adware[.]rar | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

adware.rar
Size

8.9MB
MD5

0f8e263238dd805942b74558683f095f
SHA1

fc04f16abbb1b6514ad48dc5c6917471a7cfea2c
SHA256

6b090ed3e9123fb97d88cc1a3708d13b469e6fae4d0fe93204022b0919e06be3
SHA512

af5593fafdadcba136510f5ea405efa869519e9a100f7b49e29911b591db8d3f45087caf1aae2e56ebe51050d8b044025270ffa91e79976f9a130a23a1b1e306
SSDEEP

196608:wpJK3PdqQfvGZWAzcmSuozK9dJfxvCAqtXaayTkezUyHYW:wpw35UWgFrozs3ZDqtaTwyHYW

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/adware/Download/installer_1.0.0.2_10117.exe	upx

Files

adware.rar
.rar
adware/Download/NicSiv.exe
.exe windows x64

f0ea7b7844bbc5bfa9bb32efdcea957c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

WriteFile
WriteConsoleW
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
TlsAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetUnhandledExceptionFilter
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
ResumeThread
PostQueuedCompletionStatus
LoadLibraryA
LoadLibraryW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerExW
CreateThread
CreateIoCompletionPort
CreateFileA
CreateEventA
CloseHandle
AddVectoredExceptionHandler

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 242KB - Virtual size: 617KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.symtab
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
adware/Download/iSearch_1005.exe
.exe windows x86

fb29b99aee699097d14fcaabf4ab3f9d

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

dd:ef:4c:47:22:60:6e:c9:69:42:96:68:df:9d:9c:e0
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

12/12/2022, 00:00

Not After

12/12/2023, 23:59

Subject

CN=Anhui Aiqi Network Technology Co.\, Ltd,O=Anhui Aiqi Network Technology Co.\, Ltd,ST=Anhui Sheng,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

be:c4:9e:12:9d:fc:dc:39:35:68:e3:de:a3:a2:85:9b:4c:60:c2:25
Signer

Actual PE Digest

be:c4:9e:12:9d:fc:dc:39:35:68:e3:de:a3:a2:85:9b:4c:60:c2:25

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Anhui Aiqi Network Technology Co.\, Ltd,O=Anhui Aiqi Network Technology Co.\, Ltd,ST=Anhui Sheng,C=CN

30/03/2023, 10:55
Valid: true

Chain 1

CN=Anhui Aiqi Network Technology Co.\, Ltd,O=Anhui Aiqi Network Technology Co.\, Ltd,ST=Anhui Sheng,C=CN

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadFile
SetEndOfFile
SetFilePointer
SetFileTime
WriteFile
CloseHandle
GetStdHandle
GetFileInformationByHandle
GetCurrentDirectoryW
DeleteFileW
SetFileAttributesW
GetTempPathW
SetLastError
GetCurrentProcessId
GetCurrentThreadId
FindClose
FindFirstFileW
FindNextFileW
GetModuleHandleA
VirtualAlloc
VirtualFree
GetCurrentProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OpenProcess
CreateProcessW
WaitForSingleObject
GetTempFileNameW
QueryDosDeviceW
TerminateProcess
WritePrivateProfileStringW
GetFileSize
EnterCriticalSection
LeaveCriticalSection
SetEvent
CreateEventW
WaitForMultipleObjects
VerSetConditionMask
SleepEx
VerifyVersionInfoW
InitializeCriticalSection
PeekNamedPipe
GetFileType
ExpandEnvironmentStringsA
FormatMessageA
ResetEvent
IsDebuggerPresent
OutputDebugStringW
ReadConsoleInputA
CreateFileW
MoveFileExW
WideCharToMultiByte
LoadLibraryW
GetProcAddress
FreeLibrary
DeleteCriticalSection
DecodePointer
FlushConsoleInputBuffer
GetLastError
RaiseException
InitializeCriticalSectionAndSpinCount
GetCommandLineW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
Sleep
InterlockedExchange
InterlockedCompareExchange
GetModuleHandleW
GetTickCount
GetModuleFileNameW
CreateDirectoryW
lstrcpynW
LoadLibraryA
GlobalMemoryStatus
SetEnvironmentVariableA
WriteConsoleW
SetConsoleCtrlHandler
SystemTimeToTzSpecificLocalTime
SetConsoleMode
GetDriveTypeW
FindFirstFileExW
SetStdHandle
FlushFileBuffers
ReadConsoleW
GetConsoleMode
GetConsoleCP
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
AreFileApisANSI
GetModuleHandleExW
ExitProcess
GetOEMCP
GetACP
IsValidCodePage
EnumSystemLocalesW
MultiByteToWideChar
GetFileAttributesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
FileTimeToSystemTime
FileTimeToLocalFileTime
SetFilePointerEx
LoadLibraryExW
ExitThread
CreateThread
GetFullPathNameW
GetTimeZoneInformation
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
RtlUnwind
UnmapViewOfFile
GetLocalTime
GetStringTypeW
EncodePointer

user32

SetWindowLongW
GetMessageW
DestroyWindow
GetWindowLongW
DefWindowProcW
MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
FindWindowA
SendMessageTimeoutW
CreateWindowExW
CharUpperW
PostMessageW
PeekMessageW
TranslateMessage
DispatchMessageW

advapi32

CryptDestroyKey
CryptEncrypt
CryptImportKey
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptReleaseContext
CryptAcquireContextW
CryptGetHashParam
RegisterEventSourceA
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
DeregisterEventSource
ReportEventA

ole32

CoUninitialize
CoCreateInstance
CoInitializeEx

shell32

SHFileOperationW
SHGetSpecialFolderPathW
CommandLineToArgvW

oleaut32

SysAllocStringLen
SysAllocString
SysFreeString
SysStringLen

shlwapi

PathFileExistsW
PathAddBackslashW
PathIsDirectoryW
StrCmpNIW

iphlpapi

GetAdaptersInfo

ws2_32

WSAStartup
getsockopt
closesocket
WSASetLastError
socket
bind
recv
gethostname
getaddrinfo
freeaddrinfo
ioctlsocket
setsockopt
getsockname
ntohs
htons
WSAGetLastError
connect
WSAIoctl
getpeername
__WSAFDIsSet
select
send
sendto
recvfrom
accept
listen
WSACleanup

wldap32

ord46
ord41
ord26
ord79
ord301
ord27
ord147
ord208
ord145
ord14
ord127
ord118
ord167
ord133
ord142
ord216

Sections

.text
Size: 856KB - Virtual size: 856KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 224KB - Virtual size: 223KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
adware/Download/installer_1.0.0.2_10117.exe
.exe windows x86

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:2e:99:de:ce:ff:05:d3:e0:f7:11:b7:61:81:a9:e7
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

03/02/2023, 00:00

Not After

02/02/2024, 23:59

Subject

CN=ChangSha QiHang Network Science Co.\,Ltd,O=ChangSha QiHang Network Science Co.\,Ltd,L=Changsha,ST=Hunan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:2e:99:de:ce:ff:05:d3:e0:f7:11:b7:61:81:a9:e7
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

03/02/2023, 00:00

Not After

02/02/2024, 23:59

Subject

CN=ChangSha QiHang Network Science Co.\,Ltd,O=ChangSha QiHang Network Science Co.\,Ltd,L=Changsha,ST=Hunan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c6:02:53:74:ea:84:3d:b1:f3:66:bf:8f:c1:d9:bd:18:f3:e8:90:b8:f7:48:51:c7:6d:85:52:24:90:47:5b:03
Signer

Actual PE Digest

c6:02:53:74:ea:84:3d:b1:f3:66:bf:8f:c1:d9:bd:18:f3:e8:90:b8:f7:48:51:c7:6d:85:52:24:90:47:5b:03

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=ChangSha QiHang Network Science Co.\,Ltd,O=ChangSha QiHang Network Science Co.\,Ltd,L=Changsha,ST=Hunan,C=CN

22/03/2023, 07:22
Valid: true

Chain 1

CN=ChangSha QiHang Network Science Co.\,Ltd,O=ChangSha QiHang Network Science Co.\,Ltd,L=Changsha,ST=Hunan,C=CN

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Chain 2

CN=ChangSha QiHang Network Science Co.\,Ltd,O=ChangSha QiHang Network Science Co.\,Ltd,L=Changsha,ST=Hunan,C=CN

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

79:b6:a4:ea:dc:22:1d:0b:b5:ff:03:b5:a0:fe:2b:f5:69:ce:cb:c5
Signer

Actual PE Digest

79:b6:a4:ea:dc:22:1d:0b:b5:ff:03:b5:a0:fe:2b:f5:69:ce:cb:c5

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=ChangSha QiHang Network Science Co.\,Ltd,O=ChangSha QiHang Network Science Co.\,Ltd,L=Changsha,ST=Hunan,C=CN

22/03/2023, 07:22
Valid: true

Chain 1

CN=ChangSha QiHang Network Science Co.\,Ltd,O=ChangSha QiHang Network Science Co.\,Ltd,L=Changsha,ST=Hunan,C=CN

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Chain 2

CN=ChangSha QiHang Network Science Co.\,Ltd,O=ChangSha QiHang Network Science Co.\,Ltd,L=Changsha,ST=Hunan,C=CN

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 2.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 71KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f0ea7b7844bbc5bfa9bb32efdcea957c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 2.6MB - Virtual size: 2.6MB

.rdata Size: 2.3MB - Virtual size: 2.3MB

.data Size: 242KB - Virtual size: 617KB

.idata Size: 1KB - Virtual size: 1KB

.reloc Size: 42KB - Virtual size: 41KB

.symtab Size: 512B - Virtual size: 4B

fb29b99aee699097d14fcaabf4ab3f9d

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

dd:ef:4c:47:22:60:6e:c9:69:42:96:68:df:9d:9c:e0Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

be:c4:9e:12:9d:fc:dc:39:35:68:e3:de:a3:a2:85:9b:4c:60:c2:25Signer

Signature Validations

Verification

30/03/2023, 10:55 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

shell32

oleaut32

shlwapi

iphlpapi

ws2_32

wldap32

Sections

.text Size: 856KB - Virtual size: 856KB

.rdata Size: 224KB - Virtual size: 223KB

.data Size: 12KB - Virtual size: 28KB

.rsrc Size: 2.8MB - Virtual size: 2.8MB

.reloc Size: 40KB - Virtual size: 39KB

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

06:2e:99:de:ce:ff:05:d3:e0:f7:11:b7:61:81:a9:e7Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

06:2e:99:de:ce:ff:05:d3:e0:f7:11:b7:61:81:a9:e7Certificate

Extended Key Usages

.text
Size: 2.6MB - Virtual size: 2.6MB

.rdata
Size: 2.3MB - Virtual size: 2.3MB

.data
Size: 242KB - Virtual size: 617KB

.idata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 42KB - Virtual size: 41KB

.symtab
Size: 512B - Virtual size: 4B

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

dd:ef:4c:47:22:60:6e:c9:69:42:96:68:df:9d:9c:e0
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

be:c4:9e:12:9d:fc:dc:39:35:68:e3:de:a3:a2:85:9b:4c:60:c2:25
Signer

30/03/2023, 10:55
Valid: true

.text
Size: 856KB - Virtual size: 856KB

.rdata
Size: 224KB - Virtual size: 223KB

.data
Size: 12KB - Virtual size: 28KB

.rsrc
Size: 2.8MB - Virtual size: 2.8MB

.reloc
Size: 40KB - Virtual size: 39KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

06:2e:99:de:ce:ff:05:d3:e0:f7:11:b7:61:81:a9:e7
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

06:2e:99:de:ce:ff:05:d3:e0:f7:11:b7:61:81:a9:e7
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

c6:02:53:74:ea:84:3d:b1:f3:66:bf:8f:c1:d9:bd:18:f3:e8:90:b8:f7:48:51:c7:6d:85:52:24:90:47:5b:03
Signer

22/03/2023, 07:22
Valid: true

79:b6:a4:ea:dc:22:1d:0b:b5:ff:03:b5:a0:fe:2b:f5:69:ce:cb:c5
Signer

22/03/2023, 07:22
Valid: true

UPX0
Size: - Virtual size: 2.0MB

UPX1
Size: 4.1MB - Virtual size: 4.1MB

.rsrc
Size: 71KB - Virtual size: 72KB