xworm | BlitzedPrem[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

BlitzedPrem.zip
Size

5.3MB
MD5

7c73dbaf4675062445763268ae30fd50
SHA1

6a26872339fc0cecee551c81317cd40fcfb30cbd
SHA256

be8c72e77bd4a9453a3ffbf89383ca1487c650c3eb006b8c58e5e6490089b38c
SHA512

93ac3e0594c1ecd17579e9dd52ecdbd47c68fdde7a9a2a362f82e3c13f4eb2aa42ed8072de4b21eece9c75a460ba8b2fb79d66acd55b3ab78e3b12ff91efb653
SSDEEP

98304:jbDchxaZZXeYfaXv/zEvWNk9Od2/pfFz2zy24/SU1xyhuoYIDhMKJYPg:vDoaZZOYe/4We9o2952OHDwNJdJX

Score

10^/10

agilenet xworm

Malware Config

Signatures

Xworm family
xworm

Obfuscated with Agile.Net obfuscator 1 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

Processes:

resource	yara_rule
static1/unpack001/Guna.UI2.dll	agile_net

Files

BlitzedPrem.zip
.7z
APIFOR.DLL
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BlitzedGrabberV14.exe
.exe windows x86

9222d372923baed7aa9dfa28449a94ea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
FindResourceA
FreeLibrary
LoadResource
WriteFile
SizeofResource
GetProcAddress
LoadLibraryA
LockResource
EnumResourceNamesA
CloseHandle
FreeResource
GetWindowsDirectoryA
OutputDebugStringA
GetTempPathA
GetModuleHandleW
ExitProcess
DecodePointer
EncodePointer
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
GetLastError
HeapFree
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
LoadLibraryW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetStdHandle
GetModuleFileNameW
Sleep
HeapSize
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
LCMapStringW
MultiByteToWideChar
GetStringTypeW

shell32

ShellExecuteA
SHGetSpecialFolderPathA

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BlitzedGrabberV14.pdb
Costura.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DiscordRPC.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 916B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Guna.UI2.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

7a:98:1b:7d:3e:b4:86:bb:45:84:c4:3c:c9:a8:3f:db
Certificate

Issuer

CN=Sobatdata Root CA

Not Before

23-10-2019 05:22

Not After

22-10-2025 17:00

Subject

CN=Sobatdata Software

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2014 00:00

Not After

22-10-2024 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fe:92:fd:79:78:5b:a1:7b:fc:09:41:72:94:be:f3:50:c7:5a:02:fb
Signer

Actual PE Digest

fe:92:fd:79:78:5b:a1:7b:fc:09:41:72:94:be:f3:50:c7:5a:02:fb

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Sobatdata Software

04-11-2020 22:46
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Newtonsoft.Json.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2031 00:00

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:b0:41:8d:a5:1e:14:8c:33:1b:bc:de:b7:13:83:23
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27-04-2018 12:41

Not After

27-04-2028 12:41

Subject

CN=.NET Foundation Projects Code Signing CA,O=.NET Foundation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:71:a1:b0:c2:96:f5:c7:90:65:47:0a:3c:20:53:7e
Certificate

Issuer

CN=.NET Foundation Projects Code Signing CA,O=.NET Foundation,C=US

Not Before

25-10-2018 00:00

Not After

29-10-2021 12:00

Subject

SERIALNUMBER=603 389 068,CN=Json.NET (.NET Foundation),O=Json.NET (.NET Foundation),L=Redmond,ST=wa,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2e:83:93:14:a9:06:f5:64:04:02:a1:dc:eb:a3:1a:a7:e9:21:c8:88:2c:dd:c2:3c:e4:c0:45:50:4c:ee:75:10
Signer

Actual PE Digest

2e:83:93:14:a9:06:f5:64:04:02:a1:dc:eb:a3:1a:a7:e9:21:c8:88:2c:dd:c2:3c:e4:c0:45:50:4c:ee:75:10

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=603 389 068,CN=Json.NET (.NET Foundation),O=Json.NET (.NET Foundation),L=Redmond,ST=wa,C=US

17-03-2021 20:03
Valid: true

Chain 1

SERIALNUMBER=603 389 068,CN=Json.NET (.NET Foundation),O=Json.NET (.NET Foundation),L=Redmond,ST=wa,C=US

CN=.NET Foundation Projects Code Signing CA,O=.NET Foundation,C=US

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 675KB - Virtual size: 675KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sodium.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

08-03-2016 13:10

Not After

30-05-2027 13:10

Subject

CN=Certum EV TSA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29-10-2015 11:30

Not After

09-06-2027 11:30

Subject

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

32:d4:13:46:5a:84:6b:de:66:36:8b:8a:33:82:f5:bf
Certificate

Issuer

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

07-07-2016 17:27

Not After

07-07-2017 17:27

Subject

CN=Open Source Developer\, Adam Caudill,O=Open Source Developer,C=US,1.2.840.113549.1.9.1=#0c146164616d406164616d63617564696c6c2e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b0:83:5d:ce:39:95:7b:dc:65:e9:78:8d:ff:22:7e:c0:bf:64:45:15:c7:05:78:0e:60:9d:ff:13:dc:f4:c0:a6
Signer

Actual PE Digest

b0:83:5d:ce:39:95:7b:dc:65:e9:78:8d:ff:22:7e:c0:bf:64:45:15:c7:05:78:0e:60:9d:ff:13:dc:f4:c0:a6

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Open Source Developer\, Adam Caudill,O=Open Source Developer,C=US,1.2.840.113549.1.9.1=#0c146164616d406164616d63617564696c6c2e636f6d

07-01-2017 17:18
Valid: true

Chain 1

CN=Open Source Developer\, Adam Caudill,O=Open Source Developer,C=US,1.2.840.113549.1.9.1=#0c146164616d406164616d63617564696c6c2e636f6d

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 972B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
System.Diagnostics.DiagnosticSource.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:00:c9:64:4d:16:db:1a:7d:b3:15:00:00:00:00:00:c9
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-09-2016 17:58

Not After

07-09-2018 17:58

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B1B7-F67F-FEC2,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:40:96:a9:ee:70:56:fe:cc:07:00:01:00:00:01:40
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18-08-2016 20:17

Not After

02-11-2017 20:17

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28-10-2015 20:31

Not After

28-01-2017 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d6:fb:4d:67:72:14:08:d2:75:46:a0:06:cb:be:f9:d3:5f:db:20:bd:97:db:cd:de:3c:cd:a0:78:2f:b1:93:7f
Signer

Actual PE Digest

d6:fb:4d:67:72:14:08:d2:75:46:a0:06:cb:be:f9:d3:5f:db:20:bd:97:db:cd:de:3c:cd:a0:78:2f:b1:93:7f

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

30-03-2023 11:00
Valid: false

bc:c6:7a:ba:4c:c6:19:72:95:75:c0:52:c5:b2:9c:4b:5f:0f:69:2e
Signer

Actual PE Digest

bc:c6:7a:ba:4c:c6:19:72:95:75:c0:52:c5:b2:9c:4b:5f:0f:69:2e

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

05-11-2016 04:44
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Vestris.ResourceLib.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dnlib.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libsodium-64.dll
.dll windows x64

37df2bdfe8b4bac515e8a18872925ff5

Code Sign

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

08-03-2016 13:10

Not After

30-05-2027 13:10

Subject

CN=Certum EV TSA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29-10-2015 11:30

Not After

09-06-2027 11:30

Subject

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

32:d4:13:46:5a:84:6b:de:66:36:8b:8a:33:82:f5:bf
Certificate

Issuer

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

07-07-2016 17:27

Not After

07-07-2017 17:27

Subject

CN=Open Source Developer\, Adam Caudill,O=Open Source Developer,C=US,1.2.840.113549.1.9.1=#0c146164616d406164616d63617564696c6c2e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

44:29:1b:7b:f5:e0:40:cb:7e:0b:6f:ff:fa:98:a3:f2:6d:db:f2:f0:b4:d8:cd:4b:d7:57:42:21:22:00:9f:da
Signer

Actual PE Digest

44:29:1b:7b:f5:e0:40:cb:7e:0b:6f:ff:fa:98:a3:f2:6d:db:f2:f0:b4:d8:cd:4b:d7:57:42:21:22:00:9f:da

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Open Source Developer\, Adam Caudill,O=Open Source Developer,C=US,1.2.840.113549.1.9.1=#0c146164616d406164616d63617564696c6c2e636f6d

07-01-2017 17:18
Valid: true

Chain 1

CN=Open Source Developer\, Adam Caudill,O=Open Source Developer,C=US,1.2.840.113549.1.9.1=#0c146164616d406164616d63617564696c6c2e636f6d

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LeaveCriticalSection
Sleep
GetSystemInfo
VirtualAlloc
EnterCriticalSection
VirtualProtect
VirtualLock
VirtualUnlock
VirtualFree
InitializeCriticalSection
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

advapi32

SystemFunction036

vcruntime140

memset
memcpy
strchr
strrchr
__telemetry_main_invoke_trigger
__telemetry_main_return_trigger
__C_specific_handler
__std_type_info_destroy_list
memchr
memmove

api-ms-win-crt-runtime-l1-1-0

_initterm
_cexit
_errno
abort
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_seh_filter_dll
_initterm_e
raise

api-ms-win-crt-heap-l1-1-0

malloc
free

api-ms-win-crt-string-l1-1-0

strncmp

api-ms-win-crt-time-l1-1-0

_ftime64

Exports

Exports

crypto_aead_aes256gcm_abytes
crypto_aead_aes256gcm_beforenm
crypto_aead_aes256gcm_decrypt
crypto_aead_aes256gcm_decrypt_afternm
crypto_aead_aes256gcm_decrypt_detached
crypto_aead_aes256gcm_decrypt_detached_afternm
crypto_aead_aes256gcm_encrypt
crypto_aead_aes256gcm_encrypt_afternm
crypto_aead_aes256gcm_encrypt_detached
crypto_aead_aes256gcm_encrypt_detached_afternm
crypto_aead_aes256gcm_is_available
crypto_aead_aes256gcm_keybytes
crypto_aead_aes256gcm_npubbytes
crypto_aead_aes256gcm_nsecbytes
crypto_aead_aes256gcm_statebytes
crypto_aead_chacha20poly1305_abytes
crypto_aead_chacha20poly1305_decrypt
crypto_aead_chacha20poly1305_decrypt_detached
crypto_aead_chacha20poly1305_encrypt
crypto_aead_chacha20poly1305_encrypt_detached
crypto_aead_chacha20poly1305_ietf_abytes
crypto_aead_chacha20poly1305_ietf_decrypt
crypto_aead_chacha20poly1305_ietf_decrypt_detached
crypto_aead_chacha20poly1305_ietf_encrypt
crypto_aead_chacha20poly1305_ietf_encrypt_detached
crypto_aead_chacha20poly1305_ietf_keybytes
crypto_aead_chacha20poly1305_ietf_npubbytes
crypto_aead_chacha20poly1305_ietf_nsecbytes
crypto_aead_chacha20poly1305_keybytes
crypto_aead_chacha20poly1305_npubbytes
crypto_aead_chacha20poly1305_nsecbytes
crypto_auth
crypto_auth_bytes
crypto_auth_hmacsha256
crypto_auth_hmacsha256_bytes
crypto_auth_hmacsha256_final
crypto_auth_hmacsha256_init
crypto_auth_hmacsha256_keybytes
crypto_auth_hmacsha256_statebytes
crypto_auth_hmacsha256_update
crypto_auth_hmacsha256_verify
crypto_auth_hmacsha512
crypto_auth_hmacsha512256
crypto_auth_hmacsha512256_bytes
crypto_auth_hmacsha512256_final
crypto_auth_hmacsha512256_init
crypto_auth_hmacsha512256_keybytes
crypto_auth_hmacsha512256_statebytes
crypto_auth_hmacsha512256_update
crypto_auth_hmacsha512256_verify
crypto_auth_hmacsha512_bytes
crypto_auth_hmacsha512_final
crypto_auth_hmacsha512_init
crypto_auth_hmacsha512_keybytes
crypto_auth_hmacsha512_statebytes
crypto_auth_hmacsha512_update
crypto_auth_hmacsha512_verify
crypto_auth_keybytes
crypto_auth_primitive
crypto_auth_verify
crypto_box
crypto_box_afternm
crypto_box_beforenm
crypto_box_beforenmbytes
crypto_box_boxzerobytes
crypto_box_curve25519xsalsa20poly1305
crypto_box_curve25519xsalsa20poly1305_afternm
crypto_box_curve25519xsalsa20poly1305_beforenm
crypto_box_curve25519xsalsa20poly1305_beforenmbytes
crypto_box_curve25519xsalsa20poly1305_boxzerobytes
crypto_box_curve25519xsalsa20poly1305_keypair
crypto_box_curve25519xsalsa20poly1305_macbytes
crypto_box_curve25519xsalsa20poly1305_noncebytes
crypto_box_curve25519xsalsa20poly1305_open
crypto_box_curve25519xsalsa20poly1305_open_afternm
crypto_box_curve25519xsalsa20poly1305_publickeybytes
crypto_box_curve25519xsalsa20poly1305_secretkeybytes
crypto_box_curve25519xsalsa20poly1305_seed_keypair
crypto_box_curve25519xsalsa20poly1305_seedbytes
crypto_box_curve25519xsalsa20poly1305_zerobytes
crypto_box_detached
crypto_box_detached_afternm
crypto_box_easy
crypto_box_easy_afternm
crypto_box_keypair
crypto_box_macbytes
crypto_box_noncebytes
crypto_box_open
crypto_box_open_afternm
crypto_box_open_detached
crypto_box_open_detached_afternm
crypto_box_open_easy
crypto_box_open_easy_afternm
crypto_box_primitive
crypto_box_publickeybytes
crypto_box_seal
crypto_box_seal_open
crypto_box_sealbytes
crypto_box_secretkeybytes
crypto_box_seed_keypair
crypto_box_seedbytes
crypto_box_zerobytes
crypto_core_hchacha20
crypto_core_hchacha20_constbytes
crypto_core_hchacha20_inputbytes
crypto_core_hchacha20_keybytes
crypto_core_hchacha20_outputbytes
crypto_core_hsalsa20
crypto_core_hsalsa20_constbytes
crypto_core_hsalsa20_inputbytes
crypto_core_hsalsa20_keybytes
crypto_core_hsalsa20_outputbytes
crypto_core_salsa20
crypto_core_salsa2012
crypto_core_salsa2012_constbytes
crypto_core_salsa2012_inputbytes
crypto_core_salsa2012_keybytes
crypto_core_salsa2012_outputbytes
crypto_core_salsa208
crypto_core_salsa208_constbytes
crypto_core_salsa208_inputbytes
crypto_core_salsa208_keybytes
crypto_core_salsa208_outputbytes
crypto_core_salsa20_constbytes
crypto_core_salsa20_inputbytes
crypto_core_salsa20_keybytes
crypto_core_salsa20_outputbytes
crypto_generichash
crypto_generichash_blake2b
crypto_generichash_blake2b_bytes
crypto_generichash_blake2b_bytes_max
crypto_generichash_blake2b_bytes_min
crypto_generichash_blake2b_final
crypto_generichash_blake2b_init
crypto_generichash_blake2b_init_salt_personal
crypto_generichash_blake2b_keybytes
crypto_generichash_blake2b_keybytes_max
crypto_generichash_blake2b_keybytes_min
crypto_generichash_blake2b_personalbytes
crypto_generichash_blake2b_salt_personal
crypto_generichash_blake2b_saltbytes
crypto_generichash_blake2b_statebytes
crypto_generichash_blake2b_update
crypto_generichash_bytes
crypto_generichash_bytes_max
crypto_generichash_bytes_min
crypto_generichash_final
crypto_generichash_init
crypto_generichash_keybytes
crypto_generichash_keybytes_max
crypto_generichash_keybytes_min
crypto_generichash_primitive
crypto_generichash_statebytes
crypto_generichash_update
crypto_hash
crypto_hash_bytes
crypto_hash_primitive
crypto_hash_sha256
crypto_hash_sha256_bytes
crypto_hash_sha256_final
crypto_hash_sha256_init
crypto_hash_sha256_statebytes
crypto_hash_sha256_update
crypto_hash_sha512
crypto_hash_sha512_bytes
crypto_hash_sha512_final
crypto_hash_sha512_init
crypto_hash_sha512_statebytes
crypto_hash_sha512_update
crypto_onetimeauth
crypto_onetimeauth_bytes
crypto_onetimeauth_final
crypto_onetimeauth_init
crypto_onetimeauth_keybytes
crypto_onetimeauth_poly1305
crypto_onetimeauth_poly1305_bytes
crypto_onetimeauth_poly1305_final
crypto_onetimeauth_poly1305_init
crypto_onetimeauth_poly1305_keybytes
crypto_onetimeauth_poly1305_update
crypto_onetimeauth_poly1305_verify
crypto_onetimeauth_primitive
crypto_onetimeauth_statebytes
crypto_onetimeauth_update
crypto_onetimeauth_verify
crypto_pwhash
crypto_pwhash_alg_argon2i13
crypto_pwhash_alg_default
crypto_pwhash_argon2i
crypto_pwhash_argon2i_alg_argon2i13
crypto_pwhash_argon2i_memlimit_interactive
crypto_pwhash_argon2i_memlimit_moderate
crypto_pwhash_argon2i_memlimit_sensitive
crypto_pwhash_argon2i_opslimit_interactive
crypto_pwhash_argon2i_opslimit_moderate
crypto_pwhash_argon2i_opslimit_sensitive
crypto_pwhash_argon2i_saltbytes
crypto_pwhash_argon2i_str
crypto_pwhash_argon2i_str_verify
crypto_pwhash_argon2i_strbytes
crypto_pwhash_argon2i_strprefix
crypto_pwhash_memlimit_interactive
crypto_pwhash_memlimit_moderate
crypto_pwhash_memlimit_sensitive
crypto_pwhash_opslimit_interactive
crypto_pwhash_opslimit_moderate
crypto_pwhash_opslimit_sensitive
crypto_pwhash_primitive
crypto_pwhash_saltbytes
crypto_pwhash_scryptsalsa208sha256
crypto_pwhash_scryptsalsa208sha256_ll
crypto_pwhash_scryptsalsa208sha256_memlimit_interactive
crypto_pwhash_scryptsalsa208sha256_memlimit_sensitive
crypto_pwhash_scryptsalsa208sha256_opslimit_interactive
crypto_pwhash_scryptsalsa208sha256_opslimit_sensitive
crypto_pwhash_scryptsalsa208sha256_saltbytes
crypto_pwhash_scryptsalsa208sha256_str
crypto_pwhash_scryptsalsa208sha256_str_verify
crypto_pwhash_scryptsalsa208sha256_strbytes
crypto_pwhash_scryptsalsa208sha256_strprefix
crypto_pwhash_str
crypto_pwhash_str_verify
crypto_pwhash_strbytes
crypto_pwhash_strprefix
crypto_scalarmult
crypto_scalarmult_base
crypto_scalarmult_bytes
crypto_scalarmult_curve25519
crypto_scalarmult_curve25519_base
crypto_scalarmult_curve25519_bytes
crypto_scalarmult_curve25519_scalarbytes
crypto_scalarmult_primitive
crypto_scalarmult_scalarbytes
crypto_secretbox
crypto_secretbox_boxzerobytes
crypto_secretbox_detached
crypto_secretbox_easy
crypto_secretbox_keybytes
crypto_secretbox_macbytes
crypto_secretbox_noncebytes
crypto_secretbox_open
crypto_secretbox_open_detached
crypto_secretbox_open_easy
crypto_secretbox_primitive
crypto_secretbox_xsalsa20poly1305
crypto_secretbox_xsalsa20poly1305_boxzerobytes
crypto_secretbox_xsalsa20poly1305_keybytes
crypto_secretbox_xsalsa20poly1305_macbytes
crypto_secretbox_xsalsa20poly1305_noncebytes
crypto_secretbox_xsalsa20poly1305_open
crypto_secretbox_xsalsa20poly1305_zerobytes
crypto_secretbox_zerobytes
crypto_shorthash
crypto_shorthash_bytes
crypto_shorthash_keybytes
crypto_shorthash_primitive
crypto_shorthash_siphash24
crypto_shorthash_siphash24_bytes
crypto_shorthash_siphash24_keybytes
crypto_sign
crypto_sign_bytes
crypto_sign_detached
crypto_sign_ed25519
crypto_sign_ed25519_bytes
crypto_sign_ed25519_detached
crypto_sign_ed25519_keypair
crypto_sign_ed25519_open
crypto_sign_ed25519_pk_to_curve25519
crypto_sign_ed25519_publickeybytes
crypto_sign_ed25519_secretkeybytes
crypto_sign_ed25519_seed_keypair
crypto_sign_ed25519_seedbytes
crypto_sign_ed25519_sk_to_curve25519
crypto_sign_ed25519_sk_to_pk
crypto_sign_ed25519_sk_to_seed
crypto_sign_ed25519_verify_detached
crypto_sign_edwards25519sha512batch
crypto_sign_edwards25519sha512batch_keypair
crypto_sign_edwards25519sha512batch_open
crypto_sign_keypair
crypto_sign_open
crypto_sign_primitive
crypto_sign_publickeybytes
crypto_sign_secretkeybytes
crypto_sign_seed_keypair
crypto_sign_seedbytes
crypto_sign_verify_detached
crypto_stream
crypto_stream_aes128ctr
crypto_stream_aes128ctr_afternm
crypto_stream_aes128ctr_beforenm
crypto_stream_aes128ctr_beforenmbytes
crypto_stream_aes128ctr_keybytes
crypto_stream_aes128ctr_noncebytes
crypto_stream_aes128ctr_xor
crypto_stream_aes128ctr_xor_afternm
crypto_stream_chacha20
crypto_stream_chacha20_ietf
crypto_stream_chacha20_ietf_noncebytes
crypto_stream_chacha20_ietf_xor
crypto_stream_chacha20_ietf_xor_ic
crypto_stream_chacha20_keybytes
crypto_stream_chacha20_noncebytes
crypto_stream_chacha20_xor
crypto_stream_chacha20_xor_ic
crypto_stream_keybytes
crypto_stream_noncebytes
crypto_stream_primitive
crypto_stream_salsa20
crypto_stream_salsa2012
crypto_stream_salsa2012_keybytes
crypto_stream_salsa2012_noncebytes
crypto_stream_salsa2012_xor
crypto_stream_salsa208
crypto_stream_salsa208_keybytes
crypto_stream_salsa208_noncebytes
crypto_stream_salsa208_xor
crypto_stream_salsa20_keybytes
crypto_stream_salsa20_noncebytes
crypto_stream_salsa20_xor
crypto_stream_salsa20_xor_ic
crypto_stream_xor
crypto_stream_xsalsa20
crypto_stream_xsalsa20_keybytes
crypto_stream_xsalsa20_noncebytes
crypto_stream_xsalsa20_xor
crypto_stream_xsalsa20_xor_ic
crypto_verify_16
crypto_verify_16_bytes
crypto_verify_32
crypto_verify_32_bytes
crypto_verify_64
crypto_verify_64_bytes
randombytes
randombytes_buf
randombytes_close
randombytes_implementation_name
randombytes_random
randombytes_salsa20_implementation
randombytes_set_implementation
randombytes_stir
randombytes_sysrandom_implementation
randombytes_uniform
sodium_add
sodium_allocarray
sodium_bin2hex
sodium_compare
sodium_free
sodium_hex2bin
sodium_increment
sodium_init
sodium_is_zero
sodium_library_version_major
sodium_library_version_minor
sodium_malloc
sodium_memcmp
sodium_memzero
sodium_mlock
sodium_mprotect_noaccess
sodium_mprotect_readonly
sodium_mprotect_readwrite
sodium_munlock
sodium_runtime_has_aesni
sodium_runtime_has_avx
sodium_runtime_has_avx2
sodium_runtime_has_neon
sodium_runtime_has_pclmul
sodium_runtime_has_sse2
sodium_runtime_has_sse3
sodium_runtime_has_sse41
sodium_runtime_has_ssse3
sodium_version_string

Sections

.text
Size: 325KB - Virtual size: 325KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libsodium.dll
.dll windows x86

c85c1c96a17417feb77f58eddec50e0b

Code Sign

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

08-03-2016 13:10

Not After

30-05-2027 13:10

Subject

CN=Certum EV TSA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29-10-2015 11:30

Not After

09-06-2027 11:30

Subject

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

32:d4:13:46:5a:84:6b:de:66:36:8b:8a:33:82:f5:bf
Certificate

Issuer

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

07-07-2016 17:27

Not After

07-07-2017 17:27

Subject

CN=Open Source Developer\, Adam Caudill,O=Open Source Developer,C=US,1.2.840.113549.1.9.1=#0c146164616d406164616d63617564696c6c2e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

8c:cc:b4:a0:dd:65:aa:fb:17:31:72:a1:0b:b1:63:f3:09:51:8c:bd:55:7b:40:7b:35:9a:af:a5:05:a0:37:67
Signer

Actual PE Digest

8c:cc:b4:a0:dd:65:aa:fb:17:31:72:a1:0b:b1:63:f3:09:51:8c:bd:55:7b:40:7b:35:9a:af:a5:05:a0:37:67

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Open Source Developer\, Adam Caudill,O=Open Source Developer,C=US,1.2.840.113549.1.9.1=#0c146164616d406164616d63617564696c6c2e636f6d

07-01-2017 17:18
Valid: true

Chain 1

CN=Open Source Developer\, Adam Caudill,O=Open Source Developer,C=US,1.2.840.113549.1.9.1=#0c146164616d406164616d63617564696c6c2e636f6d

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LeaveCriticalSection
Sleep
GetSystemInfo
VirtualAlloc
EnterCriticalSection
VirtualProtect
VirtualLock
VirtualUnlock
VirtualFree
InitializeCriticalSection
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter

advapi32

SystemFunction036

vcruntime140

strchr
memcpy
memset
_except_handler4_common
memchr
memmove
strrchr
__telemetry_main_invoke_trigger
__telemetry_main_return_trigger
__std_type_info_destroy_list

api-ms-win-crt-runtime-l1-1-0

_cexit
_initterm
_initterm_e
_errno
abort
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_seh_filter_dll
raise

api-ms-win-crt-heap-l1-1-0

malloc
free

api-ms-win-crt-string-l1-1-0

strncmp

api-ms-win-crt-time-l1-1-0

_ftime64

Exports

Exports

crypto_aead_aes256gcm_abytes
crypto_aead_aes256gcm_beforenm
crypto_aead_aes256gcm_decrypt
crypto_aead_aes256gcm_decrypt_afternm
crypto_aead_aes256gcm_decrypt_detached
crypto_aead_aes256gcm_decrypt_detached_afternm
crypto_aead_aes256gcm_encrypt
crypto_aead_aes256gcm_encrypt_afternm
crypto_aead_aes256gcm_encrypt_detached
crypto_aead_aes256gcm_encrypt_detached_afternm
crypto_aead_aes256gcm_is_available
crypto_aead_aes256gcm_keybytes
crypto_aead_aes256gcm_npubbytes
crypto_aead_aes256gcm_nsecbytes
crypto_aead_aes256gcm_statebytes
crypto_aead_chacha20poly1305_abytes
crypto_aead_chacha20poly1305_decrypt
crypto_aead_chacha20poly1305_decrypt_detached
crypto_aead_chacha20poly1305_encrypt
crypto_aead_chacha20poly1305_encrypt_detached
crypto_aead_chacha20poly1305_ietf_abytes
crypto_aead_chacha20poly1305_ietf_decrypt
crypto_aead_chacha20poly1305_ietf_decrypt_detached
crypto_aead_chacha20poly1305_ietf_encrypt
crypto_aead_chacha20poly1305_ietf_encrypt_detached
crypto_aead_chacha20poly1305_ietf_keybytes
crypto_aead_chacha20poly1305_ietf_npubbytes
crypto_aead_chacha20poly1305_ietf_nsecbytes
crypto_aead_chacha20poly1305_keybytes
crypto_aead_chacha20poly1305_npubbytes
crypto_aead_chacha20poly1305_nsecbytes
crypto_auth
crypto_auth_bytes
crypto_auth_hmacsha256
crypto_auth_hmacsha256_bytes
crypto_auth_hmacsha256_final
crypto_auth_hmacsha256_init
crypto_auth_hmacsha256_keybytes
crypto_auth_hmacsha256_statebytes
crypto_auth_hmacsha256_update
crypto_auth_hmacsha256_verify
crypto_auth_hmacsha512
crypto_auth_hmacsha512256
crypto_auth_hmacsha512256_bytes
crypto_auth_hmacsha512256_final
crypto_auth_hmacsha512256_init
crypto_auth_hmacsha512256_keybytes
crypto_auth_hmacsha512256_statebytes
crypto_auth_hmacsha512256_update
crypto_auth_hmacsha512256_verify
crypto_auth_hmacsha512_bytes
crypto_auth_hmacsha512_final
crypto_auth_hmacsha512_init
crypto_auth_hmacsha512_keybytes
crypto_auth_hmacsha512_statebytes
crypto_auth_hmacsha512_update
crypto_auth_hmacsha512_verify
crypto_auth_keybytes
crypto_auth_primitive
crypto_auth_verify
crypto_box
crypto_box_afternm
crypto_box_beforenm
crypto_box_beforenmbytes
crypto_box_boxzerobytes
crypto_box_curve25519xsalsa20poly1305
crypto_box_curve25519xsalsa20poly1305_afternm
crypto_box_curve25519xsalsa20poly1305_beforenm
crypto_box_curve25519xsalsa20poly1305_beforenmbytes
crypto_box_curve25519xsalsa20poly1305_boxzerobytes
crypto_box_curve25519xsalsa20poly1305_keypair
crypto_box_curve25519xsalsa20poly1305_macbytes
crypto_box_curve25519xsalsa20poly1305_noncebytes
crypto_box_curve25519xsalsa20poly1305_open
crypto_box_curve25519xsalsa20poly1305_open_afternm
crypto_box_curve25519xsalsa20poly1305_publickeybytes
crypto_box_curve25519xsalsa20poly1305_secretkeybytes
crypto_box_curve25519xsalsa20poly1305_seed_keypair
crypto_box_curve25519xsalsa20poly1305_seedbytes
crypto_box_curve25519xsalsa20poly1305_zerobytes
crypto_box_detached
crypto_box_detached_afternm
crypto_box_easy
crypto_box_easy_afternm
crypto_box_keypair
crypto_box_macbytes
crypto_box_noncebytes
crypto_box_open
crypto_box_open_afternm
crypto_box_open_detached
crypto_box_open_detached_afternm
crypto_box_open_easy
crypto_box_open_easy_afternm
crypto_box_primitive
crypto_box_publickeybytes
crypto_box_seal
crypto_box_seal_open
crypto_box_sealbytes
crypto_box_secretkeybytes
crypto_box_seed_keypair
crypto_box_seedbytes
crypto_box_zerobytes
crypto_core_hchacha20
crypto_core_hchacha20_constbytes
crypto_core_hchacha20_inputbytes
crypto_core_hchacha20_keybytes
crypto_core_hchacha20_outputbytes
crypto_core_hsalsa20
crypto_core_hsalsa20_constbytes
crypto_core_hsalsa20_inputbytes
crypto_core_hsalsa20_keybytes
crypto_core_hsalsa20_outputbytes
crypto_core_salsa20
crypto_core_salsa2012
crypto_core_salsa2012_constbytes
crypto_core_salsa2012_inputbytes
crypto_core_salsa2012_keybytes
crypto_core_salsa2012_outputbytes
crypto_core_salsa208
crypto_core_salsa208_constbytes
crypto_core_salsa208_inputbytes
crypto_core_salsa208_keybytes
crypto_core_salsa208_outputbytes
crypto_core_salsa20_constbytes
crypto_core_salsa20_inputbytes
crypto_core_salsa20_keybytes
crypto_core_salsa20_outputbytes
crypto_generichash
crypto_generichash_blake2b
crypto_generichash_blake2b_bytes
crypto_generichash_blake2b_bytes_max
crypto_generichash_blake2b_bytes_min
crypto_generichash_blake2b_final
crypto_generichash_blake2b_init
crypto_generichash_blake2b_init_salt_personal
crypto_generichash_blake2b_keybytes
crypto_generichash_blake2b_keybytes_max
crypto_generichash_blake2b_keybytes_min
crypto_generichash_blake2b_personalbytes
crypto_generichash_blake2b_salt_personal
crypto_generichash_blake2b_saltbytes
crypto_generichash_blake2b_statebytes
crypto_generichash_blake2b_update
crypto_generichash_bytes
crypto_generichash_bytes_max
crypto_generichash_bytes_min
crypto_generichash_final
crypto_generichash_init
crypto_generichash_keybytes
crypto_generichash_keybytes_max
crypto_generichash_keybytes_min
crypto_generichash_primitive
crypto_generichash_statebytes
crypto_generichash_update
crypto_hash
crypto_hash_bytes
crypto_hash_primitive
crypto_hash_sha256
crypto_hash_sha256_bytes
crypto_hash_sha256_final
crypto_hash_sha256_init
crypto_hash_sha256_statebytes
crypto_hash_sha256_update
crypto_hash_sha512
crypto_hash_sha512_bytes
crypto_hash_sha512_final
crypto_hash_sha512_init
crypto_hash_sha512_statebytes
crypto_hash_sha512_update
crypto_onetimeauth
crypto_onetimeauth_bytes
crypto_onetimeauth_final
crypto_onetimeauth_init
crypto_onetimeauth_keybytes
crypto_onetimeauth_poly1305
crypto_onetimeauth_poly1305_bytes
crypto_onetimeauth_poly1305_final
crypto_onetimeauth_poly1305_init
crypto_onetimeauth_poly1305_keybytes
crypto_onetimeauth_poly1305_update
crypto_onetimeauth_poly1305_verify
crypto_onetimeauth_primitive
crypto_onetimeauth_statebytes
crypto_onetimeauth_update
crypto_onetimeauth_verify
crypto_pwhash
crypto_pwhash_alg_argon2i13
crypto_pwhash_alg_default
crypto_pwhash_argon2i
crypto_pwhash_argon2i_alg_argon2i13
crypto_pwhash_argon2i_memlimit_interactive
crypto_pwhash_argon2i_memlimit_moderate
crypto_pwhash_argon2i_memlimit_sensitive
crypto_pwhash_argon2i_opslimit_interactive
crypto_pwhash_argon2i_opslimit_moderate
crypto_pwhash_argon2i_opslimit_sensitive
crypto_pwhash_argon2i_saltbytes
crypto_pwhash_argon2i_str
crypto_pwhash_argon2i_str_verify
crypto_pwhash_argon2i_strbytes
crypto_pwhash_argon2i_strprefix
crypto_pwhash_memlimit_interactive
crypto_pwhash_memlimit_moderate
crypto_pwhash_memlimit_sensitive
crypto_pwhash_opslimit_interactive
crypto_pwhash_opslimit_moderate
crypto_pwhash_opslimit_sensitive
crypto_pwhash_primitive
crypto_pwhash_saltbytes
crypto_pwhash_scryptsalsa208sha256
crypto_pwhash_scryptsalsa208sha256_ll
crypto_pwhash_scryptsalsa208sha256_memlimit_interactive
crypto_pwhash_scryptsalsa208sha256_memlimit_sensitive
crypto_pwhash_scryptsalsa208sha256_opslimit_interactive
crypto_pwhash_scryptsalsa208sha256_opslimit_sensitive
crypto_pwhash_scryptsalsa208sha256_saltbytes
crypto_pwhash_scryptsalsa208sha256_str
crypto_pwhash_scryptsalsa208sha256_str_verify
crypto_pwhash_scryptsalsa208sha256_strbytes
crypto_pwhash_scryptsalsa208sha256_strprefix
crypto_pwhash_str
crypto_pwhash_str_verify
crypto_pwhash_strbytes
crypto_pwhash_strprefix
crypto_scalarmult
crypto_scalarmult_base
crypto_scalarmult_bytes
crypto_scalarmult_curve25519
crypto_scalarmult_curve25519_base
crypto_scalarmult_curve25519_bytes
crypto_scalarmult_curve25519_scalarbytes
crypto_scalarmult_primitive
crypto_scalarmult_scalarbytes
crypto_secretbox
crypto_secretbox_boxzerobytes
crypto_secretbox_detached
crypto_secretbox_easy
crypto_secretbox_keybytes
crypto_secretbox_macbytes
crypto_secretbox_noncebytes
crypto_secretbox_open
crypto_secretbox_open_detached
crypto_secretbox_open_easy
crypto_secretbox_primitive
crypto_secretbox_xsalsa20poly1305
crypto_secretbox_xsalsa20poly1305_boxzerobytes
crypto_secretbox_xsalsa20poly1305_keybytes
crypto_secretbox_xsalsa20poly1305_macbytes
crypto_secretbox_xsalsa20poly1305_noncebytes
crypto_secretbox_xsalsa20poly1305_open
crypto_secretbox_xsalsa20poly1305_zerobytes
crypto_secretbox_zerobytes
crypto_shorthash
crypto_shorthash_bytes
crypto_shorthash_keybytes
crypto_shorthash_primitive
crypto_shorthash_siphash24
crypto_shorthash_siphash24_bytes
crypto_shorthash_siphash24_keybytes
crypto_sign
crypto_sign_bytes
crypto_sign_detached
crypto_sign_ed25519
crypto_sign_ed25519_bytes
crypto_sign_ed25519_detached
crypto_sign_ed25519_keypair
crypto_sign_ed25519_open
crypto_sign_ed25519_pk_to_curve25519
crypto_sign_ed25519_publickeybytes
crypto_sign_ed25519_secretkeybytes
crypto_sign_ed25519_seed_keypair
crypto_sign_ed25519_seedbytes
crypto_sign_ed25519_sk_to_curve25519
crypto_sign_ed25519_sk_to_pk
crypto_sign_ed25519_sk_to_seed
crypto_sign_ed25519_verify_detached
crypto_sign_edwards25519sha512batch
crypto_sign_edwards25519sha512batch_keypair
crypto_sign_edwards25519sha512batch_open
crypto_sign_keypair
crypto_sign_open
crypto_sign_primitive
crypto_sign_publickeybytes
crypto_sign_secretkeybytes
crypto_sign_seed_keypair
crypto_sign_seedbytes
crypto_sign_verify_detached
crypto_stream
crypto_stream_aes128ctr
crypto_stream_aes128ctr_afternm
crypto_stream_aes128ctr_beforenm
crypto_stream_aes128ctr_beforenmbytes
crypto_stream_aes128ctr_keybytes
crypto_stream_aes128ctr_noncebytes
crypto_stream_aes128ctr_xor
crypto_stream_aes128ctr_xor_afternm
crypto_stream_chacha20
crypto_stream_chacha20_ietf
crypto_stream_chacha20_ietf_noncebytes
crypto_stream_chacha20_ietf_xor
crypto_stream_chacha20_ietf_xor_ic
crypto_stream_chacha20_keybytes
crypto_stream_chacha20_noncebytes
crypto_stream_chacha20_xor
crypto_stream_chacha20_xor_ic
crypto_stream_keybytes
crypto_stream_noncebytes
crypto_stream_primitive
crypto_stream_salsa20
crypto_stream_salsa2012
crypto_stream_salsa2012_keybytes
crypto_stream_salsa2012_noncebytes
crypto_stream_salsa2012_xor
crypto_stream_salsa208
crypto_stream_salsa208_keybytes
crypto_stream_salsa208_noncebytes
crypto_stream_salsa208_xor
crypto_stream_salsa20_keybytes
crypto_stream_salsa20_noncebytes
crypto_stream_salsa20_xor
crypto_stream_salsa20_xor_ic
crypto_stream_xor
crypto_stream_xsalsa20
crypto_stream_xsalsa20_keybytes
crypto_stream_xsalsa20_noncebytes
crypto_stream_xsalsa20_xor
crypto_stream_xsalsa20_xor_ic
crypto_verify_16
crypto_verify_16_bytes
crypto_verify_32
crypto_verify_32_bytes
crypto_verify_64
crypto_verify_64_bytes
randombytes
randombytes_buf
randombytes_close
randombytes_implementation_name
randombytes_random
randombytes_salsa20_implementation
randombytes_set_implementation
randombytes_stir
randombytes_sysrandom_implementation
randombytes_uniform
sodium_add
sodium_allocarray
sodium_bin2hex
sodium_compare
sodium_free
sodium_hex2bin
sodium_increment
sodium_init
sodium_is_zero
sodium_library_version_major
sodium_library_version_minor
sodium_malloc
sodium_memcmp
sodium_memzero
sodium_mlock
sodium_mprotect_noaccess
sodium_mprotect_readonly
sodium_mprotect_readwrite
sodium_munlock
sodium_runtime_has_aesni
sodium_runtime_has_avx
sodium_runtime_has_avx2
sodium_runtime_has_neon
sodium_runtime_has_pclmul
sodium_runtime_has_sse2
sodium_runtime_has_sse3
sodium_runtime_has_sse41
sodium_runtime_has_ssse3
sodium_version_string

Sections

.text
Size: 415KB - Virtual size: 415KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 11KB - Virtual size: 10KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

9222d372923baed7aa9dfa28449a94ea

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shell32

Sections

.text Size: 30KB - Virtual size: 30KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 3KB - Virtual size: 6KB

.rsrc Size: 4.1MB - Virtual size: 4.1MB

.reloc Size: 5KB - Virtual size: 4KB

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 2KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 880B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 80KB - Virtual size: 79KB

.rsrc Size: 1024B - Virtual size: 916B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Code Sign

7a:98:1b:7d:3e:b4:86:bb:45:84:c4:3c:c9:a8:3f:dbCertificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

fe:92:fd:79:78:5b:a1:7b:fc:09:41:72:94:be:f3:50:c7:5a:02:fbSigner

Signature Validations

Verification

04-11-2020 22:46 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Code Sign

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77Certificate

Key Usages

07:b0:41:8d:a5:1e:14:8c:33:1b:bc:de:b7:13:83:23Certificate

Extended Key Usages

Key Usages

0a:71:a1:b0:c2:96:f5:c7:90:65:47:0a:3c:20:53:7eCertificate

Extended Key Usages

Key Usages

.text
Size: 11KB - Virtual size: 10KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 30KB - Virtual size: 30KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 4.1MB - Virtual size: 4.1MB

.reloc
Size: 5KB - Virtual size: 4KB

.text
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 880B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 80KB - Virtual size: 79KB

.rsrc
Size: 1024B - Virtual size: 916B

.reloc
Size: 512B - Virtual size: 12B

7a:98:1b:7d:3e:b4:86:bb:45:84:c4:3c:c9:a8:3f:db
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

fe:92:fd:79:78:5b:a1:7b:fc:09:41:72:94:be:f3:50:c7:5a:02:fb
Signer

04-11-2020 22:46
Valid: false

.text
Size: 1.9MB - Virtual size: 1.9MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

07:b0:41:8d:a5:1e:14:8c:33:1b:bc:de:b7:13:83:23
Certificate

0a:71:a1:b0:c2:96:f5:c7:90:65:47:0a:3c:20:53:7e
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

2e:83:93:14:a9:06:f5:64:04:02:a1:dc:eb:a3:1a:a7:e9:21:c8:88:2c:dd:c2:3c:e4:c0:45:50:4c:ee:75:10
Signer

17-03-2021 20:03
Valid: true

.text
Size: 675KB - Virtual size: 675KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70
Certificate

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

32:d4:13:46:5a:84:6b:de:66:36:8b:8a:33:82:f5:bf
Certificate

b0:83:5d:ce:39:95:7b:dc:65:e9:78:8d:ff:22:7e:c0:bf:64:45:15:c7:05:78:0e:60:9d:ff:13:dc:f4:c0:a6
Signer

07-01-2017 17:18
Valid: true

.text
Size: 52KB - Virtual size: 52KB

.rsrc
Size: 1024B - Virtual size: 972B

.reloc
Size: 512B - Virtual size: 12B

33:00:00:00:c9:64:4d:16:db:1a:7d:b3:15:00:00:00:00:00:c9
Certificate

33:00:00:01:40:96:a9:ee:70:56:fe:cc:07:00:01:00:00:01:40
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

d6:fb:4d:67:72:14:08:d2:75:46:a0:06:cb:be:f9:d3:5f:db:20:bd:97:db:cd:de:3c:cd:a0:78:2f:b1:93:7f
Signer

30-03-2023 11:00
Valid: false

bc:c6:7a:ba:4c:c6:19:72:95:75:c0:52:c5:b2:9c:4b:5f:0f:69:2e
Signer

05-11-2016 04:44
Valid: false