c[.]zip | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

c.zip
Size

224.8MB
MD5

b95158bb93475622af1d1aef93d2ebf2
SHA1

b80287917411d1aedf4fe4d7ca5d70dcb969881f
SHA256

11e329f394675a2cf12b6c20ccd696ba555838872e4ec93797186683fe68588e
SHA512

d6b68ab66e90e7c1c9a40687890365de43dc775e842240fc5c6cfa6530355ebc450c3a8379807efd7340e57f7acb5483ba164d7716b3f878da5d8bc1c1e2d911
SSDEEP

6291456:LLUWPhJ5xdQCMVPVuQLyOWN8YIJ0snmbXFBvrRlw2On:EqvZQTVcQL4NpFXFBvrRlqn

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
static1/unpack001/Firefox_Setup_106.0.4.exe	upx

Files

c.zip
.zip
7z2201-x64.exe
.exe windows x86

54d407b03a79a4ace00748773fedfc2e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoCreateInstance
CoInitialize

user32

PeekMessageW
ExitWindowsEx
GetDlgItemTextW
SetWindowTextW
ShowWindow
MessageBoxW
CreateDialogParamW
LoadIconW
SendMessageW
GetMessageW
EnableWindow
GetDlgItem
IsDialogMessageW
TranslateMessage
DispatchMessageW
SetDlgItemTextW
DestroyWindow

advapi32

RegSetValueExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW

shell32

SHGetFolderPathW
SHBrowseForFolderW
SHGetPathFromIDListW

msvcrt

_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
memcpy
memcmp
memmove
malloc
free
exit
memset

kernel32

ReadFile
CloseHandle
CreateFileW
FormatMessageW
WriteFile
DeleteFileW
CreateDirectoryW
GetSystemDirectoryW
LoadLibraryW
GetModuleFileNameW
GetFileAttributesW
SetFilePointer
GetVersionExW
LoadLibraryExW
GetModuleHandleA
GetStartupInfoA
LocalFree
SetFileAttributesW
SetFileTime
MoveFileExW
GetLastError
lstrcatW
GetCommandLineW
lstrcpyW
GetModuleHandleW
GetProcAddress
GetCurrentProcess
lstrlenW

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Firefox_Setup_106.0.4.exe
.exe windows x86

Code Sign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2031 00:00

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:6a:53:45:5c:c7:00:12:fa:23:ce:7a:80:f8:5e:47
Certificate

Issuer

CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-07-2013 12:00

Not After

22-10-2023 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:1c:d3:ee:a4:7e:dd:a7:a0:32:57:3b:01:4d:0a:fd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

09-04-2021 00:00

Not After

19-06-2024 23:59

Subject

CN=Mozilla Corporation,OU=Firefox Engineering Operations,O=Mozilla Corporation,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7e:89:b9:df:00:6b:d1:aa:4c:48:d8:65:03:96:34:ca
Certificate

Issuer

CN=Dummy

Not Before

01-01-2013 07:00

Not After

02-01-2013 07:00

Subject

CN=Dummy

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

40:8d:a7:96:d1:31:5e:cb:96:90:8c:4d:6e:1a:0b:0e:3b:58:48:4f:0e:61:82:f3:5f:3f:d9:8b:f2:ab:dc:31
Signer

Actual PE Digest

40:8d:a7:96:d1:31:5e:cb:96:90:8c:4d:6e:1a:0b:0e:3b:58:48:4f:0e:61:82:f3:5f:3f:d9:8b:f2:ab:dc:31

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Mozilla Corporation,OU=Firefox Engineering Operations,O=Mozilla Corporation,L=Mountain View,ST=California,C=US

03-11-2022 00:24
Valid: true

Chain 1

CN=Mozilla Corporation,OU=Firefox Engineering Operations,O=Mozilla Corporation,L=Mountain View,ST=California,C=US

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 144KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 64KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 63KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
SumatraPDF-3.4-64-install.exe
.exe windows x64

a27de8a490979691d0e7c85fcd5259bc

Code Sign

c8:a7:9a:cf:a2:0c:a4:15:09:24:5c:1f:7f:64:ff:c4
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

24-05-2021 00:00

Not After

23-08-2024 23:59

Subject

CN=Krzysztof Kowalczyk,O=Krzysztof Kowalczyk,L=San Diego,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12-03-2019 00:00

Not After

31-12-2028 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11-05-2022 00:00

Not After

10-08-2033 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c8:a7:9a:cf:a2:0c:a4:15:09:24:5c:1f:7f:64:ff:c4
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

24-05-2021 00:00

Not After

23-08-2024 23:59

Subject

CN=Krzysztof Kowalczyk,O=Krzysztof Kowalczyk,L=San Diego,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12-03-2019 00:00

Not After

31-12-2028 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11-05-2022 00:00

Not After

10-08-2033 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

84:62:9d:32:b3:3d:f4:f7:72:26:a0:92:7e:3d:5b:1b:a5:5c:be:b8:a5:d1:75:fe:2e:80:1f:fe:91:d2:4c:e4
Signer

Actual PE Digest

84:62:9d:32:b3:3d:f4:f7:72:26:a0:92:7e:3d:5b:1b:a5:5c:be:b8:a5:d1:75:fe:2e:80:1f:fe:91:d2:4c:e4

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Krzysztof Kowalczyk,O=Krzysztof Kowalczyk,L=San Diego,ST=California,C=US

02-11-2022 14:01
Valid: true

Chain 1

CN=Krzysztof Kowalczyk,O=Krzysztof Kowalczyk,L=San Diego,ST=California,C=US

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Chain 2

CN=Krzysztof Kowalczyk,O=Krzysztof Kowalczyk,L=San Diego,ST=California,C=US

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

ee:85:d1:b9:08:fc:62:a9:0a:35:de:9b:51:9d:1a:82:35:c3:79:22
Signer

Actual PE Digest

ee:85:d1:b9:08:fc:62:a9:0a:35:de:9b:51:9d:1a:82:35:c3:79:22

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Krzysztof Kowalczyk,O=Krzysztof Kowalczyk,L=San Diego,ST=California,C=US

02-11-2022 14:01
Valid: true

Chain 1

CN=Krzysztof Kowalczyk,O=Krzysztof Kowalczyk,L=San Diego,ST=California,C=US

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Chain 2

CN=Krzysztof Kowalczyk,O=Krzysztof Kowalczyk,L=San Diego,ST=California,C=US

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

comctl32

ImageList_EndDrag
ImageList_DragShowNolock
ImageList_DragEnter
ImageList_DragMove
ImageList_BeginDrag
ImageList_Create
ImageList_AddMasked
ord412
ord410
ord413
ImageList_Destroy
CreatePropertySheetPageW
ImageList_GetIconSize
ImageList_Draw
ord345
InitCommonControlsEx

kernel32

DebugBreak
IsDebuggerPresent
Sleep
QueryPerformanceFrequency
CreateSemaphoreW
GetProcessAffinityMask
ReleaseSemaphore
MoveFileW
CreateHardLinkW
RemoveDirectoryW
DeviceIoControl
SetThreadPriority
FoldStringW
TzSpecificLocalTimeToSystemTime
IsDBCSLeadByte
AreFileApisANSI
ExitThread
WaitForMultipleObjectsEx
CompareFileTime
CancelIo
GetFileTime
GetDriveTypeW
GetTempFileNameW
GetFileAttributesExW
GetFileInformationByHandle
GetVolumePathNameW
GetModuleFileNameW
CloseHandle
SystemTimeToFileTime
GetSystemTimeAsFileTime
QueryPerformanceCounter
FindResourceW
GetModuleHandleW
GetLogicalDrives
MulDiv
VerSetConditionMask
VerifyVersionInfoW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
HeapCreate
HeapFree
GetCurrentProcess
TerminateProcess
GetEnvironmentVariableA
WaitForSingleObject
GetCurrentThreadId
GetLocaleInfoA
CreateToolhelp32Snapshot
CreateEventW
SetEvent
HeapReAlloc
GetSystemInfo
CreateThread
HeapAlloc
LoadLibraryExA
WriteConsoleW
SetEndOfFile
GetStringTypeW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindFirstFileExW
ReadConsoleW
SetFilePointerEx
GetTimeZoneInformation
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
HeapSize
GetProcessHeap
SetStdHandle
GetCurrentDirectoryW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
CompareStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetModuleHandleExW
SetConsoleCtrlHandler
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
EncodePointer
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
RtlPcToFileHeader
RtlUnwindEx
InitializeCriticalSectionEx
GetStartupInfoW
InitializeSListHead
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SetFilePointer
GetExitCodeProcess
GetEnvironmentVariableW
GetACP
LocalFileTimeToFileTime
FileTimeToDosDateTime
FileTimeToLocalFileTime
RaiseException
SetThreadContext
FlushInstructionCache
VirtualAlloc
VirtualFree
VirtualProtect
WideCharToMultiByte
GetSystemDirectoryW
OpenThread
VirtualQuery
GetThreadContext
GetModuleHandleA
ResumeThread
SuspendThread
Thread32First
Thread32Next
GetModuleFileNameA
AllocConsole
FormatMessageA
SetFileTime
OutputDebugStringA
GetTempPathW
GetUserDefaultUILanguage
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
SetErrorMode
GetFullPathNameW
GetCommandLineW
GetDateFormatW
GetTimeFormatW
CopyFileW
MoveFileExW
LocalFree
FormatMessageW
SetFileAttributesW
GetFileAttributesW
LoadResource
LockResource
SizeofResource
SetThreadExecutionState
GlobalAddAtomW
GlobalDeleteAtom
GetTickCount
GetSystemTime
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
GetCurrentThread
Process32FirstW
Process32NextW
OpenProcess
ExitProcess
DeleteFileW
GetLastError
WriteFile
FreeLibrary
CreateProcessW
GetProcAddress
GetWindowsDirectoryW
SetCurrentDirectoryW
LoadLibraryW
AttachConsole
FindClose
FindNextFileW
FindFirstFileW
SetUnhandledExceptionFilter
Module32NextW
GlobalMemoryStatusEx
GetCurrentProcessId
HeapDestroy
GetDriveTypeA
GetPrivateProfileIntW
GetShortPathNameW
GetLongPathNameW
WritePrivateProfileStringW
GetFileSizeEx
ReadFile
CreateDirectoryW
CreateFileW
GetVersionExW
GetStdHandle
SetConsoleScreenBufferSize
GetConsoleScreenBufferInfo
ReadDirectoryChangesW
QueueUserAPC
SetNamedPipeHandleState
MultiByteToWideChar
GetLocaleInfoW
Module32FirstW
ResetEvent

user32

KillTimer
SetCursor
SetCapture
ReleaseCapture
SendInput
CharToOemBuffW
CharUpperW
OemToCharBuffA
CharToOemA
CreateAcceleratorTableW
DestroyAcceleratorTable
GetSysColor
SystemParametersInfoW
GetSystemMetrics
SendMessageW
PostMessageW
EndPaint
BeginPaint
ReleaseDC
OemToCharA
RegisterWindowMessageW
WindowFromDC
IsWindowEnabled
GetClassInfoExW
GetMessagePos
SetRectEmpty
ClientToScreen
SetLayeredWindowAttributes
DeferWindowPos
GetPropW
RemovePropW
BeginDeferWindowPos
SetPropW
EndDeferWindowPos
CharLowerW
IsChild
HideCaret
SetClassLongPtrW
ShowCaret
IsCharAlphaNumericW
ValidateRect
GetUpdateRect
GetWindowThreadProcessId
GetMessageW
AllowSetForegroundWindow
FindWindowExW
LoadBitmapW
TranslateAcceleratorW
GetClassNameW
SetParent
MapVirtualKeyW
ScreenToClient
IsWindow
MessageBoxA
CharLowerBuffW
GetAncestor
IsCharUpperW
GetWindowLongW
GetWindow
CheckRadioButton
EndDialog
SetDlgItemTextW
SendDlgItemMessageW
DialogBoxIndirectParamW
IsDlgButtonChecked
SetWindowLongW
CheckDlgButton
DialogBoxParamW
MoveWindow
GetFocus
OpenClipboard
CloseClipboard
EmptyClipboard
GetWindowTextLengthW
ReuseDDElParam
ShowWindowAsync
IsWindowUnicode
UnpackDDElParam
LoadCursorW
DrawTextW
ModifyMenuW
CheckMenuRadioItem
GetMenuItemID
GetMenu
SetMenuItemInfoW
SetMenu
DrawTextExW
InsertMenuW
MessageBeep
GetDesktopWindow
UpdateWindow
MsgWaitForMultipleObjects
DispatchMessageW
IsDialogMessageW
IsIconic
GetCursorPos
SetForegroundWindow
DdeFreeStringHandle
DdeDisconnect
CheckMenuItem
SetClipboardData
DdeFreeDataHandle
DdeClientTransaction
DdeUninitialize
DdeInitializeW
TrackMouseEvent
GetMonitorInfoW
GetWindowInfo
DdeConnect
DdeCreateStringHandleW
wsprintfA
DestroyCursor
EnumDisplayMonitors
MonitorFromWindow
MonitorFromRect
CopyImage
GetKeyState
AdjustWindowRectEx
PeekMessageW
TranslateMessage
GetDlgItem
PostQuitMessage
EnableWindow
MessageBoxW
CreateMenu
SetFocus
BringWindowToTop
LoadIconW
SetActiveWindow
DestroyWindow
GetMenuItemInfoW
GetSystemMenu
CallWindowProcW
GetWindowRect
IsWindowVisible
SetWindowPos
GetMenuItemCount
SetWindowLongPtrW
CreateWindowExW
CreatePopupMenu
GetWindowLongPtrW
RegisterClassExW
GetClassLongPtrW
TrackPopupMenu
ShowWindow
InvalidateRgn
OffsetRect
RedrawWindow
MapWindowPoints
SetMenuDefaultItem
GetForegroundWindow
DestroyMenu
FindWindowW
GetWindowDC
SetTimer
GetCapture
GetScrollPos
GetScrollInfo
GetCursor
FillRect
TrackPopupMenuEx
RemoveMenu
GetClientRect
IsZoomed
AppendMenuW
DrawIconEx
EnableMenuItem
DrawEdge
GetParent
DrawFrameControl
InvalidateRect
SetScrollInfo
DefWindowProcW
ShowScrollBar
GetDC

gdi32

CreateCompatibleBitmap
SetStretchBltMode
SetGraphicsMode
SetDIBits
GetDIBColorTable
SetDIBColorTable
GetDIBits
SetROP2
ExtTextOutW
CreatePatternBrush
CreateBitmap
GetObjectW
GetObjectA
IntersectClipRect
SetWorldTransform
CreateDIBSection
SetLayout
CreateRoundRectRgn
TextOutW
GetTextExtentPoint32W
SelectClipRgn
RoundRect
BitBlt
StartPage
AbortDoc
EndDoc
CreateDCW
SetMapMode
StartDocW
EndPage
GetDeviceCaps
LineTo
MoveToEx
SetBkColor
CreateFontIndirectW
SetBkMode
GetClipBox
CreateRectRgn
SetViewportOrgEx
ExcludeClipRect
ExtSelectClipRgn
SetBrushOrgEx
SelectObject
CreateCompatibleDC
PatBlt
StretchBlt
GetStockObject
DeleteDC
SetTextColor
CreatePen
Rectangle
DeleteObject
CreateSolidBrush

winspool.drv

OpenPrinterW
GetPrinterW
DocumentPropertiesW
DeviceCapabilitiesW
EnumPrintersW
ord203
ClosePrinter

comdlg32

GetOpenFileNameW
PrintDlgExW
GetSaveFileNameW

advapi32

CryptReleaseContext
RegCloseKey
RegQueryInfoKeyW
RegQueryValueExW
InitializeSecurityDescriptor
CheckTokenMembership
FreeSid
OpenProcessToken
RegSetKeySecurity
AllocateAndInitializeSid
SetSecurityDescriptorDacl
RegOpenKeyExW
SetFileSecurityW
LookupPrivilegeValueW
AdjustTokenPrivileges
RegEnumKeyW
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam

shell32

SHGetMalloc
DragFinish
SHGetPathFromIDListW
SHChangeNotify
SHFileOperationW
SHGetFolderPathW
SHGetFileInfoW
ShellExecuteExW
SHGetDesktopFolder
CommandLineToArgvW
DragAcceptFiles
SHAddToRecentDocs
SHBindToParent
SHBrowseForFolderW
DragQueryFileW

ole32

CoGetMalloc
CoTaskMemFree
CreateStreamOnHGlobal
ReleaseStgMedium
CoUninitialize
CoInitialize
CoCreateInstance
OleUninitialize
OleInitialize
CoTaskMemAlloc

oleaut32

SafeArrayCreateVector
SysFreeString
VariantClear
VariantInit
SafeArrayPutElement
SysAllocString

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 223KB - Virtual size: 222KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5.7MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TB_Free_Installer_20220922.5363.exe
.exe windows x86

b34f154ec913d2d2c435cbd644e91687

Code Sign

06:86:ed:40:3e:c1:bf:44:1c:8f:33:5c:84:1e:ea:00
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30-08-2019 00:00

Not After

02-10-2022 12:00

Subject

CN=CHENGDU YIWO Tech Development Co.\, Ltd.,O=CHENGDU YIWO Tech Development Co.\, Ltd.,L=Chengdu,ST=Sichuan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11-02-2011 12:00

Not After

10-02-2026 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:89:bc:77:ac:14:b8:20:c4:d6:7a:cf:c4:64:03:aa
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

15-11-2021 00:00

Not After

02-12-2024 23:59

Subject

SERIALNUMBER=91510107765360104N,CN=CHENGDU YIWO Tech Development Co.\, Ltd.,O=CHENGDU YIWO Tech Development Co.\, Ltd.,L=成都市,ST=四川省,C=CN,1.3.6.1.4.1.311.60.2.1.1=#0c09e6ada6e4beafe58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e59b9be5b79de79c81,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

46:9d:84:6f:f2:26:93:36:df:76:73:04:e0:f2:c9:04:f0:9f:75:5b:bb:31:9a:99:77:ff:f5:81:27:49:bb:6f
Signer

Actual PE Digest

46:9d:84:6f:f2:26:93:36:df:76:73:04:e0:f2:c9:04:f0:9f:75:5b:bb:31:9a:99:77:ff:f5:81:27:49:bb:6f

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=91510107765360104N,CN=CHENGDU YIWO Tech Development Co.\, Ltd.,O=CHENGDU YIWO Tech Development Co.\, Ltd.,L=成都市,ST=四川省,C=CN,1.3.6.1.4.1.311.60.2.1.1=#0c09e6ada6e4beafe58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e59b9be5b79de79c81,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

02-11-2022 14:01
Valid: true

Chain 1

SERIALNUMBER=91510107765360104N,CN=CHENGDU YIWO Tech Development Co.\, Ltd.,O=CHENGDU YIWO Tech Development Co.\, Ltd.,L=成都市,ST=四川省,C=CN,1.3.6.1.4.1.311.60.2.1.1=#0c09e6ada6e4beafe58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e59b9be5b79de79c81,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

c5:0f:e1:20:4a:88:59:1a:fa:f0:70:f1:f2:9d:97:2c:d6:fc:16:7b
Signer

Actual PE Digest

c5:0f:e1:20:4a:88:59:1a:fa:f0:70:f1:f2:9d:97:2c:d6:fc:16:7b

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=CHENGDU YIWO Tech Development Co.\, Ltd.,O=CHENGDU YIWO Tech Development Co.\, Ltd.,L=Chengdu,ST=Sichuan,C=CN

02-11-2022 14:01
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEnvironmentVariableW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
SetCurrentDirectoryW
GetFileAttributesW
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
GetVersion
SetErrorMode
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
ExitProcess
GetShortPathNameW
CreateThread
GetLastError
CreateDirectoryW
CreateProcessW
RemoveDirectoryW
lstrcmpiA
CreateFileW
GetTempFileNameW
WriteFile
lstrcpyA
MoveFileExW
lstrcatW
GetSystemDirectoryW
GetProcAddress
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
lstrcmpiW
MoveFileW
GetFullPathNameW
SetFileTime
SearchPathW
CompareFileTime
lstrcmpW
CloseHandle
ExpandEnvironmentStringsW
GlobalFree
GlobalLock
GlobalUnlock
GlobalAlloc
FindFirstFileW
FindNextFileW
DeleteFileW
SetFilePointer
ReadFile
FindClose
lstrlenA
MulDiv
MultiByteToWideChar
WideCharToMultiByte
GetPrivateProfileStringW
WritePrivateProfileStringW
FreeLibrary
LoadLibraryExW
GetModuleHandleW

user32

GetSystemMenu
SetClassLongW
EnableMenuItem
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongW
SetCursor
LoadCursorW
CheckDlgButton
GetMessagePos
LoadBitmapW
CallWindowProcW
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
ScreenToClient
GetWindowRect
GetDlgItem
GetSystemMetrics
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharPrevW
CharNextA
wsprintfA
DispatchMessageW
PeekMessageW
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
GetDC
SetTimer
SetWindowTextW
LoadImageW
SetForegroundWindow
ShowWindow
IsWindow
SetWindowLongW
FindWindowExW
TrackPopupMenu
AppendMenuW
CreatePopupMenu
EndPaint
CreateDialogParamW
SendMessageTimeoutW
wsprintfW
PostQuitMessage

gdi32

SelectObject
SetBkMode
CreateFontIndirectW
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
ShellExecuteExW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
SHFileOperationW

advapi32

AdjustTokenPrivileges
RegCreateKeyExW
RegOpenKeyExW
SetFileSecurityW
OpenProcessToken
LookupPrivilegeValueW
RegEnumValueW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegEnumKeyW

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
XnView-511win-full.exe
.exe windows x86

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29-03-2022 00:00

Not After

14-03-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:a9:eb:f0:ca:8e:d0:1f:5d:45:83:76:41:26:a4:32
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

20-04-2022 00:00

Not After

23-04-2025 23:59

Subject

CN=Pierre GOUGELET,O=Pierre GOUGELET,L=REIMS,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

d4:f4:7d:b8:ea:6e:da:8d:f3:0c:b5:1b:f9:48:dd:e2:6d:93:90:98
Signer

Actual PE Digest

d4:f4:7d:b8:ea:6e:da:8d:f3:0c:b5:1b:f9:48:dd:e2:6d:93:90:98

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Pierre GOUGELET,O=Pierre GOUGELET,L=REIMS,C=FR

06-09-2022 15:12
Valid: true

Chain 1

CN=Pierre GOUGELET,O=Pierre GOUGELET,L=REIMS,C=FR

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Chain 2

CN=Pierre GOUGELET,O=Pierre GOUGELET,L=REIMS,C=FR

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
avast_free_antivirus_setup_online.exe
.exe windows x86

959a6730bc071cd048c8e4c56109bff6

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:70:ef:4b:ad:5c:c4:4a:1c:2b:c3:d9:64:01:67:4c
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

02-04-2020 00:00

Not After

09-03-2023 12:00

Subject

CN=Avast Software s.r.o.,OU=RE stapler cistodc,O=Avast Software s.r.o.,L=Praha,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d0:1e:eb:e9:9c:e0:5a:82:12:ec:95:8b:b2:07:a1:a6:63:17:63:32:67:62:41:e5:83:12:30:58:96:01:e9:8d
Signer

Actual PE Digest

d0:1e:eb:e9:9c:e0:5a:82:12:ec:95:8b:b2:07:a1:a6:63:17:63:32:67:62:41:e5:83:12:30:58:96:01:e9:8d

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Avast Software s.r.o.,OU=RE stapler cistodc,O=Avast Software s.r.o.,L=Praha,C=CZ

31-10-2022 08:56
Valid: true

Chain 1

CN=Avast Software s.r.o.,OU=RE stapler cistodc,O=Avast Software s.r.o.,L=Praha,C=CZ

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetLastError
Sleep
GetFileSizeEx
WriteFile
SetEndOfFile
SetFilePointerEx
LocalFree
CloseHandle
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
EnumResourceNamesW
GetWindowsDirectoryW
CreateDirectoryW
CreateFileW
CreateThread
GetSystemTimeAsFileTime
GetNativeSystemInfo
lstrcatA
lstrlenA
GetVersionExA
GetCurrentProcess
GetExitCodeProcess
ResumeThread
ReleaseMutex
WaitForSingleObject
CreateMutexW
CreateProcessW
GetPrivateProfileIntW
GetPrivateProfileStringW
GetDiskFreeSpaceExW
CopyFileW
MoveFileExW
CreateHardLinkW
HeapAlloc
GetProcessHeap
HeapSetInformation
ExitProcess
IsProcessorFeaturePresent
lstrcpyW
GetModuleHandleW
GetSystemDirectoryW
SetDllDirectoryW
InterlockedExchange
LockResource
WriteConsoleW
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetStdHandle
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileW
GetLastError
HeapFree
InterlockedExchangeAdd
GetVersionExW
FindResourceW
LoadLibraryW
SizeofResource
LoadResource
GlobalFree
GlobalUnlock
GlobalLock
FindFirstFileExW
FindClose
GlobalAlloc
FreeLibrary
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
DecodePointer
GetVersion
HeapDestroy
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
DeviceIoControl
GetVolumeNameForVolumeMountPointW
GetVolumePathNameW
MultiByteToWideChar
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
TerminateProcess
OutputDebugStringW
RtlUnwind
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetCommandLineA
GetCommandLineW
GetStdHandle
GetModuleFileNameW
GetModuleHandleExW
GetACP
GetStringTypeW
GetFileType
GetProcAddress

user32

GetMessageW
TranslateMessage
DispatchMessageW
AllowSetForegroundWindow
PostMessageW
wsprintfA
LoadStringW
MessageBoxExW
wsprintfW
SystemParametersInfoW
IsDialogMessageW
LoadImageW
DestroyIcon
FindWindowW
FillRect
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
SetForegroundWindow
GetSystemMetrics
KillTimer
SetTimer
SetFocus
SetWindowPos
DestroyWindow
CreateWindowExW
RegisterClassExW
PostQuitMessage
DefWindowProcW
SendMessageW

gdi32

GetTextExtentPoint32W
GetObjectW
CreateDIBSection
SelectObject
CreateFontIndirectW
DeleteObject
CreateSolidBrush
CreatePatternBrush

advapi32

CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
GetSidSubAuthorityCount
GetSidSubAuthority
IsValidSid
GetTokenInformation
OpenProcessToken
ConvertStringSecurityDescriptorToSecurityDescriptorA

ole32

CoCreateInstance
CreateStreamOnHGlobal
CoInitializeEx

comctl32

ord17

Sections

.text
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
torbrowser-install-win64-11.5.6_de.exe
.exe windows x64

6169175a0a7af2b9c8a2e2eac3911bf6

Code Sign

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:30:77:dd:5a:82:37:4e:91:10:e0:a7:6d:e5:75:b2
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

26-05-2020 00:00

Not After

31-05-2023 12:00

Subject

SERIALNUMBER=208096820,CN=The Tor Project\, Inc.,O=The Tor Project\, Inc.,L=Seattle,ST=Washington,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130d4d617373616368757365747473,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e1:ca:ac:67:a8:02:94:fd:00:df:c0:00:3a:fc:7a:29:44:15:43:8d:6e:ea:06:79:04:a3:8e:99:c6:a8:8c:51
Signer

Actual PE Digest

e1:ca:ac:67:a8:02:94:fd:00:df:c0:00:3a:fc:7a:29:44:15:43:8d:6e:ea:06:79:04:a3:8e:99:c6:a8:8c:51

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=208096820,CN=The Tor Project\, Inc.,O=The Tor Project\, Inc.,L=Seattle,ST=Washington,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130d4d617373616368757365747473,1.3.6.1.4.1.311.60.2.1.3=#13025553

26-10-2022 23:34
Valid: true

Chain 1

SERIALNUMBER=208096820,CN=The Tor Project\, Inc.,O=The Tor Project\, Inc.,L=Seattle,ST=Washington,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130d4d617373616368757365747473,1.3.6.1.4.1.311.60.2.1.3=#13025553

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegCreateKeyExW
RegDeleteKeyExW
RegDeleteValueW
RegEnumKeyW
RegEnumValueW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
SetFileSecurityW

comctl32

ImageList_AddMasked
ImageList_Create
ImageList_Destroy
InitCommonControls

gdi32

CreateBrushIndirect
CreateFontIndirectW
DeleteObject
GetDeviceCaps
SelectObject
SetBkColor
SetBkMode
SetTextColor

kernel32

CloseHandle
CompareFileTime
CopyFileW
CreateDirectoryW
CreateFileW
CreateProcessW
CreateThread
DeleteFileW
ExitProcess
ExpandEnvironmentStringsW
FindClose
FindFirstFileW
FindNextFileW
FreeLibrary
GetCommandLineW
GetCurrentProcess
GetDiskFreeSpaceExW
GetExitCodeProcess
GetFileAttributesW
GetFileSize
GetFullPathNameW
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetPrivateProfileStringW
GetProcAddress
GetShortPathNameW
GetSystemDirectoryW
GetTempFileNameW
GetTempPathW
GetTickCount
GetUserDefaultUILanguage
GetVersion
GetWindowsDirectoryW
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
LoadLibraryExW
MoveFileExW
MoveFileW
MulDiv
MultiByteToWideChar
ReadFile
RemoveDirectoryW
SearchPathW
SetCurrentDirectoryW
SetEnvironmentVariableW
SetErrorMode
SetFileAttributesW
SetFilePointer
SetFileTime
Sleep
WaitForSingleObject
WideCharToMultiByte
WriteFile
WritePrivateProfileStringW
lstrcatW
lstrcmpW
lstrcmpiA
lstrcmpiW
lstrcpynW
lstrlenA
lstrlenW

ole32

CoCreateInstance
CoTaskMemFree
OleInitialize
OleUninitialize

shell32

SHBrowseForFolderW
SHCLSIDFromString
SHFileOperationW
SHGetFileInfoW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW

user32

AppendMenuW
BeginPaint
CallWindowProcW
CharNextA
CharNextW
CharPrevW
CheckDlgButton
CloseClipboard
CreateDialogParamW
CreatePopupMenu
CreateWindowExW
DefWindowProcW
DestroyWindow
DialogBoxParamW
DispatchMessageW
DrawTextW
EmptyClipboard
EnableMenuItem
EnableWindow
EndDialog
EndPaint
ExitWindowsEx
FillRect
FindWindowExW
GetClassInfoW
GetClientRect
GetDC
GetDlgItem
GetDlgItemTextW
GetMessagePos
GetSysColor
GetSystemMenu
GetSystemMetrics
GetWindowLongPtrW
GetWindowRect
InvalidateRect
IsWindow
IsWindowEnabled
IsWindowVisible
LoadCursorW
LoadImageW
MessageBoxIndirectW
OpenClipboard
PeekMessageW
PostQuitMessage
RegisterClassW
ReleaseDC
ScreenToClient
SendMessageTimeoutW
SendMessageW
SetClassLongPtrW
SetClipboardData
SetCursor
SetDlgItemTextW
SetForegroundWindow
SetTimer
SetWindowLongPtrW
SetWindowPos
SetWindowTextW
ShowWindow
SystemParametersInfoW
TrackPopupMenu
wsprintfW

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 122KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: 512B - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
vlc-3.0.17.4-win64.exe
.exe windows x86

730491907e677638ab304e28646ba09c

Code Sign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2031 00:00

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:07:ab:b6:4e:99:90:18:07:89:ea:cb:81:f5:f9:14
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

14-12-2020 00:00

Not After

18-12-2023 23:59

Subject

CN=VideoLAN,O=VideoLAN,L=Paris,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2031 00:00

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:07:ab:b6:4e:99:90:18:07:89:ea:cb:81:f5:f9:14
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

14-12-2020 00:00

Not After

18-12-2023 23:59

Subject

CN=VideoLAN,O=VideoLAN,L=Paris,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

8c:3f:4b:0a:c3:ce:89:6a:65:54:c9:e6:d8:0c:b1:c3:26:72:fa:21:18:d7:a3:57:8a:3f:85:00:d3:47:94:55
Signer

Actual PE Digest

8c:3f:4b:0a:c3:ce:89:6a:65:54:c9:e6:d8:0c:b1:c3:26:72:fa:21:18:d7:a3:57:8a:3f:85:00:d3:47:94:55

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=VideoLAN,O=VideoLAN,L=Paris,C=FR

24-03-2022 09:15
Valid: true

Chain 1

CN=VideoLAN,O=VideoLAN,L=Paris,C=FR

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

9e:56:2b:cb:9c:b6:71:06:f4:3d:59:10:8d:be:18:45:f4:7d:17:bd
Signer

Actual PE Digest

9e:56:2b:cb:9c:b6:71:06:f4:3d:59:10:8d:be:18:45:f4:7d:17:bd

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=VideoLAN,O=VideoLAN,L=Paris,C=FR

24-03-2022 09:15
Valid: true

Chain 1

CN=VideoLAN,O=VideoLAN,L=Paris,C=FR

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyW
RegEnumValueW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
SetFileSecurityW

comctl32

ImageList_AddMasked
ImageList_Create
ImageList_Destroy
InitCommonControls

gdi32

CreateBrushIndirect
CreateFontIndirectW
DeleteObject
GetDeviceCaps
SelectObject
SetBkColor
SetBkMode
SetTextColor

kernel32

CloseHandle
CompareFileTime
CopyFileW
CreateDirectoryW
CreateFileW
CreateProcessW
CreateThread
DeleteFileW
ExitProcess
ExpandEnvironmentStringsW
FindClose
FindFirstFileW
FindNextFileW
FreeLibrary
GetCommandLineW
GetCurrentProcess
GetDiskFreeSpaceW
GetExitCodeProcess
GetFileAttributesW
GetFileSize
GetFullPathNameW
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetPrivateProfileStringW
GetProcAddress
GetShortPathNameW
GetSystemDirectoryW
GetTempFileNameW
GetTempPathW
GetTickCount
GetVersion
GetWindowsDirectoryW
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
LoadLibraryExW
MoveFileExW
MoveFileW
MulDiv
MultiByteToWideChar
ReadFile
RemoveDirectoryW
SearchPathW
SetCurrentDirectoryW
SetEnvironmentVariableW
SetErrorMode
SetFileAttributesW
SetFilePointer
SetFileTime
Sleep
WaitForSingleObject
WideCharToMultiByte
WriteFile
WritePrivateProfileStringW
lstrcatW
lstrcmpW
lstrcmpiA
lstrcmpiW
lstrcpyA
lstrcpynW
lstrlenA
lstrlenW

ole32

CoCreateInstance
CoTaskMemFree
IIDFromString
OleInitialize
OleUninitialize

shell32

SHBrowseForFolderW
SHFileOperationW
SHGetFileInfoW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW

user32

AppendMenuW
BeginPaint
CallWindowProcW
CharNextA
CharNextW
CharPrevW
CheckDlgButton
CloseClipboard
CreateDialogParamW
CreatePopupMenu
CreateWindowExW
DefWindowProcW
DestroyWindow
DialogBoxParamW
DispatchMessageW
DrawTextW
EmptyClipboard
EnableMenuItem
EnableWindow
EndDialog
EndPaint
ExitWindowsEx
FillRect
FindWindowExW
GetClassInfoW
GetClientRect
GetDC
GetDlgItem
GetDlgItemTextW
GetMessagePos
GetSysColor
GetSystemMenu
GetSystemMetrics
GetWindowLongW
GetWindowRect
InvalidateRect
IsWindow
IsWindowEnabled
IsWindowVisible
LoadCursorW
LoadImageW
MessageBoxIndirectW
OpenClipboard
PeekMessageW
PostQuitMessage
RegisterClassW
ReleaseDC
ScreenToClient
SendMessageTimeoutW
SendMessageW
SetClassLongW
SetClipboardData
SetCursor
SetDlgItemTextW
SetForegroundWindow
SetTimer
SetWindowLongW
SetWindowPos
SetWindowTextW
ShowWindow
SystemParametersInfoW
TrackPopupMenu
wsprintfA
wsprintfW

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 127KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: 512B - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

54d407b03a79a4ace00748773fedfc2e

Headers

DLL Characteristics

File Characteristics

Imports

ole32

user32

advapi32

shell32

msvcrt

kernel32

Sections

.text Size: 26KB - Virtual size: 25KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 10KB

.rsrc Size: 4KB - Virtual size: 3KB

Code Sign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39Certificate

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

02:6a:53:45:5c:c7:00:12:fa:23:ce:7a:80:f8:5e:47Certificate

Key Usages

0c:1c:d3:ee:a4:7e:dd:a7:a0:32:57:3b:01:4d:0a:fdCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

7e:89:b9:df:00:6b:d1:aa:4c:48:d8:65:03:96:34:caCertificate

Extended Key Usages

Key Usages

40:8d:a7:96:d1:31:5e:cb:96:90:8c:4d:6e:1a:0b:0e:3b:58:48:4f:0e:61:82:f3:5f:3f:d9:8b:f2:ab:dc:31Signer

Signature Validations

Verification

03-11-2022 00:24 Valid: true

Chain 1

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 144KB

UPX1 Size: 64KB - Virtual size: 68KB

.rsrc Size: 63KB - Virtual size: 64KB

a27de8a490979691d0e7c85fcd5259bc

Code Sign

c8:a7:9a:cf:a2:0c:a4:15:09:24:5c:1f:7f:64:ff:c4Certificate

Extended Key Usages

Key Usages

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

c8:a7:9a:cf:a2:0c:a4:15:09:24:5c:1f:7f:64:ff:c4Certificate

Extended Key Usages

Key Usages

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 10KB

.rsrc
Size: 4KB - Virtual size: 3KB

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

02:6a:53:45:5c:c7:00:12:fa:23:ce:7a:80:f8:5e:47
Certificate

0c:1c:d3:ee:a4:7e:dd:a7:a0:32:57:3b:01:4d:0a:fd
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

7e:89:b9:df:00:6b:d1:aa:4c:48:d8:65:03:96:34:ca
Certificate

40:8d:a7:96:d1:31:5e:cb:96:90:8c:4d:6e:1a:0b:0e:3b:58:48:4f:0e:61:82:f3:5f:3f:d9:8b:f2:ab:dc:31
Signer

03-11-2022 00:24
Valid: true

UPX0
Size: - Virtual size: 144KB

UPX1
Size: 64KB - Virtual size: 68KB

.rsrc
Size: 63KB - Virtual size: 64KB

c8:a7:9a:cf:a2:0c:a4:15:09:24:5c:1f:7f:64:ff:c4
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

c8:a7:9a:cf:a2:0c:a4:15:09:24:5c:1f:7f:64:ff:c4
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

84:62:9d:32:b3:3d:f4:f7:72:26:a0:92:7e:3d:5b:1b:a5:5c:be:b8:a5:d1:75:fe:2e:80:1f:fe:91:d2:4c:e4
Signer

02-11-2022 14:01
Valid: true

ee:85:d1:b9:08:fc:62:a9:0a:35:de:9b:51:9d:1a:82:35:c3:79:22
Signer

02-11-2022 14:01
Valid: true

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 223KB - Virtual size: 222KB

.data
Size: 29KB - Virtual size: 67KB

.pdata
Size: 38KB - Virtual size: 38KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 5.7MB - Virtual size: 5.7MB

.reloc
Size: 9KB - Virtual size: 8KB

06:86:ed:40:3e:c1:bf:44:1c:8f:33:5c:84:1e:ea:00
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0f:89:bc:77:ac:14:b8:20:c4:d6:7a:cf:c4:64:03:aa
Certificate

46:9d:84:6f:f2:26:93:36:df:76:73:04:e0:f2:c9:04:f0:9f:75:5b:bb:31:9a:99:77:ff:f5:81:27:49:bb:6f
Signer

02-11-2022 14:01
Valid: true

c5:0f:e1:20:4a:88:59:1a:fa:f0:70:f1:f2:9d:97:2c:d6:fc:16:7b
Signer

02-11-2022 14:01
Valid: false