641563c1667851ff6075c34741dd91fc08f0bee69df47eba661b7373d808673f

Sharing

Copy URL Twitter E-mail

General

Target

641563c1667851ff6075c34741dd91fc08f0bee69df47eba661b7373d808673f
Size

4.9MB
MD5

cda8b29d143b28facfdf8766ea339023
SHA1

b5e84897ce499f3cecb1605e28288a9284c81e5e
SHA256

641563c1667851ff6075c34741dd91fc08f0bee69df47eba661b7373d808673f
SHA512

5ce570ea3e1413cccd1d19d6d946dcb12232b5d7d5150cbbc9d15ddabbd360512f330ae30c32d6893a114f12f0adfc5f3a8224e69ffd8b1bbb4a5f2d30ba1d46
SSDEEP

98304:5TM7VaAQQ8mpYC2t9ExFLQ1BRp0/h6Y5FiIv1LgBDRjjtEcc31jbchK4uMa3Y2Ye:BMkAQqewxxQ1p0p6EiIv1UhRjjtEF3tD

Score

1^/10

Malware Config

Signatures

NSIS installer 2 IoCs

installer

resource	yara_rule
static1/unpack001/UninstallToolPortable.exe	nsis_installer_1
static1/unpack001/UninstallToolPortable.exe	nsis_installer_2

Files

641563c1667851ff6075c34741dd91fc08f0bee69df47eba661b7373d808673f
.rar
App/Uninstall Tool/License.dat
App/Uninstall Tool/RemoveService.cmd
App/Uninstall Tool/StartUninstallTool.bat
App/Uninstall Tool/UninstallTool.exe
.exe windows x86

c42b0c1f41e0605c4616086c8aef5ed6

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

23:e8:29:0d:71:95:04:18:c0:08:59:7e:42:f7:48:1b
Certificate

Issuer

CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL

Not Before

22/10/2008, 12:07

Not After

30/12/2025, 23:59

Subject

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29/10/2015, 11:30

Not After

09/06/2027, 11:30

Subject

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:18:e4:04:4b:5a:b7:74:fc:aa:9d:61:bd:8e:83:b4
Certificate

Issuer

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29/06/2018, 13:44

Not After

23/01/2020, 20:43

Subject

CN=CrystalBit Solutions,O=CrystalBit Solutions,C=BE,1.2.840.113549.1.9.1=#0c17737570706f7274406372797374616c696465612e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

93:92:85:40:01:65:71:5f:94:7f:28:8f:ef:c9:9b:28
Certificate

Issuer

CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL

Not Before

22/10/2008, 12:07

Not After

10/06/2027, 10:46

Subject

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29/10/2015, 11:30

Not After

09/06/2027, 11:30

Subject

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:18:e4:04:4b:5a:b7:74:fc:aa:9d:61:bd:8e:83:b4
Certificate

Issuer

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29/06/2018, 13:44

Not After

23/01/2020, 20:43

Subject

CN=CrystalBit Solutions,O=CrystalBit Solutions,C=BE,1.2.840.113549.1.9.1=#0c17737570706f7274406372797374616c696465612e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:66:0e:95:ab:71:4d:1c:71:cf:9c:87:64:c4:9e:d8:46:e5:05:eb:75:3d:65:a3:e4:a4:1d:3c:17:b0:fe:9d
Signer

Actual PE Digest

06:66:0e:95:ab:71:4d:1c:71:cf:9c:87:64:c4:9e:d8:46:e5:05:eb:75:3d:65:a3:e4:a4:1d:3c:17:b0:fe:9d

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=CrystalBit Solutions,O=CrystalBit Solutions,C=BE,1.2.840.113549.1.9.1=#0c17737570706f7274406372797374616c696465612e636f6d

09/09/2019, 09:24
Valid: true

Chain 1

CN=CrystalBit Solutions,O=CrystalBit Solutions,C=BE,1.2.840.113549.1.9.1=#0c17737570706f7274406372797374616c696465612e636f6d

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

db:13:f0:2b:09:a1:4c:f9:c2:09:ab:4b:95:e8:fc:12:61:0d:ea:96
Signer

Actual PE Digest

db:13:f0:2b:09:a1:4c:f9:c2:09:ab:4b:95:e8:fc:12:61:0d:ea:96

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=CrystalBit Solutions,O=CrystalBit Solutions,C=BE,1.2.840.113549.1.9.1=#0c17737570706f7274406372797374616c696465612e636f6d

09/09/2019, 09:24
Valid: true

Chain 1

CN=CrystalBit Solutions,O=CrystalBit Solutions,C=BE,1.2.840.113549.1.9.1=#0c17737570706f7274406372797374616c696465612e636f6d

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileW
FindClose
FindNextFileW
GetFileAttributesW
CloseHandle
WaitForSingleObject
GetProcAddress
LocalFree
HeapAlloc
HeapFree
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
CreateProcessW
GetModuleFileNameW
FreeLibrary
MultiByteToWideChar
DeleteCriticalSection
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
SetEvent
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RtlUnwind
RaiseException
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetACP
GetFileType
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
HeapReAlloc
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
FlushFileBuffers
WriteConsoleW
HeapSize
WideCharToMultiByte
GetLastError
GetCurrentProcess
GetModuleHandleW
GetCommandLineW

user32

GetMessageW
CharLowerBuffW
PostMessageW
MessageBoxW

shell32

CommandLineToArgvW

Sections

.text
Size: 149KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
App/Uninstall Tool/UninstallToolHelper.exe
.exe windows x86

f0e8305f3a2a23ba622fa7f18bf7cd51

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

23:e8:29:0d:71:95:04:18:c0:08:59:7e:42:f7:48:1b
Certificate

Issuer

CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL

Not Before

22/10/2008, 12:07

Not After

30/12/2025, 23:59

Subject

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29/10/2015, 11:30

Not After

09/06/2027, 11:30

Subject

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:18:e4:04:4b:5a:b7:74:fc:aa:9d:61:bd:8e:83:b4
Certificate

Issuer

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29/06/2018, 13:44

Not After

23/01/2020, 20:43

Subject

CN=CrystalBit Solutions,O=CrystalBit Solutions,C=BE,1.2.840.113549.1.9.1=#0c17737570706f7274406372797374616c696465612e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

93:92:85:40:01:65:71:5f:94:7f:28:8f:ef:c9:9b:28
Certificate

Issuer

CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL

Not Before

22/10/2008, 12:07

Not After

10/06/2027, 10:46

Subject

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29/10/2015, 11:30

Not After

09/06/2027, 11:30

Subject

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:18:e4:04:4b:5a:b7:74:fc:aa:9d:61:bd:8e:83:b4
Certificate

Issuer

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29/06/2018, 13:44

Not After

23/01/2020, 20:43

Subject

CN=CrystalBit Solutions,O=CrystalBit Solutions,C=BE,1.2.840.113549.1.9.1=#0c17737570706f7274406372797374616c696465612e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

a0:1c:49:44:89:8f:4d:60:53:6f:f6:4a:57:14:61:b5:ef:1c:99:8e:5c:96:b5:a0:31:5a:14:48:b8:dd:47:2e
Signer

Actual PE Digest

a0:1c:49:44:89:8f:4d:60:53:6f:f6:4a:57:14:61:b5:ef:1c:99:8e:5c:96:b5:a0:31:5a:14:48:b8:dd:47:2e

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=CrystalBit Solutions,O=CrystalBit Solutions,C=BE,1.2.840.113549.1.9.1=#0c17737570706f7274406372797374616c696465612e636f6d

03/10/2018, 14:26
Valid: true

Chain 1

CN=CrystalBit Solutions,O=CrystalBit Solutions,C=BE,1.2.840.113549.1.9.1=#0c17737570706f7274406372797374616c696465612e636f6d

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

53:e1:e4:9c:8e:0b:7b:42:37:6b:63:c6:f9:5e:9c:85:58:65:37:35
Signer

Actual PE Digest

53:e1:e4:9c:8e:0b:7b:42:37:6b:63:c6:f9:5e:9c:85:58:65:37:35

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=CrystalBit Solutions,O=CrystalBit Solutions,C=BE,1.2.840.113549.1.9.1=#0c17737570706f7274406372797374616c696465612e636f6d

03/10/2018, 14:26
Valid: true

Chain 1

CN=CrystalBit Solutions,O=CrystalBit Solutions,C=BE,1.2.840.113549.1.9.1=#0c17737570706f7274406372797374616c696465612e636f6d

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenEventW
CreateFileMappingW
OpenMutexW
CreateFileW
WriteConsoleW
UnmapViewOfFile
MapViewOfFile
FileTimeToDosDateTime
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
CloseHandle
WaitForSingleObject
SetEvent
HeapSize
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
GetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
LCMapStringW
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
RaiseException
FreeLibrary
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
GetACP
HeapFree
HeapAlloc
GetFileType
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetProcessHeap
FlushFileBuffers

user32

MessageBoxA

advapi32

RegSetValueExW
RegSetValueExA
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExW
RegOpenKeyExA
RegCreateKeyExW
RegCreateKeyExA
RegCloseKey

Sections

.text
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

z0tyg8go
Size: 58KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

oc7esfle
Size: 287KB - Virtual size: 288KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

0.jibmbs
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
App/Uninstall Tool/UninstallToolPortable.exe
.exe windows x86

134015f954eea11f9de4bd20a6334c02

Code Sign

c8:2f:ac:5d:4f:72:88:47:14:64:a3:99:82:a0:d3:7f
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

07/02/2020, 00:00

Not After

06/05/2023, 23:59

Subject

CN=CrystalBit Solutions,O=CrystalBit Solutions,POSTALCODE=8620,STREET=Schoolstraat 24,L=Nieuwpoort,ST=West Vlaanderen,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c8:2f:ac:5d:4f:72:88:47:14:64:a3:99:82:a0:d3:7f
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

07/02/2020, 00:00

Not After

06/05/2023, 23:59

Subject

CN=CrystalBit Solutions,O=CrystalBit Solutions,POSTALCODE=8620,STREET=Schoolstraat 24,L=Nieuwpoort,ST=West Vlaanderen,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a1:d0:2b:bf:d4:2d:34:d7:0e:07:3d:07:68:f7:3e:81:12:e9:bd:0d:97:2c:77:5b:4f:33:2d:8a:da:c3:88:69
Signer

Actual PE Digest

a1:d0:2b:bf:d4:2d:34:d7:0e:07:3d:07:68:f7:3e:81:12:e9:bd:0d:97:2c:77:5b:4f:33:2d:8a:da:c3:88:69

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=CrystalBit Solutions,O=CrystalBit Solutions,POSTALCODE=8620,STREET=Schoolstraat 24,L=Nieuwpoort,ST=West Vlaanderen,C=BE

18/10/2022, 20:49
Valid: true

Chain 1

CN=CrystalBit Solutions,O=CrystalBit Solutions,POSTALCODE=8620,STREET=Schoolstraat 24,L=Nieuwpoort,ST=West Vlaanderen,C=BE

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

73:6d:e7:3d:89:96:c4:15:0d:24:5f:19:12:c1:5f:ef:ca:22:41:c7
Signer

Actual PE Digest

73:6d:e7:3d:89:96:c4:15:0d:24:5f:19:12:c1:5f:ef:ca:22:41:c7

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=CrystalBit Solutions,O=CrystalBit Solutions,POSTALCODE=8620,STREET=Schoolstraat 24,L=Nieuwpoort,ST=West Vlaanderen,C=BE

18/10/2022, 20:49
Valid: true

Chain 1

CN=CrystalBit Solutions,O=CrystalBit Solutions,POSTALCODE=8620,STREET=Schoolstraat 24,L=Nieuwpoort,ST=West Vlaanderen,C=BE

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileW
FindClose
FindNextFileW
GetFileAttributesW
WriteFile
CloseHandle
WaitForSingleObject
GetProcAddress
LocalFree
HeapAlloc
HeapFree
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetExitCodeProcess
CreateProcessW
GetModuleFileNameW
WideCharToMultiByte
FreeLibrary
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
GetStringTypeW
GetCPInfo
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
RaiseException
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
GetFileType
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetFilePointerEx
GetConsoleOutputCP
GetConsoleMode
HeapReAlloc
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
FlushFileBuffers
HeapSize
WriteConsoleW
MultiByteToWideChar
GetLastError
GetCurrentProcess
GetModuleHandleW
GetCommandLineW

user32

CharLowerBuffW
GetMessageW
PostMessageW
MessageBoxW

shell32

CommandLineToArgvW

Sections

.text
Size: 151KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
App/Uninstall Tool/UninstallTool_x64.dat
.exe windows x64

610106b1f1cbe4c1e134a0dabf62c6b0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GlobalFlags
GetSystemDefaultUILanguage
SetErrorMode
GetUserDefaultLCID
FindResourceExW
WaitForSingleObjectEx
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
FindFirstFileExW
GetDriveTypeW
ReadConsoleW
GetConsoleOutputCP
SetFilePointerEx
GetOEMCP
IsValidCodePage
EnumSystemLocalesW
IsValidLocale
LCMapStringW
HeapQueryInformation
VirtualQuery
GetSystemInfo
GetFileType
SetStdHandle
GetCommandLineA
FreeLibraryAndExitThread
ExitThread
RtlUnwindEx
RtlPcToFileHeader
GetCPInfo
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
LCMapStringEx
TryEnterCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
GetStringTypeW
GetFileSizeEx
GlobalGetAtomNameW
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
DuplicateHandle
UnlockFile
SetEndOfFile
LockFile
GetVolumeInformationW
FlushFileBuffers
GetThreadLocale
GetPrivateProfileIntW
SuspendThread
GlobalFindAtomW
GlobalAddAtomW
GlobalDeleteAtom
LoadLibraryExW
GetSystemDirectoryW
EncodePointer
QueryActCtxW
FindActCtxSectionStringW
DeactivateActCtx
ActivateActCtx
CreateActCtxW
GetModuleHandleExW
OutputDebugStringA
GetACP
InitializeCriticalSectionEx
OpenEventW
OpenMutexW
CreateMutexW
GlobalFree
lstrlenA
ExitProcess
CompareStringW
EnumResourceLanguagesW
EnumResourceTypesW
EnumResourceNamesW
GetPrivateProfileSectionNamesW
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrcmpA
SetThreadPriority
CreateDirectoryW
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
GetModuleHandleA
OutputDebugStringW
LocalUnlock
LocalLock
GetVersionExW
VirtualFree
VirtualAlloc
GetWindowsDirectoryW
ExpandEnvironmentStringsW
lstrcatW
lstrcpyW
VirtualProtect
GetNativeSystemInfo
GetVersion
SetUnhandledExceptionFilter
RtlCaptureContext
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
LocalAlloc
GetModuleFileNameW
GetCurrentThread
GetProcessTimes
FileTimeToLocalFileTime
CompareFileTime
GlobalLock
GlobalUnlock
GlobalAlloc
LocalFree
GetTempPathW
QueryDosDeviceW
GetTempFileNameW
GetLogicalDriveStringsW
GetFullPathNameW
GetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
SetFilePointer
FormatMessageW
SetFileAttributesW
RemoveDirectoryW
IsBadWritePtr
IsBadReadPtr
MoveFileExW
SystemTimeToFileTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileTime
GetFileAttributesExW
lstrcmpiW
LoadLibraryW
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
WriteConsoleA
GetConsoleMode
GetTimeZoneInformation
CopyFileW
ResumeThread
GetStdHandle
GetLongPathNameW
GetExitCodeThread
WriteFile
GetTickCount
WinExec
InitializeCriticalSectionAndSpinCount
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
RaiseException
DecodePointer
lstrcmpW
SearchPathW
GetComputerNameW
DeleteFileW
CreateThread
GetCommandLineW
GetLocalTime
Sleep
GetCurrentDirectoryW
lstrcpynW
LoadLibraryA
GetProcAddress
FreeLibrary
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateProcessW
GetExitCodeProcess
GetCurrentProcess
ReadFile
GetFileSize
lstrlenW
OpenProcess
TerminateProcess
GetLastError
MulDiv
VerifyVersionInfoW
CreateFileW
VerSetConditionMask
GetCurrentThreadId
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetUserDefaultUILanguage
GetCurrentProcessId
WideCharToMultiByte
MultiByteToWideChar
FindResourceW
SizeofResource
LockResource
LoadResource
GetModuleHandleW
GetSystemTime
TerminateThread
WaitForMultipleObjects
CreateEventW
WaitForSingleObject
ResetEvent
SetEvent
DeviceIoControl
SetLastError
CloseHandle
RtlUnwind

user32

GetKeyboardLayoutList
ToUnicodeEx
GetMenuItemInfoW
GetMenuItemID
SetWindowRgn
SetParent
GetTopWindow
UpdateWindow
LoadMenuW
MapVirtualKeyW
wsprintfW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
IntersectRect
InvertRect
LockWindowUpdate
GetDCEx
GetSubMenu
GetCapture
GetNextDlgTabItem
GetSysColorBrush
AdjustWindowRectEx
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
CreateIconIndirect
CreateIconFromResourceEx
LoadBitmapW
DrawStateW
TranslateAcceleratorW
SendDlgItemMessageA
CheckMenuItem
SendMessageW
EnableWindow
DestroyIcon
RegisterClipboardFormatW
ReleaseCapture
SetCapture
WindowFromPoint
ShowScrollBar
GetUpdateRect
WinHelpW
IsDialogMessageW
GetWindow
GetLastActivePopup
SetWindowLongPtrW
GetWindowLongPtrW
MessageBeep
RedrawWindow
EndPaint
BeginPaint
DrawIcon
EnableMenuItem
GetSystemMenu
GetKeyboardLayout
GetDialogBaseUnits
CheckDlgButton
CreateDialogIndirectParamW
MoveWindow
DestroyWindow
PostQuitMessage
WaitMessage
PeekMessageW
DispatchMessageW
TranslateMessage
LoadStringW
EnumDisplaySettingsW
FindWindowExW
FindWindowW
WaitForInputIdle
SetLayeredWindowAttributes
ShowWindow
CreateWindowExW
RegisterClassExW
SetMenuItemBitmaps
GetMessageW
SetWindowLongW
GetWindowLongW
UnionRect
GetMenuStringW
LookupIconIdFromDirectoryEx
DrawEdge
GetDoubleClickTime
GetMenu
SetMenu
GetMenuState
GetClassLongPtrW
SetCursorPos
GetClassLongW
CallWindowProcW
IsWindowUnicode
GetWindowLongPtrA
SetWindowLongPtrA
GetScrollInfo
GetTabbedTextExtentA
IsIconic
SetFocus
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
BringWindowToTop
AttachThreadInput
CharLowerBuffW
CharLowerBuffA
FillRect
SetWindowTextW
GetDlgItem
CharLowerW
LoadIconW
CharUpperW
IsCharLowerW
GetKeyboardState
GetKeyNameTextW
MapVirtualKeyExW
IsWindowEnabled
LoadAcceleratorsW
CopyAcceleratorTableW
IsZoomed
IsClipboardFormatAvailable
MapWindowPoints
GetCursor
IsMenu
IsChild
GetDlgCtrlID
GetWindowRgn
HideCaret
ShowCaret
SetActiveWindow
GetAsyncKeyState
IsWindowVisible
GetActiveWindow
GetWindowTextW
MessageBoxW
GetDesktopWindow
EnumWindows
GetDC
ReleaseDC
RegisterWindowMessageW
PostMessageW
IsWindow
GetFocus
GetKeyState
DrawTextW
InvalidateRect
GetClientRect
SetCursor
GetCursorPos
ScreenToClient
GetSysColor
SetRect
OffsetRect
PtInRect
GetParent
LoadCursorW
LoadImageW
DrawIconEx
GetIconInfo
GetSystemMetrics
GetWindowRect
SendMessageTimeoutW
GetWindowThreadProcessId
DrawFrameControl
GetMessagePos
CreatePopupMenu
AppendMenuW
DrawFocusRect
CopyRect
InflateRect
SetClassLongPtrW
SystemParametersInfoW
SetMenuDefaultItem
GetForegroundWindow
SetRectEmpty
IsRectEmpty
EqualRect
DefWindowProcW
GetClassInfoW
DrawTextExW
GrayStringW
TabbedTextOutW
SendInput
SetForegroundWindow
SetTimer
KillTimer
InsertMenuW
ClientToScreen
UnregisterClassW
TrackPopupMenu
GetMenuDefaultItem
GetClassNameW
CopyIcon
SetWindowPos
GetMenuItemCount
DeleteMenu
GetShellWindow
GetMenuCheckMarkDimensions
SetMenuItemInfoW
GetMessageTime
RegisterClassW
MapDialogRect
GetWindowPlacement
SetWindowPlacement
GetClassInfoExW
ValidateRect
GetScrollPos
SetScrollRange
GetScrollRange
SetPropW
GetPropW
RemovePropW
GetWindowTextLengthW
SetScrollInfo
MonitorFromWindow
GetMonitorInfoW
SetDlgItemTextW
EndDialog
ShowOwnedPopups
GetWindowDC
CharNextW
DestroyMenu
SetWindowContextHelpId
DrawMenuBar
DefFrameProcW
TranslateMDISysAccel
InsertMenuItemW
UnpackDDElParam
ReuseDDElParam
RealChildWindowFromPoint
InvalidateRgn
GetNextDlgGroupItem
PostThreadMessageW
ExitWindowsEx

gdi32

GetWindowExtEx
IntersectClipRect
LineTo
ExtSelectClipRgn
BeginPath
CloseFigure
EndPath
FillPath
StrokeAndFillPath
StrokePath
MoveToEx
PolyBezierTo
OffsetViewportOrgEx
GetRgnBox
CreatePolygonRgn
SetPixelV
FillRgn
FrameRgn
RestoreDC
RealizePalette
SaveDC
SetDIBitsToDevice
ExcludeClipRect
SelectClipRgn
SetMapMode
GetViewportExtEx
SetTextAlign
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
GetMapMode
SetRectRgn
DPtoLP
GetTextExtentPoint32A
GetTextAlign
GetCurrentPositionEx
GetClipRgn
GetClipBox
GetCharWidthW
Ellipse
StretchDIBits
CreatePatternBrush
Polyline
CreateFontW
GetViewportOrgEx
SetBkMode
PtInRegion
GetBitmapBits
ExtCreateRegion
GetCurrentObject
Polygon
PatBlt
EnumFontFamiliesExW
CreateRectRgnIndirect
CreateDIBSection
SetStretchBltMode
StretchBlt
SetPixel
GetDIBits
CreateBitmap
GetTextMetricsW
GetPixel
CreateRoundRectRgn
CombineRgn
SetTextColor
SetBkColor
DeleteDC
CreateDCW
GetTextColor
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetBkColor
Escape
BitBlt
RoundRect
Rectangle
GetTextExtentPoint32W
GetStockObject
CreatePen
CreateFontIndirectW
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectW
SelectObject
DeleteObject
CreateSolidBrush
CreateRectRgn
GetDeviceCaps

msimg32

GradientFill
AlphaBlend

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegOpenKeyExW
RegCreateKeyW
RegCreateKeyExW
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
OpenProcessToken
AdjustTokenPrivileges
DuplicateTokenEx
LookupPrivilegeValueW
CloseServiceHandle
ControlService
RegQueryValueW
RegEnumKeyW
DeleteService
CreateServiceW
ChangeServiceConfig2W
ChangeServiceConfigW
GetUserNameW
RegEnumValueW
RegEnumKeyExW
ConvertSidToStringSidW
RegCloseKey
IsValidSid
GetTokenInformation
RegDeleteKeyW
StartServiceW
QueryServiceStatus
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
EnumServicesStatusExW

shell32

DragFinish
Shell_NotifyIconW
SHAppBarMessage
SHGetSpecialFolderLocation
SHGetMalloc
SHChangeNotify
ShellExecuteExW
SHGetSpecialFolderPathW
SHCreateDirectoryExW
SHGetPathFromIDListW
SHFileOperationW
CommandLineToArgvW
SHGetFileInfoW
ExtractIconExW
DragAcceptFiles
DragQueryFileW
ord680
ShellExecuteW

comctl32

ImageList_Draw
ImageList_AddMasked
_TrackMouseEvent
ImageList_Destroy
ImageList_ReplaceIcon
ImageList_GetImageCount
ImageList_Add
ImageList_DrawEx
ImageList_GetIcon
ImageList_GetIconSize
ImageList_GetImageInfo
InitCommonControlsEx

shlwapi

PathStripToRootW
PathIsUNCW
PathFindFileNameW
PathFindExtensionW
ord487
PathStripPathW
PathMatchSpecW
PathRemoveFileSpecW
PathAddBackslashW
StrFormatByteSizeW
PathCompactPathW
PathParseIconLocationW
PathGetArgsW
PathUnquoteSpacesW
PathRemoveArgsW
PathIsRelativeW
PathIsDirectoryW
PathFileExistsW
SHDeleteKeyW
UrlUnescapeW

uxtheme

IsThemeBackgroundPartiallyTransparent
IsAppThemed
DrawThemeParentBackground
OpenThemeData
CloseThemeData
GetThemePartSize
DrawThemeBackground

ole32

OleFlushClipboard
OleUninitialize
OleInitialize
OleIsCurrentClipboard
CoRevokeClassObject
CoRegisterMessageFilter
CoFreeUnusedLibraries
StgCreateDocfileOnILockBytes
CoGetClassObject
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
CLSIDFromProgID
CLSIDFromString
CoDisconnectObject
CoInitialize
CoCreateGuid
CoTaskMemAlloc
PropVariantClear
CoInitializeSecurity
CoTaskMemFree
CoCreateInstance
CoInitializeEx
CoUninitialize

oleaut32

VarUdateFromDate
VarBstrFromDate
VarDateFromStr
VariantChangeTypeEx
VariantTimeToSystemTime
SystemTimeToVariantTime
OleLoadPicturePath
SysAllocStringByteLen
SysStringByteLen
SysStringLen
VariantCopy
VariantClear
VariantInit
SafeArrayCreateVector
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetLBound
VariantChangeType
SysFreeString
SysAllocStringLen
SysAllocString
SafeArrayGetDim
SafeArrayGetElemsize
LoadTypeLi
OleCreateFontIndirect
SafeArrayGetUBound
SafeArrayDestroy

oledlg

OleUIBusyW
OleUIAddVerbMenuW

gdiplus

GdipFree
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromHICON
GdipImageRotateFlip
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipCloneImage
GdiplusShutdown
GdipAlloc
GdiplusStartup

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

psapi

GetModuleFileNameExW

winmm

PlaySoundW

oleacc

LresultFromObject
CreateStdAccessibleObject

wininet

InternetSetStatusCallbackW
InternetGetLastResponseInfoW
InternetSetOptionW
InternetQueryOptionW
InternetQueryDataAvailable
InternetWriteFile
InternetSetFilePointer
InternetReadFile
InternetOpenUrlW
InternetCloseHandle
InternetOpenW
InternetCanonicalizeUrlW
InternetCrackUrlW

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 814KB - Virtual size: 813KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
App/Uninstall Tool/UninstallTool_x86.dat
.exe windows x86

5a03fe165c324ecb61f6b4e4065df3ee

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetUserDefaultLCID
FindResourceExW
WaitForSingleObjectEx
IsProcessorFeaturePresent
UnhandledExceptionFilter
QueryPerformanceCounter
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
FindFirstFileExW
GetDriveTypeW
ReadConsoleW
GetConsoleOutputCP
SetFilePointerEx
GetOEMCP
IsValidCodePage
EnumSystemLocalesW
IsValidLocale
LCMapStringW
HeapQueryInformation
VirtualQuery
GetSystemInfo
GetFileType
SetStdHandle
GetCommandLineA
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
RtlUnwind
GetCPInfo
SetErrorMode
LCMapStringEx
TryEnterCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
GetStringTypeW
GetSystemDefaultUILanguage
GlobalFlags
GetFileSizeEx
GlobalGetAtomNameW
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
DuplicateHandle
UnlockFile
SetEndOfFile
LockFile
GetVolumeInformationW
FlushFileBuffers
GetThreadLocale
GetPrivateProfileIntW
SuspendThread
GlobalFindAtomW
GlobalAddAtomW
GlobalDeleteAtom
LoadLibraryExW
GetSystemDirectoryW
EncodePointer
OutputDebugStringA
GetACP
InitializeCriticalSectionEx
OpenEventW
OpenMutexW
CreateMutexW
GlobalFree
lstrlenA
ExitProcess
CompareStringW
EnumResourceLanguagesW
EnumResourceTypesW
EnumResourceNamesW
GetPrivateProfileSectionNamesW
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrcmpA
SetThreadPriority
CreateDirectoryW
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
GetModuleHandleA
OutputDebugStringW
LocalUnlock
LocalLock
GetVersionExW
VirtualFree
VirtualAlloc
GetWindowsDirectoryW
ExpandEnvironmentStringsW
lstrcatW
lstrcpyW
VirtualProtect
GetNativeSystemInfo
GetVersion
SetUnhandledExceptionFilter
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
LocalAlloc
GetModuleFileNameW
GetCurrentThread
GetProcessTimes
CompareFileTime
GlobalLock
GlobalUnlock
GlobalAlloc
LocalFree
GetTempPathW
QueryDosDeviceW
GetTempFileNameW
GetLogicalDriveStringsW
GetFullPathNameW
GetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
SetFilePointer
FormatMessageW
SetFileAttributesW
RemoveDirectoryW
IsBadWritePtr
IsBadReadPtr
MoveFileExW
SystemTimeToFileTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileTime
GetFileAttributesExW
lstrcmpiW
LoadLibraryW
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
WriteConsoleA
GetConsoleMode
GetTimeZoneInformation
CopyFileW
ResumeThread
GetStdHandle
GetLongPathNameW
GetExitCodeThread
WriteFile
GetTickCount
WinExec
InitializeCriticalSectionAndSpinCount
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
RaiseException
DecodePointer
lstrcmpW
SearchPathW
GetComputerNameW
DeleteFileW
CreateThread
GetCommandLineW
GetLocalTime
Sleep
GetCurrentDirectoryW
lstrcpynW
LoadLibraryA
FreeLibrary
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateProcessW
GetExitCodeProcess
FileTimeToDosDateTime
GetProcAddress
GetSystemTimeAsFileTime
ReadFile
GetFileSize
FileTimeToLocalFileTime
CreateFileW
lstrlenW
OpenProcess
TerminateProcess
GetLastError
MulDiv
VerifyVersionInfoW
VerSetConditionMask
GetCurrentThreadId
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetUserDefaultUILanguage
GetCurrentProcessId
GetCurrentProcess
WideCharToMultiByte
MultiByteToWideChar
FindResourceW
SizeofResource
LockResource
LoadResource
GetModuleHandleW
GetSystemTime
TerminateThread
WaitForMultipleObjects
CreateEventW
WaitForSingleObject
ResetEvent
SetEvent
DeviceIoControl
SetLastError
CloseHandle

user32

GetMenuItemInfoW
GetMenuItemID
SetWindowRgn
SetParent
GetTopWindow
UpdateWindow
LoadMenuW
MapVirtualKeyW
wsprintfW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
IntersectRect
InvertRect
LockWindowUpdate
GetDCEx
GetSubMenu
GetCapture
GetNextDlgTabItem
GetSysColorBrush
AdjustWindowRectEx
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
TranslateAcceleratorW
SendDlgItemMessageA
CheckMenuItem
SetMenuItemBitmaps
SendMessageW
EnableWindow
CreateIconIndirect
CreateIconFromResourceEx
LoadBitmapW
DrawStateW
RegisterClipboardFormatW
ReleaseCapture
SetCapture
WindowFromPoint
ShowScrollBar
GetUpdateRect
WinHelpW
IsDialogMessageW
GetWindow
GetLastActivePopup
MessageBeep
RedrawWindow
EndPaint
BeginPaint
DrawIcon
EnableMenuItem
GetSystemMenu
GetAsyncKeyState
GetDialogBaseUnits
CheckDlgButton
ToUnicodeEx
MoveWindow
DestroyWindow
PostQuitMessage
WaitMessage
PeekMessageW
DispatchMessageW
TranslateMessage
LoadStringW
EnumDisplaySettingsW
FindWindowExW
FindWindowW
WaitForInputIdle
SetLayeredWindowAttributes
ShowWindow
CreateWindowExW
RegisterClassExW
ExitWindowsEx
GetMessageW
SetWindowLongW
GetMenuCheckMarkDimensions
SetFocus
EmptyClipboard
SetActiveWindow
UnionRect
GetMenuStringW
LookupIconIdFromDirectoryEx
DrawEdge
GetDoubleClickTime
GetMenu
SetMenu
GetMenuState
GetClassLongW
SetCursorPos
CallWindowProcW
IsWindowUnicode
GetWindowLongA
SetWindowLongA
GetScrollInfo
GetTabbedTextExtentA
GetKeyboardLayoutList
SetClipboardData
CloseClipboard
OpenClipboard
BringWindowToTop
AttachThreadInput
CharLowerBuffW
CharLowerBuffA
FillRect
SetWindowTextW
GetDlgItem
CharLowerW
LoadIconW
GetShellWindow
DeleteMenu
GetKeyboardLayout
IsIconic
CharUpperW
IsCharLowerW
GetKeyboardState
GetKeyNameTextW
MapVirtualKeyExW
IsWindowEnabled
LoadAcceleratorsW
CopyAcceleratorTableW
IsZoomed
IsClipboardFormatAvailable
MapWindowPoints
GetCursor
IsMenu
IsChild
GetDlgCtrlID
GetWindowRgn
HideCaret
ShowCaret
CreateDialogIndirectParamW
DestroyIcon
IsWindowVisible
GetActiveWindow
GetWindowTextW
MessageBoxW
GetDesktopWindow
EnumWindows
GetDC
ReleaseDC
RegisterWindowMessageW
PostMessageW
IsWindow
GetFocus
GetKeyState
DrawTextW
InvalidateRect
GetClientRect
SetCursor
GetCursorPos
ScreenToClient
GetSysColor
SetRect
OffsetRect
PtInRect
GetParent
LoadCursorW
LoadImageW
DrawIconEx
GetIconInfo
GetSystemMetrics
GetWindowRect
SendMessageTimeoutW
GetWindowThreadProcessId
MessageBoxA
DrawFrameControl
GetMessagePos
CreatePopupMenu
AppendMenuW
DrawFocusRect
CopyRect
InflateRect
SetClassLongW
SystemParametersInfoW
SetMenuDefaultItem
GetForegroundWindow
SetRectEmpty
IsRectEmpty
EqualRect
DefWindowProcW
GetClassInfoW
DrawTextExW
GrayStringW
TabbedTextOutW
SendInput
SetForegroundWindow
SetTimer
KillTimer
InsertMenuW
ClientToScreen
UnregisterClassW
TrackPopupMenu
GetMenuDefaultItem
GetClassNameW
CopyIcon
SetWindowPos
GetMenuItemCount
SetMenuItemInfoW
GetMessageTime
RegisterClassW
GetClassInfoExW
MapDialogRect
GetWindowPlacement
SetWindowPlacement
ValidateRect
GetScrollPos
SetScrollRange
GetScrollRange
SetPropW
GetPropW
RemovePropW
GetWindowTextLengthW
SetScrollInfo
MonitorFromWindow
GetMonitorInfoW
SetDlgItemTextW
EndDialog
ShowOwnedPopups
GetWindowDC
CharNextW
DestroyMenu
SetWindowContextHelpId
DrawMenuBar
DefFrameProcW
TranslateMDISysAccel
InsertMenuItemW
UnpackDDElParam
ReuseDDElParam
RealChildWindowFromPoint
InvalidateRgn
GetNextDlgGroupItem
PostThreadMessageW
GetWindowLongW

gdi32

BeginPath
CloseFigure
EndPath
FillPath
StrokeAndFillPath
StrokePath
MoveToEx
PolyBezierTo
OffsetViewportOrgEx
GetRgnBox
CreatePolygonRgn
SetPixelV
FillRgn
FrameRgn
RestoreDC
RealizePalette
SaveDC
SetDIBitsToDevice
ExcludeClipRect
SelectClipRgn
SetMapMode
ExtSelectClipRgn
SetTextAlign
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
GetMapMode
SetRectRgn
DPtoLP
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetTextExtentPoint32A
GetTextAlign
GetCurrentPositionEx
GetClipRgn
GetClipBox
GetCharWidthW
Ellipse
StretchDIBits
CreatePatternBrush
Polyline
CreateFontW
GetViewportOrgEx
SetBkMode
PtInRegion
GetBitmapBits
ExtCreateRegion
GetTextColor
GetCurrentObject
Polygon
PatBlt
EnumFontFamiliesExW
CreateRectRgnIndirect
CreateDIBSection
StretchBlt
SetPixel
GetDIBits
CreateBitmap
GetTextMetricsW
GetPixel
CreateRoundRectRgn
CreateRectRgn
CombineRgn
SetTextColor
SetBkColor
DeleteDC
CreateDCW
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetBkColor
Escape
BitBlt
RoundRect
Rectangle
GetTextExtentPoint32W
GetStockObject
CreatePen
CreateFontIndirectW
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectW
GetDeviceCaps
CreateSolidBrush
DeleteObject
SetStretchBltMode
SelectObject

msimg32

GradientFill
AlphaBlend

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

GetTokenInformation
RegOpenKeyExW
RegCreateKeyW
RegCreateKeyExW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegQueryValueExW
RegSetValueExA
RegQueryInfoKeyW
OpenProcessToken
AdjustTokenPrivileges
RegQueryValueW
RegEnumKeyW
DeleteService
CreateServiceW
ChangeServiceConfig2W
ChangeServiceConfigW
GetUserNameW
RegEnumValueW
RegEnumKeyExW
ConvertSidToStringSidW
IsValidSid
RegCloseKey
RegDeleteKeyW
StartServiceW
QueryServiceStatus
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
EnumServicesStatusExW
ControlService
CloseServiceHandle
LookupPrivilegeValueW
DuplicateTokenEx

shell32

DragFinish
Shell_NotifyIconW
SHAppBarMessage
SHGetSpecialFolderLocation
SHGetMalloc
SHChangeNotify
ShellExecuteExW
SHGetSpecialFolderPathW
SHCreateDirectoryExW
SHGetPathFromIDListW
SHFileOperationW
CommandLineToArgvW
SHGetFileInfoW
ExtractIconExW
DragAcceptFiles
DragQueryFileW
ord680
ShellExecuteW

comctl32

ImageList_Draw
ImageList_AddMasked
_TrackMouseEvent
ImageList_Destroy
ImageList_ReplaceIcon
ImageList_GetImageCount
ImageList_Add
ImageList_DrawEx
ImageList_GetIcon
ImageList_GetIconSize
ImageList_GetImageInfo
InitCommonControlsEx

shlwapi

PathStripToRootW
PathIsUNCW
PathFindFileNameW
PathFindExtensionW
ord487
PathStripPathW
PathMatchSpecW
PathRemoveFileSpecW
PathAddBackslashW
StrFormatByteSizeW
PathCompactPathW
PathParseIconLocationW
PathGetArgsW
PathUnquoteSpacesW
PathRemoveArgsW
PathIsRelativeW
PathIsDirectoryW
PathFileExistsW
SHDeleteKeyW
UrlUnescapeW

uxtheme

IsThemeBackgroundPartiallyTransparent
IsAppThemed
DrawThemeParentBackground
GetThemePartSize
DrawThemeBackground
CloseThemeData
OpenThemeData

ole32

OleFlushClipboard
OleUninitialize
OleInitialize
OleIsCurrentClipboard
CoRevokeClassObject
CoRegisterMessageFilter
CoFreeUnusedLibraries
StgCreateDocfileOnILockBytes
CoGetClassObject
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
CLSIDFromProgID
CLSIDFromString
CoDisconnectObject
CoInitialize
CoCreateGuid
CoTaskMemAlloc
PropVariantClear
CoInitializeSecurity
CoTaskMemFree
CoCreateInstance
CoInitializeEx
CoUninitialize

oleaut32

VarBstrFromDate
VarDateFromStr
VariantChangeTypeEx
VariantTimeToSystemTime
SystemTimeToVariantTime
OleLoadPicturePath
SysAllocStringByteLen
SysStringByteLen
SysStringLen
VariantCopy
VariantClear
VariantInit
SafeArrayCreateVector
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetLBound
VarUdateFromDate
SafeArrayDestroy
SysFreeString
SysAllocStringLen
SysAllocString
SafeArrayGetDim
SafeArrayGetElemsize
LoadTypeLi
VariantChangeType
OleCreateFontIndirect
SafeArrayGetUBound

oledlg

OleUIBusyW
OleUIAddVerbMenuW

gdiplus

GdipAlloc
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromHICON
GdipImageRotateFlip
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipFree

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

psapi

GetModuleFileNameExW

winmm

PlaySoundW

oleacc

LresultFromObject
CreateStdAccessibleObject

wininet

InternetSetStatusCallbackW
InternetGetLastResponseInfoW
InternetSetOptionW
InternetQueryOptionW
InternetQueryDataAvailable
InternetWriteFile
InternetSetFilePointer
InternetReadFile
InternetOpenUrlW
InternetCloseHandle
InternetOpenW
InternetCanonicalizeUrlW
InternetCrackUrlW

Exports

Exports

_EXECryptor_AntiDebug@0
_EXECryptor_DecodeSerialNumber@16
_EXECryptor_DecodeSerialNumberW@16
_EXECryptor_DecryptStr@8
_EXECryptor_DecryptStrW@8
_EXECryptor_EncryptStr@8
_EXECryptor_EncryptStrW@8
_EXECryptor_GetDate@0
_EXECryptor_GetEXECryptorVersion@0
_EXECryptor_GetHardwareID@0
_EXECryptor_GetProcAddr@8
_EXECryptor_GetReleaseDate@0
_EXECryptor_GetTrialDaysLeft@4
_EXECryptor_GetTrialRunsLeft@4
_EXECryptor_IsAppProtected@0
_EXECryptor_IsRegistered@0
_EXECryptor_MessageBoxA@16
_EXECryptor_ProtectImport@0
_EXECryptor_RegConst_0@0
_EXECryptor_RegConst_1@0
_EXECryptor_RegConst_2@0
_EXECryptor_RegConst_3@0
_EXECryptor_RegConst_4@0
_EXECryptor_RegConst_5@0
_EXECryptor_RegConst_6@0
_EXECryptor_RegConst_7@0
_EXECryptor_SecureRead@8
_EXECryptor_SecureReadW@8
_EXECryptor_SecureWrite@8
_EXECryptor_SecureWriteW@8
_EXECryptor_VerifySerialNumber@16
_EXECryptor_VerifySerialNumberW@16

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 545KB - Virtual size: 544KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 50KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
App/Uninstall Tool/languages/Arabic.xml
App/Uninstall Tool/languages/Armenian.xml
App/Uninstall Tool/languages/Azerbaijani.xml
App/Uninstall Tool/languages/Belarusian.xml
App/Uninstall Tool/languages/Bulgarian.xml
App/Uninstall Tool/languages/Chinese_Simplified.xml
App/Uninstall Tool/languages/Chinese_Traditional.xml
App/Uninstall Tool/languages/Croatian.xml
App/Uninstall Tool/languages/Czech.xml
App/Uninstall Tool/languages/Danish.xml
App/Uninstall Tool/languages/Dutch.xml
App/Uninstall Tool/languages/English.xml
App/Uninstall Tool/languages/Estonian.xml
App/Uninstall Tool/languages/French.xml
App/Uninstall Tool/languages/Georgian.xml
App/Uninstall Tool/languages/German.xml
App/Uninstall Tool/languages/Greek.xml
App/Uninstall Tool/languages/Hebrew.xml
App/Uninstall Tool/languages/Hindi.xml
App/Uninstall Tool/languages/Hungarian.xml
App/Uninstall Tool/languages/Indonesian.xml
App/Uninstall Tool/languages/Italian.xml
App/Uninstall Tool/languages/Japanese.xml
App/Uninstall Tool/languages/Korean.xml
App/Uninstall Tool/languages/Latvian.xml
App/Uninstall Tool/languages/Lithuanian.xml
App/Uninstall Tool/languages/Norwegian.xml
App/Uninstall Tool/languages/Persian.xml
App/Uninstall Tool/languages/Polish.xml
App/Uninstall Tool/languages/Portuguese.xml
App/Uninstall Tool/languages/Portuguese_Brazilian.xml
App/Uninstall Tool/languages/Romanian.xml
App/Uninstall Tool/languages/Russian.xml
App/Uninstall Tool/languages/Serbian_Cyrillic.xml
App/Uninstall Tool/languages/Serbian_Latin.xml
App/Uninstall Tool/languages/Slovak.xml
App/Uninstall Tool/languages/Spanish.xml
App/Uninstall Tool/languages/Swedish.xml
App/Uninstall Tool/languages/Turkish.xml
App/Uninstall Tool/languages/Ukrainian.xml
App/Uninstall Tool/languages/Vietnamese.xml
App/Uninstall Tool/preferences.xml
.xml
App/Uninstall Tool/x64/CisUtMonitor.inf
App/Uninstall Tool/x64/CisUtMonitor.sys
.exe windows x64

f43b6ef93625d306e6fdaf0ae00f11b3

Code Sign

0b:b4:b4:f9:68:eb:5e:9a:e8:3d:37:aa:2a:51:8d:7f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

10/02/2016, 00:00

Not After

09/04/2019, 23:59

Subject

CN=Software Security Systems ChTUP,O=Software Security Systems ChTUP,L=Minsk,ST=Minsk,C=BY

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1e:cf:bc:bd:80:3f:a1:41:27:27:a0:b3:9a:cd:0c:32
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

09/02/2016, 00:00

Not After

09/04/2019, 23:59

Subject

CN=Software Security Systems ChTUP,O=Software Security Systems ChTUP,L=Minsk,ST=Minsk,C=BY

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

28:95:2e:a4:f4:45:5d:20:af:17:bd:55:77:88:30:fe:a6:42:b1:24:10:24:f3:0b:6c:96:c3:75:6a:1a:19:e8
Signer

Actual PE Digest

28:95:2e:a4:f4:45:5d:20:af:17:bd:55:77:88:30:fe:a6:42:b1:24:10:24:f3:0b:6c:96:c3:75:6a:1a:19:e8

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Software Security Systems ChTUP,O=Software Security Systems ChTUP,L=Minsk,ST=Minsk,C=BY

23/11/2018, 07:01
Valid: false

76:a1:c9:15:92:18:fd:75:16:8f:1b:22:88:d8:f6:b3:c9:49:16:06
Signer

Actual PE Digest

76:a1:c9:15:92:18:fd:75:16:8f:1b:22:88:d8:f6:b3:c9:49:16:06

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Software Security Systems ChTUP,O=Software Security Systems ChTUP,L=Minsk,ST=Minsk,C=BY

23/11/2018, 07:01
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ExDeletePagedLookasideList
IoUnregisterShutdownNotification
ExEventObjectType
IofCompleteRequest
ExQueryDepthSList
ObReferenceObjectByHandle
KeWaitForSingleObject
PsGetVersion
ExInterlockedRemoveHeadList
CmRegisterCallback
IoCreateSymbolicLink
ExInitializePagedLookasideList
ObfDereferenceObject
IoCreateDevice
CmUnRegisterCallback
DbgPrint
ExDeleteNPagedLookasideList
IoThreadToProcess
KeSetEvent
ExpInterlockedPopEntrySList
ExInterlockedInsertTailList
PsGetProcessId
KeReleaseMutex
ExAllocatePoolWithTag
_wcsnicmp
RtlCheckRegistryKey
ZwQueryValueKey
RtlCompareUnicodeString
RtlConvertSidToUnicodeString
ZwOpenThreadTokenEx
RtlTimeToSecondsSince1970
MmGetSystemRoutineAddress
ZwOpenProcessTokenEx
ObQueryNameString
ExSystemTimeToLocalTime
ZwClose
ZwOpenProcess
RtlCopyUnicodeString
MmIsAddressValid
ZwQueryInformationToken
ZwOpenKey
KeBugCheckEx
PsSetCreateProcessNotifyRoutine
ExpInterlockedPushEntrySList
IoDeleteDevice
RtlInitUnicodeString
ExInitializeNPagedLookasideList
KeInitializeMutex
IoRegisterShutdownNotification
ExFreePoolWithTag
_wcsicmp
IoDeleteSymbolicLink
__C_specific_handler

fltmgr.sys

FltReleaseFileNameInformation
FltCloseCommunicationPort
FltGetFileNameInformation
FltGetDestinationFileNameInformation
FltStartFiltering
FltRegisterFilter
FltUnregisterFilter
FltParseFileNameInformation

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 130B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
App/Uninstall Tool/x64/UninstallTool.cpl
.dll windows x64

62ae6461ef7d020b0975a60be50736ec

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

23:e8:29:0d:71:95:04:18:c0:08:59:7e:42:f7:48:1b
Certificate

Issuer

CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL

Not Before

22/10/2008, 12:07

Not After

30/12/2025, 23:59

Subject

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29/10/2015, 11:30

Not After

09/06/2027, 11:30

Subject

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:18:e4:04:4b:5a:b7:74:fc:aa:9d:61:bd:8e:83:b4
Certificate

Issuer

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29/06/2018, 13:44

Not After

23/01/2020, 20:43

Subject

CN=CrystalBit Solutions,O=CrystalBit Solutions,C=BE,1.2.840.113549.1.9.1=#0c17737570706f7274406372797374616c696465612e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

93:92:85:40:01:65:71:5f:94:7f:28:8f:ef:c9:9b:28
Certificate

Issuer

CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL

Not Before

22/10/2008, 12:07

Not After

10/06/2027, 10:46

Subject

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29/10/2015, 11:30

Not After

09/06/2027, 11:30

Subject

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:18:e4:04:4b:5a:b7:74:fc:aa:9d:61:bd:8e:83:b4
Certificate

Issuer

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29/06/2018, 13:44

Not After

23/01/2020, 20:43

Subject

CN=CrystalBit Solutions,O=CrystalBit Solutions,C=BE,1.2.840.113549.1.9.1=#0c17737570706f7274406372797374616c696465612e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

eb:0e:47:b2:94:35:5a:24:b5:28:f7:f2:01:37:a2:8a:0c:f3:a0:cb:e2:c5:72:8a:d6:fc:9e:e2:3e:6d:46:9f
Signer

Actual PE Digest

eb:0e:47:b2:94:35:5a:24:b5:28:f7:f2:01:37:a2:8a:0c:f3:a0:cb:e2:c5:72:8a:d6:fc:9e:e2:3e:6d:46:9f

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=CrystalBit Solutions,O=CrystalBit Solutions,C=BE,1.2.840.113549.1.9.1=#0c17737570706f7274406372797374616c696465612e636f6d

30/08/2019, 15:24
Valid: true

Chain 1

CN=CrystalBit Solutions,O=CrystalBit Solutions,C=BE,1.2.840.113549.1.9.1=#0c17737570706f7274406372797374616c696465612e636f6d

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

5c:91:6a:1e:68:fb:6b:c0:3d:e8:16:96:19:57:1d:e1:02:a4:88:db
Signer

Actual PE Digest

5c:91:6a:1e:68:fb:6b:c0:3d:e8:16:96:19:57:1d:e1:02:a4:88:db

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=CrystalBit Solutions,O=CrystalBit Solutions,C=BE,1.2.840.113549.1.9.1=#0c17737570706f7274406372797374616c696465612e636f6d

30/08/2019, 15:24
Valid: true

Chain 1

CN=CrystalBit Solutions,O=CrystalBit Solutions,C=BE,1.2.840.113549.1.9.1=#0c17737570706f7274406372797374616c696465612e636f6d

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

FreeLibrary
CloseHandle
lstrcpyW
lstrcatW
LoadLibraryW
GetModuleFileNameW
GetModuleHandleW
CreateProcessW
GetVersionExW
CreateFileW
WriteConsoleW
CreateThread
WaitForSingleObjectEx
OutputDebugStringW
OutputDebugStringA
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetProcAddress
LoadLibraryExW
EncodePointer
RaiseException
RtlPcToFileHeader
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
GetCurrentThread
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapAlloc
HeapFree
FindClose
FindFirstFileExA
FindFirstFileExW
FindNextFileA
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
GetProcessHeap
GetStdHandle
GetFileType
SetConsoleCtrlHandler
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
WriteFile
RtlUnwind

user32

LoadIconW
LoadStringW

shell32

ShellExecuteW

shlwapi

PathFileExistsW
PathRemoveFileSpecW
PathAddBackslashW

Exports

Exports

CPlApplet

Sections

.text
Size: 285KB - Virtual size: 284KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
App/Uninstall Tool/x64/utshellext.dll
.dll regsvr32 windows x64

7cced0836fe1b3cc2bcc3d270fc42d45

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27/04/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

Issuer

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

30/05/2020, 10:48

Subject

CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c8:2f:ac:5d:4f:72:88:47:14:64:a3:99:82:a0:d3:7f
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

07/02/2020, 00:00

Not After

06/05/2023, 23:59

Subject

CN=CrystalBit Solutions,O=CrystalBit Solutions,POSTALCODE=8620,STREET=Schoolstraat 24,L=Nieuwpoort,ST=West Vlaanderen,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c8:2f:ac:5d:4f:72:88:47:14:64:a3:99:82:a0:d3:7f
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

07/02/2020, 00:00

Not After

06/05/2023, 23:59

Subject

CN=CrystalBit Solutions,O=CrystalBit Solutions,POSTALCODE=8620,STREET=Schoolstraat 24,L=Nieuwpoort,ST=West Vlaanderen,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c6:20:ce:1c:a1:10:cf:0a:0a:33:fc:9b:13:4c:67:33:61:4a:e9:9c:8b:d3:e7:3d:5b:da:bf:6a:ad:34:7a:f7
Signer

Actual PE Digest

c6:20:ce:1c:a1:10:cf:0a:0a:33:fc:9b:13:4c:67:33:61:4a:e9:9c:8b:d3:e7:3d:5b:da:bf:6a:ad:34:7a:f7

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=CrystalBit Solutions,O=CrystalBit Solutions,POSTALCODE=8620,STREET=Schoolstraat 24,L=Nieuwpoort,ST=West Vlaanderen,C=BE

16/04/2020, 10:43
Valid: true

Chain 1

CN=CrystalBit Solutions,O=CrystalBit Solutions,POSTALCODE=8620,STREET=Schoolstraat 24,L=Nieuwpoort,ST=West Vlaanderen,C=BE

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

da:27:3a:1e:c0:67:37:65:74:c5:93:1b:82:5b:79:8a:94:cd:19:e3
Signer

Actual PE Digest

da:27:3a:1e:c0:67:37:65:74:c5:93:1b:82:5b:79:8a:94:cd:19:e3

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=CrystalBit Solutions,O=CrystalBit Solutions,POSTALCODE=8620,STREET=Schoolstraat 24,L=Nieuwpoort,ST=West Vlaanderen,C=BE

16/04/2020, 10:43
Valid: true

Chain 1

CN=CrystalBit Solutions,O=CrystalBit Solutions,POSTALCODE=8620,STREET=Schoolstraat 24,L=Nieuwpoort,ST=West Vlaanderen,C=BE

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CreateFileW
ReadFile
CloseHandle
HeapAlloc
HeapFree
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
GetCurrentProcess
TerminateProcess
GetExitCodeProcess
CreateProcessW
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadLibraryW
lstrlenW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
WriteFile
LoadResource
LockResource
SizeofResource
FindResourceW
GetUserDefaultUILanguage
WideCharToMultiByte
FreeLibrary
ExpandEnvironmentStringsW
GetCommandLineW
MulDiv
GetStringTypeW
DeleteCriticalSection
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
LCMapStringW
GetLocaleInfoW
GetCPInfo
SetEvent
ResetEvent
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
GetACP
GetStdHandle
GetFileType
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleCP
HeapReAlloc
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
FlushFileBuffers
WriteConsoleW
HeapSize
SetEndOfFile
MultiByteToWideChar
VerifyVersionInfoW
VerSetConditionMask
RtlUnwind
GetLastError

user32

DrawIconEx
LoadImageW
DestroyIcon
GetIconInfo
PostMessageW
InsertMenuW
GetMenuItemCount
SetRect
ReleaseDC
GetDC
GetSystemMetrics
SetLayeredWindowAttributes
ShowWindow
CreateWindowExW
RegisterClassExW
GetParent
GetActiveWindow
MessageBoxW
DefWindowProcW
InsertMenuItemW
GetMessageW

gdi32

DeleteDC
DeleteObject
GetDeviceCaps
CreateDIBSection
GetDIBits
SelectObject
CreateCompatibleDC

advapi32

RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey

shell32

SHChangeNotify
ShellExecuteW
SHGetSpecialFolderPathW
DragQueryFileW

ole32

ReleaseStgMedium

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 226KB - Virtual size: 226KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
App/Uninstall Tool/x64/utshellext_x86.dll
.dll regsvr32 windows x86

45d4942359c6e7f78943a6aeb4fb6969

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27/04/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

Issuer

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

30/05/2020, 10:48

Subject

CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c8:2f:ac:5d:4f:72:88:47:14:64:a3:99:82:a0:d3:7f
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

07/02/2020, 00:00

Not After

06/05/2023, 23:59

Subject

CN=CrystalBit Solutions,O=CrystalBit Solutions,POSTALCODE=8620,STREET=Schoolstraat 24,L=Nieuwpoort,ST=West Vlaanderen,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c8:2f:ac:5d:4f:72:88:47:14:64:a3:99:82:a0:d3:7f
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

07/02/2020, 00:00

Not After

06/05/2023, 23:59

Subject

CN=CrystalBit Solutions,O=CrystalBit Solutions,POSTALCODE=8620,STREET=Schoolstraat 24,L=Nieuwpoort,ST=West Vlaanderen,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c6:29:86:15:3e:21:e8:aa:46:d9:a8:dc:d9:ea:ed:5a:52:7f:32:d9:93:cf:71:d7:92:93:a3:2a:16:cb:1e:8c
Signer

Actual PE Digest

c6:29:86:15:3e:21:e8:aa:46:d9:a8:dc:d9:ea:ed:5a:52:7f:32:d9:93:cf:71:d7:92:93:a3:2a:16:cb:1e:8c

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=CrystalBit Solutions,O=CrystalBit Solutions,POSTALCODE=8620,STREET=Schoolstraat 24,L=Nieuwpoort,ST=West Vlaanderen,C=BE

16/04/2020, 10:44
Valid: true

Chain 1

CN=CrystalBit Solutions,O=CrystalBit Solutions,POSTALCODE=8620,STREET=Schoolstraat 24,L=Nieuwpoort,ST=West Vlaanderen,C=BE

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

f3:1e:3f:c7:15:8f:8a:2f:25:dc:3e:d0:79:ba:35:12:17:91:d8:60
Signer

Actual PE Digest

f3:1e:3f:c7:15:8f:8a:2f:25:dc:3e:d0:79:ba:35:12:17:91:d8:60

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=CrystalBit Solutions,O=CrystalBit Solutions,POSTALCODE=8620,STREET=Schoolstraat 24,L=Nieuwpoort,ST=West Vlaanderen,C=BE

16/04/2020, 10:44
Valid: true

Chain 1

CN=CrystalBit Solutions,O=CrystalBit Solutions,POSTALCODE=8620,STREET=Schoolstraat 24,L=Nieuwpoort,ST=West Vlaanderen,C=BE

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineW
CreateFileW
ReadFile
CloseHandle
HeapAlloc
HeapFree
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
GetCurrentProcess
TerminateProcess
GetExitCodeProcess
CreateProcessW
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadLibraryW
lstrlenW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
WriteFile
LoadResource
LockResource
SizeofResource
FindResourceW
GetUserDefaultUILanguage
VerifyVersionInfoW
FreeLibrary
ExpandEnvironmentStringsW
MulDiv
GetStringTypeW
DeleteCriticalSection
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
LCMapStringW
GetLocaleInfoW
GetCPInfo
IsProcessorFeaturePresent
SetEvent
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RtlUnwind
RaiseException
InterlockedFlushSList
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
GetACP
GetStdHandle
GetFileType
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleCP
HeapReAlloc
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
FlushFileBuffers
WriteConsoleW
HeapSize
SetEndOfFile
VerSetConditionMask
MultiByteToWideChar
GetLastError
InterlockedDecrement
WideCharToMultiByte
InterlockedIncrement

user32

LoadImageW
DestroyIcon
InsertMenuW
GetMenuItemCount
SetRect
ReleaseDC
GetDC
GetSystemMetrics
SetLayeredWindowAttributes
ShowWindow
CharLowerBuffW
CreateWindowExW
RegisterClassExW
DefWindowProcW
GetIconInfo
GetParent
GetMessageW
GetActiveWindow
MessageBoxW
PostMessageW
InsertMenuItemW
DrawIconEx

gdi32

DeleteDC
DeleteObject
GetDIBits
GetDeviceCaps
CreateDIBSection
SelectObject
CreateCompatibleDC

advapi32

RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey

shell32

SHChangeNotify
ShellExecuteW
SHGetSpecialFolderPathW
DragQueryFileW

ole32

ReleaseStgMedium

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 203KB - Virtual size: 203KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
App/Uninstall Tool/x86/CisUtMonitor.inf
App/Uninstall Tool/x86/CisUtMonitor.sys
.exe windows x86

76aba047f0b037cb0deb0211092d4824

Code Sign

0b:b4:b4:f9:68:eb:5e:9a:e8:3d:37:aa:2a:51:8d:7f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

10/02/2016, 00:00

Not After

09/04/2019, 23:59

Subject

CN=Software Security Systems ChTUP,O=Software Security Systems ChTUP,L=Minsk,ST=Minsk,C=BY

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1e:cf:bc:bd:80:3f:a1:41:27:27:a0:b3:9a:cd:0c:32
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

09/02/2016, 00:00

Not After

09/04/2019, 23:59

Subject

CN=Software Security Systems ChTUP,O=Software Security Systems ChTUP,L=Minsk,ST=Minsk,C=BY

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

97:cd:bc:e7:f0:f1:e8:c2:85:97:30:66:b4:87:21:b5:26:d8:ba:dc:03:27:fb:8e:36:a1:03:ae:61:e8:85:77
Signer

Actual PE Digest

97:cd:bc:e7:f0:f1:e8:c2:85:97:30:66:b4:87:21:b5:26:d8:ba:dc:03:27:fb:8e:36:a1:03:ae:61:e8:85:77

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Software Security Systems ChTUP,O=Software Security Systems ChTUP,L=Minsk,ST=Minsk,C=BY

23/11/2018, 07:01
Valid: false

cc:ce:78:3e:47:3a:1d:36:4f:90:51:4f:e4:d3:fe:87:a0:d6:6d:fe
Signer

Actual PE Digest

cc:ce:78:3e:47:3a:1d:36:4f:90:51:4f:e4:d3:fe:87:a0:d6:6d:fe

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Software Security Systems ChTUP,O=Software Security Systems ChTUP,L=Minsk,ST=Minsk,C=BY

23/11/2018, 07:01
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExEventObjectType
DbgPrint
ObfDereferenceObject
ExFreePoolWithTag
ExfInterlockedRemoveHeadList
memcpy
IofCompleteRequest
KeWaitForSingleObject
KeReleaseMutex
IoRegisterShutdownNotification
IoCreateSymbolicLink
CmRegisterCallback
KeInitializeMutex
ExInitializePagedLookasideList
ExInitializeNPagedLookasideList
IoCreateDevice
memset
PsGetVersion
InterlockedPopEntrySList
KeSetEvent
ExfInterlockedInsertTailList
PsGetProcessId
IoThreadToProcess
KeGetCurrentThread
ExAllocatePoolWithTag
_wcsicmp
_wcsnicmp
RtlCheckRegistryKey
ObReferenceObjectByHandle
ZwQueryValueKey
ZwDeleteKey
ZwSetValueKey
ZwCreateKey
RtlCompareUnicodeString
RtlCopyUnicodeString
MmGetSystemRoutineAddress
ZwClose
ZwOpenProcess
RtlTimeToSecondsSince1970
ExSystemTimeToLocalTime
KeQuerySystemTime
ObQueryNameString
MmIsAddressValid
ZwOpenKey
RtlConvertSidToUnicodeString
ZwQueryInformationToken
ZwOpenProcessTokenEx
ZwOpenThreadTokenEx
MmUnmapLockedPages
MmMapLockedPages
MmBuildMdlForNonPagedPool
MmCreateMdl
ExAllocatePool
KeServiceDescriptorTable
KeTickCount
KeBugCheckEx
PsSetCreateProcessNotifyRoutine
CmUnRegisterCallback
RtlInitUnicodeString
IoDeleteSymbolicLink
IoUnregisterShutdownNotification
ExDeleteNPagedLookasideList
ExDeletePagedLookasideList
IoDeleteDevice
ZwQueryObject
InterlockedPushEntrySList
RtlUnwind

fltmgr.sys

FltGetFileNameInformation
FltParseFileNameInformation
FltReleaseFileNameInformation
FltCloseCommunicationPort
FltRegisterFilter
FltStartFiltering
FltUnregisterFilter
FltGetDestinationFileNameInformation

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 932B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 930B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
App/Uninstall Tool/x86/UninstallTool.cpl
.dll windows x86

a0280ce257283b5c4ab3412557fcc523

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

23:e8:29:0d:71:95:04:18:c0:08:59:7e:42:f7:48:1b
Certificate

Issuer

CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL

Not Before

22/10/2008, 12:07

Not After

30/12/2025, 23:59

Subject

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29/10/2015, 11:30

Not After

09/06/2027, 11:30

Subject

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:18:e4:04:4b:5a:b7:74:fc:aa:9d:61:bd:8e:83:b4
Certificate

Issuer

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29/06/2018, 13:44

Not After

23/01/2020, 20:43

Subject

CN=CrystalBit Solutions,O=CrystalBit Solutions,C=BE,1.2.840.113549.1.9.1=#0c17737570706f7274406372797374616c696465612e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

93:92:85:40:01:65:71:5f:94:7f:28:8f:ef:c9:9b:28
Certificate

Issuer

CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL

Not Before

22/10/2008, 12:07

Not After

10/06/2027, 10:46

Subject

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29/10/2015, 11:30

Not After

09/06/2027, 11:30

Subject

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:18:e4:04:4b:5a:b7:74:fc:aa:9d:61:bd:8e:83:b4
Certificate

Issuer

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29/06/2018, 13:44

Not After

23/01/2020, 20:43

Subject

CN=CrystalBit Solutions,O=CrystalBit Solutions,C=BE,1.2.840.113549.1.9.1=#0c17737570706f7274406372797374616c696465612e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

db:2c:fe:6c:50:73:52:c1:3f:0e:fa:4c:f5:f8:6c:9a:9f:ae:ed:c5:47:40:8b:71:c4:c4:9c:74:e4:65:9a:7b
Signer

Actual PE Digest

db:2c:fe:6c:50:73:52:c1:3f:0e:fa:4c:f5:f8:6c:9a:9f:ae:ed:c5:47:40:8b:71:c4:c4:9c:74:e4:65:9a:7b

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=CrystalBit Solutions,O=CrystalBit Solutions,C=BE,1.2.840.113549.1.9.1=#0c17737570706f7274406372797374616c696465612e636f6d

30/08/2019, 15:24
Valid: true

Chain 1

CN=CrystalBit Solutions,O=CrystalBit Solutions,C=BE,1.2.840.113549.1.9.1=#0c17737570706f7274406372797374616c696465612e636f6d

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

b8:54:02:b4:8d:0f:7c:a4:bd:2c:ab:03:1a:81:6b:2d:77:ab:cd:12
Signer

Actual PE Digest

b8:54:02:b4:8d:0f:7c:a4:bd:2c:ab:03:1a:81:6b:2d:77:ab:cd:12

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=CrystalBit Solutions,O=CrystalBit Solutions,C=BE,1.2.840.113549.1.9.1=#0c17737570706f7274406372797374616c696465612e636f6d

30/08/2019, 15:24
Valid: true

Chain 1

CN=CrystalBit Solutions,O=CrystalBit Solutions,C=BE,1.2.840.113549.1.9.1=#0c17737570706f7274406372797374616c696465612e636f6d

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeLibrary
CloseHandle
lstrcpyW
lstrcatW
LoadLibraryW
GetModuleFileNameW
GetModuleHandleW
CreateProcessW
GetVersionExW
DecodePointer
WriteConsoleW
CreateThread
WaitForSingleObjectEx
OutputDebugStringW
OutputDebugStringA
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
InterlockedPushEntrySList
InterlockedFlushSList
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetProcAddress
LoadLibraryExW
EncodePointer
RaiseException
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
GetCurrentThread
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapAlloc
HeapFree
FindClose
FindFirstFileExA
FindFirstFileExW
FindNextFileA
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
GetProcessHeap
GetStdHandle
GetFileType
SetConsoleCtrlHandler
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
WriteFile
CreateFileW

user32

LoadIconW
LoadStringW

shell32

ShellExecuteW

shlwapi

PathFileExistsW
PathRemoveFileSpecW
PathAddBackslashW

Exports

Exports

CPlApplet

Sections

.text
Size: 233KB - Virtual size: 233KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
App/Uninstall Tool/x86/utshellext.dll
.dll regsvr32 windows x86

45d4942359c6e7f78943a6aeb4fb6969

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27/04/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

Issuer

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

30/05/2020, 10:48

Subject

CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c8:2f:ac:5d:4f:72:88:47:14:64:a3:99:82:a0:d3:7f
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

07/02/2020, 00:00

Not After

06/05/2023, 23:59

Subject

CN=CrystalBit Solutions,O=CrystalBit Solutions,POSTALCODE=8620,STREET=Schoolstraat 24,L=Nieuwpoort,ST=West Vlaanderen,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c8:2f:ac:5d:4f:72:88:47:14:64:a3:99:82:a0:d3:7f
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

07/02/2020, 00:00

Not After

06/05/2023, 23:59

Subject

CN=CrystalBit Solutions,O=CrystalBit Solutions,POSTALCODE=8620,STREET=Schoolstraat 24,L=Nieuwpoort,ST=West Vlaanderen,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c6:29:86:15:3e:21:e8:aa:46:d9:a8:dc:d9:ea:ed:5a:52:7f:32:d9:93:cf:71:d7:92:93:a3:2a:16:cb:1e:8c
Signer

Actual PE Digest

c6:29:86:15:3e:21:e8:aa:46:d9:a8:dc:d9:ea:ed:5a:52:7f:32:d9:93:cf:71:d7:92:93:a3:2a:16:cb:1e:8c

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=CrystalBit Solutions,O=CrystalBit Solutions,POSTALCODE=8620,STREET=Schoolstraat 24,L=Nieuwpoort,ST=West Vlaanderen,C=BE

16/04/2020, 10:44
Valid: true

Chain 1

CN=CrystalBit Solutions,O=CrystalBit Solutions,POSTALCODE=8620,STREET=Schoolstraat 24,L=Nieuwpoort,ST=West Vlaanderen,C=BE

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

f3:1e:3f:c7:15:8f:8a:2f:25:dc:3e:d0:79:ba:35:12:17:91:d8:60
Signer

Actual PE Digest

f3:1e:3f:c7:15:8f:8a:2f:25:dc:3e:d0:79:ba:35:12:17:91:d8:60

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=CrystalBit Solutions,O=CrystalBit Solutions,POSTALCODE=8620,STREET=Schoolstraat 24,L=Nieuwpoort,ST=West Vlaanderen,C=BE

16/04/2020, 10:44
Valid: true

Chain 1

CN=CrystalBit Solutions,O=CrystalBit Solutions,POSTALCODE=8620,STREET=Schoolstraat 24,L=Nieuwpoort,ST=West Vlaanderen,C=BE

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineW
CreateFileW
ReadFile
CloseHandle
HeapAlloc
HeapFree
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
GetCurrentProcess
TerminateProcess
GetExitCodeProcess
CreateProcessW
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadLibraryW
lstrlenW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
WriteFile
LoadResource
LockResource
SizeofResource
FindResourceW
GetUserDefaultUILanguage
VerifyVersionInfoW
FreeLibrary
ExpandEnvironmentStringsW
MulDiv
GetStringTypeW
DeleteCriticalSection
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
LCMapStringW
GetLocaleInfoW
GetCPInfo
IsProcessorFeaturePresent
SetEvent
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RtlUnwind
RaiseException
InterlockedFlushSList
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
GetACP
GetStdHandle
GetFileType
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleCP
HeapReAlloc
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
FlushFileBuffers
WriteConsoleW
HeapSize
SetEndOfFile
VerSetConditionMask
MultiByteToWideChar
GetLastError
InterlockedDecrement
WideCharToMultiByte
InterlockedIncrement

user32

LoadImageW
DestroyIcon
InsertMenuW
GetMenuItemCount
SetRect
ReleaseDC
GetDC
GetSystemMetrics
SetLayeredWindowAttributes
ShowWindow
CharLowerBuffW
CreateWindowExW
RegisterClassExW
DefWindowProcW
GetIconInfo
GetParent
GetMessageW
GetActiveWindow
MessageBoxW
PostMessageW
InsertMenuItemW
DrawIconEx

gdi32

DeleteDC
DeleteObject
GetDIBits
GetDeviceCaps
CreateDIBSection
SelectObject
CreateCompatibleDC

advapi32

RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey

shell32

SHChangeNotify
ShellExecuteW
SHGetSpecialFolderPathW
DragQueryFileW

ole32

ReleaseStgMedium

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 203KB - Virtual size: 203KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Data/UninstallToolPortable.reg
UninstallToolPortable.exe
.exe windows x86

59a4a44a250c4cf4f2d9de2b3fe5d95f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
SearchPathA
GetShortPathNameA
CreateFileA
GetFileSize
GetModuleFileNameA
ReadFile
GetCurrentProcess
CopyFileA
ExitProcess
SetEnvironmentVariableA
Sleep
CloseHandle
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrlenA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrcpyA
lstrcatA
GetSystemDirectoryA
GetVersion
GetProcAddress
GlobalAlloc
CompareFileTime
SetFileTime
ExpandEnvironmentStringsA
lstrcmpiA
lstrcmpA
WaitForSingleObject
GlobalFree
GetExitCodeProcess
GetModuleHandleA
GetTempPathA
GetWindowsDirectoryA
LoadLibraryExA
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
WriteFile
FindClose
WritePrivateProfileStringA
MultiByteToWideChar
MulDiv
GetPrivateProfileStringA
FreeLibrary

user32

CreateWindowExA
EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
GetDC
SystemParametersInfoA
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
DestroyWindow
CreateDialogParamA
SetTimer
GetDlgItem
wsprintfA
SetForegroundWindow
ShowWindow
IsWindow
LoadImageA
SetWindowLongA
SetClipboardData
EmptyClipboard
OpenClipboard
EndPaint
PostQuitMessage
FindWindowExA
SendMessageTimeoutA
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA

advapi32

RegCloseKey
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumValueA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

CoCreateInstance
CoTaskMemFree
OleInitialize
OleUninitialize

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
UninstallToolPortable.ini

Sharing

General

Malware Config

Signatures

Files

c42b0c1f41e0605c4616086c8aef5ed6

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

23:e8:29:0d:71:95:04:18:c0:08:59:7e:42:f7:48:1bCertificate

Key Usages

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2Certificate

Extended Key Usages

Key Usages

44:18:e4:04:4b:5a:b7:74:fc:aa:9d:61:bd:8e:83:b4Certificate

Extended Key Usages

Key Usages

93:92:85:40:01:65:71:5f:94:7f:28:8f:ef:c9:9b:28Certificate

Key Usages

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2Certificate

Extended Key Usages

Key Usages

44:18:e4:04:4b:5a:b7:74:fc:aa:9d:61:bd:8e:83:b4Certificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

06:66:0e:95:ab:71:4d:1c:71:cf:9c:87:64:c4:9e:d8:46:e5:05:eb:75:3d:65:a3:e4:a4:1d:3c:17:b0:fe:9dSigner

Signature Validations

Verification

09/09/2019, 09:24 Valid: true

Chain 1

db:13:f0:2b:09:a1:4c:f9:c2:09:ab:4b:95:e8:fc:12:61:0d:ea:96Signer

Signature Validations

Verification

09/09/2019, 09:24 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

Sections

.text Size: 149KB - Virtual size: 149KB

.rdata Size: 63KB - Virtual size: 62KB

.data Size: 3KB - Virtual size: 6KB

.rsrc Size: 87KB - Virtual size: 86KB

.reloc Size: 8KB - Virtual size: 8KB

f0e8305f3a2a23ba622fa7f18bf7cd51

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

23:e8:29:0d:71:95:04:18:c0:08:59:7e:42:f7:48:1bCertificate

Key Usages

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2Certificate

Extended Key Usages

Key Usages

44:18:e4:04:4b:5a:b7:74:fc:aa:9d:61:bd:8e:83:b4Certificate

Extended Key Usages

Key Usages

93:92:85:40:01:65:71:5f:94:7f:28:8f:ef:c9:9b:28Certificate

Key Usages

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2Certificate

Extended Key Usages

Key Usages

44:18:e4:04:4b:5a:b7:74:fc:aa:9d:61:bd:8e:83:b4Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

23:e8:29:0d:71:95:04:18:c0:08:59:7e:42:f7:48:1b
Certificate

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

44:18:e4:04:4b:5a:b7:74:fc:aa:9d:61:bd:8e:83:b4
Certificate

93:92:85:40:01:65:71:5f:94:7f:28:8f:ef:c9:9b:28
Certificate

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

44:18:e4:04:4b:5a:b7:74:fc:aa:9d:61:bd:8e:83:b4
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

06:66:0e:95:ab:71:4d:1c:71:cf:9c:87:64:c4:9e:d8:46:e5:05:eb:75:3d:65:a3:e4:a4:1d:3c:17:b0:fe:9d
Signer

09/09/2019, 09:24
Valid: true

db:13:f0:2b:09:a1:4c:f9:c2:09:ab:4b:95:e8:fc:12:61:0d:ea:96
Signer

09/09/2019, 09:24
Valid: true

.text
Size: 149KB - Virtual size: 149KB

.rdata
Size: 63KB - Virtual size: 62KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 87KB - Virtual size: 86KB

.reloc
Size: 8KB - Virtual size: 8KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

23:e8:29:0d:71:95:04:18:c0:08:59:7e:42:f7:48:1b
Certificate

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

44:18:e4:04:4b:5a:b7:74:fc:aa:9d:61:bd:8e:83:b4
Certificate

93:92:85:40:01:65:71:5f:94:7f:28:8f:ef:c9:9b:28
Certificate

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

44:18:e4:04:4b:5a:b7:74:fc:aa:9d:61:bd:8e:83:b4
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

a0:1c:49:44:89:8f:4d:60:53:6f:f6:4a:57:14:61:b5:ef:1c:99:8e:5c:96:b5:a0:31:5a:14:48:b8:dd:47:2e
Signer

03/10/2018, 14:26
Valid: true

53:e1:e4:9c:8e:0b:7b:42:37:6b:63:c6:f9:5e:9c:85:58:65:37:35
Signer

03/10/2018, 14:26
Valid: true

.text
Size: 96KB - Virtual size: 96KB

z0tyg8go
Size: 58KB - Virtual size: 60KB

.data
Size: 3KB - Virtual size: 8KB

.rsrc
Size: 2KB - Virtual size: 4KB

oc7esfle
Size: 287KB - Virtual size: 288KB

0.jibmbs
Size: 512B - Virtual size: 4KB

c8:2f:ac:5d:4f:72:88:47:14:64:a3:99:82:a0:d3:7f
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

c8:2f:ac:5d:4f:72:88:47:14:64:a3:99:82:a0:d3:7f
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

a1:d0:2b:bf:d4:2d:34:d7:0e:07:3d:07:68:f7:3e:81:12:e9:bd:0d:97:2c:77:5b:4f:33:2d:8a:da:c3:88:69
Signer

18/10/2022, 20:49
Valid: true

73:6d:e7:3d:89:96:c4:15:0d:24:5f:19:12:c1:5f:ef:ca:22:41:c7
Signer

18/10/2022, 20:49
Valid: true