bazarbackdoor | Office_Professional_Plus_2016_32Bit_Spanish[.]ISO

Sharing

Copy URL

Twitter E-mail

General

Target

Office_Professional_Plus_2016_32Bit_Spanish.ISO
Size

819.9MB
MD5

fe4ed7bad0a2cc5387858d64e0fa79af
SHA1

9e1f844ec69c2e0dd3332a3fda14f02a7ec3cd3a
SHA256

020048505e3e7ebc9b4f556b1a9925677922bfc4c6ed94cba0e96dd89f82a75a
SHA512

cf23a55d3ab318047a07c8e25c223ad887611b0740f0e87f48b3f04478302d44bce2aadf4732a4ce3850df5facd9ed146053d6c73474e3cbe2602d1c6627ffe1
SSDEEP

12582912:klEsp9udx1Pkuio37Iq8reEe1Z58pp4ipm+aTv+rfNr+Qc1PIs8Xow:kFpUdxdxHkdbeTup43B4FaQc1PIs8Yw

Score

10^/10

macro macro_on_action bazarbackdoor

Malware Config

Signatures

Bazar/Team9 Backdoor payload 1 IoCs

Processes:

resource yara_rule

sample BazarBackdoorVar3
Bazarbackdoor family
bazarbackdoor

resource	yara_rule
sample	BazarBackdoorVar3

Office macro that triggers on suspicious action 1 IoCs

Office document macro which triggers in special circumstances - often malicious.

macro macro_on_action

Processes:

resource	yara_rule
static1/unpack001/proplus.ww/proplusww.msi	office_macro_on_action

Files

Office_Professional_Plus_2016_32Bit_Spanish.ISO
.iso
access.es-es/accessmui.msi
.msi
access.es-es/accessmui.xml
.xml
access.es-es/acclr.cab
.cab
ACCESS12.ACC_3082
ACCESSTEMPLATE_DATATYPEADDRESS.ACCFT_3082
.zip
[Content_Types].xml
_rels/.rels
.xml
docProps/core.xml
template/_rels/template.xml.rels
.xml
template/database/objects/_rels/tableD1DC3A9F-29B3-42DB-A261-7229AD3E561A.xsd.rels
.xml
template/database/objects/properties/tableD1DC3A9F-29B3-42DB-A261-7229AD3E561A_Metadata.xml
template/database/objects/tableD1DC3A9F-29B3-42DB-A261-7229AD3E561A.xsd
template/template.xml
template/template.xml.loc
ACCESSTEMPLATE_DATATYPECATEGORY.ACCFT_3082
.zip
[Content_Types].xml
_rels/.rels
.xml
docProps/core.xml
template/_rels/template.xml.rels
.xml
template/database/objects/_rels/table481AE5DF-008B-43CB-B6F6-E729E86A5DE3.xsd.rels
.xml
template/database/objects/properties/table481AE5DF-008B-43CB-B6F6-E729E86A5DE3_Metadata.xml
template/database/objects/table481AE5DF-008B-43CB-B6F6-E729E86A5DE3.xsd
template/template.xml
template/template.xml.loc
ACCESSTEMPLATE_DATATYPENAME.ACCFT_3082
.zip
[Content_Types].xml
_rels/.rels
.xml
docProps/core.xml
template/_rels/template.xml.rels
.xml
template/database/objects/_rels/tableB0853420-1141-4A28-B8E1-05B0782FC961.xsd.rels
.xml
template/database/objects/properties/tableB0853420-1141-4A28-B8E1-05B0782FC961_Metadata.xml
template/database/objects/tableB0853420-1141-4A28-B8E1-05B0782FC961.xsd
template/template.xml
template/template.xml.loc
ACCESSTEMPLATE_DATATYPEPAYMENTTYPE.ACCFT_3082
.zip
[Content_Types].xml
_rels/.rels
.xml
docProps/core.xml
template/_rels/template.xml.rels
.xml
template/database/objects/_rels/table6A7DC5C9-A3F5-4D31-B5CE-FAEC022C3B01.xsd.rels
.xml
template/database/objects/properties/table6A7DC5C9-A3F5-4D31-B5CE-FAEC022C3B01_Metadata.xml
template/database/objects/table6A7DC5C9-A3F5-4D31-B5CE-FAEC022C3B01.xsd
template/template.xml
template/template.xml.loc
ACCESSTEMPLATE_DATATYPEPHONE.ACCFT_3082
.zip
[Content_Types].xml
_rels/.rels
.xml
docProps/core.xml
template/_rels/template.xml.rels
.xml
template/database/objects/_rels/tableF6F59BF9-D32B-43E2-BF63-EB8BA1631869.xsd.rels
.xml
template/database/objects/properties/tableF6F59BF9-D32B-43E2-BF63-EB8BA1631869_Metadata.xml
template/database/objects/tableF6F59BF9-D32B-43E2-BF63-EB8BA1631869.xsd
template/template.xml
template/template.xml.loc
ACCESSTEMPLATE_DATATYPEPRIORITY.ACCFT_3082
.zip
[Content_Types].xml
_rels/.rels
.xml
docProps/core.xml
template/_rels/template.xml.rels
.xml
template/database/objects/_rels/table8594BE01-EEB4-40C1-B9D7-7AA6F03A49EC.xsd.rels
.xml
template/database/objects/properties/table8594BE01-EEB4-40C1-B9D7-7AA6F03A49EC_Metadata.xml
template/database/objects/table8594BE01-EEB4-40C1-B9D7-7AA6F03A49EC.xsd
template/template.xml
template/template.xml.loc
ACCESSTEMPLATE_DATATYPESTARTENDDATES.ACCFT_3082
.zip
[Content_Types].xml
_rels/.rels
.xml
docProps/core.xml
template/_rels/template.xml.rels
.xml
template/database/objects/_rels/table9FED2F3B-9D51-450C-99B6-207D2879733E.xsd.rels
.xml
template/database/objects/properties/table9FED2F3B-9D51-450C-99B6-207D2879733E_Metadata.xml
template/database/objects/table9FED2F3B-9D51-450C-99B6-207D2879733E.xsd
template/template.xml
template/template.xml.loc
ACCESSTEMPLATE_DATATYPESTATUS.ACCFT_3082
.zip
ACCESSTEMPLATE_DATATYPETAGS.ACCFT_3082
.zip
ACCESSTEMPLATE_PART1RIGHT.ACCDT_3082
.zip
ACCESSTEMPLATE_PART1TOP.ACCDT_3082
.zip
ACCESSTEMPLATE_PART2RIGHT.ACCDT_3082
.zip
ACCESSTEMPLATE_PART2TOP.ACCDT_3082
.zip
ACCESSTEMPLATE_PARTCOMMENTS.ACCDT_3082
.zip
ACCESSTEMPLATE_PARTCONTACTS.ACCDT_3082
.zip
ACCESSTEMPLATE_PARTDETAILS.ACCDT_3082
.zip
ACCESSTEMPLATE_PARTDIALOG.ACCDT_3082
.zip
ACCESSTEMPLATE_PARTISSUES.ACCDT_3082
.zip
ACCESSTEMPLATE_PARTLIST.ACCDT_3082
.zip
ACCESSTEMPLATE_PARTMEDIA.ACCDT_3082
.zip
ACCESSTEMPLATE_PARTMSGBOX.ACCDT_3082
.zip
ACCESSTEMPLATE_PARTTABS.ACCDT_3082
.zip
ACCESSTEMPLATE_PARTTASKS.ACCDT_3082
.zip
ACCESSTEMPLATE_PARTUSERS.ACCDT_3082
.zip
ACCESS_PARTS.XML_3082
ACCOLKI.DLL_3082
.dll windows x86

Code Sign

33:00:00:00:71:b3:2e:8a:6b:82:aa:1f:4e:00:00:00:00:00:71
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20-03-2015 17:32

Not After

20-06-2016 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-06-2015 17:42

Not After

04-09-2016 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a8:25:ce:68:bd:8e:75:47:46:0e:eb:c4:ff:3e:16:17:4c:96:5e:09
Signer

Actual PE Digest

a8:25:ce:68:bd:8e:75:47:46:0e:eb:c4:ff:3e:16:17:4c:96:5e:09

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

31-07-2015 13:37
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ACTIP10.HLP_3082
ACWIZRC.DLL_3082
.dll windows x86

Code Sign

33:00:00:00:70:f4:18:bf:23:21:fc:50:9d:00:00:00:00:00:70
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20-03-2015 17:32

Not After

20-06-2016 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-06-2015 17:42

Not After

04-09-2016 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:22:3b:da:e3:ef:72:3e:6f:47:88:5b:6c:cc:d0:a8:5f:57:bc:5c
Signer

Actual PE Digest

04:22:3b:da:e3:ef:72:3e:6f:47:88:5b:6c:cc:d0:a8:5f:57:bc:5c

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

31-07-2015 13:37
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 297KB - Virtual size: 297KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ADO210.CHM_0001_3082
.chm
AS_ClientMsmdsrv_rll_32_3082.15D59E2A_5779_421F_B08E_F9D3CF34B298
.dll windows x86

Code Sign

33:00:00:00:70:f4:18:bf:23:21:fc:50:9d:00:00:00:00:00:70
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20-03-2015 17:32

Not After

20-06-2016 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-06-2015 17:42

Not After

04-09-2016 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

60:10:8b:32:30:70:dd:b6:51:8c:e5:1e:b8:28:61:7c:ff:2e:4c:49
Signer

Actual PE Digest

60:10:8b:32:30:70:dd:b6:51:8c:e5:1e:b8:28:61:7c:ff:2e:4c:49

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

31-07-2015 13:38
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 139B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
AS_ClientMsmdsrvi_rll_32_3082.15D59E2A_5779_421F_B08E_F9D3CF34B298
.dll windows x86

Code Sign

33:00:00:00:71:b3:2e:8a:6b:82:aa:1f:4e:00:00:00:00:00:71
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20-03-2015 17:32

Not After

20-06-2016 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-06-2015 17:42

Not After

04-09-2016 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3c:85:60:d3:4b:e5:43:09:15:15:9d:8d:d4:0c:29:a4:b6:80:71:16
Signer

Actual PE Digest

3c:85:60:d3:4b:e5:43:09:15:15:9d:8d:d4:0c:29:a4:b6:80:71:16

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

31-07-2015 13:38
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 146B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
AS_msolui110_rll_32_3082.15D59E2A_5779_421F_B08E_F9D3CF34B298
.dll windows x86

Code Sign

33:00:00:00:6f:65:2d:58:6d:07:11:46:28:00:00:00:00:00:6f
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20-03-2015 17:32

Not After

20-06-2016 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-06-2015 17:42

Not After

04-09-2016 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f2:bb:29:7e:4f:00:2a:4a:41:12:4c:bf:97:2c:08:a4:46:44:34:0c
Signer

Actual PE Digest

f2:bb:29:7e:4f:00:2a:4a:41:12:4c:bf:97:2c:08:a4:46:44:34:0c

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

31-07-2015 13:38
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 223B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
MSACCESS.HXS_3082
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED

Sections

.rsrc
Size: 1024B - Virtual size: 892B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.its
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
MSACCESS_COL.HXC_3082
MSACCESS_COL.HXT_3082
MSACCESS_F_COL.HXK_3082
MSACCESS_K_COL.HXK_3082
MSAIN.DLL_3082
.dll windows x86

Code Sign

33:00:00:00:6f:65:2d:58:6d:07:11:46:28:00:00:00:00:00:6f
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20-03-2015 17:32

Not After

20-06-2016 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-06-2015 17:42

Not After

04-09-2016 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

37:27:ba:7e:9f:a3:9a:ee:2a:ae:8a:63:64:46:3e:4a:29:86:b0:a3
Signer

Actual PE Digest

37:27:ba:7e:9f:a3:9a:ee:2a:ae:8a:63:64:46:3e:4a:29:86:b0:a3

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

31-07-2015 13:37
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
MSDMINE.RLL_3082
.dll windows x86

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04-12-2003 00:00

Not After

03-12-2008 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10-01-1997 07:00

Not After

31-12-2020 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:0c:ab:11:d8:22:ef:7d:6c:79:7e
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

23-05-2002 08:00

Not After

25-09-2011 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:05:87:58:00:03:00:00:00:5a
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05-01-2005 23:20

Not After

05-04-2006 23:30

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

b0:cc:49:ed:1b:02:3c:ac:6e:24:20:c3:11:66:aa:b8:ea:42:07:5d
Signer

Actual PE Digest

b0:cc:49:ed:1b:02:3c:ac:6e:24:20:c3:11:66:aa:b8:ea:42:07:5d

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

20-01-2023 16:00
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 512B - Virtual size: 171B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MSOLAP80.RLL_3082
.dll windows x86

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04-12-2003 00:00

Not After

03-12-2008 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10-01-1997 07:00

Not After

31-12-2020 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:0c:ab:11:d8:22:ef:7d:6c:79:7e
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

23-05-2002 08:00

Not After

25-09-2011 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:05:87:58:00:03:00:00:00:5a
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05-01-2005 23:20

Not After

05-04-2006 23:30

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

14:e6:f0:9e:ee:28:bd:e7:06:91:88:5a:6a:73:b9:0c:a4:d2:f1:16
Signer

Actual PE Digest

14:e6:f0:9e:ee:28:bd:e7:06:91:88:5a:6a:73:b9:0c:a4:d2:f1:16

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

20-01-2023 16:00
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 4KB - Virtual size: 169B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OLAPUIR.RLL_3082
.dll windows x86

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04-12-2003 00:00

Not After

03-12-2008 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10-01-1997 07:00

Not After

31-12-2020 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:0c:ab:11:d8:22:ef:7d:6c:79:7e
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

23-05-2002 08:00

Not After

25-09-2011 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:05:87:58:00:03:00:00:00:5a
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05-01-2005 23:20

Not After

05-04-2006 23:30

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

39:cc:8e:59:48:bd:92:8e:2b:04:6d:fe:94:c2:78:81:32:8f:4b:69
Signer

Actual PE Digest

39:cc:8e:59:48:bd:92:8e:2b:04:6d:fe:94:c2:78:81:32:8f:4b:69

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

20-01-2023 16:00
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 512B - Virtual size: 157B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
STSLIST.CHM_3082
.chm
STSLISTI.DLL_3082
.dll windows x86

Code Sign

33:00:00:00:6f:65:2d:58:6d:07:11:46:28:00:00:00:00:00:6f
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20-03-2015 17:32

Not After

20-06-2016 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-06-2015 17:42

Not After

04-09-2016 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

aa:93:fb:ca:e6:58:18:76:65:aa:ab:17:6f:1b:e7:3f:6e:2c:fa:3c
Signer

Actual PE Digest

aa:93:fb:ca:e6:58:18:76:65:aa:ab:17:6f:1b:e7:3f:6e:2c:fa:3c

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

31-07-2015 13:37
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
TELLMEACCESS.NRR_3082
VBCN6.CHM.x86.3082
.chm
VBENDF98.CHM.x86.3082
.chm
VBHW6.CHM.x86.3082
.chm
VBLR6.CHM.x86.3082
.chm
VBOB6.CHM.x86.3082
.chm
VBUI6.CHM.x86.3082
.chm
access.es-es/branding.xml
.xml
access.es-es/setup.xml
.xml
admin/access16.opax
admin/de-de/access16.opal
admin/de-de/excel16.opal
admin/de-de/lync16.opal
admin/de-de/octres.dll
.dll windows x86

Code Sign

33:00:00:00:6f:65:2d:58:6d:07:11:46:28:00:00:00:00:00:6f
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20-03-2015 17:32

Not After

20-06-2016 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-06-2015 17:42

Not After

04-09-2016 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2e:00:67:41:71:63:d2:98:45:84:78:cd:8b:d2:84:fa:46:90:96:12
Signer

Actual PE Digest

2e:00:67:41:71:63:d2:98:45:84:78:cd:8b:d2:84:fa:46:90:96:12

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

31-07-2015 13:37
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 418KB - Virtual size: 418KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
admin/de-de/office16.opal
admin/de-de/onent16.opal
admin/de-de/outlk16.opal
admin/de-de/ppt16.opal
admin/de-de/proj16.opal
admin/de-de/pub16.opal
admin/de-de/spd16.opal
admin/de-de/visio16.opal
admin/de-de/word16.opal
admin/en-us/access16.opal
admin/en-us/excel16.opal
admin/en-us/octres.dll
.dll windows x86

Code Sign

33:00:00:00:6f:65:2d:58:6d:07:11:46:28:00:00:00:00:00:6f
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20-03-2015 17:32

Not After

20-06-2016 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-06-2015 17:42

Not After

04-09-2016 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b8:08:78:2c:88:48:14:87:a6:99:0e:eb:79:7e:04:7f:ef:0a:32:dd
Signer

Actual PE Digest

b8:08:78:2c:88:48:14:87:a6:99:0e:eb:79:7e:04:7f:ef:0a:32:dd

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

31-07-2015 13:38
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 400KB - Virtual size: 399KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
admin/en-us/office16.opal
admin/en-us/onent16.opal
admin/en-us/outlk16.opal
admin/en-us/ppt16.opal
admin/en-us/proj16.opal
admin/en-us/pub16.opal
admin/en-us/spd16.opal
admin/en-us/visio16.opal
admin/en-us/word16.opal
admin/es-es/access16.opal
admin/es-es/excel16.opal
admin/es-es/lync16.opal
admin/es-es/octres.dll
.dll windows x86

Code Sign

33:00:00:00:6f:65:2d:58:6d:07:11:46:28:00:00:00:00:00:6f
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20-03-2015 17:32

Not After

20-06-2016 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-06-2015 17:42

Not After

04-09-2016 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a8:24:34:a3:d7:76:ab:50:99:00:0c:bd:d8:90:ab:31:0c:73:13:e0
Signer

Actual PE Digest

a8:24:34:a3:d7:76:ab:50:99:00:0c:bd:d8:90:ab:31:0c:73:13:e0

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

31-07-2015 13:36
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 419KB - Virtual size: 419KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
admin/es-es/office16.opal
admin/es-es/onent16.opal
admin/es-es/outlk16.opal
admin/es-es/ppt16.opal
admin/es-es/proj16.opal
admin/es-es/pub16.opal
admin/es-es/spd16.opal
admin/es-es/visio16.opal
admin/es-es/word16.opal
admin/excel16.opax
admin/fr-fr/access16.opal
admin/fr-fr/excel16.opal
admin/fr-fr/lync16.opal
admin/fr-fr/octres.dll
.dll windows x86

Code Sign

33:00:00:00:70:f4:18:bf:23:21:fc:50:9d:00:00:00:00:00:70
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20-03-2015 17:32

Not After

20-06-2016 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-06-2015 17:42

Not After

04-09-2016 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b1:08:34:6c:12:04:b8:91:52:d0:c7:5b:52:48:f2:0b:47:6b:fb:ef
Signer

Actual PE Digest

b1:08:34:6c:12:04:b8:91:52:d0:c7:5b:52:48:f2:0b:47:6b:fb:ef

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

31-07-2015 13:37
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 421KB - Virtual size: 420KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
admin/fr-fr/office16.opal
admin/fr-fr/onent16.opal
admin/fr-fr/outlk16.opal
admin/fr-fr/ppt16.opal
admin/fr-fr/proj16.opal
admin/fr-fr/pub16.opal
admin/fr-fr/spd16.opal
admin/fr-fr/visio16.opal
admin/fr-fr/word16.opal
admin/it-it/access16.opal
admin/it-it/excel16.opal
admin/it-it/lync16.opal
admin/it-it/octres.dll
.dll windows x86

Code Sign

33:00:00:00:6f:65:2d:58:6d:07:11:46:28:00:00:00:00:00:6f
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20-03-2015 17:32

Not After

20-06-2016 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-06-2015 17:42

Not After

04-09-2016 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

58:4d:10:a8:a5:8b:c6:8a:af:b4:fa:e7:bb:71:79:bd:bb:e7:66:aa
Signer

Actual PE Digest

58:4d:10:a8:a5:8b:c6:8a:af:b4:fa:e7:bb:71:79:bd:bb:e7:66:aa

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

31-07-2015 13:37
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 416KB - Virtual size: 416KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
admin/it-it/office16.opal
admin/it-it/onent16.opal
admin/it-it/outlk16.opal
admin/it-it/ppt16.opal
admin/it-it/proj16.opal
admin/it-it/pub16.opal
admin/it-it/spd16.opal
admin/it-it/visio16.opal
admin/it-it/word16.opal
admin/ja-jp/access16.opal
admin/ja-jp/excel16.opal
admin/ja-jp/lync16.opal
admin/ja-jp/octres.dll
.dll windows x86

Code Sign

33:00:00:00:6f:65:2d:58:6d:07:11:46:28:00:00:00:00:00:6f
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20-03-2015 17:32

Not After

20-06-2016 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-06-2015 17:42

Not After

04-09-2016 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

25:42:e2:b5:90:f3:46:6f:8e:19:10:c1:2d:46:fe:52:f7:d3:2d:4a
Signer

Actual PE Digest

25:42:e2:b5:90:f3:46:6f:8e:19:10:c1:2d:46:fe:52:f7:d3:2d:4a

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

31-07-2015 13:37
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 382KB - Virtual size: 381KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
admin/ja-jp/office16.opal
admin/ja-jp/onent16.opal
admin/ja-jp/outlk16.opal
admin/ja-jp/ppt16.opal
admin/ja-jp/proj16.opal
admin/ja-jp/pub16.opal
admin/ja-jp/spd16.opal
admin/ja-jp/visio16.opal
admin/ja-jp/word16.opal
admin/ko-kr/access16.opal
admin/ko-kr/excel16.opal
admin/ko-kr/lync16.opal
admin/ko-kr/octres.dll
.dll windows x86

Code Sign

33:00:00:00:6f:65:2d:58:6d:07:11:46:28:00:00:00:00:00:6f
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20-03-2015 17:32

Not After

20-06-2016 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-06-2015 17:42

Not After

04-09-2016 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

12:a8:da:e2:b1:49:c7:11:7b:cc:10:22:df:66:a5:24:75:d9:d3:75
Signer

Actual PE Digest

12:a8:da:e2:b1:49:c7:11:7b:cc:10:22:df:66:a5:24:75:d9:d3:75

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

31-07-2015 13:37
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 379KB - Virtual size: 379KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
admin/ko-kr/office16.opal
admin/ko-kr/onent16.opal
admin/ko-kr/outlk16.opal
admin/ko-kr/ppt16.opal
admin/ko-kr/proj16.opal
admin/ko-kr/pub16.opal
admin/ko-kr/spd16.opal
admin/ko-kr/visio16.opal
admin/ko-kr/word16.opal
admin/oct.dll
.dll windows x86

d29338ad62b62df17000a47797015fa1

Code Sign

33:00:00:00:70:f4:18:bf:23:21:fc:50:9d:00:00:00:00:00:70
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20-03-2015 17:32

Not After

20-06-2016 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-06-2015 17:42

Not After

04-09-2016 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e5:8f:0d:f0:42:e3:08:b3:23:28:0f:d9:9f:7b:93:7e:42:14:98:75
Signer

Actual PE Digest

e5:8f:0d:f0:42:e3:08:b3:23:28:0f:d9:9f:7b:93:7e:42:14:98:75

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

31-07-2015 13:38
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

CreatePen
CreateSolidBrush
DeleteObject
Rectangle
CreateFontIndirectW
GetDeviceCaps
CreateCompatibleDC
DeleteDC
StretchBlt
SetStretchBltMode
GetObjectW
SelectObject
ExtTextOutW
CreateDCW
ExtFloodFill
SetBkMode
EnumFontFamiliesExW
CreateFontW
TextOutW
GetTextMetricsW
SetTextColor
SetBkColor
GetTextExtentPoint32W

kernel32

HeapReAlloc
GetFileAttributesExW
GetSystemDirectoryW
SetErrorMode
GetUserDefaultLCID
SetFilePointerEx
CreateProcessW
GetSystemTime
GetSystemTimeAsFileTime
GetNativeSystemInfo
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
IsValidLocale
GetCurrentProcessId
GetCurrentThread
GetGeoInfoW
VirtualProtect
FlushInstructionCache
GetCurrentThreadId
GetCurrentProcess
LoadResource
LoadLibraryExW
FreeLibrary
WriteFile
SetFileAttributesW
ReadFile
FindNextFileW
DeleteFileW
SearchPathW
GetProcessHeap
HeapFree
CloseHandle
SetFilePointer
GetDateFormatW
FileTimeToSystemTime
lstrcmpiW
FindFirstFileExW
FindFirstFileW
FindClose
FileTimeToLocalFileTime
lstrlenW
LocalFree
LocalAlloc
LoadLibraryW
LoadLibraryA
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetTickCount
SetLastError
OutputDebugStringA
lstrcmpW
CompareStringEx
IsWow64Process
GetModuleFileNameW
GetLastError
HeapAlloc
GetUserGeoID
ExpandEnvironmentStringsW
WideCharToMultiByte
CompareStringW
RaiseException
GetVersionExA
GetTempPathW
RemoveDirectoryW
CreateDirectoryW
GetSystemDefaultLangID
GetLocaleInfoW
GlobalFree
GlobalAlloc
GetVersionExW
DecodePointer
InitializeCriticalSectionEx
TerminateProcess
IsDBCSLeadByte
GetModuleFileNameA
GetShortPathNameA
Sleep
WaitForSingleObject
OpenEventW
CreateFileW
GetStdHandle
GetTempPathA
HeapSize
LCIDToLocaleName
LocaleNameToLCID
GetLocaleInfoEx
GetUserDefaultLocaleName
GetSystemDefaultLocaleName
EnumSystemLocalesEx
GetFileType
SetEndOfFile
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
UnmapViewOfFile
FormatMessageW
WaitForSingleObjectEx
CreateWaitableTimerW
QueryDepthSList
TryEnterCriticalSection
CreateEventExW
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
QueryPerformanceCounter
QueryPerformanceFrequency
DuplicateHandle
GetStringTypeW
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
LCMapStringW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
SetEvent
ResetEvent
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
InterlockedFlushSList
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
OutputDebugStringW
GetThreadTimes
FreeLibraryAndExitThread
VirtualAlloc
VirtualFree
ReleaseSemaphore
UnregisterWaitEx
GetModuleHandleExW
ExitProcess
GetACP
FlushFileBuffers
GetConsoleCP
GetConsoleMode
EnumSystemLocalesW
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetStdHandle
ReadConsoleW
WriteConsoleW
MulDiv
GetSystemInfo
VirtualQuery
LoadLibraryExA
DeleteFileA
FileTimeToDosDateTime
SystemTimeToFileTime
MultiByteToWideChar
GetFileSize
FindAtomA
AddAtomA
DeleteAtom
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetFileAttributesW
CopyFileW
EnumResourceNamesW
FindResourceA
FindResourceW
SizeofResource
LockResource

oleaut32

VariantClear
VariantInit
SysFreeString
VarI4FromStr
VarBstrFromI4
SysAllocString

ole32

CoCreateGuid
CoInitialize
StringFromIID
StgOpenStorage
StgCreateDocfile
CoTaskMemFree
CoCreateInstance

msimg32

TransparentBlt

advapi32

RegEnumKeyExW
RegGetValueW
EventRegister
EventUnregister
EventWrite
CloseServiceHandle
OpenSCManagerW
OpenServiceW
QueryServiceStatus
StartServiceW
EventWriteTransfer
ConvertSidToStringSidW
LookupAccountNameW
CreateWellKnownSid
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey

imm32

ImmAssociateContext

wintrust

WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
WinVerifyTrust

rpcrt4

NdrClientCall2
RpcBindingFree
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcStringFreeW

setupapi

SetupIterateCabinetW

cabinet

ord13
ord11
ord10
ord14

Exports

Exports

ShowCustomizationUI

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 542KB - Virtual size: 541KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
admin/octca.dll
.dll windows x86

006e9f305da3fc0f155bbfe4176e80f9

Code Sign

33:00:00:00:70:f4:18:bf:23:21:fc:50:9d:00:00:00:00:00:70
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20-03-2015 17:32

Not After

20-06-2016 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-06-2015 17:42

Not After

04-09-2016 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:ce:bd:db:53:f8:7a:9a:4a:4a:4f:3e:37:1f:97:37:0d:b1:f4:2a
Signer

Actual PE Digest

0b:ce:bd:db:53:f8:7a:9a:4a:4a:4f:3e:37:1f:97:37:0d:b1:f4:2a

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

31-07-2015 13:38
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
StartServiceW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
CloseServiceHandle

kernel32

HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
lstrlenA
LoadLibraryExA
SetLastError
VirtualProtect
GetSystemInfo
WriteConsoleW
DecodePointer
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
SetStdHandle
GetCommandLineW
CreateProcessW
Sleep
OpenEventW
WaitForSingleObject
CloseHandle
lstrcmpW
lstrlenW
GetLastError
VirtualQuery
MultiByteToWideChar
WideCharToMultiByte
CreateFileW
FindClose
FindFirstFileW
ExitProcess
GetStdHandle
WriteFile
HeapSize
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
CreateEventW
GetModuleHandleW
GetProcAddress
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetCurrentProcess
TerminateProcess
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
InterlockedFlushSList
RaiseException
RtlUnwind
GetModuleHandleExW
GetACP
GetFileType
GetStringTypeW
LCMapStringW
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetCommandLineA

rpcrt4

NdrClientCall2
RpcStringFreeW
RpcStringBindingComposeW
RpcBindingFree
RpcBindingFromStringBindingW

Exports

Exports

AddLISSources
CACertificatesAdd
CACertificatesScheduleCommit
EnablePerUserInstall

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
admin/office16.opax
admin/onent16.opax
admin/outlk16.opax
admin/ppt16.opax
admin/proj16.opax
admin/pt-br/access16.opal
admin/pt-br/excel16.opal
admin/pt-br/lync16.opal
admin/pt-br/octres.dll
.dll windows x86

Code Sign

33:00:00:00:70:f4:18:bf:23:21:fc:50:9d:00:00:00:00:00:70
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20-03-2015 17:32

Not After

20-06-2016 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-06-2015 17:42

Not After

04-09-2016 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5b:c8:a4:da:c7:65:e5:22:3d:97:6d:9b:dc:b8:00:86:7b:8b:86:aa
Signer

Actual PE Digest

5b:c8:a4:da:c7:65:e5:22:3d:97:6d:9b:dc:b8:00:86:7b:8b:86:aa

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

31-07-2015 13:36
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 413KB - Virtual size: 413KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
admin/pt-br/office16.opal
admin/pt-br/onent16.opal
admin/pt-br/outlk16.opal
admin/pt-br/ppt16.opal
admin/pt-br/proj16.opal
admin/pt-br/pub16.opal
admin/pt-br/spd16.opal
admin/pt-br/visio16.opal
admin/pt-br/word16.opal
admin/pub16.opax
admin/ru-ru/access16.opal
admin/ru-ru/excel16.opal
admin/ru-ru/lync16.opal
admin/ru-ru/octres.dll
.dll windows x86

Code Sign

33:00:00:00:6f:65:2d:58:6d:07:11:46:28:00:00:00:00:00:6f
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20-03-2015 17:32

Not After

20-06-2016 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-06-2015 17:42

Not After

04-09-2016 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

84:d7:a3:51:af:4c:34:81:3f:f7:6a:3f:89:4e:89:06:97:51:6c:0c
Signer

Actual PE Digest

84:d7:a3:51:af:4c:34:81:3f:f7:6a:3f:89:4e:89:06:97:51:6c:0c

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

31-07-2015 13:37
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 411KB - Virtual size: 411KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
admin/ru-ru/office16.opal
admin/ru-ru/onent16.opal
admin/ru-ru/outlk16.opal
admin/ru-ru/ppt16.opal
admin/ru-ru/proj16.opal
admin/ru-ru/pub16.opal
admin/ru-ru/spd16.opal
admin/ru-ru/visio16.opal
admin/ru-ru/word16.opal
admin/spd16.opax
admin/visio16.opax
admin/word16.opax
admin/zh-cn/access16.opal
admin/zh-cn/excel16.opal
admin/zh-cn/lync16.opal
admin/zh-cn/octres.dll
.dll windows x86

Code Sign

33:00:00:00:6f:65:2d:58:6d:07:11:46:28:00:00:00:00:00:6f
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20-03-2015 17:32

Not After

20-06-2016 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-06-2015 17:42

Not After

04-09-2016 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

87:c1:b3:fb:21:7b:0a:37:f3:21:e5:17:d8:2c:d8:e3:3a:9f:80:a5
Signer

Actual PE Digest

87:c1:b3:fb:21:7b:0a:37:f3:21:e5:17:d8:2c:d8:e3:3a:9f:80:a5

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

31-07-2015 13:37
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 370KB - Virtual size: 370KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
admin/zh-cn/office16.opal
admin/zh-cn/onent16.opal
admin/zh-cn/outlk16.opal
admin/zh-cn/ppt16.opal
admin/zh-cn/proj16.opal
admin/zh-cn/pub16.opal
admin/zh-cn/spd16.opal
admin/zh-cn/visio16.opal
admin/zh-cn/word16.opal
admin/zh-tw/access16.opal
admin/zh-tw/excel16.opal
admin/zh-tw/lync16.opal
admin/zh-tw/octres.dll
.dll windows x86

Code Sign

33:00:00:00:6f:65:2d:58:6d:07:11:46:28:00:00:00:00:00:6f
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20-03-2015 17:32

Not After

20-06-2016 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-06-2015 17:42

Not After

04-09-2016 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e6:57:61:19:3a:44:f5:dd:c7:a7:7e:e2:8a:6f:db:9a:44:bb:75:b6
Signer

Actual PE Digest

e6:57:61:19:3a:44:f5:dd:c7:a7:7e:e2:8a:6f:db:9a:44:bb:75:b6

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

31-07-2015 13:36
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 371KB - Virtual size: 370KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
admin/zh-tw/office16.opal
admin/zh-tw/onent16.opal
admin/zh-tw/outlk16.opal
admin/zh-tw/ppt16.opal
admin/zh-tw/proj16.opal
admin/zh-tw/pub16.opal
admin/zh-tw/spd16.opal
admin/zh-tw/visio16.opal
admin/zh-tw/word16.opal
autorun.inf
catalog/files.cat
dcf.es-es/dcfmui.cab
.cab
dcf.es-es/dcfmui.msi
.msi
dcf.es-es/dcfmui.xml
.xml
dcf.es-es/setup.xml
.xml
excel.es-es/excellr.cab
.cab
excel.es-es/excelmui.msi
.msi
excel.es-es/excelmui.xml
.xml
excel.es-es/setup.xml
.xml
groove.es-es/groovelr.cab
.cab
groove.es-es/groovemui.msi
.msi
groove.es-es/groovemui.xml
.xml
groove.es-es/setup.xml
.xml
hotfixes/windows6.1-kb2999226-x64.msu
.cab
hotfixes/windows6.1-kb2999226-x86.msu
.cab
hotfixes/windows8-rt-kb2999226-x64.msu
.cab
hotfixes/windows8-rt-kb2999226-x86.msu
.cab
hotfixes/windows8.1-kb2999226-x64.msu
.cab
hotfixes/windows8.1-kb2999226-x86.msu
.cab
infopath.es-es/inflr.cab
.cab
infopath.es-es/infopathmui.msi
.msi
infopath.es-es/infopathmui.xml
.xml
infopath.es-es/setup.xml
.xml
leame.htm
lync.es-es/lyncmui.cab
.cab
lync.es-es/lyncmui.msi
.msi
lync.es-es/lyncmui.xml
.xml
lync.es-es/setup.xml
.xml
office.es-es/branding.xml
.xml
office.es-es/officelr.cab
.cab
office.es-es/officemui.msi
.msi
office.es-es/officemui.xml
.xml
office.es-es/osetupui.dll
.dll windows x86

Code Sign

33:00:00:00:71:b3:2e:8a:6b:82:aa:1f:4e:00:00:00:00:00:71
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20-03-2015 17:32

Not After

20-06-2016 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-06-2015 17:42

Not After

04-09-2016 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:31:57:74:63:60:3c:cb:c4:c5:97:5a:17:3e:96:d3:7e:32:50:fd
Signer

Actual PE Digest

06:31:57:74:63:60:3c:cb:c4:c5:97:5a:17:3e:96:d3:7e:32:50:fd

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

31-07-2015 13:37
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 226KB - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
office.es-es/pss10r.chm
.chm
office.es-es/setup.chm
.chm
office.es-es/setup.xml
.xml
office.es-es/shellui.mst
office64.es-es/office64mui.msi
.msi
office64.es-es/office64mui.xml
.xml
office64.es-es/owow64lr.cab
.cab
office64.es-es/setup.xml
.xml
onenote.es-es/onenotemui.msi
.msi
onenote.es-es/onenotemui.xml
.xml
onenote.es-es/onotelr.cab
.cab
onenote.es-es/setup.xml
.xml
osm.es-es/osmmui.cab
.cab
osm.es-es/osmmui.msi
.msi
osm.es-es/osmmui.xml
.xml
osm.es-es/setup.xml
.xml
osmux.es-es/osmuxmui.cab
.cab
osmux.es-es/osmuxmui.msi
.msi
osmux.es-es/osmuxmui.xml
.xml
osmux.es-es/setup.xml
.xml
outlook.es-es/outlklr.cab
.cab
outlook.es-es/outlookmui.msi
.msi
outlook.es-es/outlookmui.xml
.xml
outlook.es-es/setup.xml
.xml
powerpoint.es-es/powerpointmui.msi
.msi
powerpoint.es-es/powerpointmui.xml
.xml
powerpoint.es-es/pptlr.cab
.cab
powerpoint.es-es/setup.xml
.xml
proofing.es-es/proof.ca/proof.cab
.cab
proofing.es-es/proof.ca/proof.msi
.msi
proofing.es-es/proof.ca/proof.xml
.xml
proofing.es-es/proof.en/proof.cab
.cab
proofing.es-es/proof.en/proof.msi
.msi
proofing.es-es/proof.en/proof.xml
.xml
proofing.es-es/proof.es/proof.cab
.cab
proofing.es-es/proof.es/proof.msi
.msi
proofing.es-es/proof.es/proof.xml
.xml
proofing.es-es/proof.eu/proof.cab
.cab
proofing.es-es/proof.eu/proof.msi
.msi
proofing.es-es/proof.eu/proof.xml
.xml
proofing.es-es/proof.gl/proof.cab
.cab
proofing.es-es/proof.gl/proof.msi
.msi
proofing.es-es/proof.gl/proof.xml
.xml
proofing.es-es/proof.pt-br/proof.cab
.cab
proofing.es-es/proof.pt-br/proof.msi
.msi
proofing.es-es/proof.pt-br/proof.xml
.xml
proofing.es-es/proofing.msi
.msi
proofing.es-es/proofing.xml
.xml
proofing.es-es/setup.xml
.xml
proplus.ww/config.xml
proplus.ww/office64ww.msi
.msi
proplus.ww/office64ww.xml
.xml
proplus.ww/ose.exe
.exe windows x86

3ff1e3f6941de8f3da15dbea6f725b96

Code Sign

33:00:00:00:71:b3:2e:8a:6b:82:aa:1f:4e:00:00:00:00:00:71
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20-03-2015 17:32

Not After

20-06-2016 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-06-2015 17:42

Not After

04-09-2016 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

57:2c:0a:ad:70:fb:aa:27:34:60:9c:dc:aa:20:dc:3a:93:66:29:b3
Signer

Actual PE Digest

57:2c:0a:ad:70:fb:aa:27:34:60:9c:dc:aa:20:dc:3a:93:66:29:b3

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

31-07-2015 13:38
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

advapi32

RegCloseKey
RegCreateKeyExW
RegEnumKeyExW
RegOpenKeyExW
SetThreadToken
RegEnumValueW
RegQueryValueExW
RegSetValueExW
RegNotifyChangeKeyValue
SetServiceStatus
StartServiceCtrlDispatcherW
DuplicateToken
GetUserNameA
RegDeleteValueW
RegisterServiceCtrlHandlerW
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
LookupAccountNameW
ConvertStringSecurityDescriptorToSecurityDescriptorW
CryptAcquireContextW
CryptReleaseContext
SetFileSecurityW
RegDeleteKeyW
OpenThreadToken

kernel32

CloseHandle
GetLastError
SetEvent
GetModuleFileNameW
GetDriveTypeW
GetLogicalDrives
lstrcmpW
lstrlenW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
Sleep
ExitProcess
GetCommandLineW
SetErrorMode
ResetEvent
ReleaseMutex
WaitForMultipleObjectsEx
CreateMutexW
CreateEventW
CreateProcessW
GetSystemInfo
GetTickCount
MoveFileExW
CreateFileA
CreateFileW
ReadFile
SetFilePointer
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryExW
DosDateTimeToFileTime
MultiByteToWideChar
WideCharToMultiByte
ReleaseSemaphore
WaitForSingleObject
WaitForMultipleObjects
CreateSemaphoreW
CreateThread
SetFilePointerEx
VirtualAlloc
VirtualFree
GlobalAlloc
GlobalFree
GetSystemTimeAsFileTime
ExpandEnvironmentStringsW
CompareStringW
SetEndOfFile
SetFileTime
WriteFile
GetSystemTime
SystemTimeToFileTime
LocalFree
FindClose
GetTempPathA
CreateDirectoryW
GetFileAttributesW
GetTempPathW
FindFirstFileW
GetFileSizeEx
QueryPerformanceCounter
DeleteFileW
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
GetStdHandle
lstrlenA
FindNextFileW
RemoveDirectoryW
SetFileAttributesW
GetFileAttributesExW
GetFileTime
CopyFileW
CreateHardLinkW
FormatMessageA
GetComputerNameW
GetCurrentThread
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetCurrentProcess
TerminateProcess
RtlUnwind
RaiseException
SetLastError
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleFileNameA
GetModuleHandleExW
GetACP
GetStringTypeW
GetFileType
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
DecodePointer
WriteConsoleW
LoadLibraryExA
VirtualQuery
VirtualProtect

rpcrt4

RpcServerUseProtseqEpW
RpcServerRegisterIfEx
RpcServerUnregisterIf
NdrServerCall2
RpcImpersonateClient
RpcRevertToSelf

wintrust

WinVerifyTrust

Sections

.text
Size: 143KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
proplus.ww/osetup.dll
.dll windows x86

2fd3a753c35234f1cbadbf1d7e88a3b9

Code Sign

33:00:00:00:6f:65:2d:58:6d:07:11:46:28:00:00:00:00:00:6f
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20-03-2015 17:32

Not After

20-06-2016 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-06-2015 17:42

Not After

04-09-2016 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cc:78:02:4d:82:64:2e:23:34:f0:d7:e5:41:85:6e:1d:78:a6:99:7f
Signer

Actual PE Digest

cc:78:02:4d:82:64:2e:23:34:f0:d7:e5:41:85:6e:1d:78:a6:99:7f

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

31-07-2015 13:38
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

gdi32

SetTextColor
SetBkMode
RectVisible
GetStockObject
ExcludeClipRect
GetDIBColorTable
CreateFontW
GetTextExtentPoint32W
CreateSolidBrush
CreateFontIndirectW
SetLayout
SetDIBitsToDevice
CreateDIBSection
StretchDIBits
SelectObject
DeleteDC
GetTextExtentPointW
GetCharWidthW
CreateCompatibleDC
CreateCompatibleBitmap
ExtTextOutW
GetObjectW
SetPixel
SetBkColor
SaveDC
RestoreDC
OffsetClipRgn
IntersectClipRect
GetPixel
CreateRectRgn
BitBlt
ExtSelectClipRgn
GetRgnBox
GetObjectA
TranslateCharsetInfo
CreateFontIndirectA
SetAbortProc
ResetDCW
DeleteColorSpace
CreateColorSpaceW
ExtCreatePen
ExtCreateRegion
CreateRoundRectRgn
CreatePolyPolygonRgn
CreatePenIndirect
DeleteObject
CreateICW
CreateHatchBrush
CreateEllipticRgnIndirect
CreateEllipticRgn
CreateDIBPatternBrushPt
CreateDIBitmap
CreateBrushIndirect
CreateBitmapIndirect
SetColorSpace
ColorCorrectPalette
EnumICMProfilesW
ColorMatchToTarget
SetDeviceGammaRamp
GetDeviceGammaRamp
SetICMProfileW
GetICMProfileW
GetLogColorSpaceW
CheckColorsInGamut
SetICMMode
UnrealizeObject
GetDCOrgEx
GetKerningPairsW
SetBitmapDimensionEx
PolyTextOutW
ExtTextOutA
TextOutW
SelectClipPath
AbortDoc
EndPage
StartPage
EndDoc
StartDocW
GetColorAdjustment
SetColorAdjustment
SetWorldTransform
GdiComment
UpdateColors
SetTextJustification
SetTextAlign
SetTextCharacterExtra
SetSystemPaletteUse
SetROP2
SetPolyFillMode
SetPaletteEntries
GetLayout
SetMapperFlags
SetBoundsRect
SetDCPenColor
SetMetaRgn
ResizePalette
RoundRect
Rectangle
RectInRegion
PtVisible
PtInRegion
PolyPolygon
PaintRgn
Pie
PlgBlt
MaskBlt
InvertRgn
GetWindowOrgEx
GetCharABCWidthsI
GetCharWidthI
GetTextExtentExPointI
GetTextExtentPointI
GetGlyphIndicesW
GetFontUnicodeRanges
GetCharacterPlacementW
GetFontLanguageInfo
GetTextCharset
GetTextExtentExPointW
GetTextExtentExPointA
GetTextExtentPoint32A
GetTextAlign
GetTextCharacterExtra
GetSystemPaletteUse
GetSystemPaletteEntries
GetStretchBltMode
GetRegionData
GetRandomRgn
GetPolyFillMode
GetPaletteEntries
GetOutlineTextMetricsW
GetNearestPaletteIndex
GetNearestColor
GetMapMode
GetGlyphOutlineW
GetMetaRgn
GetCharABCWidthsFloatW
GetCharABCWidthsW
GetCharWidthFloatW
GetCharWidth32W
GetBoundsRect
GetBitmapDimensionEx
GetBkMode
GetDCPenColor
GetDCBrushColor
GetAspectRatioFilterEx
GetROP2
FrameRgn
FillRgn
ExtFloodFill
ExtEscape
Escape
EnumObjects
DrawEscape
Chord
CancelDC
AnimatePalette
GetObjectType
SetDIBits
CreateBitmap
GetTextFaceW
GetFontData
GetTextCharsetInfo
EnumFontFamiliesExW
CreateDCW
GetTextColor
GetBkColor
Polygon
CreatePolygonRgn
SetDCBrushColor
Ellipse
PatBlt
GetWindowExtEx
GetViewportExtEx
MoveToEx
LineTo
CreatePen
CreateRectRgnIndirect
SetViewportOrgEx
GetViewportOrgEx
CreatePalette
GetDeviceCaps
GetCurrentObject
GetClipRgn
SetBrushOrgEx
CreateHalftonePalette
SelectPalette
RealizePalette
GetBrushOrgEx
CreatePatternBrush
GetDIBits
SetRectRgn
OffsetRgn
EqualRgn
CombineRgn
GetTextMetricsW
SetMapMode
GdiFlush
SetWindowOrgEx
SelectClipRgn
SetStretchBltMode
SetDIBColorTable
StretchBlt
GetClipBox

advapi32

AddAccessDeniedAce
AllocateAndInitializeSid
CreateProcessAsUserW
LookupPrivilegeValueW
AdjustTokenPrivileges
EventWriteTransfer
QueryServiceStatus
StartServiceW
IsTextUnicode
ConvertStringSecurityDescriptorToSecurityDescriptorW
QueryServiceConfigW
OpenServiceW
RegDeleteValueA
RegEnumValueA
GetSecurityDescriptorDacl
ConvertSidToStringSidA
LookupAccountSidW
RevertToSelf
GetSidSubAuthority
FreeSid
EqualSid
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
OpenProcessToken
OpenThreadToken
AddAccessAllowedAce
CreateWellKnownSid
AddAce
CopySid
GetAce
GetAclInformation
GetLengthSid
GetTokenInformation
InitializeAcl
InitializeSecurityDescriptor
IsValidSid
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
LookupAccountNameW
EventWrite
RegDeleteKeyW
RegGetValueW
EventRegister
EventUnregister
RegSetValueExW
RegDeleteKeyValueW
EventProviderEnabled
RegSetKeyValueW
ConvertSidToStringSidW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegDeleteTreeW
RegOpenKeyExA
RegQueryValueExA
ChangeServiceConfigW
CloseServiceHandle
OpenSCManagerW

kernel32

OpenSemaphoreA
CreateSemaphoreA
OpenMutexA
OpenEventA
CreateEventA
CreateMutexA
WerUnregisterMemoryBlock
WerRegisterMemoryBlock
QueryFullProcessImageNameW
GetThreadIOPendingFlag
PostQueuedCompletionStatus
GetQueuedCompletionStatus
CreateIoCompletionPort
GetFileInformationByHandleEx
SetFileInformationByHandle
GetLastError
FlsAlloc
FlsFree
InitializeCriticalSectionEx
DeleteCriticalSection
GetSystemDefaultLangID
GetUserDefaultUILanguage
GetSystemDefaultLCID
CancelIoEx
GetOverlappedResult
GetSystemPowerStatus
IsSystemResumeAutomatic
SystemTimeToFileTime
FileTimeToSystemTime
WriteFile
lstrcmpW
RemoveDirectoryW
FindNextFileW
FindFirstFileW
GlobalFree
SetEnvironmentVariableW
GetCommandLineW
OpenMutexW
GetComputerNameW
K32EnumProcessModulesEx
K32EnumProcessModules
K32EnumProcesses
GetPriorityClass
IsValidLocale
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
GetSystemTime
GetVolumeInformationW
CopyFileW
DeviceIoControl
GetFileSizeEx
GetFileAttributesW
CompareFileTime
GetSystemDirectoryW
GetTempFileNameW
GetNumberFormatW
ReadFile
lstrlenW
SetFilePointerEx
SetFileAttributesW
DeleteFileW
LocalFree
LocalAlloc
K32GetModuleFileNameExW
GetShortPathNameA
GetModuleFileNameA
GetTickCount64
GetSystemTimeAsFileTime
CreateProcessW
TerminateProcess
OpenProcess
CreateDirectoryW
GetDriveTypeW
GetDiskFreeSpaceExW
GetUserDefaultLCID
IsProcessorFeaturePresent
LoadLibraryA
MulDiv
QueryPerformanceFrequency
SetWaitableTimerEx
SetThreadPriority
CreateWaitableTimerW
SetWaitableTimer
WerRegisterRuntimeExceptionModule
WaitForMultipleObjects
GetFileAttributesExW
InitializeCriticalSection
CreateSemaphoreExW
WaitForSingleObjectEx
ReleaseSemaphore
CreateEventW
ResetEvent
FindResourceW
SizeofResource
LockResource
LoadResource
WaitForMultipleObjectsEx
OutputDebugStringW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
InitializeSRWLock
RtlCaptureStackBackTrace
K32GetProcessImageFileNameW
QueryPerformanceCounter
LeaveCriticalSection
EnterCriticalSection
VerifyVersionInfoW
GetNativeSystemInfo
GetVersionExW
GetSystemDirectoryA
CreateProcessA
GetExitCodeProcess
WaitForSingleObject
GetFileAttributesA
VerSetConditionMask
LoadLibraryW
GetModuleHandleA
GetTickCount
GetCurrentThread
CreateThread
Sleep
CreateEventExW
CreateMutexW
ReleaseMutex
SetEvent
CreateFileMappingA
RaiseException
CloseHandle
DecodePointer
OutputDebugStringA
ExpandEnvironmentStringsW
GetCurrentProcessId
WideCharToMultiByte
LoadLibraryExW
GetProcAddress
GetModuleHandleW
FreeLibrary
SetErrorMode
FindFirstFileExW
FindClose
MultiByteToWideChar
LCIDToLocaleName
LocaleNameToLCID
GetLocaleInfoEx
GetUserDefaultLocaleName
GetSystemDefaultLocaleName
EnumSystemLocalesEx
GetDateFormatEx
GetCalendarInfoEx
HeapAlloc
HeapFree
GetProcessHeap
GetThreadUILanguage
CreateFileW
GetFileType
SetEndOfFile
CreateFileMappingW
FlsGetValue
FlsSetValue
GlobalAlloc
GlobalLock
GlobalUnlock
GetTempPathW
UnmapViewOfFile
MapViewOfFile
CancelWaitableTimer
QueryDepthSList
TryEnterCriticalSection
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
LoadLibraryExA
ExpandEnvironmentStringsA
OpenEventW
GetStdHandle
TlsGetValue
GetTimeFormatEx
GetAtomNameW
TlsAlloc
TlsSetValue
TlsFree
DeleteAtom
AddAtomW
FindAtomW
GetFileSize
GetAtomNameA
GetStringTypeExW
GetLocaleInfoW
HeapCreate
HeapDestroy
HeapReAlloc
InitializeCriticalSectionAndSpinCount
GlobalDeleteAtom
GlobalAddAtomW
InterlockedFlushSList
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrencyFormatW
VirtualAlloc
IsValidCodePage
CompareStringOrdinal
EncodePointer
GetStringTypeW
DuplicateHandle
GetCPInfo
CompareStringW
LCMapStringW
UnhandledExceptionFilter
GetStartupInfoW
RtlUnwind
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
VirtualFree
VirtualProtect
UnregisterWaitEx
HeapSize
ExitProcess
GetModuleHandleExW
GetConsoleMode
ReadConsoleW
GetConsoleCP
GetSystemInfo
VirtualQuery
GetACP
EnumSystemLocalesW
SetStdHandle
FlushFileBuffers
WriteConsoleW
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetCommandLineA
WriteProcessMemory
lstrcmpiA
IsDBCSLeadByte
GetCPInfoExW
CreateMemoryResourceNotification
LCMapStringEx
GetLongPathNameW
GetUserDefaultLangID
GetCurrentProcess
IsWow64Process
CompareStringEx
GetCurrentThreadId
GetExitCodeThread
OpenFileMappingA
SetLastError
GetModuleFileNameW
FormatMessageW

ole32

CoTaskMemAlloc
RevokeDragDrop
CreateFileMoniker
CoDisconnectObject
CoRevokeClassObject
StringFromIID
CoCreateGuid
CLSIDFromString
OleDraw
CreateStreamOnHGlobal
CoRegisterClassObject
CoTaskMemFree
CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoLockObjectExternal
OleUninitialize
CoRevokeInitializeSpy
CoRegisterInitializeSpy

oleaut32

VariantChangeTypeEx
VarDecFromI4
VarDecFromR8
VarCmp
VarDecCmp
VariantChangeType
VarDecFromR4
SysAllocStringLen
SysStringLen
OleCreateFontIndirect
SafeArrayGetDim
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElement
SafeArrayCreate
SafeArrayDestroy
VariantCopy
VarDecAdd
VarDecDiv
VarDecMul
VarDecSu
VarDecInt
VarR8FromDec
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
VarDecRound
SysFreeString
SysAllocString
VariantInit
VariantClear
SysStringByteLen
SafeArrayPutElement
VariantTimeToSystemTime

wtsapi32

WTSRegisterSessionNotificationEx
WTSUnRegisterSessionNotificationEx

wer

WerReportSubmit
WerReportAddFile
WerReportSetParameter
WerReportCreate
WerReportCloseHandle

hid

HidD_GetHidGuid

rpcrt4

RpcStringFreeW
RpcStringBindingComposeW
NdrClientCall2
RpcBindingFromStringBindingW
RpcBindingFree

msimg32

GradientFill

imm32

ImmAssociateContext

Exports

Exports

?AddRef@BaseValue@NetUI@@QAEXXZ
?AutomateDataSource@FlexUI@@YGXPAUIDataSource@1@@Z
?CreateAtom@FlexValue@FlexUI@@SG_NPB_WAAVFlexValueSP@2@@Z
?CreateBoolean@FlexValue@FlexUI@@SG_N_NAAVFlexValueSP@2@@Z
?CreateByte@FlexValue@FlexUI@@SG_NEAAVFlexValueSP@2@@Z
?CreateChar@FlexValue@FlexUI@@SG_NDAAVFlexValueSP@2@@Z
?CreateDataSource@FlexValue@FlexUI@@SG_NPAUIDataSource@2@AAVFlexValueSP@2@@Z
?CreateDataSourceProxy@FlexUI@@YGPAUIFlexUIDataSourceProxy@@PAUIDataSource@1@@Z
?CreateDecimal@FlexValue@FlexUI@@SG_NPBUtagDEC@@AAVFlexValueSP@2@@Z
?CreateDouble@FlexValue@FlexUI@@SG_NNAAVFlexValueSP@2@@Z
?CreateFlexEvent@FlexValue@FlexUI@@SG_NAAVFlexValueSP@2@@Z
?CreateFlexListProxy@FlexUI@@YGPAUIFlexListProxy@@PAUIFlexList@1@@Z
?CreateInt16@FlexValue@FlexUI@@SG_NFAAVFlexValueSP@2@@Z
?CreateInt32@FlexValue@FlexUI@@SG_NHAAVFlexValueSP@2@@Z
?CreateInt64@FlexValue@FlexUI@@SG_N_JAAVFlexValueSP@2@@Z
?CreateLength@FlexValue@FlexUI@@SG_NPBUtagDEC@@W4FlexLengthType@2@AAVFlexValueSP@2@@Z
?CreateSByte@FlexValue@FlexUI@@SG_NCAAVFlexValueSP@2@@Z
?CreateSingle@FlexValue@FlexUI@@SG_NMAAVFlexValueSP@2@@Z
?CreateString@FlexValue@FlexUI@@SG_NPB_WAAVFlexValueSP@2@@Z
?CreateUInt16@FlexValue@FlexUI@@SG_NGAAVFlexValueSP@2@@Z
?CreateUInt32@FlexValue@FlexUI@@SG_NIAAVFlexValueSP@2@@Z
?CreateUInt64@FlexValue@FlexUI@@SG_N_KAAVFlexValueSP@2@@Z
?EnsureDataSourceState@@YGXPAUIDataSource@FlexUI@@@Z
?GetAtom@FlexValue@FlexUI@@QBEGXZ
?GetBoolean@FlexValue@FlexUI@@QBE_NXZ
?GetByte@FlexValue@FlexUI@@QBEEXZ
?GetChar@FlexValue@FlexUI@@QBE_WXZ
?GetDataSource@FlexValue@FlexUI@@QBEPAUIDataSource@2@XZ
?GetDecimal@FlexValue@FlexUI@@QBE?AUtagDEC@@XZ
?GetDouble@FlexValue@FlexUI@@QBENXZ
?GetInt16@FlexValue@FlexUI@@QBEFXZ
?GetInt32@FlexValue@FlexUI@@QBEHXZ
?GetInt64@FlexValue@FlexUI@@QBE_JXZ
?GetLength@FlexValue@FlexUI@@QBE?AUFlexLength@2@XZ
?GetList@FlexValue@FlexUI@@QBEPAUIFlexList@2@XZ
?GetSByte@FlexValue@FlexUI@@QBECXZ
?GetSingle@FlexValue@FlexUI@@QBEMXZ
?GetString@FlexValue@FlexUI@@QBEPB_WXZ
?GetType@FlexValue@FlexUI@@QBE?AW4FlexValueType@2@XZ
?GetUInt16@FlexValue@FlexUI@@QBEGXZ
?GetUInt32@FlexValue@FlexUI@@QBEIXZ
?GetUInt64@FlexValue@FlexUI@@QBE_KXZ
?HAlloc@NetUI@@YGPAXK@Z
?HFree@NetUI@@YGXPAX@Z
?IsDataSourceSubclassOf@FlexUI@@YG_NPAUIDataSourceDescription@1@I@Z
?Release@BaseValue@NetUI@@QAEXXZ
?ReleaseDataSource@FlexUI@@YGXPAUIFlexUIDataSourceProxy@@@Z
?ReleaseFlexList@FlexUI@@YGXPAUIFlexListProxy@@@Z
RunDevSetup
RunSetup

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 284KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
proplus.ww/owow64ww.cab
.cab
proplus.ww/pidgenx.dll
.dll windows x86

d9cce9cac67215391da3d888c5137316

Code Sign

61:19:cc:93:00:01:00:00:00:66
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

10-10-2011 20:32

Not After

10-01-2013 20:32

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:05:19:96:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25-07-2011 20:42

Not After

25-10-2012 20:42

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:9E78-864B-039D,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a1:6a:10:32:33:df:6f:b8:b5:3a:20:dc:82:02:55:a7:fd:49:f2:1a
Signer

Actual PE Digest

a1:6a:10:32:33:df:6f:b8:b5:3a:20:dc:82:02:55:a7:fd:49:f2:1a

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

05-07-2012 23:46
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_onexit
_lock
__dllonexit
_unlock
memmove
memcpy
_amsg_exit
_initterm
free
malloc
_XcptFilter
_wcsicmp
_purecall
_vsnwprintf
rand
srand
time
wcsncmp
_wtoi
_wcsnicmp
_ui64tow
_itow
wcsstr
wcschr
memset

kernel32

InterlockedExchangeAdd
CreateEventW
CreateSemaphoreW
VirtualQuery
ReleaseSemaphore
SetEvent
WaitForSingleObject
GetModuleFileNameW
GetCurrentThread
GetThreadPriority
GetProcessAffinityMask
RaiseException
UnmapViewOfFile
GetSystemInfo
VirtualProtect
FreeLibrary
LoadLibraryW
GetProcAddress
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
FreeLibraryAndExitThread
VirtualFree
VirtualAlloc
FileTimeToSystemTime
GetSystemDefaultLangID
GetVersionExW
HeapAlloc
GetProcessHeap
HeapFree
InterlockedIncrement
InterlockedDecrement
LocalFree
CloseHandle
GetLastError
GetVersionExA
LocalAlloc
WideCharToMultiByte
MultiByteToWideChar
SetFilePointer
ReadFile
GetFileSize
CreateFileW
SetLastError
InterlockedExchange
Sleep
InterlockedCompareExchange
RtlUnwind
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
GetVersion
SetThreadPriority
WaitForMultipleObjects
CreateThread
MapViewOfFile
CreateFileMappingW
SystemTimeToFileTime
GetLocalTime
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
UnhandledExceptionFilter

advapi32

TraceEvent
CryptGenKey
CryptExportKey
CryptVerifySignatureA
CryptSignHashA
CryptImportKey
CryptDecrypt
CryptEncrypt
CryptDestroyKey
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptAcquireContextW
CryptGenRandom
TraceMessage
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
CryptReleaseContext

rpcrt4

UuidToStringW
I_RpcMapWin32Status
RpcStringFreeW
UuidFromStringW

Exports

Exports

PidGenX
PidGenX2

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
proplus.ww/pkeyconfig-office.xrm-ms
proplus.ww/proplusww.msi
.msi
proplus.ww/proplusww.xml
.xml
proplus.ww/propsww.cab
.cab
proplus.ww/propsww2.cab
.cab
proplus.ww/setup.xml
.xml
publisher.es-es/publishermui.msi
.msi
publisher.es-es/publishermui.xml
.xml
publisher.es-es/publr.cab
.cab
publisher.es-es/setup.xml
.xml
setup.dll
.dll windows x86

561ca43b1461573e39a1f8e6c8328853

Code Sign

33:00:00:00:71:b3:2e:8a:6b:82:aa:1f:4e:00:00:00:00:00:71
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20-03-2015 17:32

Not After

20-06-2016 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-06-2015 17:42

Not After

04-09-2016 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ee:7f:b2:0c:cd:2a:7b:da:c8:7c:0d:a8:71:b1:09:ab:e0:b8:79:b5
Signer

Actual PE Digest

ee:7f:b2:0c:cd:2a:7b:da:c8:7c:0d:a8:71:b1:09:ab:e0:b8:79:b5

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

31-07-2015 13:38
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

advapi32

RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegOpenKeyExA
EventRegister
EventUnregister
EventWrite
EventWriteTransfer

kernel32

WideCharToMultiByte
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
RaiseException
RtlUnwind
EncodePointer
InterlockedPushEntrySList
InterlockedFlushSList
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EnterCriticalSection
LeaveCriticalSection
HeapSize
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
HeapFree
HeapAlloc
GetCurrentThread
GetACP
GetStdHandle
GetFileType
HeapReAlloc
GetProcessHeap
LCMapStringW
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetCommandLineA
GetCommandLineW
FreeLibrary
GetStringTypeW
SetStdHandle
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
DecodePointer
WriteConsoleW
CloseHandle
OutputDebugStringW
WaitForSingleObjectEx
CreateFileW
ExpandEnvironmentStringsW
FormatMessageW
DeleteFileW
FindFirstFileW
FindNextFileW
GetFileAttributesExW
RemoveDirectoryW
SetFileAttributesW
lstrcmpW
CopyFileW
SetProcessDEPPolicy
GetSystemDEPPolicy
SetCurrentDirectoryW
GlobalFree
GetFullPathNameW
VerSetConditionMask
VerifyVersionInfoW
GetTickCount64
GetModuleFileNameA
GetShortPathNameA
LocalFree
GetVersionExW
SetErrorMode
LoadLibraryExW
GetProcAddress
GetModuleHandleW
CreateDirectoryW
GetModuleFileNameW
FindFirstFileExW
FindClose
CompareStringEx
IsWow64Process
GetCurrentProcess
DeleteCriticalSection
InitializeCriticalSectionEx
FlsFree
FlsAlloc
GetLastError
FlsGetValue
FlsSetValue
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
FileTimeToSystemTime
GetTempPathW
GetSystemTime
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
Sleep
CreateWaitableTimerW
QueryDepthSList
TryEnterCriticalSection
CreateEventExW
InterlockedPopEntrySList
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
QueryPerformanceFrequency
CreateEventW
SetEvent
ResetEvent
GetThreadTimes

ole32

CoTaskMemFree
StringFromIID
CoCreateInstance
CoInitializeEx
CoUninitialize

oleaut32

SysAllocString
SysFreeString
VariantInit
VariantClear

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WinVerifyTrust

Exports

Exports

WinMain

Sections

.text
Size: 228KB - Virtual size: 228KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 154KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setup.exe
.exe windows x86

cf63b81dd7450773fe5d34299f963c66

Code Sign

33:00:00:00:6f:65:2d:58:6d:07:11:46:28:00:00:00:00:00:6f
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20-03-2015 17:32

Not After

20-06-2016 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-06-2015 17:42

Not After

04-09-2016 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4c:46:2e:b2:60:66:6d:8d:a4:5e:e0:b0:df:cb:2d:14:12:5c:c2:44
Signer

Actual PE Digest

4c:46:2e:b2:60:66:6d:8d:a4:5e:e0:b0:df:cb:2d:14:12:5c:c2:44

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

31-07-2015 13:38
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

kernel32

GetLastError
SetLastError
GetModuleFileNameW
GetModuleHandleA
OutputDebugStringA
GetProcAddress
LoadLibraryW
FormatMessageW
VerifyVersionInfoW
GetModuleHandleW
VerSetConditionMask
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetCurrentProcess
TerminateProcess
RaiseException
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
HeapSize
GetStdHandle
WriteFile
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
GetACP
HeapFree
HeapAlloc
HeapReAlloc
GetProcessHeap
CloseHandle
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
SetStdHandle
GetFileType
GetStringTypeW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
CreateFileW
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
updates/leame.txt
word.es-es/setup.xml
.xml
word.es-es/wordlr.cab
.cab
word.es-es/wordmui.msi
.msi
word.es-es/wordmui.xml
.xml

Sharing

General

Malware Config

Signatures

Files

Code Sign

33:00:00:00:71:b3:2e:8a:6b:82:aa:1f:4e:00:00:00:00:00:71Certificate

Extended Key Usages

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0aCertificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

a8:25:ce:68:bd:8e:75:47:46:0e:eb:c4:ff:3e:16:17:4c:96:5e:09Signer

Signature Validations

Verification

31-07-2015 13:37 Valid: false

Headers

DLL Characteristics

File Characteristics

Sections

.rdata Size: 512B - Virtual size: 184B

.rsrc Size: 6KB - Virtual size: 6KB

Code Sign

33:00:00:00:70:f4:18:bf:23:21:fc:50:9d:00:00:00:00:00:70Certificate

Extended Key Usages

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0aCertificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

04:22:3b:da:e3:ef:72:3e:6f:47:88:5b:6c:cc:d0:a8:5f:57:bc:5cSigner

Signature Validations

Verification

31-07-2015 13:37 Valid: false

Headers

DLL Characteristics

File Characteristics

Sections

.rdata Size: 512B - Virtual size: 184B

.rsrc Size: 297KB - Virtual size: 297KB

Code Sign

33:00:00:00:70:f4:18:bf:23:21:fc:50:9d:00:00:00:00:00:70Certificate

Extended Key Usages

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0aCertificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

60:10:8b:32:30:70:dd:b6:51:8c:e5:1e:b8:28:61:7c:ff:2e:4c:49Signer

Signature Validations

Verification

31-07-2015 13:38 Valid: false

Headers

DLL Characteristics

File Characteristics

Sections

.rdata Size: 512B - Virtual size: 139B

.rsrc Size: 1.2MB - Virtual size: 1.2MB

Code Sign

33:00:00:00:71:b3:2e:8a:6b:82:aa:1f:4e:00:00:00:00:00:71Certificate

Extended Key Usages

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0aCertificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

3c:85:60:d3:4b:e5:43:09:15:15:9d:8d:d4:0c:29:a4:b6:80:71:16Signer

Signature Validations

Verification

31-07-2015 13:38 Valid: false

Headers

33:00:00:00:71:b3:2e:8a:6b:82:aa:1f:4e:00:00:00:00:00:71
Certificate

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

a8:25:ce:68:bd:8e:75:47:46:0e:eb:c4:ff:3e:16:17:4c:96:5e:09
Signer

31-07-2015 13:37
Valid: false

.rdata
Size: 512B - Virtual size: 184B

.rsrc
Size: 6KB - Virtual size: 6KB

33:00:00:00:70:f4:18:bf:23:21:fc:50:9d:00:00:00:00:00:70
Certificate

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

04:22:3b:da:e3:ef:72:3e:6f:47:88:5b:6c:cc:d0:a8:5f:57:bc:5c
Signer

31-07-2015 13:37
Valid: false

.rdata
Size: 512B - Virtual size: 184B

.rsrc
Size: 297KB - Virtual size: 297KB

33:00:00:00:70:f4:18:bf:23:21:fc:50:9d:00:00:00:00:00:70
Certificate

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

60:10:8b:32:30:70:dd:b6:51:8c:e5:1e:b8:28:61:7c:ff:2e:4c:49
Signer

31-07-2015 13:38
Valid: false

.rdata
Size: 512B - Virtual size: 139B

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

33:00:00:00:71:b3:2e:8a:6b:82:aa:1f:4e:00:00:00:00:00:71
Certificate

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

3c:85:60:d3:4b:e5:43:09:15:15:9d:8d:d4:0c:29:a4:b6:80:71:16
Signer

31-07-2015 13:38
Valid: false

.rdata
Size: 512B - Virtual size: 146B

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

33:00:00:00:6f:65:2d:58:6d:07:11:46:28:00:00:00:00:00:6f
Certificate

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

f2:bb:29:7e:4f:00:2a:4a:41:12:4c:bf:97:2c:08:a4:46:44:34:0c
Signer

31-07-2015 13:38
Valid: false

.rdata
Size: 512B - Virtual size: 223B

.rsrc
Size: 6KB - Virtual size: 8KB

.rsrc
Size: 1024B - Virtual size: 892B

.its
Size: 512B - Virtual size: 24B

33:00:00:00:6f:65:2d:58:6d:07:11:46:28:00:00:00:00:00:6f
Certificate

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

37:27:ba:7e:9f:a3:9a:ee:2a:ae:8a:63:64:46:3e:4a:29:86:b0:a3
Signer

31-07-2015 13:37
Valid: false

.rdata
Size: 512B - Virtual size: 184B

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:0c:ab:11:d8:22:ef:7d:6c:79:7e
Certificate

61:05:87:58:00:03:00:00:00:5a
Certificate