aac[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

aac.rar
Size

515KB
MD5

c818944b440510dfc379cef941ffc53d
SHA1

d085825ba180c4485546114ef36f0cdd6f4c1950
SHA256

cc517815a64ecdc2a61a52b87c974413784331caaf9c19ec2627d9c705378fe9
SHA512

18ffee3d3211eb21c0a74621edf4b8238b1f3c68719f83ec2fb46e44908a206830ae9bc0f14261b9a491330a52c611706930f6116f117fac419b10216786e650
SSDEEP

12288:TpoBrjG4bT8YuCDZPSy6zZ9XpOltZXIftGW3IVjHmRECh:VopjG4P8UtqZ9ZCtuKZHmRR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/aac/ISCmplr.dll

Files

aac.rar
.rar
aac/ISCmplr.dll
.dll windows x86

c67dff5385c1d930bb826cad4db9b04f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateMutexA
DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WriteProcessMemory

msvcrt

_amsg_exit
_initterm
_iob
_itoa_s
_lock
_unlock
abort
calloc
free
fwrite
realloc
strcmp
strlen
strncmp
vfprintf

psapi

GetModuleInformation

Exports

Exports

ISDllCompileScript
ISDllGetVersion
_ZN8DllClass10HelloWorldEv
_ZN8DllClassC1Ev
_ZN8DllClassC2Ev
_ZN8DllClassD0Ev
_ZN8DllClassD1Ev
_ZN8DllClassD2Ev
_ZTI8DllClass
_ZTV8DllClass

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 940B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 323B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 1024B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 174KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 1024B - Virtual size: 790B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/92
Size: 1024B - Virtual size: 600B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
aac/isscint.dll
.dll windows x86

b002e16e4930e3fcbc0117d5da819ced

Code Sign

04:7a:53
Certificate

Issuer

CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL

Not Before

03/03/2009, 12:53

Not After

03/03/2024, 12:53

Subject

CN=Certum Level III CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

71:09:fa:42:a4:c1:c7:05:08:a6:82:a0:2d:56:dc:2f
Certificate

Issuer

CN=Certum Level III CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

01/06/2015, 00:00

Not After

31/05/2016, 00:00

Subject

CN=Open Source Developer\, Martijn Laan,O=Martijn Laan,C=NL,1.2.840.113549.1.9.1=#0c146d6c61616e406a72736f6674776172652e6f7267

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

d4:48:80:e6:b8:33:63:d1:57:fb:65:df:ce:40:75:a5
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/12/2014, 00:00

Not After

18/12/2017, 23:59

Subject

CN=Korton Group B.V.,O=Korton Group B.V.,POSTALCODE=2132 XZ,STREET=Jadelaan 99,L=Hoofddorp,ST=Noord Holland,C=NL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5a:66:c9:98:b8:b1:2c:79:ff:a7:34:06:96:8f:be:6f:49:a8:2f:96:ad:42:ec:74:33:cc:4e:e0:f0:f8:57:fa
Signer

Actual PE Digest

5a:66:c9:98:b8:b1:2c:79:ff:a7:34:06:96:8f:be:6f:49:a8:2f:96:ad:42:ec:74:33:cc:4e:e0:f0:f8:57:fa

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Korton Group B.V.,O=Korton Group B.V.,POSTALCODE=2132 XZ,STREET=Jadelaan 99,L=Hoofddorp,ST=Noord Holland,C=NL

15/02/2016, 08:34
Valid: true

Chain 1

CN=Korton Group B.V.,O=Korton Group B.V.,POSTALCODE=2132 XZ,STREET=Jadelaan 99,L=Hoofddorp,ST=Noord Holland,C=NL

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

da:86:a0:44:32:aa:ac:e9:90:53:03:fb:4c:27:f3:e3:9a:65:b8:47
Signer

Actual PE Digest

da:86:a0:44:32:aa:ac:e9:90:53:03:fb:4c:27:f3:e3:9a:65:b8:47

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Open Source Developer\, Martijn Laan,O=Martijn Laan,C=NL,1.2.840.113549.1.9.1=#0c146d6c61616e406a72736f6674776172652e6f7267

15/02/2016, 08:34
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStringTypeW
GetStringTypeA
RtlUnwind
HeapReAlloc
VirtualAlloc
HeapSize
GetCurrentProcessId
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
Sleep
ExitProcess
LCMapStringA
GetConsoleMode
WriteFile
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetOEMCP
InterlockedDecrement
InterlockedIncrement
GetLastError
RaiseException
GetProcessHeap
HeapAlloc
HeapFree
GetCommandLineA
GetCurrentThreadId
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
SetFilePointer
GetModuleFileNameA
GetConsoleCP
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
CloseHandle
FlushFileBuffers
GetLocaleInfoA
GlobalLock
GlobalSize
GlobalFree
GetTickCount
LCMapStringW
WideCharToMultiByte
IsValidCodePage
GlobalUnlock
GlobalAlloc
GetCPInfo
GetProcAddress
MulDiv
InitializeCriticalSection
DeleteCriticalSection
IsDBCSLeadByteEx
QueryPerformanceFrequency
LeaveCriticalSection
QueryPerformanceCounter
GetModuleHandleA
LoadLibraryA
MultiByteToWideChar
GetACP
EnterCriticalSection
GetVersionExA
GetStdHandle

user32

GetUpdateRgn
GetCapture
ShowCaret
DestroyCaret
IsChild
GetDlgCtrlID
GetCaretBlinkTime
RegisterClassExW
SetTimer
GetClipboardData
KillTimer
OpenClipboard
GetClientRect
ReleaseDC
CreateWindowExA
FrameRect
InflateRect
HideCaret
ScreenToClient
MsgWaitForMultipleObjects
SystemParametersInfoA
GetKeyboardLayout
RegisterClipboardFormatA
SetCaretPos
SetScrollInfo
EmptyClipboard
AppendMenuA
GetScrollInfo
CreateCaret
IsClipboardFormatAvailable
PostMessageA
IsWindowUnicode
UpdateWindow
ScrollWindow
SetClipboardData
GetMessageTime
CloseClipboard
SetFocus
SendMessageA
GetWindowRect
MapWindowPoints
SetWindowLongA
CallWindowProcA
BeginPaint
DefWindowProcA
MonitorFromRect
InvalidateRect
DestroyMenu
GetParent
LoadCursorA
RegisterClassExA
MonitorFromPoint
GetDoubleClickTime
TrackPopupMenu
GetMonitorInfoA
GetSysColor
FillRect
SetWindowPos
EndPaint
AdjustWindowRectEx
UnregisterClassA
ClientToScreen
GetCursorPos
DestroyWindow
ReleaseCapture
SetCapture
GetWindowLongA
GetDC
ShowWindow
DrawTextW
DrawFocusRect
CreatePopupMenu
GetSystemMetrics
SetCursor
DrawTextA
GetKeyState

gdi32

LineTo
CreateCompatibleDC
RealizePalette
SetTextColor
CreateSolidBrush
GetTextExtentPoint32W
CreatePalette
RoundRect
SetTextAlign
DeleteDC
SetBkMode
Polygon
CreateCompatibleBitmap
IntersectClipRect
GetNearestColor
DeleteObject
Rectangle
GetObjectA
CreateDIBSection
GetStockObject
GetDeviceCaps
ExtTextOutW
GetTextExtentPoint32A
MoveToEx
CreateFontIndirectA
SelectObject
SelectPalette
CreatePatternBrush
Ellipse
GetTextExtentExPointW
SetBkColor
CreatePen
ExtTextOutA
BitBlt
GetTextExtentExPointA
CombineRgn
CreateBitmap
TranslateCharsetInfo
CreateRectRgn
GetTextMetricsA

imm32

ImmGetCompositionStringW
ImmSetCompositionWindow
ImmNotifyIME
ImmReleaseContext
ImmGetContext
ImmSetCompositionFontA

ole32

DoDragDrop
RevokeDragDrop
OleUninitialize
RegisterDragDrop
OleInitialize

Exports

Exports

Scintilla_DirectFunction

Sections

.text
Size: 212KB - Virtual size: 209KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
aac/mis.exe
.exe windows x86

Code Sign

04:7a:53
Certificate

Issuer

CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL

Not Before

03/03/2009, 12:53

Not After

03/03/2024, 12:53

Subject

CN=Certum Level III CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

71:09:fa:42:a4:c1:c7:05:08:a6:82:a0:2d:56:dc:2f
Certificate

Issuer

CN=Certum Level III CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

01/06/2015, 00:00

Not After

31/05/2016, 00:00

Subject

CN=Open Source Developer\, Martijn Laan,O=Martijn Laan,C=NL,1.2.840.113549.1.9.1=#0c146d6c61616e406a72736f6674776172652e6f7267

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

d4:48:80:e6:b8:33:63:d1:57:fb:65:df:ce:40:75:a5
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/12/2014, 00:00

Not After

18/12/2017, 23:59

Subject

CN=Korton Group B.V.,O=Korton Group B.V.,POSTALCODE=2132 XZ,STREET=Jadelaan 99,L=Hoofddorp,ST=Noord Holland,C=NL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

89:2c:8c:4c:ca:24:55:3d:4d:4d:7b:97:a3:c0:71:2f:50:77:6a:4e:33:a8:b7:41:e2:a6:52:14:50:a4:c5:75
Signer

Actual PE Digest

89:2c:8c:4c:ca:24:55:3d:4d:4d:7b:97:a3:c0:71:2f:50:77:6a:4e:33:a8:b7:41:e2:a6:52:14:50:a4:c5:75

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Korton Group B.V.,O=Korton Group B.V.,POSTALCODE=2132 XZ,STREET=Jadelaan 99,L=Hoofddorp,ST=Noord Holland,C=NL

06/04/2016, 14:38
Valid: true

Chain 1

CN=Korton Group B.V.,O=Korton Group B.V.,POSTALCODE=2132 XZ,STREET=Jadelaan 99,L=Hoofddorp,ST=Noord Holland,C=NL

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

bd:84:4b:0a:25:37:01:e4:3b:9f:36:82:cd:32:aa:93:13:b2:5a:31
Signer

Actual PE Digest

bd:84:4b:0a:25:37:01:e4:3b:9f:36:82:cd:32:aa:93:13:b2:5a:31

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Open Source Developer\, Martijn Laan,O=Martijn Laan,C=NL,1.2.840.113549.1.9.1=#0c146d6c61616e406a72736f6674776172652e6f7267

06/04/2016, 14:38
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 391KB - Virtual size: 390KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 343KB - Virtual size: 343KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c67dff5385c1d930bb826cad4db9b04f

Headers

File Characteristics

Imports

kernel32

msvcrt

psapi

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 44B

.rdata Size: 7KB - Virtual size: 6KB

.bss Size: - Virtual size: 940B

.edata Size: 512B - Virtual size: 323B

.idata Size: 1KB - Virtual size: 1KB

.CRT Size: 512B - Virtual size: 44B

.tls Size: 512B - Virtual size: 8B

.reloc Size: 1024B - Virtual size: 584B

/4 Size: 1024B - Virtual size: 528B

/19 Size: 174KB - Virtual size: 173KB

/31 Size: 7KB - Virtual size: 7KB

/45 Size: 10KB - Virtual size: 10KB

/57 Size: 2KB - Virtual size: 1KB

/70 Size: 1024B - Virtual size: 790B

/81 Size: 5KB - Virtual size: 4KB

/92 Size: 1024B - Virtual size: 600B

b002e16e4930e3fcbc0117d5da819ced

Code Sign

04:7a:53Certificate

Key Usages

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

71:09:fa:42:a4:c1:c7:05:08:a6:82:a0:2d:56:dc:2fCertificate

Extended Key Usages

Key Usages

d4:48:80:e6:b8:33:63:d1:57:fb:65:df:ce:40:75:a5Certificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

5a:66:c9:98:b8:b1:2c:79:ff:a7:34:06:96:8f:be:6f:49:a8:2f:96:ad:42:ec:74:33:cc:4e:e0:f0:f8:57:faSigner

Signature Validations

Verification

15/02/2016, 08:34 Valid: true

Chain 1

da:86:a0:44:32:aa:ac:e9:90:53:03:fb:4c:27:f3:e3:9a:65:b8:47Signer

Signature Validations

Verification

15/02/2016, 08:34 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

imm32

ole32

Exports

Exports

Sections

.text Size: 212KB - Virtual size: 209KB

.rdata Size: 28KB - Virtual size: 26KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 11KB

Code Sign

04:7a:53Certificate

Key Usages

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

.text
Size: 7KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 44B

.rdata
Size: 7KB - Virtual size: 6KB

.bss
Size: - Virtual size: 940B

.edata
Size: 512B - Virtual size: 323B

.idata
Size: 1KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 8B

.reloc
Size: 1024B - Virtual size: 584B

/4
Size: 1024B - Virtual size: 528B

/19
Size: 174KB - Virtual size: 173KB

/31
Size: 7KB - Virtual size: 7KB

/45
Size: 10KB - Virtual size: 10KB

/57
Size: 2KB - Virtual size: 1KB

/70
Size: 1024B - Virtual size: 790B

/81
Size: 5KB - Virtual size: 4KB

/92
Size: 1024B - Virtual size: 600B

04:7a:53
Certificate

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

71:09:fa:42:a4:c1:c7:05:08:a6:82:a0:2d:56:dc:2f
Certificate

d4:48:80:e6:b8:33:63:d1:57:fb:65:df:ce:40:75:a5
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

5a:66:c9:98:b8:b1:2c:79:ff:a7:34:06:96:8f:be:6f:49:a8:2f:96:ad:42:ec:74:33:cc:4e:e0:f0:f8:57:fa
Signer

15/02/2016, 08:34
Valid: true

da:86:a0:44:32:aa:ac:e9:90:53:03:fb:4c:27:f3:e3:9a:65:b8:47
Signer

15/02/2016, 08:34
Valid: false

.text
Size: 212KB - Virtual size: 209KB

.rdata
Size: 28KB - Virtual size: 26KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 11KB

04:7a:53
Certificate

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

71:09:fa:42:a4:c1:c7:05:08:a6:82:a0:2d:56:dc:2f
Certificate

d4:48:80:e6:b8:33:63:d1:57:fb:65:df:ce:40:75:a5
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

89:2c:8c:4c:ca:24:55:3d:4d:4d:7b:97:a3:c0:71:2f:50:77:6a:4e:33:a8:b7:41:e2:a6:52:14:50:a4:c5:75
Signer

06/04/2016, 14:38
Valid: true

bd:84:4b:0a:25:37:01:e4:3b:9f:36:82:cd:32:aa:93:13:b2:5a:31
Signer

06/04/2016, 14:38
Valid: false

CODE
Size: 391KB - Virtual size: 390KB

DATA
Size: 5KB - Virtual size: 4KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 10KB - Virtual size: 9KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: - Virtual size: 25KB

.rsrc
Size: 343KB - Virtual size: 343KB