEx
InterlockedFlushSList
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameA
CompareStringW
LCMapStringW
GetACP
GetTimeZoneInformation
GetStringTypeW
GetStdHandle
GetFileType
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW

user32

wsprintfW

advapi32

CryptAcquireContextW
CryptEncrypt
CryptDecrypt
CryptCreateHash
CryptDeriveKey
CryptHashData
CryptDestroyHash
CryptReleaseContext
CryptDestroyKey

Exports

Exports

SI00b5de0dbe05adc8
SI00f2097672333949
SI013768ea228eaf06
SI03ee1370ff2172fd
SI050169b0f137dcac
SI061f9351f6b79d40
SI066df4a47deb7b95
SI075258fe7332f5c9
SI07646c0ac405baf1
SI0a8f1a0337a9feb7
SI0b65268e19d3b81d
SI0e7c9abcb195c68c
SI0f556a49067bf550
SI0fe7fecb92f1b44b
SI12409cae6ddf2f1e
SI12a7c0808f3f99f2
SI150953dc62f0a879
SI1527d54f96ad891e
SI15d5f41c81892f13
SI19b2677a019ab7ab
SI1ae480d1861ed022
SI1bc1bc471c8cd143
SI1c7a7970970b9619
SI21d24eac30bb9014
SI23e7cf9c8e559e93
SI2409c7e1eb500ce9
SI24bb313f312e2857
SI24f5c83eaddd65e8
SI252aeb4a9d3dc2ff
SI2b074e8cf29cb472
SI2b5f6f3d24eb7ba3
SI2bc16556d60ccfcd
SI2c7820fd77bf7594
SI31a566678d8c54ab
SI327cfc7a6b1fd1fb
SI32b0162a49ae8729
SI349980d776ee39ac
SI36ddf861177da59c
SI36e67160052f7f69
SI3723ba2973e3b57b
SI3974af1f94b94613
SI3d45b939740dff51
SI3d527d6e902c8427
SI3efc17e9bbe52434
SI3f596ca698b243fc
SI3f8b1cdb4dc92eff
SI45d842f2d2322061
SI462a496f3247faf2
SI46481015c7f49c68
SI4983499b64278231
SI4987aea8bdedf163
SI4abff63f9a080046
SI4bf5a93645714882
SI4ceb9ee614df7639
SI4fb6877896ef7303
SI50a9b553ac0b2e2a
SI52058dea2268cd04
SI546abd8b90c0f48d
SI568a7d0a1f4d0ff4
SI57335d3e329eea8d
SI5887bf867911838d
SI588da80b6a264802
SI5b2b3e8bff031a75
SI5b7374ef2d63d8eb
SI5c7fb49466251e7d
SI609efcf96ea8408a
SI61a330d2e855b61b
SI633e1c91fb9a8aa1
SI64119fb980b7e962
SI6479b9cf07b87f67
SI674c3bc07fc17979
SI6901b186cfd089f2
SI690ffdcfd9cda629
SI69d8a1d378771295
SI6cfa851319f410c1
SI6d14611bb8b2c8bc
SI6e539204336d5b4b
SI6e6c544c028b2de9
SI70e4ec628dd7e188
SI7164645d0504ae24
SI72621cc08869a205
SI72b05b1ad5f34d61
SI75fe921d50a95fe0
SI768767362ea03a94
SI77ffe3fede90bfbb
SI783104ea11038afc
SI79f6c64948ab63d2
SI7a4943591207dd14
SI7b97ee05aa1e64c7
SI7c373366af3ee2f7
SI7cd7250399b1ea60
SI7da3b9691a73b4a2
SI7f41c842e0d89557
SI8162bd921f89d839
SI824276b89178ecbe
SI83d1cf4976f57337
SI863e1ae0679961f5
SI87a11c29fe1dc17b
SI88974d2e6bd51eff
SI8a3a9f59ab5f24ee
SI8d447a033d183aaf
SI8d676d5954c732bc
SI8dd2c969f2a6a31e
SI8e33e5864c547f3f
SI9196a02c851acbfb
SI919f742193b92a4b
SI943321d364f02e5d
SI94d8f51c6c1db577
SI950480ab972e108d
SI9517b76a4f0b657e
SI9662fa92cee70cf1
SI979d7afd84d6f0ca
SI989b06a5a9b937fe
SI989b754accd7cddf
SI9bf461db9bf83c22
SI9c6d7cd7b7d38055
SI9cb7692f61998485
SI9ea49276dcf9849f
SIa069da76968b7553
SIa0f9dd1158cbfb0c
SIa1d7e21a548b910c
SIa26b8e5116b7d93b
SIa2a6050a8dbd3b7a
SIa3401e98cbad673e
SIa3f7b31190ce0815
SIa618e7f1e95b5c32
SIa62692883d0c456a
SIa8e1a742a358dc07
SIa9b758d3ae2e9aea
SIab3ed5feb3c43f0c
SIada7f27769d7f95b
SIae9562605f0b7c06
SIb391996b7b633820
SIb3f045f05d2d1b0e
SIb4089165600bb7f5
SIb4e97c410be9a2cf
SIb6d52d8cb2f1045a
SIb739af05c351a5b0
SIb84ee16d149e7562
SIb94a6bc97d77e69f
SIbc9b0b73a965892b
SIbff6307869d58daf
SIc001296960f3e921
SIc0bb4eab77f5a999
SIc21d402df09e0c69
SIc26100c97b176329
SIc28b5d2d1f102994
SIc2d8715ee8c9e908
SIc38599462746964c
SIc3b0ae4f7a27b7a8
SIc5d5610a73781fac
SIc8c63d94dd03040b
SIca6f27da046939cc
SIcbf931747ce28d75
SIcc134e65c80c0c61
SIcd2334250b08e199
SIcd6b4ac0aeff7202
SId00f524badf4f5cf
SId6deafdcc0c75049
SId99ac2a61d035e11
SIdba35b6dcb77d463
SIdbbe1b52f304f379
SIdc2e4e1ccfa9a043
SIdc6920f226dceb74
SIdca7c218fe9393fb
SIde347320a2d725fa
SIdeb28053ce71d5b4
SIdfd4d81e1791b463
SIe25e8f29ef2a78eb
SIe2cb515ade8c0235
SIe57aa77c8884d3f9
SIe6405dfd7b63ead9
SIe68a75d48671c8a5
SIe7632ce587b97772
SIea4313bfab0cfe57
SIea8388f7613ed158
SIec91f505db92f298
SIecd4a7ef4a5968a1
SIeea5cda6d9846aa5
SIef12447577961bdf
SIf060fffd3e5c94b5
SIf21356bf3fa1a8ef
SIf216ef3874529d42
SIf356c1132676af25
SIf4199c70bfb81a15
SIf499bb5c421377e7
SIf71b64d343ddea8b
SIf8090240c1414098
SIf8364af380546f2d
SIf86df75514f4442f
SIf8a71e249d9c661f
SIf8b1716e85b0e192
SIf8ee6276be88ce12
SIfc350ae509dc2b53
SIfca3960780d005fa
SIfcfad09d1b0a60ec
SIfd52d1389825aac4
SIfdb97bb7d9d0d622
sqlite3_cryptoapi_init
sqlite3_fts5_init
sqlite3_fts_init
sqlite3_json_init
sqlite3_percentile_init
sqlite3_regexp_init
sqlite3_sha_init
sqlite3_totype_init
sqlite3_vtshim_init

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 263KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
packages/x86/SQLite.Interop.dll
.dll windows x86

Password: setup

39ace63b362beb47a2a7a8202a5c4f2d

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:0c:c7:2c:cf:31:ae:9b:2e:36:41:0a:d0:ee:98:92
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

01/10/2021, 00:00

Not After

12/12/2024, 23:59

Subject

SERIALNUMBER=364617-96,CN=Mistachkin Systems (Joseph Mistachkin),O=Mistachkin Systems (Joseph Mistachkin),L=Beaverton,ST=Oregon,C=US,1.3.6.1.4.1.311.60.2.1.2=#13064f7265676f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#130f427573696e65737320456e74697479

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:0c:c7:2c:cf:31:ae:9b:2e:36:41:0a:d0:ee:98:92
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

01/10/2021, 00:00

Not After

12/12/2024, 23:59

Subject

SERIALNUMBER=364617-96,CN=Mistachkin Systems (Joseph Mistachkin),O=Mistachkin Systems (Joseph Mistachkin),L=Beaverton,ST=Oregon,C=US,1.3.6.1.4.1.311.60.2.1.2=#13064f7265676f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#130f427573696e65737320456e74697479

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

18:28:ac:13:a6:25:5d:21:f8:30:42:d7:18:8e:57:cb:ff:65:3f:df
Signer

Actual PE Digest

18:28:ac:13:a6:25:5d:21:f8:30:42:d7:18:8e:57:cb:ff:65:3f:df

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=364617-96,CN=Mistachkin Systems (Joseph Mistachkin),O=Mistachkin Systems (Joseph Mistachkin),L=Beaverton,ST=Oregon,C=US,1.3.6.1.4.1.311.60.2.1.2=#13064f7265676f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#130f427573696e65737320456e74697479

02/11/2021, 17:46
Valid: true

Chain 1

SERIALNUMBER=364617-96,CN=Mistachkin Systems (Joseph Mistachkin),O=Mistachkin Systems (Joseph Mistachkin),L=Beaverton,ST=Oregon,C=US,1.3.6.1.4.1.311.60.2.1.2=#13064f7265676f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#130f427573696e65737320456e74697479

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

StrongNameSignatureVerificationEx
StrongNameTokenFromAssembly
StrongNameFreeBuffer
CorBindToRuntimeEx
StrongNameErrorInfo

wintrust

WinVerifyTrust

kernel32

TryEnterCriticalSection
HeapCreate
HeapFree
EnterCriticalSection
GetFullPathNameW
lstrlenW
WriteFile
GetDiskFreeSpaceW
OutputDebugStringA
GetModuleFileNameW
SetEnvironmentVariableW
LockFile
LeaveCriticalSection
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
GetEnvironmentVariableW
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
WaitForSingleObject
CreateFileW
GetFileAttributesW
GetCurrentThreadId
UnmapViewOfFile
HeapValidate
HeapSize
MultiByteToWideChar
Sleep
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetLastError
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
ReadFile
CreateFileA
LoadLibraryA
lstrcatW
WaitForSingleObjectEx
DeleteFileA
DeleteFileW
HeapReAlloc
CloseHandle
GetSystemInfo
LoadLibraryW
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
GetProcAddress
CreateFileMappingA
LocalFree
LockFileEx
GetFileSize
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
SystemTimeToFileTime
GetModuleHandleW
FreeLibrary
WideCharToMultiByte
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
WriteConsoleW
lstrcmpiW
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
SetEnvironmentVariableA
AreFileApisANSI
DecodePointer
SetStdHandle
RaiseException
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushViewOfFile
MapViewOfFile
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
InterlockedFlushSList
RtlUnwind
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameA
CompareStringW
LCMapStringW
GetACP
GetTimeZoneInformation
GetStringTypeW
GetStdHandle
GetFileType
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW

user32

wsprintfW

advapi32

CryptAcquireContextW
CryptEncrypt
CryptDecrypt
CryptCreateHash
CryptDeriveKey
CryptHashData
CryptDestroyHash
CryptReleaseContext
CryptDestroyKey

Exports

Exports

SI00b5de0dbe05adc8
SI00f2097672333949
SI03ee1370ff2172fd
SI066df4a47deb7b95
SI07646c0ac405baf1
SI0a8f1a0337a9feb7
SI0e7c9abcb195c68c
SI12409cae6ddf2f1e
SI12a7c0808f3f99f2
SI150953dc62f0a879
SI1527d54f96ad891e
SI19b2677a019ab7ab
SI1ae480d1861ed022
SI1bc1bc471c8cd143
SI1c7a7970970b9619
SI21d24eac30bb9014
SI23e7cf9c8e559e93
SI2409c7e1eb500ce9
SI24bb313f312e2857
SI252aeb4a9d3dc2ff
SI2b5f6f3d24eb7ba3
SI2bc16556d60ccfcd
SI2c7820fd77bf7594
SI31a566678d8c54ab
SI327cfc7a6b1fd1fb
SI32b0162a49ae8729
SI36ddf861177da59c
SI36e67160052f7f69
SI3723ba2973e3b57b
SI3d45b939740dff51
SI3d527d6e902c8427
SI3efc17e9bbe52434
SI3f596ca698b243fc
SI3f8b1cdb4dc92eff
SI45d842f2d2322061
SI462a496f3247faf2
SI46481015c7f49c68
SI4983499b64278231
SI4987aea8bdedf163
SI4abff63f9a080046
SI4bf5a93645714882
SI4ceb9ee614df7639
SI4fb6877896ef7303
SI50a9b553ac0b2e2a
SI52058dea2268cd04
SI546abd8b90c0f48d
SI568a7d0a1f4d0ff4
SI588da80b6a264802
SI5b2b3e8bff031a75
SI5b7374ef2d63d8eb
SI5c7fb49466251e7d
SI609efcf96ea8408a
SI61a330d2e855b61b
SI633e1c91fb9a8aa1
SI674c3bc07fc17979
SI6901b186cfd089f2
SI69d8a1d378771295
SI6cfa851319f410c1
SI6d14611bb8b2c8bc
SI6e539204336d5b4b
SI70e4ec628dd7e188
SI7164645d0504ae24
SI72621cc08869a205
SI75fe921d50a95fe0
SI768767362ea03a94
SI783104ea11038afc
SI79f6c64948ab63d2
SI7f41c842e0d89557
SI8162bd921f89d839
SI824276b89178ecbe
SI83d1cf4976f57337
SI863e1ae0679961f5
SI87a11c29fe1dc17b
SI88974d2e6bd51eff
SI8a3a9f59ab5f24ee
SI8d447a033d183aaf
SI8d676d5954c732bc
SI8e33e5864c547f3f
SI9196a02c851acbfb
SI919f742193b92a4b
SI943321d364f02e5d
SI94d8f51c6c1db577
SI950480ab972e108d
SI9517b76a4f0b657e
SI9662fa92cee70cf1
SI979d7afd84d6f0ca
SI989b06a5a9b937fe
SI989b754accd7cddf
SI9c6d7cd7b7d38055
SI9cb7692f61998485
SIa069da76968b7553
SIa0f9dd1158cbfb0c
SIa26b8e5116b7d93b
SIa2a6050a8dbd3b7a
SIa3401e98cbad673e
SIa3f7b31190ce0815
SIa618e7f1e95b5c32
SIa62692883d0c456a
SIae9562605f0b7c06
SIb3f045f05d2d1b0e
SIb4089165600bb7f5
SIb4e97c410be9a2cf
SIb6d52d8cb2f1045a
SIb739af05c351a5b0
SIbc9b0b73a965892b
SIbff6307869d58daf
SIc001296960f3e921
SIc26100c97b176329
SIc28b5d2d1f102994
SIc38599462746964c
SIc3b0ae4f7a27b7a8
SIca6f27da046939cc
SIcbf931747ce28d75
SIcc134e65c80c0c61
SIcd6b4ac0aeff7202
SId6deafdcc0c75049
SId99ac2a61d035e11
SIdba35b6dcb77d463
SIdc2e4e1ccfa9a043
SIdc6920f226dceb74
SIde347320a2d725fa
SIdfd4d81e1791b463
SIe25e8f29ef2a78eb
SIe57aa77c8884d3f9
SIe6405dfd7b63ead9
SIe68a75d48671c8a5
SIe7632ce587b97772
SIea4313bfab0cfe57
SIea8388f7613ed158
SIec91f505db92f298
SIecd4a7ef4a5968a1
SIef12447577961bdf
SIf060fffd3e5c94b5
SIf21356bf3fa1a8ef
SIf216ef3874529d42
SIf356c1132676af25
SIf4199c70bfb81a15
SIf499bb5c421377e7
SIf71b64d343ddea8b
SIf8364af380546f2d
SIf86df75514f4442f
SIf8a71e249d9c661f
SIf8b1716e85b0e192
SIf8ee6276be88ce12
SIfc350ae509dc2b53
SIfca3960780d005fa
SIfd52d1389825aac4
SIfdb97bb7d9d0d622
_SI013768ea228eaf06@8
_SI050169b0f137dcac@12
_SI061f9351f6b79d40@8
_SI075258fe7332f5c9@0
_SI0b65268e19d3b81d@12
_SI0f556a49067bf550@8
_SI0fe7fecb92f1b44b@12
_SI15d5f41c81892f13@8
_SI24f5c83eaddd65e8@4
_SI2b074e8cf29cb472@16
_SI349980d776ee39ac@12
_SI3974af1f94b94613@12
_SI57335d3e329eea8d@12
_SI5887bf867911838d@12
_SI64119fb980b7e962@12
_SI6479b9cf07b87f67@8
_SI690ffdcfd9cda629@8
_SI6e6c544c028b2de9@4
_SI72b05b1ad5f34d61@12
_SI77ffe3fede90bfbb@32
_SI7a4943591207dd14@4
_SI7b97ee05aa1e64c7@12
_SI7c373366af3ee2f7@4
_SI7cd7250399b1ea60@4
_SI7da3b9691a73b4a2@12
_SI8dd2c969f2a6a31e@12
_SI9bf461db9bf83c22@8
_SI9ea49276dcf9849f@12
_SIa1d7e21a548b910c@4
_SIa8e1a742a358dc07@8
_SIa9b758d3ae2e9aea@12
_SIab3ed5feb3c43f0c@0
_SIada7f27769d7f95b@4
_SIb391996b7b633820@36
_SIb84ee16d149e7562@12
_SIb94a6bc97d77e69f@8
_SIc0bb4eab77f5a999@20
_SIc21d402df09e0c69@8
_SIc2d8715ee8c9e908@4
_SIc5d5610a73781fac@12
_SIc8c63d94dd03040b@44
_SIcd2334250b08e199@112
_SId00f524badf4f5cf@20
_SIdbbe1b52f304f379@4
_SIdca7c218fe9393fb@24
_SIdeb28053ce71d5b4@12
_SIe2cb515ade8c0235@12
_SIeea5cda6d9846aa5@12
_SIf8090240c1414098@4
_SIfcfad09d1b0a60ec@20
sqlite3_cryptoapi_init
sqlite3_fts5_init
sqlite3_fts_init
sqlite3_json_init
sqlite3_percentile_init
sqlite3_regexp_init
sqlite3_sha_init
sqlite3_totype_init
sqlite3_vtshim_init

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
products/AdonisUI.ClassicTheme.dll
.dll windows x86

Password: setup

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 284KB - Virtual size: 284KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
products/AdonisUI.ClassicTheme.xml
.xml
products/AdonisUI.dll
.dll windows x86

Password: setup

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
products/AdonisUI.xml
.xml
products/EntityFramework.SqlServer.xml
.xml
resources/BouncyCastle.Crypto.dll
.dll windows x86

Password: setup

dae02f32a21e03ce65412f6e56942daa

Code Sign

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:d7:ef:74:a9:ff:03:a2:20:b6:ed:bb:39:9d:14:c1
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/03/2020, 00:00

Not After

23/03/2023, 12:00

Subject

SERIALNUMBER=5101633,CN=Claire Novotny LLC,O=Claire Novotny LLC,L=New York,ST=New York,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13084e657720596f726b,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f6:a3:c5:7e:59:87:21:c6:7b:dd:bc:9b:b2:2d:4f:d1:d2:a5:cc:63:04:1d:78:fb:93:6c:0e:40:16:85:b2:61
Signer

Actual PE Digest

f6:a3:c5:7e:59:87:21:c6:7b:dd:bc:9b:b2:2d:4f:d1:d2:a5:cc:63:04:1d:78:fb:93:6c:0e:40:16:85:b2:61

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=5101633,CN=Claire Novotny LLC,O=Claire Novotny LLC,L=New York,ST=New York,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13084e657720596f726b,1.3.6.1.4.1.311.60.2.1.3=#13025553

19/10/2021, 11:53
Valid: true

Chain 1

SERIALNUMBER=5101633,CN=Claire Novotny LLC,O=Claire Novotny LLC,L=New York,ST=New York,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13084e657720596f726b,1.3.6.1.4.1.311.60.2.1.3=#13025553

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
resources/BouncyCastle.Crypto.xml
.xml
resources/EntityFramework.SqlServer.dll
.dll windows x86

Password: setup

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:37

Not After

02/05/2020, 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8e:c5:11:28:68:d6:51:bd:1d:88:7b:a2:95:b6:a4:1e:10:90:40:df:99:35:39:92:62:d9:0a:b7:28:af:67:62
Signer

Actual PE Digest

8e:c5:11:28:68:d6:51:bd:1d:88:7b:a2:95:b6:a4:1e:10:90:40:df:99:35:39:92:62:d9:0a:b7:28:af:67:62

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

23/09/2022, 10:47
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 566KB - Virtual size: 566KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
resources/EntityFramework.dll
.dll windows x86

Password: setup

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:37

Not After

02/05/2020, 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4b:23:17:75:a0:e1:0d:cf:78:75:af:e9:4d:d3:dd:b6:84:55:8d:90:dc:2a:e5:20:27:57:dd:97:7a:9e:24:5e
Signer

Actual PE Digest

4b:23:17:75:a0:e1:0d:cf:78:75:af:e9:4d:d3:dd:b6:84:55:8d:90:dc:2a:e5:20:27:57:dd:97:7a:9e:24:5e

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

23/09/2022, 10:47
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
resources/EntityFramework.xml
.xml
resources/LetterEngine.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 964B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: setup

Password: setup

b5af53b96a03972def1a5f287c0c1d5c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ole32

user32

Sections

.text Size: - Virtual size: 44KB

.rdata Size: - Virtual size: 8KB

.data Size: - Virtual size: 1KB

.CRT Size: - Virtual size: 4B

.|,A Size: - Virtual size: 3.3MB

.^Y< Size: 1024B - Virtual size: 864B

.@U+ Size: 5.9MB - Virtual size: 5.9MB

.rsrc Size: 393KB - Virtual size: 393KB

Password: setup

a42f73521c784fa06f1d886fcbcefcba

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:0c:c7:2c:cf:31:ae:9b:2e:36:41:0a:d0:ee:98:92Certificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:0c:c7:2c:cf:31:ae:9b:2e:36:41:0a:d0:ee:98:92Certificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

Signer

3e:e8:ad:96:a2:e1:d0:66:85:77:ae:c2:41:dc:ef:f3:d5:76:58:fdSigner

Signature Validations

Verification

02/11/2021, 17:47 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

wintrust

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 263KB - Virtual size: 263KB

.data Size: 17KB - Virtual size: 22KB

.pdata Size: 70KB - Virtual size: 70KB

.gfids Size: 512B - Virtual size: 156B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 5KB - Virtual size: 5KB

Password: setup

39ace63b362beb47a2a7a8202a5c4f2d

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

.text
Size: - Virtual size: 44KB

.rdata
Size: - Virtual size: 8KB

.data
Size: - Virtual size: 1KB

.CRT
Size: - Virtual size: 4B

.|,A
Size: - Virtual size: 3.3MB

.^Y<
Size: 1024B - Virtual size: 864B

.@U+
Size: 5.9MB - Virtual size: 5.9MB

.rsrc
Size: 393KB - Virtual size: 393KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:0c:c7:2c:cf:31:ae:9b:2e:36:41:0a:d0:ee:98:92
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:0c:c7:2c:cf:31:ae:9b:2e:36:41:0a:d0:ee:98:92
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

3e:e8:ad:96:a2:e1:d0:66:85:77:ae:c2:41:dc:ef:f3:d5:76:58:fd
Signer

02/11/2021, 17:47
Valid: true

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 263KB - Virtual size: 263KB

.data
Size: 17KB - Virtual size: 22KB

.pdata
Size: 70KB - Virtual size: 70KB

.gfids
Size: 512B - Virtual size: 156B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 5KB - Virtual size: 5KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:0c:c7:2c:cf:31:ae:9b:2e:36:41:0a:d0:ee:98:92
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:0c:c7:2c:cf:31:ae:9b:2e:36:41:0a:d0:ee:98:92
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

18:28:ac:13:a6:25:5d:21:f8:30:42:d7:18:8e:57:cb:ff:65:3f:df
Signer

02/11/2021, 17:46
Valid: true

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 162KB - Virtual size: 161KB

.data
Size: 10KB - Virtual size: 13KB

.gfids
Size: 512B - Virtual size: 168B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 34KB - Virtual size: 34KB

.text
Size: 284KB - Virtual size: 284KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 161KB - Virtual size: 161KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B