4d87351a4ae9809c0e6086ccffba8985218670cc244161ceb2e0d8d1519692a6

Sharing

Copy URL

Twitter E-mail

General

Target

4d87351a4ae9809c0e6086ccffba8985218670cc244161ceb2e0d8d1519692a6
Size

1.9MB
MD5

4165dbf3e1b5789b0e39c16b77f7d196
SHA1

dd5e867c19f486472d7c13efdf873a1f3612f3b6
SHA256

4d87351a4ae9809c0e6086ccffba8985218670cc244161ceb2e0d8d1519692a6
SHA512

10769659d914de96ed5c2adef98238c7b71e09b8614c5e8d2c317584e2477c48e3a9313d17570b4814b057ba134b0b6e91fcd2a860287863190b151d091084f9
SSDEEP

49152:j7zbKfUoKzXiJWJVs8+Ean+D5NbmPjnEMWvR4oJ/0z:jXqUo4EOVrmn+6LEaw/y

Score

N/A

Malware Config

Signatures

Files

4d87351a4ae9809c0e6086ccffba8985218670cc244161ceb2e0d8d1519692a6
.rar
sky_0421_17/OROCHIEditorVer3.3/OROCHIEditorVer3.3/DotNetSkin.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 248KB - Virtual size: 244KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sky_0421_17/OROCHIEditorVer3.3/OROCHIEditorVer3.3/ORC.exe
.exe windows x86

937081d689160a13b546bbc1220639cf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemDefaultLCID
LCMapStringA
GetOEMCP
RtlUnwind
ExitProcess
TerminateProcess
GetCurrentProcess
GetCommandLineA
GetVersion
GetLastError
CloseHandle
WriteFile
ReadFile
SetFilePointer
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
CreateFileA
IsBadWritePtr
IsBadReadPtr
HeapValidate
RaiseException
DebugBreak
InterlockedDecrement
OutputDebugStringA
GetProcAddress
LoadLibraryA
InterlockedIncrement
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
HeapFree
VirtualFree
SetStdHandle
SetEndOfFile
FlushFileBuffers
HeapAlloc
HeapReAlloc
VirtualAlloc
SetUnhandledExceptionFilter
SetConsoleCtrlHandler
IsBadCodePtr
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
GetCPInfo
GetACP
LCMapStringW

user32

MessageBoxA

Sections

.text
Size: 196KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sky_0421_17/OROCHIEditorVer3.3/OROCHIEditorVer3.3/OROCHIIE.exe
.exe windows x86

cca580663bf62230336649080d04687b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemDefaultLCID
LCMapStringA
GetStringTypeW
ExitProcess
TerminateProcess
GetCurrentProcess
RtlUnwind
GetCommandLineA
GetVersion
GetLastError
CloseHandle
WriteFile
ReadFile
SetFilePointer
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
CreateFileA
IsBadWritePtr
IsBadReadPtr
HeapValidate
DebugBreak
InterlockedDecrement
OutputDebugStringA
GetProcAddress
LoadLibraryA
InterlockedIncrement
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
HeapFree
VirtualFree
FlushFileBuffers
SetStdHandle
SetEndOfFile
HeapAlloc
HeapReAlloc
VirtualAlloc
SetConsoleCtrlHandler
MultiByteToWideChar
SetUnhandledExceptionFilter
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
GetStringTypeA
LCMapStringW

user32

MessageBoxA

Sections

.text
Size: 188KB - Virtual size: 185KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sky_0421_17/OROCHIEditorVer3.3/OROCHIEditorVer3.3/Option.ini
sky_0421_17/OROCHIEditorVer3.3/OROCHIEditorVer3.3/bit.dll
sky_0421_17/OROCHIEditorVer3.3/OROCHIEditorVer3.3/d3dref9.dll
.dll windows x86

01733422ca262fd819cfdc6951493566

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04-12-2003 00:00

Not After

03-12-2008 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10-01-1997 07:00

Not After

31-12-2020 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:0c:ab:11:d8:22:ef:7d:6c:79:7e
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

23-05-2002 08:00

Not After

25-09-2011 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:05:87:58:00:03:00:00:00:5a
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05-01-2005 23:20

Not After

05-04-2006 23:30

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

e6:42:72:83:3c:e4:85:df:85:61:8e:ed:e2:8a:33:82:d8:f9:22:5b
Signer

Actual PE Digest

e6:42:72:83:3c:e4:85:df:85:61:8e:ed:e2:8a:33:82:d8:f9:22:5b

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

24-11-2022 14:54
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_CIlog
sscanf
memcmp
??1type_info@@UAE@XZ
_onexit
__dllonexit
?terminate@@YAXXZ
_adjust_fdiv
_amsg_exit
_initterm
_XcptFilter
ceil
_CIsin
floor
_CIexp
_CIcos
_CIatan
_CIsqrt
__CxxFrameHandler
memmove
printf
_vsnprintf
_CIpow
_CIlog10
_CxxThrowException
memcpy
_purecall
realloc
free
malloc
??2@YAPAXI@Z
??3@YAXPAX@Z
memset
strstr
isalnum

ntdll

RtlUnwind

user32

IntersectRect
PtInRect

advapi32

RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegEnumValueA
RegQueryInfoKeyA
RegCloseKey

kernel32

InterlockedCompareExchange
Sleep
InterlockedExchange
GetCurrentProcessId
InterlockedIncrement
CreateNamedPipeA
CreateFileA
WaitNamedPipeA
TransactNamedPipe
OutputDebugStringA
PeekNamedPipe
GetTickCount
QueryPerformanceCounter
WriteFile
GetLastError
ReadFile
FlushFileBuffers
DisconnectNamedPipe
SetNamedPipeHandleState
ConnectNamedPipe
CloseHandle
LoadLibraryA
GetProcAddress
FreeLibrary
GetPrivateProfileStringA
GetCurrentThreadId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
QueryPerformanceFrequency
SetUnhandledExceptionFilter

Exports

Exports

D3D9GetSWInfo

Sections

.text
Size: 319KB - Virtual size: 318KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sky_0421_17/OROCHIEditorVer3.3/OROCHIEditorVer3.3/d3dref91.dll
.exe windows x86

78cff5671cbc4ab87cbcd2891316f737

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10-01-1997 07:00

Not After

31-12-2020 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10-01-1997 07:00

Not After

31-12-2020 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-09-2006 01:53

Not After

16-09-2011 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-09-2006 01:53

Not After

16-09-2011 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16-09-2006 01:04

Not After

15-09-2019 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04-04-2006 17:44

Not After

26-04-2012 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-04-2006 19:43

Not After

04-10-2007 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

3e:47:50:10:58:09:3c:b6:e4:62:d6:eb:f9:52:28:bd:0f:25:62:cc
Signer

Actual PE Digest

3e:47:50:10:58:09:3c:b6:e4:62:d6:eb:f9:52:28:bd:0f:25:62:cc

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

20-07-2007 07:55
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetModuleFileNameA
ExitProcess
GetProcAddress
GetModuleHandleA
WriteFile
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
FlushFileBuffers
Sleep
GetACP
GetOEMCP
GetCPInfo
FindNextFileA
FindFirstFileA
FindClose
LoadLibraryA
VirtualAlloc
HeapReAlloc
RtlUnwind
InterlockedExchange
VirtualQuery
LCMapStringA
MultiByteToWideChar
LCMapStringW
SetFilePointer
SetStdHandle
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
VirtualProtect
GetSystemInfo
ReadFile
CloseHandle

d3d9

Direct3DCreate9

user32

GetDesktopWindow

d3dx9_35

D3DXSaveTextureToFileA
D3DXCreateVolumeTextureFromFileExA
D3DXCreateCubeTextureFromFileExA
D3DXGetImageInfoFromFileA
D3DXCreateTextureFromFileExA
D3DXCheckVersion

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
sky_0421_17/OROCHIEditorVer3.3/OROCHIEditorVer3.3/patch.dll
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 184KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 4KB - Virtual size: 127B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sky_0421_17/OROCHIEditorVer3.3/OROCHIEditorVer3.3/sound/click.wav
sky_0421_17/OROCHIEditorVer3.3/OROCHIEditorVer3.3/sound/close.wav
sky_0421_17/OROCHIEditorVer3.3/OROCHIEditorVer3.3/sound/open.wav
sky_0421_17/OROCHIEditorVer3.3/OROCHIEditorVer3.3/使用注意事项.txt
sky_0421_17/OROCHIEditorVer3.3/OROCHIEditorVer3.3/大蛇无双全功能修改器 Ver3.3.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 4KB - Virtual size: 202B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sky_0421_17/下载说明.txt

Sharing

General

Malware Config

Signatures

Files

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 248KB - Virtual size: 244KB

.rsrc Size: 4KB - Virtual size: 952B

.reloc Size: 4KB - Virtual size: 12B

937081d689160a13b546bbc1220639cf

Headers

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 196KB - Virtual size: 192KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 20KB - Virtual size: 23KB

.idata Size: 4KB - Virtual size: 2KB

.reloc Size: 8KB - Virtual size: 5KB

cca580663bf62230336649080d04687b

Headers

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 188KB - Virtual size: 185KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 16KB - Virtual size: 22KB

.idata Size: 4KB - Virtual size: 2KB

.reloc Size: 8KB - Virtual size: 5KB

01733422ca262fd819cfdc6951493566

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

6a:0b:99:4f:c0:00:0c:ab:11:d8:22:ef:7d:6c:79:7eCertificate

Extended Key Usages

Key Usages

61:05:87:58:00:03:00:00:00:5aCertificate

Extended Key Usages

Key Usages

e6:42:72:83:3c:e4:85:df:85:61:8e:ed:e2:8a:33:82:d8:f9:22:5bSigner

Signature Validations

Verification

24-11-2022 14:54 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

user32

advapi32

kernel32

Exports

Exports

Sections

.text Size: 319KB - Virtual size: 318KB

.data Size: 2KB - Virtual size: 11KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 10KB - Virtual size: 10KB

78cff5671cbc4ab87cbcd2891316f737

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

61:47:52:ba:00:00:00:00:00:04Certificate

Extended Key Usages

.text
Size: 248KB - Virtual size: 244KB

.rsrc
Size: 4KB - Virtual size: 952B

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 196KB - Virtual size: 192KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 20KB - Virtual size: 23KB

.idata
Size: 4KB - Virtual size: 2KB

.reloc
Size: 8KB - Virtual size: 5KB

.text
Size: 188KB - Virtual size: 185KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 16KB - Virtual size: 22KB

.idata
Size: 4KB - Virtual size: 2KB

.reloc
Size: 8KB - Virtual size: 5KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:0c:ab:11:d8:22:ef:7d:6c:79:7e
Certificate

61:05:87:58:00:03:00:00:00:5a
Certificate

e6:42:72:83:3c:e4:85:df:85:61:8e:ed:e2:8a:33:82:d8:f9:22:5b
Signer

24-11-2022 14:54
Valid: false

.text
Size: 319KB - Virtual size: 318KB

.data
Size: 2KB - Virtual size: 11KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 10KB - Virtual size: 10KB

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

61:47:52:ba:00:00:00:00:00:04
Certificate

61:47:52:ba:00:00:00:00:00:04
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

61:46:9e:cb:00:04:00:00:00:65
Certificate

3e:47:50:10:58:09:3c:b6:e4:62:d6:eb:f9:52:28:bd:0f:25:62:cc
Signer

20-07-2007 07:55
Valid: false

.text
Size: 36KB - Virtual size: 35KB

.data
Size: 4KB - Virtual size: 9KB

.rsrc
Size: 28KB - Virtual size: 27KB

.text
Size: 184KB - Virtual size: 180KB

.sdata
Size: 4KB - Virtual size: 127B

.rsrc
Size: 12KB - Virtual size: 8KB

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 1.9MB - Virtual size: 1.9MB

.sdata
Size: 4KB - Virtual size: 202B

.rsrc
Size: 12KB - Virtual size: 8KB

.reloc
Size: 4KB - Virtual size: 12B