Software_32x64bit[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Software_32x64bit.zip
Size

105.1MB
MD5

32e4e00619cf9367e6197e9769c323ac
SHA1

fa5cad0b7dd8f50c7dc9acf6cb02829d54566bee
SHA256

cfc21e84e41f8186173e17522af661e9b5b35fb92d2b39d5aac1e85a8d0686f8
SHA512

b9c880ad344d7928418d84035e4d4a3469bf19b5b4e6c57dca79902cb09e01a7ae1076b65abea42b7c363d91fa15f227680d14cf75059a4393a5444e799453e1
SSDEEP

3145728:owKwPqzlz5yHixeAIoebpCwLQl6LCtQDc7JFdGF:16zQCHVIM60QDc7F+

Score

1^/10

Malware Config

Signatures

Files

Software_32x64bit.zip
.zip

Password: goldsoftware
Res/enodalSimpler/mobble/adipsy/mandola.xml
.xml
Res/enodalSimpler/mobble/lanker/poilu.xml
.xml
Res/enodalSimpler/mobble/mirificSteely.xml
.xml
Res/enodalSimpler/mobble/sarcastYaws/rideMaximin.xml
.xml
Res/enodalSimpler/pitting/friar/ungularCutups.xml
.xml
Res/enodalSimpler/pitting/tenacesFeruled/infulaEonVulturn.xml
.xml
Res/enodalSimpler/pitting/zein.xml
.xml
Res/enodalSimpler/vestedApicialBourdis/clio/chincha.xml
.xml
Res/enodalSimpler/vestedApicialBourdis/gloggs.xml
.xml
Res/miniverGlutosePopply/asialiaPrsDrib/idlesetXylon/aswail.xml
.xml
Res/miniverGlutosePopply/asialiaPrsDrib/idlesetXylon/knackerDearsAlphyls.xml
.xml
Res/miniverGlutosePopply/asialiaPrsDrib/idlesetXylon/mutsGugalEreptic.xml
.xml
Res/miniverGlutosePopply/asialiaPrsDrib/pierianReplayDevisee/fortyChagaCuritis.xml
.xml
Res/miniverGlutosePopply/asialiaPrsDrib/reties/gun.xml
.xml
Res/miniverGlutosePopply/asialiaPrsDrib/reties/iranUnsweatAkoasma.xml
.xml
Res/miniverGlutosePopply/asialiaPrsDrib/reties/jerkish.xml
.xml
Res/miniverGlutosePopply/caplessDemaree.xml
.xml
Res/paviorAliptic/costersAskesis/jingles.xml
.xml
Res/paviorAliptic/costersAskesis/scroutSapiaoJugular.xml
.xml
Res/paviorAliptic/gobian/beretsSlabmanOutruns.xml
.xml
Res/paviorAliptic/gobian/oxytone/kubachiSylvaSops.xml
.xml
Res/paviorAliptic/grapple/caecalFrackLikest/heftedCotch.xml
.xml
Res/paviorAliptic/grapple/cambletSoco/hadesCongiiForcut.xml
.xml
Res/paviorAliptic/grapple/cambletSoco/wrokeAngleAffing.xml
.xml
Res/paviorAliptic/grapple/rubusAshiest.xml
.xml
Res/paviorAliptic/insureeEpicsFining/bosonic/porretSris.xml
.xml
Res/paviorAliptic/insureeEpicsFining/bosonic/prussic.xml
.xml
Res/paviorAliptic/insureeEpicsFining/bosonic/recrankPauHassel.xml
.xml
Res/paviorAliptic/insureeEpicsFining/bosonic/voetsakInconelMadzoon.xml
.xml
Res/paviorAliptic/insureeEpicsFining/colpheg/crabbyBushful.xml
.xml
Res/paviorAliptic/insureeEpicsFining/finkingPawnersKipskin.xml
.xml
Res/paviorAliptic/insureeEpicsFining/novatorArrieroThrast/triunesQuartaOaks.xml
.xml
Res/paviorAliptic/insureeEpicsFining/smitherDrupalMeaw/bipedalBergletProrata.xml
.xml
Res/paviorAliptic/insureeEpicsFining/smitherDrupalMeaw/skitherBoredomLumine.xml
.xml
Res/ticket/betwit/bondonGawmArolla.xml
.xml
Res/ticket/betwit/kokoonAbscamOna.xml
.xml
Res/ticket/betwit/leftiesJelledBridale/abrazoEdifice.xml
.xml
Res/ticket/betwit/leftiesJelledBridale/cytolAckeyGum.xml
.xml
Res/ticket/betwit/leftiesJelledBridale/funkingAlumish.xml
.xml
Res/ticket/betwit/starchy.xml
.xml
Res/ticket/kodakedForbit/bones/hahs.xml
.xml
Res/ticket/kodakedForbit/eniac/diplontIodateHaubois.xml
.xml
Res/ticket/kodakedForbit/eniac/someoneBluntMammies.xml
.xml
Res/ticket/kodakedForbit/lictor/altern.xml
.xml
Res/ticket/kodakedForbit/lictor/dabblesFlyableSwopped.xml
.xml
Res/ticket/kodakedForbit/lictor/loomeryOblat.xml
.xml
Res/ticket/kodakedForbit/soulish/outwood.xml
.xml
Res/ticket/kodakedForbit/tepalDashee.xml
.xml
Res/ticket/kodakedForbit/untwirl.xml
.xml
Res/ticket/kodakedForbit/vacatesJustenPoteens.xml
.xml
Res/ticket/lotto/monsoon/jabberFurzedZolaist.xml
.xml
Res/ticket/lotto/monsoon/zenobia.xml
.xml
Res/ticket/silvers.xml
.xml
file_id.diz
filesetup2.1.exe
.exe windows x86

Password: goldsoftware

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
languages/Chinese_Traditional_0.0.7.3.lng
lib/bin
lib/rd-text.jar
.jar
license/FileDlg.exe
.exe windows x86

Password: goldsoftware

5ff1180aee53404e3d04ef87ff1e52cd

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/03/2019, 00:00

Not After

31/12/2028, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b3:ea:74:a5:fe:6f:ee:1d:1e:7a:30:98:75:3d:84:88
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

06/08/2020, 00:00

Not After

06/08/2023, 23:59

Subject

CN=SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO.\, LTD.,O=SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO.\, LTD.,POSTALCODE=518053,STREET=Rm 206\, Building 10\, Liyuan New Village\, Baishi Zhou\, Shahe Rd\, Nanshan Dist,L=Shenzhen,ST=Guangdong Sheng,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/03/2019, 00:00

Not After

31/12/2028, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b3:ea:74:a5:fe:6f:ee:1d:1e:7a:30:98:75:3d:84:88
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

06/08/2020, 00:00

Not After

06/08/2023, 23:59

Subject

CN=SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO.\, LTD.,O=SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO.\, LTD.,POSTALCODE=518053,STREET=Rm 206\, Building 10\, Liyuan New Village\, Baishi Zhou\, Shahe Rd\, Nanshan Dist,L=Shenzhen,ST=Guangdong Sheng,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ff:c9:42:a1:94:e1:fa:c5:af:c9:55:5b:22:2a:6e:55:e5:96:dc:1b:64:ef:26:5a:ce:3d:33:53:9c:d5:91:22
Signer

Actual PE Digest

ff:c9:42:a1:94:e1:fa:c5:af:c9:55:5b:22:2a:6e:55:e5:96:dc:1b:64:ef:26:5a:ce:3d:33:53:9c:d5:91:22

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO.\, LTD.,O=SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO.\, LTD.,POSTALCODE=518053,STREET=Rm 206\, Building 10\, Liyuan New Village\, Baishi Zhou\, Shahe Rd\, Nanshan Dist,L=Shenzhen,ST=Guangdong Sheng,C=CN

22/05/2021, 13:05
Valid: true

Chain 1

CN=SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO.\, LTD.,O=SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO.\, LTD.,POSTALCODE=518053,STREET=Rm 206\, Building 10\, Liyuan New Village\, Baishi Zhou\, Shahe Rd\, Nanshan Dist,L=Shenzhen,ST=Guangdong Sheng,C=CN

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Chain 2

CN=SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO.\, LTD.,O=SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO.\, LTD.,POSTALCODE=518053,STREET=Rm 206\, Building 10\, Liyuan New Village\, Baishi Zhou\, Shahe Rd\, Nanshan Dist,L=Shenzhen,ST=Guangdong Sheng,C=CN

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

34:f7:ce:f3:af:09:d5:55:6d:79:50:0d:36:53:66:e9:f3:20:bb:58
Signer

Actual PE Digest

34:f7:ce:f3:af:09:d5:55:6d:79:50:0d:36:53:66:e9:f3:20:bb:58

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO.\, LTD.,O=SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO.\, LTD.,POSTALCODE=518053,STREET=Rm 206\, Building 10\, Liyuan New Village\, Baishi Zhou\, Shahe Rd\, Nanshan Dist,L=Shenzhen,ST=Guangdong Sheng,C=CN

22/05/2021, 13:05
Valid: true

Chain 1

CN=SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO.\, LTD.,O=SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO.\, LTD.,POSTALCODE=518053,STREET=Rm 206\, Building 10\, Liyuan New Village\, Baishi Zhou\, Shahe Rd\, Nanshan Dist,L=Shenzhen,ST=Guangdong Sheng,C=CN

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Chain 2

CN=SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO.\, LTD.,O=SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO.\, LTD.,POSTALCODE=518053,STREET=Rm 206\, Building 10\, Liyuan New Village\, Baishi Zhou\, Shahe Rd\, Nanshan Dist,L=Shenzhen,ST=Guangdong Sheng,C=CN

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CloseHandle
CreateFileA
CreateFileMappingA
ExitProcess
GetACP
GetCPInfo
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStrings
GetFileType
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeW
GetVersion
HeapAlloc
HeapFree
IsDBCSLeadByteEx
IsDebuggerPresent
LCMapStringA
LoadLibraryA
MapViewOfFile
MultiByteToWideChar
OpenFileMappingA
RaiseException
RtlUnwind
SetConsoleCtrlHandler
SetFilePointer
SetHandleCount
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualQuery
WideCharToMultiByte
WriteFile

user32

EnumThreadWindows
MessageBoxA
wsprintfA

ole32

CoCreateInstance
CoInitializeEx
CoTaskMemFree
CoUninitialize

Exports

Exports

__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 46KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
license/ISODrive.sys
.exe windows x86

Password: goldsoftware

92ceb94f309a340920bfdd2ca5a3b1c7

Code Sign

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/11/2009, 10:00

Not After

18/03/2019, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

70:10:b8:f0:4d:e6:47:b2:41:5e:bd:f2
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

22/09/2020, 15:04

Not After

23/09/2021, 15:04

Subject

SERIALNUMBER=91440301108928638F,CN=Shenzhen Yibo Digital Systems Development Co.\, Ltd.,O=Shenzhen Yibo Digital Systems Development Co.\, Ltd.,L=Shenzhen,ST=Guangdong,C=CN,1.2.840.113549.1.9.1=#0c136365727440657a6273797374656d732e636f6d,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:00:43:3a:68:18:9e:33:90:29:87:00:00:00:00:00:43
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/12/2020, 22:25

Not After

02/12/2021, 22:25

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

14:e6:02:a1:dd:5d:8b:97:42:1d:05:dd:a2:a1:8c:83:57:07:60:14:2e:66:af:2d:f3:7e:51:86:d2:e7:a9:66
Signer

Actual PE Digest

14:e6:02:a1:dd:5d:8b:97:42:1d:05:dd:a2:a1:8c:83:57:07:60:14:2e:66:af:2d:f3:7e:51:86:d2:e7:a9:66

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

27/02/2023, 09:30
Valid: false

de:09:8c:31:f3:10:97:c7:4d:17:61:59:bc:07:07:04:ef:16:38:74
Signer

Actual PE Digest

de:09:8c:31:f3:10:97:c7:4d:17:61:59:bc:07:07:04:ef:16:38:74

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=91440301108928638F,CN=Shenzhen Yibo Digital Systems Development Co.\, Ltd.,O=Shenzhen Yibo Digital Systems Development Co.\, Ltd.,L=Shenzhen,ST=Guangdong,C=CN,1.2.840.113549.1.9.1=#0c136365727440657a6273797374656d732e636f6d,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

08/08/2021, 06:03
Valid: true

Chain 1

SERIALNUMBER=91440301108928638F,CN=Shenzhen Yibo Digital Systems Development Co.\, Ltd.,O=Shenzhen Yibo Digital Systems Development Co.\, Ltd.,L=Shenzhen,ST=Guangdong,C=CN,1.2.840.113549.1.9.1=#0c136365727440657a6273797374656d732e636f6d,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoDeleteDevice
ZwOpenSymbolicLinkObject
IoCreateSymbolicLink
KeSetEvent
ZwClose
ObReferenceObjectByHandle
PsCreateSystemThread
KeInitializeEvent
KeInitializeSpinLock
IoCreateDevice
RtlAppendUnicodeStringToString
RtlIntegerToUnicodeString
RtlAppendUnicodeToString
ExFreePoolWithTag
ExAllocatePoolWithTag
RtlQueryRegistryValues
RtlInitUnicodeString
SeTokenType
ObfDereferenceObject
KeWaitForSingleObject
IoDeleteSymbolicLink
IofCompleteRequest
RtlCopyUnicodeString
ProbeForWrite
_except_handler3
MmMapLockedPagesSpecifyCache
IofCallDriver
KeGetCurrentThread
IoAllocateIrp
IoGetRelatedDeviceObject
NtAdjustPrivilegesToken
ZwOpenProcessToken
RtlCompareMemory
ZwReadFile
_allmul
_allshr
ExfInterlockedRemoveHeadList
PsRevertToSelf
SeImpersonateClient
PsTerminateSystemThread
IoSetHardErrorOrVerifyDevice
ExfInterlockedInsertTailList
SeCreateClientSecurity
ZwQueryInformationFile
ZwCreateFile
_alldiv
KeTickCount
KeBugCheckEx

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 512B - Virtual size: 366B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
license/ISODrv64.sys
.exe windows x64

Password: goldsoftware

ca96b7f2935e037ae9b674cc940efc40

Code Sign

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/11/2009, 10:00

Not After

18/03/2019, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

70:10:b8:f0:4d:e6:47:b2:41:5e:bd:f2
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

22/09/2020, 15:04

Not After

23/09/2021, 15:04

Subject

SERIALNUMBER=91440301108928638F,CN=Shenzhen Yibo Digital Systems Development Co.\, Ltd.,O=Shenzhen Yibo Digital Systems Development Co.\, Ltd.,L=Shenzhen,ST=Guangdong,C=CN,1.2.840.113549.1.9.1=#0c136365727440657a6273797374656d732e636f6d,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:00:43:3a:68:18:9e:33:90:29:87:00:00:00:00:00:43
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/12/2020, 22:25

Not After

02/12/2021, 22:25

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7a:19:37:53:99:60:32:66:f0:03:a7:50:20:c0:77:7b:86:60:14:be:8a:0b:87:2a:18:f2:ff:9c:9f:76:14:53
Signer

Actual PE Digest

7a:19:37:53:99:60:32:66:f0:03:a7:50:20:c0:77:7b:86:60:14:be:8a:0b:87:2a:18:f2:ff:9c:9f:76:14:53

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

27/02/2023, 09:30
Valid: false

27:92:63:9c:90:03:51:90:74:a1:c3:11:1e:73:50:59:68:9f:0a:14
Signer

Actual PE Digest

27:92:63:9c:90:03:51:90:74:a1:c3:11:1e:73:50:59:68:9f:0a:14

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=91440301108928638F,CN=Shenzhen Yibo Digital Systems Development Co.\, Ltd.,O=Shenzhen Yibo Digital Systems Development Co.\, Ltd.,L=Shenzhen,ST=Guangdong,C=CN,1.2.840.113549.1.9.1=#0c136365727440657a6273797374656d732e636f6d,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

08/08/2021, 06:03
Valid: true

Chain 1

SERIALNUMBER=91440301108928638F,CN=Shenzhen Yibo Digital Systems Development Co.\, Ltd.,O=Shenzhen Yibo Digital Systems Development Co.\, Ltd.,L=Shenzhen,ST=Guangdong,C=CN,1.2.840.113549.1.9.1=#0c136365727440657a6273797374656d732e636f6d,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ZwOpenSymbolicLinkObject
IoCreateSymbolicLink
KeSetEvent
ZwClose
ObReferenceObjectByHandle
IoDeleteDevice
PsCreateSystemThread
KeInitializeEvent
IoCreateDevice
RtlAppendUnicodeStringToString
RtlIntegerToUnicodeString
RtlAppendUnicodeToString
ExFreePoolWithTag
ExAllocatePoolWithTag
RtlQueryRegistryValues
RtlInitUnicodeString
SeTokenType
ObfDereferenceObject
KeWaitForSingleObject
IoDeleteSymbolicLink
IofCompleteRequest
RtlCopyUnicodeString
__C_specific_handler
ProbeForWrite
IoIs32bitProcess
MmMapLockedPagesSpecifyCache
NtAdjustPrivilegesToken
ZwOpenProcessToken
RtlCompareMemory
ZwReadFile
IofCallDriver
IoAllocateIrp
IoGetRelatedDeviceObject
IoSetHardErrorOrVerifyDevice
PsRevertToSelf
SeImpersonateClient
ExInterlockedRemoveHeadList
PsTerminateSystemThread
ExInterlockedInsertTailList
SeCreateClientSecurity
ZwQueryInformationFile
ZwCreateFile
KeBugCheckEx

Sections

.text
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
license/IsoCmd.exe
.exe windows x86

Password: goldsoftware

5d30fe8c13c8cfc987eeeaa6a0eddb98

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

70:10:b8:f0:4d:e6:47:b2:41:5e:bd:f2
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

22/09/2020, 15:04

Not After

23/09/2021, 15:04

Subject

SERIALNUMBER=91440301108928638F,CN=Shenzhen Yibo Digital Systems Development Co.\, Ltd.,O=Shenzhen Yibo Digital Systems Development Co.\, Ltd.,L=Shenzhen,ST=Guangdong,C=CN,1.2.840.113549.1.9.1=#0c136365727440657a6273797374656d732e636f6d,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:10:b8:f0:4d:e6:47:b2:41:5e:bd:f2
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

22/09/2020, 15:04

Not After

23/09/2021, 15:04

Subject

SERIALNUMBER=91440301108928638F,CN=Shenzhen Yibo Digital Systems Development Co.\, Ltd.,O=Shenzhen Yibo Digital Systems Development Co.\, Ltd.,L=Shenzhen,ST=Guangdong,C=CN,1.2.840.113549.1.9.1=#0c136365727440657a6273797374656d732e636f6d,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:49:9f:c9:d1:22:1d:c2:55:b5:3f:3c:b9:94:74:50:1a:63:53:a0:b5:50:5f:28:17:99:6e:d4:c3:d4:3a:05
Signer

Actual PE Digest

90:49:9f:c9:d1:22:1d:c2:55:b5:3f:3c:b9:94:74:50:1a:63:53:a0:b5:50:5f:28:17:99:6e:d4:c3:d4:3a:05

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=91440301108928638F,CN=Shenzhen Yibo Digital Systems Development Co.\, Ltd.,O=Shenzhen Yibo Digital Systems Development Co.\, Ltd.,L=Shenzhen,ST=Guangdong,C=CN,1.2.840.113549.1.9.1=#0c136365727440657a6273797374656d732e636f6d,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

08/08/2021, 09:39
Valid: true

Chain 1

SERIALNUMBER=91440301108928638F,CN=Shenzhen Yibo Digital Systems Development Co.\, Ltd.,O=Shenzhen Yibo Digital Systems Development Co.\, Ltd.,L=Shenzhen,ST=Guangdong,C=CN,1.2.840.113549.1.9.1=#0c136365727440657a6273797374656d732e636f6d,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Chain 2

SERIALNUMBER=91440301108928638F,CN=Shenzhen Yibo Digital Systems Development Co.\, Ltd.,O=Shenzhen Yibo Digital Systems Development Co.\, Ltd.,L=Shenzhen,ST=Guangdong,C=CN,1.2.840.113549.1.9.1=#0c136365727440657a6273797374656d732e636f6d,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

5e:fb:91:f9:a3:06:9a:ca:3e:f0:22:e4:23:09:58:96:7e:62:23:0a
Signer

Actual PE Digest

5e:fb:91:f9:a3:06:9a:ca:3e:f0:22:e4:23:09:58:96:7e:62:23:0a

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=91440301108928638F,CN=Shenzhen Yibo Digital Systems Development Co.\, Ltd.,O=Shenzhen Yibo Digital Systems Development Co.\, Ltd.,L=Shenzhen,ST=Guangdong,C=CN,1.2.840.113549.1.9.1=#0c136365727440657a6273797374656d732e636f6d,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

08/08/2021, 09:39
Valid: true

Chain 1

SERIALNUMBER=91440301108928638F,CN=Shenzhen Yibo Digital Systems Development Co.\, Ltd.,O=Shenzhen Yibo Digital Systems Development Co.\, Ltd.,L=Shenzhen,ST=Guangdong,C=CN,1.2.840.113549.1.9.1=#0c136365727440657a6273797374656d732e636f6d,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Chain 2

SERIALNUMBER=91440301108928638F,CN=Shenzhen Yibo Digital Systems Development Co.\, Ltd.,O=Shenzhen Yibo Digital Systems Development Co.\, Ltd.,L=Shenzhen,ST=Guangdong,C=CN,1.2.840.113549.1.9.1=#0c136365727440657a6273797374656d732e636f6d,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__initenv
exit
_cexit
_XcptFilter
_exit
_c_exit
wcslen
toupper
printf
_iob
fprintf
_vsnprintf

advapi32

RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
OpenSCManagerA
RegCreateKeyExA
RegCloseKey
ControlService
StartServiceA
OpenServiceA
DeleteService
CreateServiceA
CloseServiceHandle

kernel32

WideCharToMultiByte
CreateFileA
DeviceIoControl
CloseHandle
QueryDosDeviceA
GetLogicalDriveStringsA
GetLastError
FormatMessageA
LocalFree
GetModuleHandleA
GetProcAddress
Sleep
MultiByteToWideChar
GetCurrentDirectoryA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
DefineDosDeviceA
GetCurrentProcess

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
license/Microsoft .NET Core Runtime - 3.1.32 (x86).swidtag
license/Microsoft .NET Runtime - 6.0.12 (x86).swidtag
license/XStream_license.txt
license/ant_license.txt
license/antlr4-runtime-4.5.3.jar-NOTICE
license/asm_license.txt
license/bootpart.exe
.exe windows x86

Password: goldsoftware

cf316e25eeca39dfcf28358629c34deb

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:66:b7:39:c1:b3:48:ac:9a:ca:14:e9:3d:7e:31:3b
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/07/2017, 00:00

Not After

31/07/2020, 12:00

Subject

CN=SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD.,O=SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD.,L=ShenZhen,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9e:ff:2e:3e:80:f3:7b:5a:16:c8:b0:13:0e:f0:3a
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/07/2017, 00:00

Not After

31/07/2020, 12:00

Subject

CN=SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD.,O=SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD.,L=ShenZhen,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

26:dc:c7:0b:d6:10:a7:95:28:f4:28:65:34:40:d2:5d:97:39:41:95:78:a5:ec:01:95:d0:8b:df:39:f8:be:77
Signer

Actual PE Digest

26:dc:c7:0b:d6:10:a7:95:28:f4:28:65:34:40:d2:5d:97:39:41:95:78:a5:ec:01:95:d0:8b:df:39:f8:be:77

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD.,O=SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD.,L=ShenZhen,C=CN

30/07/2020, 10:17
Valid: true

Chain 1

CN=SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD.,O=SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD.,L=ShenZhen,C=CN

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

80:72:a6:9b:81:1c:ff:03:49:33:eb:c6:35:bd:bf:bc:ba:8c:33:29
Signer

Actual PE Digest

80:72:a6:9b:81:1c:ff:03:49:33:eb:c6:35:bd:bf:bc:ba:8c:33:29

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD.,O=SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD.,L=ShenZhen,C=CN

30/07/2020, 10:17
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
exit
_cexit
_XcptFilter
_exit
_c_exit
strtol
toupper
vfprintf
fputc
fflush
__initenv
strncmp
malloc
free
_iob
fprintf
printf
sprintf

advapi32

OpenSCManagerA
StartServiceA
OpenServiceA
DeleteService
CreateServiceA
CloseServiceHandle
ControlService

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetErrorMode
Sleep
GetCurrentDirectoryA
GetModuleHandleA
GetProcAddress
GetCurrentProcess
ReadFile
SetLastError
CreateFileA
QueryDosDeviceA
LocalFree
FormatMessageA
GetLastError
CloseHandle
GetFileSize
DefineDosDeviceA
DeviceIoControl

shell32

SHChangeNotify

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA
SetupDiGetDeviceRegistryPropertyA

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
license/bootpart.sys
.exe windows x86

Password: goldsoftware

7106415a9b05d4b9cfc02293d39a9a38

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/11/2009, 10:00

Not After

18/03/2019, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

70:10:b8:f0:4d:e6:47:b2:41:5e:bd:f2
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

22/09/2020, 15:04

Not After

23/09/2021, 15:04

Subject

SERIALNUMBER=91440301108928638F,CN=Shenzhen Yibo Digital Systems Development Co.\, Ltd.,O=Shenzhen Yibo Digital Systems Development Co.\, Ltd.,L=Shenzhen,ST=Guangdong,C=CN,1.2.840.113549.1.9.1=#0c136365727440657a6273797374656d732e636f6d,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/11/2009, 10:00

Not After

18/03/2019, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

70:10:b8:f0:4d:e6:47:b2:41:5e:bd:f2
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

22/09/2020, 15:04

Not After

23/09/2021, 15:04

Subject

SERIALNUMBER=91440301108928638F,CN=Shenzhen Yibo Digital Systems Development Co.\, Ltd.,O=Shenzhen Yibo Digital Systems Development Co.\, Ltd.,L=Shenzhen,ST=Guangdong,C=CN,1.2.840.113549.1.9.1=#0c136365727440657a6273797374656d732e636f6d,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

19/02/2018, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign TSA for Advanced - G2

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

60:dd:44:ce:02:51:fe:3e:7c:b7:12:c1:84:e8:24:e2:03:86:d0:ad:b3:45:8f:d8:96:9e:80:60:a5:b4:2e:ea
Signer

Actual PE Digest

60:dd:44:ce:02:51:fe:3e:7c:b7:12:c1:84:e8:24:e2:03:86:d0:ad:b3:45:8f:d8:96:9e:80:60:a5:b4:2e:ea

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=91440301108928638F,CN=Shenzhen Yibo Digital Systems Development Co.\, Ltd.,O=Shenzhen Yibo Digital Systems Development Co.\, Ltd.,L=Shenzhen,ST=Guangdong,C=CN,1.2.840.113549.1.9.1=#0c136365727440657a6273797374656d732e636f6d,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

01/11/2020, 03:57
Valid: true

Chain 1

SERIALNUMBER=91440301108928638F,CN=Shenzhen Yibo Digital Systems Development Co.\, Ltd.,O=Shenzhen Yibo Digital Systems Development Co.\, Ltd.,L=Shenzhen,ST=Guangdong,C=CN,1.2.840.113549.1.9.1=#0c136365727440657a6273797374656d732e636f6d,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

76:62:23:a5:48:c3:55:13:b4:6a:d8:0b:9a:f8:d3:7b:fc:a7:2b:17
Signer

Actual PE Digest

76:62:23:a5:48:c3:55:13:b4:6a:d8:0b:9a:f8:d3:7b:fc:a7:2b:17

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=91440301108928638F,CN=Shenzhen Yibo Digital Systems Development Co.\, Ltd.,O=Shenzhen Yibo Digital Systems Development Co.\, Ltd.,L=Shenzhen,ST=Guangdong,C=CN,1.2.840.113549.1.9.1=#0c136365727440657a6273797374656d732e636f6d,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

01/11/2020, 03:57
Valid: true

Chain 1

SERIALNUMBER=91440301108928638F,CN=Shenzhen Yibo Digital Systems Development Co.\, Ltd.,O=Shenzhen Yibo Digital Systems Development Co.\, Ltd.,L=Shenzhen,ST=Guangdong,C=CN,1.2.840.113549.1.9.1=#0c136365727440657a6273797374656d732e636f6d,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwDeleteKey
ZwOpenKey
IoDeleteDevice
ZwOpenSymbolicLinkObject
RtlAppendUnicodeToString
ExAllocatePoolWithTag
ZwClose
SeTokenType
ObfDereferenceObject
KeWaitForSingleObject
KeSetEvent
ExFreePoolWithTag
IoDeleteSymbolicLink
IofCompleteRequest
ExfInterlockedInsertTailList
KeInitializeEvent
DbgPrint
ZwCreateFile
SeCreateClientSecurity
KeGetCurrentThread
ZwQueryInformationFile
IoCreateSymbolicLink
ZwReadFile
RtlInitUnicodeString
swprintf
_allmul
NtAdjustPrivilegesToken
ZwOpenProcessToken
ExfInterlockedRemoveHeadList
ZwWriteFile
MmMapLockedPagesSpecifyCache
PsRevertToSelf
SeImpersonateClient
PsTerminateSystemThread
KeSetPriorityThread
RtlCopyUnicodeString
ObReferenceObjectByHandle
PsCreateSystemThread
KeInitializeSpinLock
KeTickCount
KeBugCheckEx
MmGetSystemRoutineAddress
wcslen
ZwSetSecurityObject
ObOpenObjectByPointer
IoDeviceObjectType
IoCreateDevice
RtlGetDaclSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
SeExports
IoIsWdmVersionAvailable
_wcsnicmp
RtlAddAccessAllowedAce
RtlLengthSid
wcschr
RtlAbsoluteToSelfRelativeSD
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
ZwCreateKey
ZwQueryValueKey
ZwSetValueKey
RtlFreeUnicodeString

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 929B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 686B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
license/bootpt64.sys
.exe windows x64

Password: goldsoftware

447f1cd11f0211ba9fe52ce23371cafe

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/11/2009, 10:00

Not After

18/03/2019, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

70:10:b8:f0:4d:e6:47:b2:41:5e:bd:f2
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

22/09/2020, 15:04

Not After

23/09/2021, 15:04

Subject

SERIALNUMBER=91440301108928638F,CN=Shenzhen Yibo Digital Systems Development Co.\, Ltd.,O=Shenzhen Yibo Digital Systems Development Co.\, Ltd.,L=Shenzhen,ST=Guangdong,C=CN,1.2.840.113549.1.9.1=#0c136365727440657a6273797374656d732e636f6d,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/11/2009, 10:00

Not After

18/03/2019, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

70:10:b8:f0:4d:e6:47:b2:41:5e:bd:f2
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

22/09/2020, 15:04

Not After

23/09/2021, 15:04

Subject

SERIALNUMBER=91440301108928638F,CN=Shenzhen Yibo Digital Systems Development Co.\, Ltd.,O=Shenzhen Yibo Digital Systems Development Co.\, Ltd.,L=Shenzhen,ST=Guangdong,C=CN,1.2.840.113549.1.9.1=#0c136365727440657a6273797374656d732e636f6d,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

19/02/2018, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign TSA for Advanced - G2

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

fc:14:71:1e:c8:c9:2a:be:e3:a9:c1:69:4f:b7:2a:65:d1:49:fc:05:fc:84:65:e5:b5:48:be:63:07:ee:06:57
Signer

Actual PE Digest

fc:14:71:1e:c8:c9:2a:be:e3:a9:c1:69:4f:b7:2a:65:d1:49:fc:05:fc:84:65:e5:b5:48:be:63:07:ee:06:57

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=91440301108928638F,CN=Shenzhen Yibo Digital Systems Development Co.\, Ltd.,O=Shenzhen Yibo Digital Systems Development Co.\, Ltd.,L=Shenzhen,ST=Guangdong,C=CN,1.2.840.113549.1.9.1=#0c136365727440657a6273797374656d732e636f6d,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

01/11/2020, 03:57
Valid: true

Chain 1

SERIALNUMBER=91440301108928638F,CN=Shenzhen Yibo Digital Systems Development Co.\, Ltd.,O=Shenzhen Yibo Digital Systems Development Co.\, Ltd.,L=Shenzhen,ST=Guangdong,C=CN,1.2.840.113549.1.9.1=#0c136365727440657a6273797374656d732e636f6d,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

ae:f2:d3:e8:f5:2d:9c:3a:1a:a8:28:f3:7a:f0:f4:62:18:89:7c:80
Signer

Actual PE Digest

ae:f2:d3:e8:f5:2d:9c:3a:1a:a8:28:f3:7a:f0:f4:62:18:89:7c:80

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=91440301108928638F,CN=Shenzhen Yibo Digital Systems Development Co.\, Ltd.,O=Shenzhen Yibo Digital Systems Development Co.\, Ltd.,L=Shenzhen,ST=Guangdong,C=CN,1.2.840.113549.1.9.1=#0c136365727440657a6273797374656d732e636f6d,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

01/11/2020, 03:57
Valid: true

Chain 1

SERIALNUMBER=91440301108928638F,CN=Shenzhen Yibo Digital Systems Development Co.\, Ltd.,O=Shenzhen Yibo Digital Systems Development Co.\, Ltd.,L=Shenzhen,ST=Guangdong,C=CN,1.2.840.113549.1.9.1=#0c136365727440657a6273797374656d732e636f6d,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ZwDeleteKey
ZwOpenKey
IoDeleteDevice
ZwOpenSymbolicLinkObject
RtlAppendUnicodeToString
ExAllocatePoolWithTag
ZwClose
SeTokenType
ObfDereferenceObject
KeWaitForSingleObject
KeSetEvent
ExFreePoolWithTag
IoDeleteSymbolicLink
IofCompleteRequest
ExInterlockedInsertTailList
KeInitializeEvent
DbgPrint
ZwCreateFile
SeCreateClientSecurity
ZwQueryInformationFile
IoCreateSymbolicLink
ZwReadFile
RtlInitUnicodeString
swprintf
NtAdjustPrivilegesToken
ZwOpenProcessToken
ZwWriteFile
MmMapLockedPagesSpecifyCache
PsRevertToSelf
SeImpersonateClient
ExInterlockedRemoveHeadList
PsTerminateSystemThread
KeSetPriorityThread
RtlCopyUnicodeString
ObReferenceObjectByHandle
PsCreateSystemThread
KeBugCheckEx
MmGetSystemRoutineAddress
ZwSetSecurityObject
ObOpenObjectByPointer
IoDeviceObjectType
IoCreateDevice
RtlGetDaclSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
SeExports
IoIsWdmVersionAvailable
_wcsnicmp
RtlAddAccessAllowedAce
RtlLengthSid
wcschr
RtlAbsoluteToSelfRelativeSD
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
ZwCreateKey
ZwQueryValueKey
ZwSetValueKey
RtlFreeUnicodeString

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 764B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 756B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
license/bouncycastle-1.48-NOTICE
license/commons-compress-NOTICE
license/commons-io-2.4.jar-NOTICE
license/dexlib2-2.0.8-NOTICE
license/eclipse_license.txt
license/eclipse_license2.txt
license/fest-NOTICE
license/fetchasgoogle.jar-NOTICE
license/freemarker-NOTICE
license/google-api-services-cloudresourcemanager-v1beta1-rev12-1.21.0.jar-NOTICE
license/google-api-services-debugger.jar-NOTICE
license/google-api-services-mobilesdk-v1.jar-NOTICE
license/google-api-services-oauth2-v2-rev70-1.18.0-rc.jar-NOTICE
license/google-api-services-source.jar-NOTICE
license/google-api-services-storage.jar-NOTICE
license/google-api-services-testing.jar-NOTICE
license/google-api-services-toolresults.jar-NOTICE
license/google-gct-login-context-pg.jar-NOTICE
license/google-http-client-jackson-1.18.0-rc.jar-NOTICE
license/google.gdt.eclipse.login.common.jar-NOTICE
license/goopdate.dll
.dll windows x86

82134658597d71007306b51b0995ba9b

Code Sign

06:ae:a7:6b:ac:46:a9:e8:cf:e6:d2:9e:45:aa:f0:33
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

08/11/2019, 00:00

Not After

16/11/2022, 12:00

Subject

CN=Google LLC,O=Google LLC,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:44:18:e2:de:de:36:dd:29:74:c3:44:3a:fb:5c:e5
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

02/07/2021, 00:00

Not After

10/07/2024, 23:59

Subject

CN=Google LLC,O=Google LLC,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

36:06:66:e4:c2:a9:5f:8a:3b:e5:77:c6:29:fc:fe:bd:2c:51:db:bf:de:26:f0:a1:dd:1a:39:59:ba:39:4c:80
Signer

Actual PE Digest

36:06:66:e4:c2:a9:5f:8a:3b:e5:77:c6:29:fc:fe:bd:2c:51:db:bf:de:26:f0:a1:dd:1a:39:59:ba:39:4c:80

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Google LLC,O=Google LLC,L=Mountain View,ST=California,C=US

18/08/2022, 21:49
Valid: true

Chain 1

CN=Google LLC,O=Google LLC,L=Mountain View,ST=California,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Chain 2

CN=Google LLC,O=Google LLC,L=Mountain View,ST=California,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

13:20:d8:75:e9:8b:9e:01:1f:23:8e:a5:19:11:3f:5f:85:da:20:b3
Signer

Actual PE Digest

13:20:d8:75:e9:8b:9e:01:1f:23:8e:a5:19:11:3f:5f:85:da:20:b3

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Google LLC,O=Google LLC,L=Mountain View,ST=California,C=US

18/08/2022, 21:49
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OutputDebugStringA
SetFilePointer
WaitForSingleObject
CreateFileW
GetCurrentThreadId
ReleaseMutex
Sleep
GetFileInformationByHandle
OutputDebugStringW
LockResource
CloseHandle
FindResourceExW
LoadResource
FindResourceW
GetLocalTime
GetCurrentProcessId
lstrcmpiW
lstrcmpW
CreateDirectoryW
FindFirstFileW
FindNextFileW
GetCurrentProcess
RemoveDirectoryW
WaitForMultipleObjects
GetEnvironmentVariableW
FindClose
GetFileAttributesW
DuplicateHandle
FormatMessageW
DeleteFileW
LoadLibraryW
GetCurrentDirectoryW
GetProcAddress
LocalFree
GetModuleHandleW
FreeLibrary
GetTempFileNameW
GetPrivateProfileIntW
GetTickCount
LoadLibraryExW
GetExitCodeProcess
ReadFile
CompareFileTime
SetEndOfFile
SetFileAttributesW
GetFileAttributesExW
FileTimeToSystemTime
MoveFileExW
GetFileSize
CopyFileW
GetSystemTimeAsFileTime
GetFileTime
FlushFileBuffers
lstrcpynW
ExitProcess
IsDebuggerPresent
WideCharToMultiByte
MultiByteToWideChar
GetTimeZoneInformation
FileTimeToLocalFileTime
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
GetModuleFileNameW
GetTempPathW
GetSystemDirectoryW
GetCurrentThread
GetComputerNameW
VirtualQuery
TryEnterCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CreateMutexW
CreateEventW
SetEvent
ResetEvent
GetLongPathNameW
WriteFile
TerminateProcess
WaitForMultipleObjectsEx
OpenProcess
DeviceIoControl
ProcessIdToSessionId
Process32NextW
WaitForSingleObjectEx
Process32FirstW
ReadProcessMemory
SetHandleInformation
CreatePipe
GetSystemPowerStatus
GlobalMemoryStatusEx
CreateProcessW
SetProcessWorkingSetSize
GetVersionExW
VerSetConditionMask
VerifyVersionInfoW
LocalAlloc
HeapSetInformation
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
GetStdHandle
QueryDosDeviceW
GetLogicalDriveStringsW
OpenEventW
CreateThread
SetCurrentDirectoryW
OpenThread
QueryPerformanceCounter
lstrcmpA
GetCommandLineW
GetThreadLocale
GetStringTypeExA
SetFilePointerEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
GetStringTypeW
EncodePointer
GetCPInfo
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CompareStringW
LCMapStringW
GetLocaleInfoW
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
GetSystemInfo
VirtualAlloc
VirtualProtect
GetModuleHandleExW
GetFileType
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetFileSizeEx
SetStdHandle
GetConsoleOutputCP
GetConsoleMode
ReadConsoleW
WriteConsoleW
GetProcessShutdownParameters
lstrlenW
SetLastError
SizeofResource
GetProcessId
ReleaseSemaphore
RtlCaptureContext
DeleteTimerQueueTimer
CreateTimerQueueTimer
GetPrivateProfileStringW
GetComputerNameExW
LoadLibraryExA
VirtualFree
FlushInstructionCache
InterlockedPopEntrySList
MulDiv
GlobalHandle
CreateTimerQueue
DeleteTimerQueueEx
GetSystemDefaultLangID
SetPriorityClass
CreateSemaphoreW
VirtualQueryEx
SetNamedPipeHandleState
TransactNamedPipe
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionAndSpinCount
GetUserDefaultLangID
GetSystemTime
GetStringTypeExW
QueryPerformanceFrequency
UnregisterWaitEx
RegisterWaitForSingleObject
QueueUserWorkItem
Thread32First
Thread32Next
CreateToolhelp32Snapshot
SetProcessShutdownParameters
OpenMutexW
HeapFree
WaitNamedPipeW

oleaut32

SafeArrayCopy
SafeArrayGetVartype
SafeArrayLock
SafeArrayCreate
VariantClear
VariantInit
SysAllocStringLen
SysStringLen
VarUI4FromStr
SafeArrayUnlock
LoadTypeLi
LoadRegTypeLi
SystemTimeToVariantTime
SysAllocString
SysReAllocStringLen
VariantChangeType
SysAllocStringByteLen
SysStringByteLen
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayDestroy
SafeArrayRedim
SysFreeString
VarBstrCmp
VariantTimeToSystemTime
OleCreateFontIndirect

user32

PostThreadMessageW
GetWindowThreadProcessId
IsWindowVisible
SendMessageW
GetSystemMetrics
EnumWindows
LoadImageW
OpenClipboard
CloseClipboard
EmptyClipboard
SetClipboardData
FlashWindow
GetMenuState
InflateRect
SetActiveWindow
OffsetRect
LoadStringW
CopyRect
FrameRect
IsRectEmpty
GetSysColorBrush
SystemParametersInfoW
UpdateWindow
GetCursorPos
EnumChildWindows
EnableMenuItem
EnableWindow
IsDialogMessageW
SendDlgItemMessageW
GetWindowTextLengthW
GetSystemMenu
GetFocus
GetDC
FillRect
ScreenToClient
EndDialog
SetWindowTextW
ShowWindow
InvalidateRgn
RedrawWindow
DestroyIcon
ClientToScreen
DestroyAcceleratorTable
IsChild
GetTopWindow
GetSysColor
MoveWindow
CreateAcceleratorTableW
SetLayeredWindowAttributes
SetFocus
SetWindowPos
SetWindowContextHelpId
CharNextW
IsWindow
CharLowerBuffA
CharNextA
MonitorFromWindow
UnregisterClassW
CreateWindowExW
DispatchMessageW
GetMonitorInfoW
PeekMessageW
SetForegroundWindow
GetParent
PostQuitMessage
GetClientRect
TranslateMessage
IsMenu
GetClassNameW
SetCapture
MapDialogRect
RemoveMenu
GetDlgItem
GetDesktopWindow
CreateDialogIndirectParamW
RegisterWindowMessageW
CharUpperW
CharLowerW
CharLowerBuffW
MessageBoxW
wvsprintfW
wsprintfW
GetWindowLongW
GetMessageW
AllowSetForegroundWindow
GetWindow
GetWindowRect
DestroyWindow
MapWindowPoints
PostMessageW
WaitForInputIdle
GetClassInfoExW
KillTimer
SetWindowLongW
LoadCursorW
SetTimer
RegisterClassExW
CallWindowProcW
DefWindowProcW
CharUpperBuffW
GetWindowTextW
EndPaint
BeginPaint
ReleaseDC
InvalidateRect
ReleaseCapture

iphlpapi

GetIfTable

netapi32

NetGetJoinInformation
NetApiBufferFree
NetWkstaUserGetInfo
NetWkstaGetInfo

psapi

EnumProcesses
GetModuleFileNameExW
EnumProcessModules

shlwapi

PathIsDirectoryW
SHQueryValueExW
PathStripPathW
PathFindFileNameW
PathCommonPrefixW
PathFileExistsW
PathAddExtensionW
UrlCombineW
PathFindExtensionW
UrlIsW
PathRemoveExtensionW
PathRemoveFileSpecW
PathAddBackslashW
UrlUnescapeA
UrlEscapeW
PathAppendW
PathCanonicalizeW
PathAppendA
PathCreateFromUrlW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

userenv

UnloadUserProfile
ExpandEnvironmentStringsForUserW
EnterCriticalPolicySection
LeaveCriticalPolicySection
CreateEnvironmentBlock
GetProfileType
DestroyEnvironmentBlock

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW
WTSQuerySessionInformationW

advapi32

RegNotifyChangeKeyValue
ControlService
QueryServiceStatus
SystemFunction036
DuplicateToken
RegOverridePredefKey
GetUserNameW
CryptReleaseContext
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptVerifySignatureW
CryptDestroyKey
RegEnumValueW
LookupPrivilegeValueW
RegOpenCurrentUser
IsTextUnicode
ImpersonateLoggedOnUser
DeregisterEventSource
GetSecurityInfo
CryptGenRandom
CryptAcquireContextW
CreateServiceW
SetServiceStatus
ChangeServiceConfig2W
DeleteService
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
QueryServiceConfigW
ChangeServiceConfigW
QueryServiceConfig2W
RegisterEventSourceW
ReportEventW
TraceEvent
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
RegisterTraceGuidsW
UnregisterTraceGuids
GetSidSubAuthorityCount
GetSidIdentifierAuthority
RevertToSelf
AllocateAndInitializeSid
ImpersonateSelf
FreeSid
CheckTokenMembership
RegDeleteValueW
RegQueryInfoKeyW
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
MakeSelfRelativeSD
RegQueryValueExW
GetSecurityDescriptorLength
GetLengthSid
RegOpenKeyExW
InitializeAcl
AddAce
IsValidSid
GetSecurityDescriptorOwner
InitializeSid
CopySid
GetSecurityDescriptorControl
SetNamedSecurityInfoW
GetSidLengthRequired
GetSidSubAuthority
GetSecurityDescriptorGroup
RegCloseKey
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
GetTokenInformation
SetSecurityDescriptorGroup
MakeAbsoluteSD
OpenServiceW
InitializeSecurityDescriptor
StartServiceW
OpenProcessToken
ConvertStringSidToSidW
GetNamedSecurityInfoW
OpenSCManagerW
CloseServiceHandle
EqualSid
GetAce
SetSecurityDescriptorOwner
GetAclInformation
SetSecurityDescriptorDacl
OpenThreadToken
DuplicateTokenEx
ConvertSidToStringSidW
CreateProcessAsUserW
AdjustTokenPrivileges

ole32

CoReleaseServerProcess
CoTaskMemAlloc
CoUninitialize
CoRegisterClassObject
CoInitializeSecurity
CoSuspendClassObjects
CoTaskMemRealloc
CoInitializeEx
CoSetProxyBlanket
CoRegisterPSClsid
OleSaveToStream
ReadClassStm
WriteClassStm
OleUninitialize
CoTaskMemFree
CoRevertToSelf
CoGetCallContext
CoCreateInstance
StringFromGUID2
CoCreateGuid
CoGetClassObject
CoImpersonateClient
CoGetObject
CoRevokeClassObject
IIDFromString
CreateStreamOnHGlobal
CoResumeClassObjects
CLSIDFromProgID
OleInitialize
CLSIDFromString
CoAddRefServerProcess
OleLockRunning

shell32

ord680
ShellExecuteExW
CommandLineToArgvW
SHGetFolderPathW

comctl32

InitCommonControlsEx
_TrackMouseEvent

crypt32

CryptProtectData
CryptDecodeObjectEx
CryptImportPublicKeyInfo
CertFreeCertificateContext
CryptQueryObject
CertDuplicateCertificateContext
CertCloseStore
CertFindCertificateInStore
CertGetNameStringW
CryptHashCertificate
CryptUnprotectData

msimg32

GradientFill

uxtheme

SetWindowTheme

wininet

InternetQueryDataAvailable
InternetOpenW
HttpQueryInfoW
InternetCrackUrlW
HttpSendRequestW
InternetCloseHandle
InternetConnectW
InternetReadFile
HttpAddRequestHeadersW
HttpOpenRequestW

wintrust

WinVerifyTrust

gdi32

DPtoLP
CreateFontIndirectW
CreateSolidBrush
DeleteObject
GetObjectW
DeleteDC
GetDeviceCaps
GetStockObject
CreateCompatibleDC
SelectObject
CreateCompatibleBitmap
BitBlt
ExtTextOutW
FillRgn
CombineRgn
SetBkColor
SetViewportOrgEx
GetRegionData
SetTextColor
CreateRectRgn
OffsetRgn
GetTextMetricsW
CreateRectRgnIndirect

Exports

Exports

DllEntry

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 337KB - Virtual size: 336KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
license/gradle-appengine-builder-model-0.1.0.jar-NOTICE
license/gson-2.3-NOTICE
license/gson_license.txt
license/hdrhistogram_license.txt
license/ie_to_edge_bho.dll
.dll regsvr32 windows x86

1e648166868d4b07af38bb2103e966ba

Code Sign

33:00:00:02:cf:a0:25:90:e3:13:04:ef:15:00:00:00:00:02:cf
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/05/2022, 20:46

Not After

11/05/2023, 20:46

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:35:65:95:45:52:ca:74:6b:67:77:48:66:ae:b2:c9:fb:ee:ba:fe:5b:bb:15:72:18:ea:43:06:6f:dc:d7:84
Signer

Actual PE Digest

69:35:65:95:45:52:ca:74:6b:67:77:48:66:ae:b2:c9:fb:ee:ba:fe:5b:bb:15:72:18:ea:43:06:6f:dc:d7:84

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

27/02/2023, 09:30
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

AcquireSRWLockExclusive
CloseHandle
CompareFileTime
CompareStringW
CreateDirectoryW
CreateEventW
CreateFileW
CreateMutexW
CreateProcessW
CreateThread
DebugBreak
DecodePointer
DeleteCriticalSection
EncodePointer
EnterCriticalSection
EnumSystemLocalesW
ExitProcess
FindClose
FindFirstFileExW
FindNextFileW
FindResourceExW
FlushFileBuffers
FlushInstructionCache
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetConsoleOutputCP
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatW
GetEnvironmentStringsW
GetExitCodeProcess
GetFileSizeEx
GetFileType
GetLastError
GetLocalTime
GetLocaleInfoW
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetProcessTimes
GetProductInfo
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemTimeAsFileTime
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLCID
GetVersionExW
HeapAlloc
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
InitializeSListHead
InterlockedFlushSList
InterlockedPopEntrySList
InterlockedPushEntrySList
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
LCMapStringW
LeaveCriticalSection
LoadLibraryExA
LoadLibraryExW
LoadResource
LocalFree
LockResource
MultiByteToWideChar
OpenProcess
OutputDebugStringW
QueryPerformanceCounter
RaiseException
ReadConsoleW
ReadFile
ReleaseMutex
ReleaseSRWLockExclusive
ResetEvent
RtlUnwind
SetEndOfFile
SetEnvironmentVariableW
SetEvent
SetFilePointerEx
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
SizeofResource
SleepConditionVariableSRW
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualFree
WaitForSingleObject
WaitForSingleObjectEx
WakeAllConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFile

urlmon

CreateUri
URLDownloadToCacheFileW

user32

CallWindowProcW
CharLowerBuffW
CreateWindowExW
DefWindowProcW
DestroyWindow
DispatchMessageW
GetAncestor
GetClassInfoExW
GetWindowLongW
KillTimer
LoadCursorW
MsgWaitForMultipleObjects
PeekMessageW
RegisterClassExW
SetTimer
SetWindowLongW
TranslateMessage
UnregisterClassW

oleaut32

DispCallFunc
LoadRegTypeLi
LoadTypeLi
SysAllocString
SysFreeString
SysStringLen
VariantClear
VariantInit

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
GetTokenInformation
OpenProcessToken
RegCloseKey
RegCreateKeyExW
RegDeleteValueW
RegGetValueW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
SystemFunction036

shlwapi

ord437
PathCombineW
PathFileExistsW
ord12
StrChrW
ord154
StrStrW
UrlUnescapeW

shell32

SHGetKnownFolderPath
SHGetSpecialFolderPathW
ShellExecuteW

ole32

CoCreateInstance
CoInitializeEx
CoTaskMemFree
CoUninitialize

wininet

CommitUrlCacheEntryBinaryBlob
DeleteUrlCacheContainerW
DeleteUrlCacheEntryW
GetUrlCacheEntryBinaryBlob
UrlCacheCreateContainer
UrlCacheFindFirstEntry
UrlCacheFindNextEntry
UrlCacheFreeEntryInfo

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 330KB - Virtual size: 329KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.voltbl
Size: 512B - Virtual size: 180B

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
license/ie_to_edge_bho_64.dll
.dll regsvr32 windows x64

07e6a660cba9f444248d4cd8a15c7cac

Code Sign

33:00:00:02:cf:a0:25:90:e3:13:04:ef:15:00:00:00:00:02:cf
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/05/2022, 20:46

Not After

11/05/2023, 20:46

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

80:e5:76:10:8d:5f:38:d4:e5:c0:1d:1a:cd:7e:fa:ed:42:79:97:fe:68:4a:b2:af:1f:2f:bb:f8:35:d0:8d:67
Signer

Actual PE Digest

80:e5:76:10:8d:5f:38:d4:e5:c0:1d:1a:cd:7e:fa:ed:42:79:97:fe:68:4a:b2:af:1f:2f:bb:f8:35:d0:8d:67

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

27/02/2023, 09:30
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

AcquireSRWLockExclusive
CloseHandle
CompareFileTime
CompareStringW
CreateDirectoryW
CreateEventW
CreateFileW
CreateMutexW
CreateProcessW
CreateThread
DebugBreak
DecodePointer
DeleteCriticalSection
EncodePointer
EnterCriticalSection
EnumSystemLocalesW
ExitProcess
FindClose
FindFirstFileExW
FindNextFileW
FindResourceExW
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
FlushInstructionCache
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetConsoleOutputCP
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatW
GetEnvironmentStringsW
GetExitCodeProcess
GetFileSizeEx
GetFileType
GetLastError
GetLocalTime
GetLocaleInfoW
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetProcessTimes
GetProductInfo
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemTimeAsFileTime
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLCID
GetVersionExW
HeapAlloc
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
InitializeSListHead
InterlockedFlushSList
InterlockedPopEntrySList
InterlockedPushEntrySList
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
LCMapStringW
LeaveCriticalSection
LoadLibraryExA
LoadLibraryExW
LoadResource
LocalFree
LockResource
MultiByteToWideChar
OpenProcess
OutputDebugStringW
QueryPerformanceCounter
RaiseException
ReadConsoleW
ReadFile
ReleaseMutex
ReleaseSRWLockExclusive
ResetEvent
RtlCaptureContext
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwind
RtlUnwindEx
RtlVirtualUnwind
SetEndOfFile
SetEnvironmentVariableW
SetEvent
SetFilePointerEx
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
SizeofResource
SleepConditionVariableSRW
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualFree
WaitForSingleObject
WaitForSingleObjectEx
WakeAllConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFile

urlmon

CreateUri
URLDownloadToCacheFileW

user32

CallWindowProcW
CharLowerBuffW
CreateWindowExW
DefWindowProcW
DestroyWindow
DispatchMessageW
GetAncestor
GetClassInfoExW
GetWindowLongPtrW
KillTimer
LoadCursorW
MsgWaitForMultipleObjects
PeekMessageW
RegisterClassExW
SetTimer
SetWindowLongPtrW
TranslateMessage
UnregisterClassW

oleaut32

DispCallFunc
LoadRegTypeLi
LoadTypeLi
SysAllocString
SysFreeString
SysStringLen
VariantClear
VariantInit

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
GetTokenInformation
OpenProcessToken
RegCloseKey
RegCreateKeyExW
RegDeleteValueW
RegGetValueW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
SystemFunction036

shlwapi

ord437
PathCombineW
PathFileExistsW
ord12
StrChrW
ord154
StrStrW
UrlUnescapeW

shell32

SHGetKnownFolderPath
SHGetSpecialFolderPathW
ShellExecuteW

ole32

CoCreateInstance
CoInitializeEx
CoTaskMemFree
CoUninitialize

wininet

CommitUrlCacheEntryBinaryBlob
DeleteUrlCacheContainerW
DeleteUrlCacheEntryW
GetUrlCacheEntryBinaryBlob
UrlCacheCreateContainer
UrlCacheFindFirstEntry
UrlCacheFindNextEntry
UrlCacheFreeEntryInfo

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 410KB - Virtual size: 409KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gxfg
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.retplne
Size: 512B - Virtual size: 108B

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.voltbl
Size: 512B - Virtual size: 64B

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
license/imgscalr_license.txt
license/instantapps-api-NOTICE
license/javahelp_license.txt
license/javolution_license.txt
license/jaxb_license.txt
license/jaxen_license.txt
license/jdom_license.txt
license/jgoodies_forms_license.txt
license/jgraphx-3.4.0.1-NOTICE
license/jsr305-1.3.9-NOTICE
license/junit_license.txt
license/juniversalchardet-1.0.3.jar-NOTICE
license/kryo-license.txt
license/kxml2-2.3.0-NOTICE
license/libandroid_runtime.txt
license/libandroidfw.txt
license/libarect.txt
license/libbinary_parse.txt
license/libc++.txt
license/libc++_static.txt
license/libc++abi.txt
license/libcompiler_rt-extras.txt
license/libcompiler_rt.txt
license/libcutils.txt
license/libdng_sdk.txt
license/libft2.txt
license/libgtest_prod.txt
license/libharfbuzz_ng.txt
license/libhwui.txt
license/libicui18n-host.txt
license/libicuuc-host.txt
license/libimage_type_recognition.txt
license/libjpeg.txt
license/liblog.txt
license/libnativehelper.txt
license/libpiex.txt
license/libsfntly.txt
license/libskia.txt
license/libtiff_directory.txt
license/libunwind_static.txt
license/libunwindbacktrace.txt
license/libutils.txt
license/libwebp-decode.txt
license/libwebp-encode.txt
license/libz.txt
license/log4j_license.txt
license/microba_license.txt
license/miglayout_swing_license.txt
license/mockito-all-1.9.5-NOTICE
license/nanoxml_license.txt
license/oromatcher_license.txt
license/pepk-NOTICE
license/picoContainer_license.txt
license/r8_license.txt
license/samplesindex-v1-1.0-SNAPSHOT.jar-NOTICE
license/saxon-conditions.html
.html
license/spantable-NOTICE
license/swingx_license.txt
license/swt.jar-NOTICE
license/third-party-libraries.html
.html
license/trove4j_license.txt
license/uiautomatorviewer.jar-NOTICE
license/webp-headers.txt
license/winp_license.txt
license/xerces_license.txt
license/xmlrpc_license.txt
license/yourkit-license-redist.txt
userdb.txt

Sharing

General

Malware Config

Signatures

Files

Password: goldsoftware

Password: goldsoftware

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rsrc Size: 10KB - Virtual size: 10KB

.reloc Size: 512B - Virtual size: 12B

Password: goldsoftware

5ff1180aee53404e3d04ef87ff1e52cd

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

b3:ea:74:a5:fe:6f:ee:1d:1e:7a:30:98:75:3d:84:88Certificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

b3:ea:74:a5:fe:6f:ee:1d:1e:7a:30:98:75:3d:84:88Certificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

ff:c9:42:a1:94:e1:fa:c5:af:c9:55:5b:22:2a:6e:55:e5:96:dc:1b:64:ef:26:5a:ce:3d:33:53:9c:d5:91:22Signer

Signature Validations

Verification

22/05/2021, 13:05 Valid: true

Chain 1

Chain 2

34:f7:ce:f3:af:09:d5:55:6d:79:50:0d:36:53:66:e9:f3:20:bb:58Signer

Signature Validations

Verification

22/05/2021, 13:05 Valid: true

Chain 1

Chain 2

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 46KB - Virtual size: 48KB

.data Size: 12KB - Virtual size: 24KB

.tls Size: 512B - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.idata Size: 1KB - Virtual size: 4KB

.edata Size: 512B - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 4KB

.reloc Size: 3KB - Virtual size: 4KB

Password: goldsoftware

92ceb94f309a340920bfdd2ca5a3b1c7

Code Sign

.text
Size: 1.1MB - Virtual size: 1.1MB

.rsrc
Size: 10KB - Virtual size: 10KB

.reloc
Size: 512B - Virtual size: 12B

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

b3:ea:74:a5:fe:6f:ee:1d:1e:7a:30:98:75:3d:84:88
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

b3:ea:74:a5:fe:6f:ee:1d:1e:7a:30:98:75:3d:84:88
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

ff:c9:42:a1:94:e1:fa:c5:af:c9:55:5b:22:2a:6e:55:e5:96:dc:1b:64:ef:26:5a:ce:3d:33:53:9c:d5:91:22
Signer

22/05/2021, 13:05
Valid: true

34:f7:ce:f3:af:09:d5:55:6d:79:50:0d:36:53:66:e9:f3:20:bb:58
Signer

22/05/2021, 13:05
Valid: true

.text
Size: 46KB - Virtual size: 48KB

.data
Size: 12KB - Virtual size: 24KB

.tls
Size: 512B - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.idata
Size: 1KB - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 4KB

.reloc
Size: 3KB - Virtual size: 4KB

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

61:29:15:27:00:00:00:00:00:2a
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

70:10:b8:f0:4d:e6:47:b2:41:5e:bd:f2
Certificate

33:00:00:00:43:3a:68:18:9e:33:90:29:87:00:00:00:00:00:43
Certificate

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

14:e6:02:a1:dd:5d:8b:97:42:1d:05:dd:a2:a1:8c:83:57:07:60:14:2e:66:af:2d:f3:7e:51:86:d2:e7:a9:66
Signer

27/02/2023, 09:30
Valid: false

de:09:8c:31:f3:10:97:c7:4d:17:61:59:bc:07:07:04:ef:16:38:74
Signer

08/08/2021, 06:03
Valid: true

.text
Size: 44KB - Virtual size: 44KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 15KB - Virtual size: 15KB

PAGE
Size: 512B - Virtual size: 366B

INIT
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 912B

.reloc
Size: 2KB - Virtual size: 1KB

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

61:29:15:27:00:00:00:00:00:2a
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

70:10:b8:f0:4d:e6:47:b2:41:5e:bd:f2
Certificate

33:00:00:00:43:3a:68:18:9e:33:90:29:87:00:00:00:00:00:43
Certificate

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

7a:19:37:53:99:60:32:66:f0:03:a7:50:20:c0:77:7b:86:60:14:be:8a:0b:87:2a:18:f2:ff:9c:9f:76:14:53
Signer

27/02/2023, 09:30
Valid: false

27:92:63:9c:90:03:51:90:74:a1:c3:11:1e:73:50:59:68:9f:0a:14
Signer