DESCOMPRIMIR R2PAK R2N[.]7z

Sharing

Copy URL Twitter E-mail

General

Target

DESCOMPRIMIR R2PAK R2N.7z
Size

204KB
MD5

7f92d45700175c661854c3775e65727a
SHA1

bd5d410d29ae2f98cbeaac4972dc70f492661894
SHA256

db56992c5194a4f24fc9632c5155e543866cdf7c92c17b3e624417e8955aef98
SHA512

f70045cc0d8d0b242133d8354023ae383282619d2f0aff97d8e085800cb31f1f25f0dae1eadfd346ca7a45d96c2b448aee803442d55f99be816e16d67aa07553
SSDEEP

6144:mg5QKgj9eLwCuH9cQ+ze0y4dZiArfZzHSfznTIU/1:Ef9eLxRl/tuLt/1

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack002/SimplePakViewer/GUIENV.exe
unpack002/SimplePakViewer/R2PAKGUI.exe

Files

DESCOMPRIMIR R2PAK R2N.7z
.7z
DESCOMPRIMIR R2PAK R2N/1.jpg
.jpg
DESCOMPRIMIR R2PAK R2N/2.jpg
.jpg
DESCOMPRIMIR R2PAK R2N/R2PAK-1.10.0.113.7z
.7z
Pack+Unpack/R2PAKENV.exe
.exe windows x86

94fab0da6edb7ce735f00d8d89caa9f0

Code Sign

04
Certificate

Issuer

CN=ZX Personal Certificate PCA B2,O=ZX Inc.,C=CN

Not Before

01/01/2015, 00:00

Not After

01/01/2020, 00:00

Subject

CN=Linda Zhang,C=CN,1.2.840.113549.1.9.1=#0c0e6c696e646173634071712e636f6d

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21
Certificate

Issuer

CN=ZX Inc Root CA,O=ZX Inc.

Not Before

01/01/2015, 00:00

Not After

01/01/2020, 00:00

Subject

CN=ZX Personal Certificate PCA B2,O=ZX Inc.,C=CN

b0:e9:36:61:71:f7:fd:eb:fb:73:53:48:fb:b6:e7:02:0d:5d:9d:a6
Signer

Actual PE Digest

b0:e9:36:61:71:f7:fd:eb:fb:73:53:48:fb:b6:e7:02:0d:5d:9d:a6

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Linda Zhang,C=CN,1.2.840.113549.1.9.1=#0c0e6c696e646173634071712e636f6d

04/11/2016, 23:22
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
ord696
ord697
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
ord517
_adj_fprem1
ord519
__vbaStrCat
__vbaSetSystemError
__vbaRecDestruct
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
ord669
__vbaExitProc
__vbaOnError
ord595
__vbaObjSet
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
ord709
ord631
ord525
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
DllFunctionCall
ord563
__vbaLbound
__vbaRedimPreserve
_adj_fpatan
__vbaRedim
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaStr2Vec
__vbaExceptHandler
ord712
ord606
_adj_fprem
_adj_fdivr_m64
__vbaFPException
ord717
__vbaUbound
__vbaStrVarVal
__vbaVarCat
ord644
_CIlog
__vbaErrorOverflow
__vbaVar2Vec
__vbaNew2
__vbaInStr
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
__vbaR8Var
_adj_fdiv_r
ord685
ord100
__vbaVarTstNe
__vbaI4Var
__vbaAryLock
__vbaVarDup
__vbaFpI4
ord616
__vbaVarCopy
_CIatan
ord618
__vbaStrMove
__vbaStrVarCopy
ord619
_allmul
_CItan
__vbaAryUnlock
_CIexp
__vbaFreeObj
__vbaFreeStr
__vbaRecAssign

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Pack+Unpack/r2pak.exe
.exe windows x86

72347d8914066fe2f035966803e44c5d

Code Sign

06
Certificate

Issuer

CN=ZX Personal Certificate PCA B3,O=ZX Inc.,C=CN

Not Before

01/01/2020, 00:00

Not After

01/01/2025, 00:00

Subject

CN=Linda Zhang,C=CN,1.2.840.113549.1.9.1=#0c0e6c696e646173634071712e636f6d

2b
Certificate

Issuer

CN=ZX Inc Root CA,O=ZX Inc.

Not Before

01/01/2020, 00:00

Not After

01/01/2025, 00:00

Subject

CN=ZX Personal Certificate PCA B3,O=ZX Inc.,C=CN

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

94:b8:bc:87:98:95:a7:2b:b2:7d:33:d8:e6:da:37:7e:81:e7:87:d7
Signer

Actual PE Digest

94:b8:bc:87:98:95:a7:2b:b2:7d:33:d8:e6:da:37:7e:81:e7:87:d7

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Linda Zhang,C=CN,1.2.840.113549.1.9.1=#0c0e6c696e646173634071712e636f6d

03/05/2023, 12:04
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WideCharToMultiByte
IsValidCodePage
GetModuleHandleW
SetLastError
MultiByteToWideChar

user32

LoadStringW
MessageBoxW

c_g18030

NlsDllCodePageTranslation

msvcrt

_except_handler3
__set_app_type
__p__fmode
__p__commode
fprintf
_snprintf
free
fwrite
fclose
fread
malloc
ftell
fseek
_snwprintf
wprintf
_wfopen
wcsrchr
wcsncpy
_findclose
_wfindnext
wcscmp
_wfindfirst
wcslen
__CxxFrameHandler
fwprintf
_iob
_wmkdir
_stricmp
fopen
??2@YAPAXI@Z
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
_CxxThrowException
memmove
srand
time
wcstol
wcscpy
setlocale
__dllonexit
_onexit
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
__p___winitenv
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
_controlfp

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SDK/R2PAKENV.exe
.exe windows x86

94fab0da6edb7ce735f00d8d89caa9f0

Code Sign

04
Certificate

Issuer

CN=ZX Personal Certificate PCA B2,O=ZX Inc.,C=CN

Not Before

01/01/2015, 00:00

Not After

01/01/2020, 00:00

Subject

CN=Linda Zhang,C=CN,1.2.840.113549.1.9.1=#0c0e6c696e646173634071712e636f6d

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21
Certificate

Issuer

CN=ZX Inc Root CA,O=ZX Inc.

Not Before

01/01/2015, 00:00

Not After

01/01/2020, 00:00

Subject

CN=ZX Personal Certificate PCA B2,O=ZX Inc.,C=CN

b0:e9:36:61:71:f7:fd:eb:fb:73:53:48:fb:b6:e7:02:0d:5d:9d:a6
Signer

Actual PE Digest

b0:e9:36:61:71:f7:fd:eb:fb:73:53:48:fb:b6:e7:02:0d:5d:9d:a6

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Linda Zhang,C=CN,1.2.840.113549.1.9.1=#0c0e6c696e646173634071712e636f6d

04/11/2016, 23:22
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
ord696
ord697
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
ord517
_adj_fprem1
ord519
__vbaStrCat
__vbaSetSystemError
__vbaRecDestruct
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
ord669
__vbaExitProc
__vbaOnError
ord595
__vbaObjSet
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
ord709
ord631
ord525
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
DllFunctionCall
ord563
__vbaLbound
__vbaRedimPreserve
_adj_fpatan
__vbaRedim
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaStr2Vec
__vbaExceptHandler
ord712
ord606
_adj_fprem
_adj_fdivr_m64
__vbaFPException
ord717
__vbaUbound
__vbaStrVarVal
__vbaVarCat
ord644
_CIlog
__vbaErrorOverflow
__vbaVar2Vec
__vbaNew2
__vbaInStr
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
__vbaR8Var
_adj_fdiv_r
ord685
ord100
__vbaVarTstNe
__vbaI4Var
__vbaAryLock
__vbaVarDup
__vbaFpI4
ord616
__vbaVarCopy
_CIatan
ord618
__vbaStrMove
__vbaStrVarCopy
ord619
_allmul
_CItan
__vbaAryUnlock
_CIexp
__vbaFreeObj
__vbaFreeStr
__vbaRecAssign

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SDK/r2pak.exe
.exe windows x86

72347d8914066fe2f035966803e44c5d

Code Sign

06
Certificate

Issuer

CN=ZX Personal Certificate PCA B3,O=ZX Inc.,C=CN

Not Before

01/01/2020, 00:00

Not After

01/01/2025, 00:00

Subject

CN=Linda Zhang,C=CN,1.2.840.113549.1.9.1=#0c0e6c696e646173634071712e636f6d

2b
Certificate

Issuer

CN=ZX Inc Root CA,O=ZX Inc.

Not Before

01/01/2020, 00:00

Not After

01/01/2025, 00:00

Subject

CN=ZX Personal Certificate PCA B3,O=ZX Inc.,C=CN

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

94:b8:bc:87:98:95:a7:2b:b2:7d:33:d8:e6:da:37:7e:81:e7:87:d7
Signer

Actual PE Digest

94:b8:bc:87:98:95:a7:2b:b2:7d:33:d8:e6:da:37:7e:81:e7:87:d7

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Linda Zhang,C=CN,1.2.840.113549.1.9.1=#0c0e6c696e646173634071712e636f6d

03/05/2023, 12:04
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WideCharToMultiByte
IsValidCodePage
GetModuleHandleW
SetLastError
MultiByteToWideChar

user32

LoadStringW
MessageBoxW

c_g18030

NlsDllCodePageTranslation

msvcrt

_except_handler3
__set_app_type
__p__fmode
__p__commode
fprintf
_snprintf
free
fwrite
fclose
fread
malloc
ftell
fseek
_snwprintf
wprintf
_wfopen
wcsrchr
wcsncpy
_findclose
_wfindnext
wcscmp
_wfindfirst
wcslen
__CxxFrameHandler
fwprintf
_iob
_wmkdir
_stricmp
fopen
??2@YAPAXI@Z
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
_CxxThrowException
memmove
srand
time
wcstol
wcscpy
setlocale
__dllonexit
_onexit
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
__p___winitenv
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
_controlfp

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SDK/r2unpak.exe
.exe windows x86

f53e8b5006dde76d2d2dc0ebd8ea5a91

Code Sign

06
Certificate

Issuer

CN=ZX Personal Certificate PCA B3,O=ZX Inc.,C=CN

Not Before

01/01/2020, 00:00

Not After

01/01/2025, 00:00

Subject

CN=Linda Zhang,C=CN,1.2.840.113549.1.9.1=#0c0e6c696e646173634071712e636f6d

2b
Certificate

Issuer

CN=ZX Inc Root CA,O=ZX Inc.

Not Before

01/01/2020, 00:00

Not After

01/01/2025, 00:00

Subject

CN=ZX Personal Certificate PCA B3,O=ZX Inc.,C=CN

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

2f:1c:e1:00:f6:d9:15:51:04:2c:dd:5c:d0:de:34:2a:84:ef:fa:3d
Signer

Actual PE Digest

2f:1c:e1:00:f6:d9:15:51:04:2c:dd:5c:d0:de:34:2a:84:ef:fa:3d

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Linda Zhang,C=CN,1.2.840.113549.1.9.1=#0c0e6c696e646173634071712e636f6d

03/05/2023, 12:04
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WideCharToMultiByte
IsValidCodePage
GetModuleHandleW
SetLastError
MultiByteToWideChar

user32

LoadStringW

c_g18030

NlsDllCodePageTranslation

msvcrt

__dllonexit
_controlfp
_except_handler3
fwprintf
_iob
free
fwrite
malloc
_wmkdir
_snwprintf
wprintf
fclose
fread
fseek
_wfopen
_stricmp
ftell
fopen
wcsrchr
srand
time
wcscpy
wcscmp
wcsncpy
setlocale
_exit
_XcptFilter
exit
__p___winitenv
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_onexit

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SDK/westpak.dll
.dll windows x86

85d3caba34465e79463485980e4f5a3f

Code Sign

06
Certificate

Issuer

CN=ZX Personal Certificate PCA B3,O=ZX Inc.,C=CN

Not Before

01/01/2020, 00:00

Not After

01/01/2025, 00:00

Subject

CN=Linda Zhang,C=CN,1.2.840.113549.1.9.1=#0c0e6c696e646173634071712e636f6d

2b
Certificate

Issuer

CN=ZX Inc Root CA,O=ZX Inc.

Not Before

01/01/2020, 00:00

Not After

01/01/2025, 00:00

Subject

CN=ZX Personal Certificate PCA B3,O=ZX Inc.,C=CN

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6d:67:74:18:30:55:e7:61:47:e6:36:0a:b5:04:e3:cc:bd:50:11:47
Signer

Actual PE Digest

6d:67:74:18:30:55:e7:61:47:e6:36:0a:b5:04:e3:cc:bd:50:11:47

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Linda Zhang,C=CN,1.2.840.113549.1.9.1=#0c0e6c696e646173634071712e636f6d

03/05/2023, 12:04
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WideCharToMultiByte
SetLastError
IsValidCodePage
MultiByteToWideChar

user32

MessageBoxW
LoadStringW

c_g18030

NlsDllCodePageTranslation

msvcrt

_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
fclose
fprintf
fwrite
_snprintf
wprintf
_wfopen
wcsrchr
wcsncpy
_findclose
_wfindnext
wcscmp
_wfindfirst
_snwprintf
wcslen
__CxxFrameHandler
??2@YAPAXI@Z
free
fread
malloc
ftell
fseek
fwprintf
_iob
_wmkdir
_stricmp
fopen
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
_CxxThrowException
memmove
wcscpy

Exports

Exports

EnumFileFromPak2A
EnumFileFromPak2W
EnumFileFromPakA
EnumFileFromPakW
GetFileFromPak
GetFileFromPakA
GetFileFromPakOffset2A
GetFileFromPakOffset2W
GetFileFromPakOffsetA
GetFileFromPakOffsetW
GetFileFromPakW
decodepakfile
decodepakfileW
encodepakfile
encodepakfile2A
encodepakfile2W
encodepakfileW
lzsscompress
lzsscompress2
lzsscompress2_xor
lzsscompress_xor
lzsscompressbound
lzssdecompress
lzssdecompress_xor
setcopyrightinfo

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SDK/westpak.h
SDK/westpak.lib
SDK/westpak1.dll
.dll windows x86

1b54d8e42a89a7a167bdb1248277909b

Code Sign

06
Certificate

Issuer

CN=ZX Personal Certificate PCA B3,O=ZX Inc.,C=CN

Not Before

01/01/2020, 00:00

Not After

01/01/2025, 00:00

Subject

CN=Linda Zhang,C=CN,1.2.840.113549.1.9.1=#0c0e6c696e646173634071712e636f6d

2b
Certificate

Issuer

CN=ZX Inc Root CA,O=ZX Inc.

Not Before

01/01/2020, 00:00

Not After

01/01/2025, 00:00

Subject

CN=ZX Personal Certificate PCA B3,O=ZX Inc.,C=CN

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

d6:32:5d:fe:a5:49:2b:1b:27:e9:a1:24:7a:c1:3e:b9:8e:60:0b:0b
Signer

Actual PE Digest

d6:32:5d:fe:a5:49:2b:1b:27:e9:a1:24:7a:c1:3e:b9:8e:60:0b:0b

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Linda Zhang,C=CN,1.2.840.113549.1.9.1=#0c0e6c696e646173634071712e636f6d

03/05/2023, 12:04
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WideCharToMultiByte
SetLastError
IsValidCodePage
MultiByteToWideChar

user32

LoadStringW

c_g18030

NlsDllCodePageTranslation

msvcrt

_adjust_fdiv
_initterm
fwprintf
_iob
free
fwrite
malloc
_wmkdir
_snwprintf
wprintf
fclose
fread
fseek
_wfopen
_stricmp
ftell
fopen
wcsrchr
wcscpy
wcslen

Exports

Exports

EnumFileFromPakA
EnumFileFromPakW
GetFileFromPak
GetFileFromPakA
GetFileFromPakOffset2A
GetFileFromPakOffset2W
GetFileFromPakOffsetA
GetFileFromPakOffsetW
GetFileFromPakW
decodepakfile
decodepakfileW
lzssdecompress
lzssdecompress_xor

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 788B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 358B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SDK/westpak1.lib
SDK/使用帮助.txt
SDK/更新日志.txt
SDK/格式说明.txt
SimplePakViewer/GUIENV.exe
.exe windows x86

c069f339fe10f762c66e97aa67f23f08

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
ord696
ord697
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
ord517
_adj_fprem1
ord519
__vbaStrCat
__vbaSetSystemError
__vbaRecDestruct
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
ord669
__vbaExitProc
__vbaOnError
ord595
__vbaObjSet
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
ord709
ord631
ord525
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
DllFunctionCall
ord563
__vbaLbound
__vbaRedimPreserve
_adj_fpatan
__vbaRedim
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaStr2Vec
__vbaExceptHandler
ord712
ord606
_adj_fprem
_adj_fdivr_m64
__vbaFPException
ord717
__vbaUbound
__vbaStrVarVal
__vbaVarCat
ord644
_CIlog
__vbaErrorOverflow
__vbaVar2Vec
__vbaNew2
__vbaInStr
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
__vbaR8Var
_adj_fdiv_r
ord685
ord100
__vbaVarTstNe
__vbaI4Var
__vbaAryLock
__vbaVarDup
__vbaFpI4
ord616
__vbaVarCopy
_CIatan
ord618
__vbaStrMove
__vbaStrVarCopy
ord619
_allmul
_CItan
__vbaAryUnlock
_CIexp
__vbaFreeObj
__vbaFreeStr
__vbaRecAssign

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SimplePakViewer/R2PAKGUI.exe
.exe windows x86

6e46e1a7b110a5220f802fce49084bc7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaAryMove
__vbaFreeVar
__vbaLenBstr
__vbaLateIdCall
__vbaStrVarMove
ord696
ord697
__vbaFreeVarList
_adj_fdiv_m64
EVENT_SINK_Invoke
__vbaFreeObjList
_adj_fprem1
ord519
__vbaStrCat
__vbaRecDestruct
__vbaSetSystemError
__vbaLenBstrB
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryVar
Zombie_GetTypeInfo
__vbaAryDestruct
ord669
__vbaExitProc
__vbaForEachCollObj
__vbaObjSet
ord595
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
ord598
_CIsin
ord709
ord631
__vbaNextEachCollObj
ord525
__vbaChkstk
EVENT_SINK_AddRef
ord527
__vbaGenerateBoundsError
__vbaExitEachColl
__vbaStrCmp
__vbaAryConstruct2
__vbaI2I4
DllFunctionCall
__vbaLbound
__vbaRedimPreserve
_adj_fpatan
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaRedim
EVENT_SINK_Release
_CIsqrt
__vbaLateIdCallSt
EVENT_SINK_QueryInterface
__vbaStr2Vec
__vbaExceptHandler
ord711
ord712
ord606
_adj_fprem
_adj_fdivr_m64
__vbaFPException
ord717
__vbaUbound
__vbaI2Var
ord644
_CIlog
__vbaErrorOverflow
__vbaVar2Vec
__vbaInStr
__vbaNew2
__vbaR8Str
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
__vbaStrCopy
ord681
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaI4Var
__vbaAryLock
__vbaVarDup
ord616
__vbaFpI4
_CIatan
__vbaAryCopy
ord618
__vbaStrMove
__vbaStrVarCopy
_allmul
__vbaLateIdSt
_CItan
__vbaAryUnlock
_CIexp
__vbaRecAssign
__vbaFreeObj
__vbaFreeStr
ord581

msvcrt

_wmkdir
_snwprintf
wprintf
fclose
fread
fseek
malloc
_stricmp
ftell
wcsrchr
wcscpy
wcslen
fwrite
free
_iob
fwprintf
_wfopen

kernel32

IsValidCodePage
SetLastError
WideCharToMultiByte
MultiByteToWideChar

c_g18030

NlsDllCodePageTranslation

Sections

.text
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SimplePakViewer/src/!说明.txt
SimplePakViewer/src/PROGENV.frm
SimplePakViewer/src/PROGENV.res
SimplePakViewer/src/PROGENV.vbp
SimplePakViewer/src/R2PAKGUI.vbp
SimplePakViewer/src/deltmp.bat
SimplePakViewer/src/fMain.DCA
SimplePakViewer/src/fMain.Dsr
.vbs
SimplePakViewer/src/fMain.dsx
SimplePakViewer/src/fmMain.frm
.vbs
SimplePakViewer/src/link.ini
SimplePakViewer/src/mMain.bas
.vbs
UnpackOnly/r2unpak.exe
.exe windows x86

f53e8b5006dde76d2d2dc0ebd8ea5a91

Code Sign

06
Certificate

Issuer

CN=ZX Personal Certificate PCA B3,O=ZX Inc.,C=CN

Not Before

01/01/2020, 00:00

Not After

01/01/2025, 00:00

Subject

CN=Linda Zhang,C=CN,1.2.840.113549.1.9.1=#0c0e6c696e646173634071712e636f6d

2b
Certificate

Issuer

CN=ZX Inc Root CA,O=ZX Inc.

Not Before

01/01/2020, 00:00

Not After

01/01/2025, 00:00

Subject

CN=ZX Personal Certificate PCA B3,O=ZX Inc.,C=CN

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

2f:1c:e1:00:f6:d9:15:51:04:2c:dd:5c:d0:de:34:2a:84:ef:fa:3d
Signer

Actual PE Digest

2f:1c:e1:00:f6:d9:15:51:04:2c:dd:5c:d0:de:34:2a:84:ef:fa:3d

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Linda Zhang,C=CN,1.2.840.113549.1.9.1=#0c0e6c696e646173634071712e636f6d

03/05/2023, 12:04
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WideCharToMultiByte
IsValidCodePage
GetModuleHandleW
SetLastError
MultiByteToWideChar

user32

LoadStringW

c_g18030

NlsDllCodePageTranslation

msvcrt

__dllonexit
_controlfp
_except_handler3
fwprintf
_iob
free
fwrite
malloc
_wmkdir
_snwprintf
wprintf
fclose
fread
fseek
_wfopen
_stricmp
ftell
fopen
wcsrchr
srand
time
wcscpy
wcscmp
wcsncpy
setlocale
_exit
_XcptFilter
exit
__p___winitenv
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_onexit

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
更新日志.txt

Sharing

General

Malware Config

Signatures

Files

94fab0da6edb7ce735f00d8d89caa9f0

Code Sign

04Certificate

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91Certificate

Key Usages

21Certificate

b0:e9:36:61:71:f7:fd:eb:fb:73:53:48:fb:b6:e7:02:0d:5d:9d:a6Signer

Signature Validations

Verification

04/11/2016, 23:22 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

msvbvm60

Sections

.text Size: 30KB - Virtual size: 30KB

.data Size: 512B - Virtual size: 3KB

.rsrc Size: 3KB - Virtual size: 2KB

72347d8914066fe2f035966803e44c5d

Code Sign

06Certificate

2bCertificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

94:b8:bc:87:98:95:a7:2b:b2:7d:33:d8:e6:da:37:7e:81:e7:87:d7Signer

Signature Validations

Verification

03/05/2023, 12:04 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

c_g18030

msvcrt

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 29KB - Virtual size: 29KB

94fab0da6edb7ce735f00d8d89caa9f0

Code Sign

04Certificate

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91Certificate

Key Usages

21Certificate

b0:e9:36:61:71:f7:fd:eb:fb:73:53:48:fb:b6:e7:02:0d:5d:9d:a6Signer

Signature Validations

Verification

04/11/2016, 23:22 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

msvbvm60

Sections

.text Size: 30KB - Virtual size: 30KB

.data Size: 512B - Virtual size: 3KB

.rsrc Size: 3KB - Virtual size: 2KB

72347d8914066fe2f035966803e44c5d

Code Sign

06Certificate

2bCertificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

04
Certificate

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

21
Certificate

b0:e9:36:61:71:f7:fd:eb:fb:73:53:48:fb:b6:e7:02:0d:5d:9d:a6
Signer

04/11/2016, 23:22
Valid: false

.text
Size: 30KB - Virtual size: 30KB

.data
Size: 512B - Virtual size: 3KB

.rsrc
Size: 3KB - Virtual size: 2KB

06
Certificate

2b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

94:b8:bc:87:98:95:a7:2b:b2:7d:33:d8:e6:da:37:7e:81:e7:87:d7
Signer

03/05/2023, 12:04
Valid: false

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 29KB - Virtual size: 29KB

04
Certificate

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

21
Certificate

b0:e9:36:61:71:f7:fd:eb:fb:73:53:48:fb:b6:e7:02:0d:5d:9d:a6
Signer

04/11/2016, 23:22
Valid: false

.text
Size: 30KB - Virtual size: 30KB

.data
Size: 512B - Virtual size: 3KB

.rsrc
Size: 3KB - Virtual size: 2KB

06
Certificate

2b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

94:b8:bc:87:98:95:a7:2b:b2:7d:33:d8:e6:da:37:7e:81:e7:87:d7
Signer

03/05/2023, 12:04
Valid: false

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 29KB - Virtual size: 29KB

06
Certificate

2b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

2f:1c:e1:00:f6:d9:15:51:04:2c:dd:5c:d0:de:34:2a:84:ef:fa:3d
Signer

03/05/2023, 12:04
Valid: false

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 29KB - Virtual size: 29KB

06
Certificate

2b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

6d:67:74:18:30:55:e7:61:47:e6:36:0a:b5:04:e3:cc:bd:50:11:47
Signer

03/05/2023, 12:04
Valid: false