Setup[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Setup.rar
Size

6.2MB
MD5

556306f1cc7ed810331617bd073ef7a5
SHA1

f247562a9c523fb815cdd4e9b0fc134755c3696f
SHA256

517571b1421145d4001b81d944049fcc48255da2eaac5e12bf58e1ca37cee87a
SHA512

065ff22bbb6b90eb6a914a32781a3faa8cf74c76f061d89ea98b7374781ee222246abeb72a9e08d9711bcb23ae4b2caf818d1484ed3179cf23ac398a5b5537cc
SSDEEP

196608:5K+1nVaqYNXy8TRcOKbtsdBT3HoZ6sGK5cL:HSNXy2OHmdd3Ho6c5cL

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Bin/sbs_system.data.dll
unpack001/Bin/sbs_system.enterpriseservices.dll

Files

Setup.rar
.rar

Password: 2023
Bin/Privacy Policy/Privacy Policy.txt
Bin/bin/Data/bootx64.efi
.dll windows x64

Password: 2023

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

88:d0:ff:fa:39:fe:d6:5e:69:9c:7a:19:b6:9f:c7:0a:62:0b:20:5b:af:e7:a8:99:02:5d:bc:6a:71:fc:0b:3b
Signer

Actual PE Digest

88:d0:ff:fa:39:fe:d6:5e:69:9c:7a:19:b6:9f:c7:0a:62:0b:20:5b:af:e7:a8:99:02:5d:bc:6a:71:fc:0b:3b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

TRANSIT
Size: 512B - Virtual size: 29B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/js1cr.dll
Bin/license-key.key
Bin/sbs_VsaVb7rt.dll
.dll windows x86

Password: 2023

1ee86a608d231b83dca35006d3b58ed8

Code Sign

61:19:cc:93:00:01:00:00:00:66
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

10/10/2011, 20:32

Not After

10/01/2013, 20:32

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:05:19:96:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2011, 20:42

Not After

25/10/2012, 20:42

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:9E78-864B-039D,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

50:e6:af:15:30:3d:56:cc:89:94:6c:c5:ee:40:bb:52:14:fa:8d:e0
Signer

Actual PE Digest

50:e6:af:15:30:3d:56:cc:89:94:6c:c5:ee:40:bb:52:14:fa:8d:e0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcr90

_except_handler4_common
_onexit
_crt_debugger_hook
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
free
_malloc_crt
_encode_pointer

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
InterlockedCompareExchange
Sleep
InterlockedExchange
IsDebuggerPresent

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 860B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/sbs_system.data.dll
.dll windows x86

Password: 2023

e0bd3263fd5ea99b1d0c2f6f5194cc24

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_except_handler4_common
_XcptFilter
_initterm
malloc
free
_amsg_exit

kernel32

Sleep
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 844B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/sbs_system.enterpriseservices.dll
.dll windows x86

Password: 2023

e0bd3263fd5ea99b1d0c2f6f5194cc24

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_except_handler4_common
_XcptFilter
_initterm
malloc
free
_amsg_exit

kernel32

Sleep
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 844B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/updater.ini
Bin/version.json
CSERHelper.dll
.dll windows x86

Password: 2023

dc33390e11f40d35aacb3b7595b60d08

Code Sign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

08:4c:af:4d:f4:99:14:1d:40:4b:71:99:aa:2c:21:31
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/09/2015, 00:00

Not After

03/10/2018, 12:00

Subject

CN=Valve,O=Valve,L=Bellevue,ST=WA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:b1:01:21:ff:0d:6b:21:e2:db:68:ef:fb:a5:ce:d5:6d:be:ae:a5
Signer

Actual PE Digest

7b:b1:01:21:ff:0d:6b:21:e2:db:68:ef:fb:a5:ce:d5:6d:be:ae:a5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

dbghelp

SymSetOptions
SymGetSymFromAddr
SymGetOptions
SymLoadModule64
SymGetModuleInfo64
SymGetLineFromAddr64
SymGetSymFromAddr64
SymGetModuleBase64
SymLoadModule
SymCleanup
SymInitialize
StackWalk64
UnDecorateSymbolName
SymFunctionTableAccess64

kernel32

GetThreadContext
OutputDebugStringW
WriteFile
IsDebuggerPresent
GetProfileIntW
SearchPathW
LoadLibraryW
GetProcAddress
MultiByteToWideChar
GetModuleFileNameA
CreateFileA
WideCharToMultiByte
GetACP
RaiseException
GetModuleHandleW
SetUnhandledExceptionFilter
IsBadCodePtr
IsBadReadPtr
FormatMessageW
lstrlenA
lstrcpynW
ReadProcessMemory
GlobalAlloc
GetCurrentProcess
GetCurrentThread
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameW
LocalFree
ExitProcess
OutputDebugStringA
VirtualQueryEx
GetVersionExW
DisableThreadLibraryCalls
VirtualQuery
VirtualProtect
IsBadStringPtrA
IsBadStringPtrW
CreateFileW
CloseHandle
GetCurrentThreadId
OpenProcess
GetThreadPriority
SetThreadPriority
OpenThread
SuspendThread
ResumeThread
FreeLibrary
GlobalLock
GlobalUnlock
GetLocaleInfoW
FindResourceExW
LoadResource
LockResource
GetProcessHeap
HeapFree
lstrlenW
GetLastError
HeapAlloc
GetCurrentProcessId
SetLastError
InterlockedExchange
LocalAlloc
IsBadWritePtr
GlobalFree
HeapReAlloc
TlsSetValue
GetCommandLineA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
GetModuleHandleA
TerminateProcess
HeapSize
TlsFree
TlsGetValue
TlsAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemInfo
LCMapStringA
LCMapStringW
InitializeCriticalSection
SetFilePointer
GetOEMCP
GetCPInfo
LoadLibraryA
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
RtlUnwind
SetStdHandle
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
FlushFileBuffers

advapi32

RegOpenKeyExW
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegCreateKeyW
RegCloseKey

Exports

Exports

AddClientDV
AddCrashHandlerLimitModule
AddDiagAssertModule
AllocAndFillProcessModuleList
BSUAnsi2Wide
BSUGetModuleBaseNameA
BSUGetModuleBaseNameW
BSUGetModuleFileNameExA
BSUGetModuleFileNameExW
BSUIsInteractiveUser
BSUSetCurrentThreadNameA
BSUSetCurrentThreadNameW
BSUSetThreadNameA
BSUSetThreadNameW
BSUSymInitializeA
BSUSymInitializeW
BSUWide2Ansi
CreateCurrentProcessCrashDumpA
CreateCurrentProcessCrashDumpW
DiagAssertA
DiagAssertW
DiagOutputA
DiagOutputW
GetFaultReason
GetFirstStackTraceString
GetLimitModuleCount
GetLimitModulesArray
GetLoadedModules
GetNextStackTraceString
GetProcessThreadIds
GetRegisterString
GetSuperAssertionCount
HookImportedFunctionsByNameA
HookImportedFunctionsByNameW
HookOrdinalExportA
HookOrdinalExportW
IsMiniDumpFunctionAvailable
IsNT
IsNT4
IsServer2003
IsServer2003orBetter
IsW2K
IsW2KorBetter
IsXP
IsXPorBetter
MemStressInitializeA
MemStressInitializeW
MemStressTerminate
SetCrashHandlerFilter
SetDiagAssertFile
SetDiagAssertOptions
SetDiagOutputFile
SnapCurrentProcessMiniDumpA
SnapCurrentProcessMiniDumpW
SuperAssertionA
SuperAssertionW
ValidateAllBlocks

Sections

.text
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Data/bootx64.efi
.dll windows x64

Password: 2023

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

88:d0:ff:fa:39:fe:d6:5e:69:9c:7a:19:b6:9f:c7:0a:62:0b:20:5b:af:e7:a8:99:02:5d:bc:6a:71:fc:0b:3b
Signer

Actual PE Digest

88:d0:ff:fa:39:fe:d6:5e:69:9c:7a:19:b6:9f:c7:0a:62:0b:20:5b:af:e7:a8:99:02:5d:bc:6a:71:fc:0b:3b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

TRANSIT
Size: 512B - Virtual size: 29B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Efi/file/boot/bcd
Efi/file/boot/cdboot.efi
.dll windows x64

Password: 2023

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:83:ff:77:ea:d4:9b:bf:c2:e5:e6:4e:b1:8d:09:77:4c:33:80:56:e5:ca:a6:ff:a0:3d:22:6f:31:73:ea:4c
Signer

Actual PE Digest

08:83:ff:77:ea:d4:9b:bf:c2:e5:e6:4e:b1:8d:09:77:4c:33:80:56:e5:ca:a6:ff:a0:3d:22:6f:31:73:ea:4c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 920KB - Virtual size: 920KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

TRANSIT
Size: 512B - Virtual size: 29B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGER32C
Size: 1024B - Virtual size: 729B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 243KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Efi/file/boot/cdboot_noprompt.efi
.dll windows x64

Password: 2023

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

60:a6:21:6b:96:8a:51:4b:77:59:a5:2e:f0:38:25:b4:d1:2d:d4:c5:8a:b5:ea:9f:c7:78:d6:f0:17:c7:c4:0d
Signer

Actual PE Digest

60:a6:21:6b:96:8a:51:4b:77:59:a5:2e:f0:38:25:b4:d1:2d:d4:c5:8a:b5:ea:9f:c7:78:d6:f0:17:c7:c4:0d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 920KB - Virtual size: 920KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

TRANSIT
Size: 512B - Virtual size: 29B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGER32C
Size: 1024B - Virtual size: 729B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 243KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Efi/file/boot/efisys.bin
Efi/file/boot/efisys_noprompt.bin
Efi/file/boot/memtest.efi
.exe windows x64

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

73:0d:a7:4f:e5:42:02:46:8a:65:6b:70:ff:e6:dc:cc:31:1c:f9:74:63:7d:17:22:0f:e3:ee:a2:2d:e7:f2:b8
Signer

Actual PE Digest

73:0d:a7:4f:e5:42:02:46:8a:65:6b:70:ff:e6:dc:cc:31:1c:f9:74:63:7d:17:22:0f:e3:ee:a2:2d:e7:f2:b8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

TRANSIT
Size: 512B - Virtual size: 29B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGER32C
Size: 1024B - Virtual size: 729B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 344KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Efi/file/boot/resources/bootres.dll
.dll windows x64

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b6:2e:51:11:48:26:75:4e:ca:26:c8:9b:ae:65:71:d4:23:44:00:47:f9:66:00:d6:bf:c7:76:b5:50:4f:2c:2f
Signer

Actual PE Digest

b6:2e:51:11:48:26:75:4e:ca:26:c8:9b:ae:65:71:d4:23:44:00:47:f9:66:00:d6:bf:c7:76:b5:50:4f:2c:2f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Efi/file/boot/winsipolicy.p7b
Efi/script/bootx64.efi
.dll windows x64

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

88:d0:ff:fa:39:fe:d6:5e:69:9c:7a:19:b6:9f:c7:0a:62:0b:20:5b:af:e7:a8:99:02:5d:bc:6a:71:fc:0b:3b
Signer

Actual PE Digest

88:d0:ff:fa:39:fe:d6:5e:69:9c:7a:19:b6:9f:c7:0a:62:0b:20:5b:af:e7:a8:99:02:5d:bc:6a:71:fc:0b:3b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

TRANSIT
Size: 512B - Virtual size: 29B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SDL2.dll
.dll windows x86

0fa8efa71e549d4ce00d11b8b39efe67

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:89:b3:bc:eb:44:09:89:0a:32:d7:19:76:b1:32:a4
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

07/10/2021, 00:00

Not After

09/10/2024, 23:59

Subject

CN=Valve Corp.,O=Valve Corp.,L=Bellevue,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:2c:77:5d:0c:81:34:2d:40:a6:f6:af:ab:8d:a7:1e:18:72:6f:97:d5:2b:da:83:8c:33:d5:38:33:f6:c8:bc
Signer

Actual PE Digest

61:2c:77:5d:0c:81:34:2d:40:a6:f6:af:ab:8d:a7:1e:18:72:6f:97:d5:2b:da:83:8c:33:d5:38:33:f6:c8:bc

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

SetupDiGetDevicePropertyW
SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassDevsW
SetupDiGetDeviceInterfaceDetailW
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo

winmm

waveInClose
waveInOpen
waveInGetDevCapsW
waveInGetNumDevs
waveOutReset
waveOutWrite
waveOutUnprepareHeader
waveInPrepareHeader
waveOutClose
waveOutOpen
waveOutGetErrorTextW
waveOutGetDevCapsW
timeBeginPeriod
timeEndPeriod
waveInUnprepareHeader
waveInAddBuffer
waveInStart
waveOutPrepareHeader
waveOutGetNumDevs
waveInReset

imm32

ImmGetCandidateListW
ImmNotifyIME
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmSetCompositionStringW
ImmGetCompositionStringW
ImmAssociateContext
ImmReleaseContext
ImmGetIMEFileNameA
ImmGetContext

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

kernel32

WaitForSingleObject
CloseHandle
CreateSemaphoreW
WideCharToMultiByte
WaitForSingleObjectEx
CreateEventW
FreeLibrary
GetProcAddress
LoadLibraryW
VerSetConditionMask
GetLastError
FormatMessageW
VerifyVersionInfoW
GlobalMemoryStatusEx
ReleaseSemaphore
LoadLibraryA
SetErrorMode
GetFileSizeEx
WriteFile
ReadFile
SetFilePointer
SetFilePointerEx
CreateFileW
GetModuleFileNameW
CreateDirectoryW
GetModuleHandleW
LocalFree
GetOverlappedResult
ResetEvent
DeviceIoControl
CreateFileA
CancelIo
InterlockedExchange
GetSystemPowerStatus
GetCurrentProcess
ExitProcess
TerminateProcess
GetStdHandle
OutputDebugStringW
GetConsoleMode
AttachConsole
WriteConsoleW
GetEnvironmentVariableA
SetEnvironmentVariableA
InterlockedCompareExchange
VirtualAlloc
VirtualFree
VirtualQuery
Sleep
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
RaiseException
CreateThread
GetCurrentThread
SetThreadPriority
IsDebuggerPresent
TlsAlloc
TlsGetValue
TlsSetValue
QueryPerformanceCounter
QueryPerformanceFrequency
GlobalAlloc
GlobalLock
GlobalUnlock
MulDiv
GetTickCount
CompareStringA
SetThreadExecutionState
GetModuleHandleExW
GetLocaleInfoA
GetSystemInfo

user32

GetRawInputDeviceList
OpenClipboard
CloseClipboard
GetClipboardSequenceNumber
SetClipboardData
GetClipboardData
EmptyClipboard
IsClipboardFormatAvailable
TrackMouseEvent
PeekMessageW
GetMessageExtraInfo
PostMessageW
GetClassInfoExW
SetWindowPos
IsIconic
GetKeyState
GetAsyncKeyState
GetSystemMetrics
GetMenu
GetForegroundWindow
GetUpdateRect
InvalidateRect
ValidateRect
GetPropW
GetClientRect
GetWindowRect
AdjustWindowRectEx
SetCursor
GetCursorPos
ClipCursor
GetClipCursor
ClientToScreen
ScreenToClient
IsRectEmpty
GetWindowLongW
CallNextHookEx
LoadIconW
DestroyIcon
GetRawInputData
GetKeyboardLayout
GetKeyboardState
ToUnicode
MapVirtualKeyW
DialogBoxIndirectParamW
EndDialog
GetDlgItem
SetFocus
DrawTextW
GetDC
ReleaseDC
SetWindowLongW
SystemParametersInfoA
PostThreadMessageW
ChangeDisplaySettingsExW
EnumDisplaySettingsW
EnumDisplayDevicesW
MonitorFromPoint
GetMonitorInfoW
EnumDisplayMonitors
SetCapture
ReleaseCapture
SetCursorPos
LoadCursorW
CopyImage
CreateIconIndirect
RegisterRawInputDevices
SetWindowRgn
RegisterWindowMessageA
SendMessageW
AttachThreadInput
RegisterClassW
ShowWindow
SetLayeredWindowAttributes
FlashWindowEx
GetFocus
SetActiveWindow
SetForegroundWindow
SetPropW
RemovePropW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
IntersectRect
PtInRect
GetParent
GetWindowThreadProcessId
SetWindowsHookExW
UnhookWindowsHookEx
CreateIconFromResource
MonitorFromRect
MonitorFromWindow
DispatchMessageW
TranslateMessage
GetMessageW
DestroyWindow
CreateWindowExA
RegisterClassExA
UnregisterClassA
DefWindowProcW
UnregisterDeviceNotification
RegisterDeviceNotificationW
GetDoubleClickTime
MessageBoxA
GetDesktopWindow
KillTimer
SetTimer
CreateWindowExW
RegisterClassExW
UnregisterClassW
SystemParametersInfoW
CallWindowProcW
GetRawInputDeviceInfoA

gdi32

DeleteObject
GetDIBits
SelectObject
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
CreateDIBSection
BitBlt
SetDeviceGammaRamp
GetDeviceGammaRamp
GetICMProfileW
CreateRectRgn
CombineRgn
SwapBuffers
SetPixelFormat
GetPixelFormat
DescribePixelFormat
ChoosePixelFormat
CreateBitmap
CreateDCW
GetTextMetricsW
GetTextExtentPoint32A
GetDeviceCaps
CreateFontIndirectW

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW

shell32

SHGetFolderPathW
DragQueryFileW
DragFinish
ExtractIconExW
DragAcceptFiles
ShellExecuteW

ole32

PropVariantClear
CoUninitialize
CoInitializeEx
CoTaskMemFree
CLSIDFromString
CoCreateInstance

oleaut32

SysFreeString

Exports

Exports

SDL_AddEventWatch
SDL_AddHintCallback
SDL_AddTimer
SDL_AllocFormat
SDL_AllocPalette
SDL_AllocRW
SDL_AtomicAdd
SDL_AtomicCAS
SDL_AtomicCASPtr
SDL_AtomicGet
SDL_AtomicGetPtr
SDL_AtomicLock
SDL_AtomicSet
SDL_AtomicSetPtr
SDL_AtomicTryLock
SDL_AtomicUnlock
SDL_AudioInit
SDL_AudioQuit
SDL_AudioStreamAvailable
SDL_AudioStreamClear
SDL_AudioStreamFlush
SDL_AudioStreamGet
SDL_AudioStreamPut
SDL_BuildAudioCVT
SDL_CalculateGammaRamp
SDL_CaptureMouse
SDL_ClearComposition
SDL_ClearError
SDL_ClearHints
SDL_ClearQueuedAudio
SDL_CloseAudio
SDL_CloseAudioDevice
SDL_ComposeCustomBlendMode
SDL_CondBroadcast
SDL_CondSignal
SDL_CondWait
SDL_CondWaitTimeout
SDL_ConvertAudio
SDL_ConvertPixels
SDL_ConvertSurface
SDL_ConvertSurfaceFormat
SDL_CreateColorCursor
SDL_CreateCond
SDL_CreateCursor
SDL_CreateMutex
SDL_CreateRGBSurface
SDL_CreateRGBSurfaceFrom
SDL_CreateRGBSurfaceWithFormat
SDL_CreateRGBSurfaceWithFormatFrom
SDL_CreateRenderer
SDL_CreateSemaphore
SDL_CreateShapedWindow
SDL_CreateSoftwareRenderer
SDL_CreateSystemCursor
SDL_CreateTexture
SDL_CreateTextureFromSurface
SDL_CreateThread
SDL_CreateThreadWithStackSize
SDL_CreateWindow
SDL_CreateWindowAndRenderer
SDL_CreateWindowFrom
SDL_DXGIGetOutputInfo
SDL_DYNAPI_entry
SDL_DelEventWatch
SDL_DelHintCallback
SDL_Delay
SDL_DequeueAudio
SDL_DestroyCond
SDL_DestroyMutex
SDL_DestroyRenderer
SDL_DestroySemaphore
SDL_DestroyTexture
SDL_DestroyWindow
SDL_DetachThread
SDL_Direct3D9GetAdapterIndex
SDL_DisableScreenSaver
SDL_DuplicateSurface
SDL_EnableScreenSaver
SDL_EncloseFPoints
SDL_EnclosePoints
SDL_Error
SDL_EventState
SDL_FillRect
SDL_FillRects
SDL_FilterEvents
SDL_FlashWindow
SDL_FlushEvent
SDL_FlushEvents
SDL_FreeAudioStream
SDL_FreeCursor
SDL_FreeFormat
SDL_FreePalette
SDL_FreeRW
SDL_FreeSurface
SDL_FreeWAV
SDL_GL_BindTexture
SDL_GL_CreateContext
SDL_GL_DeleteContext
SDL_GL_ExtensionSupported
SDL_GL_GetAttribute
SDL_GL_GetCurrentContext
SDL_GL_GetCurrentWindow
SDL_GL_GetDrawableSize
SDL_GL_GetProcAddress
SDL_GL_GetSwapInterval
SDL_GL_LoadLibrary
SDL_GL_MakeCurrent
SDL_GL_ResetAttributes
SDL_GL_SetAttribute
SDL_GL_SetSwapInterval
SDL_GL_SwapWindow
SDL_GL_UnbindTexture
SDL_GL_UnloadLibrary
SDL_GUIDFromString
SDL_GUIDToString
SDL_GameControllerAddMapping
SDL_GameControllerAddMappingsFromRW
SDL_GameControllerClose
SDL_GameControllerEventState
SDL_GameControllerFromInstanceID
SDL_GameControllerFromPlayerIndex
SDL_GameControllerGetAppleSFSymbolsNameForAxis
SDL_GameControllerGetAppleSFSymbolsNameForButton
SDL_GameControllerGetAttached
SDL_GameControllerGetAxis
SDL_GameControllerGetAxisFromString
SDL_GameControllerGetBindForAxis
SDL_GameControllerGetBindForButton
SDL_GameControllerGetButton
SDL_GameControllerGetButtonFromString
SDL_GameControllerGetFirmwareVersion
SDL_GameControllerGetJoystick
SDL_GameControllerGetNumTouchpadFingers
SDL_GameControllerGetNumTouchpads
SDL_GameControllerGetPlayerIndex
SDL_GameControllerGetProduct
SDL_GameControllerGetProductVersion
SDL_GameControllerGetSensorData
SDL_GameControllerGetSensorDataRate
SDL_GameControllerGetSerial
SDL_GameControllerGetStringForAxis
SDL_GameControllerGetStringForButton
SDL_GameControllerGetTouchpadFinger
SDL_GameControllerGetType
SDL_GameControllerGetVendor
SDL_GameControllerHasAxis
SDL_GameControllerHasButton
SDL_GameControllerHasLED
SDL_GameControllerHasRumble
SDL_GameControllerHasRumbleTriggers
SDL_GameControllerHasSensor
SDL_GameControllerIsSensorEnabled
SDL_GameControllerMapping
SDL_GameControllerMappingForDeviceIndex
SDL_GameControllerMappingForGUID
SDL_GameControllerMappingForIndex
SDL_GameControllerName
SDL_GameControllerNameForIndex
SDL_GameControllerNumMappings
SDL_GameControllerOpen
SDL_GameControllerPath
SDL_GameControllerPathForIndex
SDL_GameControllerRumble
SDL_GameControllerRumbleTriggers
SDL_GameControllerSendEffect
SDL_GameControllerSetLED
SDL_GameControllerSetPlayerIndex
SDL_GameControllerSetSensorEnabled
SDL_GameControllerTypeForIndex
SDL_GameControllerUpdate
SDL_GetAssertionHandler
SDL_GetAssertionReport
SDL_GetAudioDeviceName
SDL_GetAudioDeviceSpec
SDL_GetAudioDeviceStatus
SDL_GetAudioDriver
SDL_GetAudioStatus
SDL_GetBasePath
SDL_GetCPUCacheLineSize
SDL_GetCPUCount
SDL_GetClipRect
SDL_GetClipboardText
SDL_GetClosestDisplayMode
SDL_GetColorKey
SDL_GetCurrentAudioDriver
SDL_GetCurrentDisplayMode
SDL_GetCurrentVideoDriver
SDL_GetCursor
SDL_GetDefaultAssertionHandler
SDL_GetDefaultAudioInfo
SDL_GetDefaultCursor
SDL_GetDesktopDisplayMode
SDL_GetDisplayBounds
SDL_GetDisplayDPI
SDL_GetDisplayMode
SDL_GetDisplayName
SDL_GetDisplayOrientation
SDL_GetDisplayUsableBounds
SDL_GetError
SDL_GetErrorMsg
SDL_GetEventFilter
SDL_GetGlobalMouseState
SDL_GetGrabbedWindow
SDL_GetHint
SDL_GetHintBoolean
SDL_GetJoystickGUIDInfo
SDL_GetKeyFromName
SDL_GetKeyFromScancode
SDL_GetKeyName
SDL_GetKeyboardFocus
SDL_GetKeyboardState
SDL_GetMemoryFunctions
SDL_GetModState
SDL_GetMouseFocus
SDL_GetMouseState
SDL_GetNumAllocations
SDL_GetNumAudioDevices
SDL_GetNumAudioDrivers
SDL_GetNumDisplayModes
SDL_GetNumRenderDrivers
SDL_GetNumTouchDevices
SDL_GetNumTouchFingers
SDL_GetNumVideoDisplays
SDL_GetNumVideoDrivers
SDL_GetOriginalMemoryFunctions
SDL_GetPerformanceCounter
SDL_GetPerformanceFrequency
SDL_GetPixelFormatName
SDL_GetPlatform
SDL_GetPointDisplayIndex
SDL_GetPowerInfo
SDL_GetPrefPath
SDL_GetPreferredLocales
SDL_GetPrimarySelectionText
SDL_GetQueuedAudioSize
SDL_GetRGB
SDL_GetRGBA
SDL_GetRectDisplayIndex
SDL_GetRelativeMouseMode
SDL_GetRelativeMouseState
SDL_GetRenderDrawBlendMode
SDL_GetRenderDrawColor
SDL_GetRenderDriverInfo
SDL_GetRenderTarget
SDL_GetRenderer
SDL_GetRendererInfo
SDL_GetRendererOutputSize
SDL_GetRevision
SDL_GetRevisionNumber
SDL_GetScancodeFromKey
SDL_GetScancodeFromName
SDL_GetScancodeName
SDL_GetShapedWindowMode
SDL_GetSurfaceAlphaMod
SDL_GetSurfaceBlendMode
SDL_GetSurfaceColorMod
SDL_GetSystemRAM
SDL_GetTextureAlphaMod
SDL_GetTextureBlendMode
SDL_GetTextureColorMod
SDL_GetTextureScaleMode
SDL_GetTextureUserData
SDL_GetThreadID
SDL_GetThreadName
SDL_GetTicks
SDL_GetTicks64
SDL_GetTouchDevice
SDL_GetTouchDeviceType
SDL_GetTouchFinger
SDL_GetTouchName
SDL_GetVersion
SDL_GetVideoDriver
SDL_GetWindowBordersSize
SDL_GetWindowBrightness
SDL_GetWindowData
SDL_GetWindowDisplayIndex
SDL_GetWindowDisplayMode
SDL_GetWindowFlags
SDL_GetWindowFromID
SDL_GetWindowGammaRamp
SDL_GetWindowGrab
SDL_GetWindowICCProfile
SDL_GetWindowID
SDL_GetWindowKeyboardGrab
SDL_GetWindowMaximumSize
SDL_GetWindowMinimumSize
SDL_GetWindowMouseGrab
SDL_GetWindowMouseRect
SDL_GetWindowOpacity
SDL_GetWindowPixelFormat
SDL_GetWindowPosition
SDL_GetWindowSize
SDL_GetWindowSizeInPixels
SDL_GetWindowSurface
SDL_GetWindowTitle
SDL_GetWindowWMInfo
SDL_GetYUVConversionMode
SDL_GetYUVConversionModeForResolution
SDL_HapticClose
SDL_HapticDestroyEffect
SDL_HapticEffectSupported
SDL_HapticGetEffectStatus
SDL_HapticIndex
SDL_HapticName
SDL_HapticNewEffect
SDL_HapticNumAxes
SDL_HapticNumEffects
SDL_HapticNumEffectsPlaying
SDL_HapticOpen
SDL_HapticOpenFromJoystick
SDL_HapticOpenFromMouse
SDL_HapticOpened
SDL_HapticPause
SDL_HapticQuery
SDL_HapticRumbleInit
SDL_HapticRumblePlay
SDL_HapticRumbleStop
SDL_HapticRumbleSupported
SDL_HapticRunEffect
SDL_HapticSetAutocenter
SDL_HapticSetGain
SDL_HapticStopAll
SDL_HapticStopEffect
SDL_HapticUnpause
SDL_HapticUpdateEffect
SDL_Has3DNow
SDL_HasARMSIMD
SDL_HasAVX
SDL_HasAVX2
SDL_HasAVX512F
SDL_HasAltiVec
SDL_HasClipboardText
SDL_HasColorKey
SDL_HasEvent
SDL_HasEvents
SDL_HasIntersection
SDL_HasIntersectionF
SDL_HasLASX
SDL_HasLSX
SDL_HasMMX
SDL_HasNEON
SDL_HasPrimarySelectionText
SDL_HasRDTSC
SDL_HasSSE
SDL_HasSSE2
SDL_HasSSE3
SDL_HasSSE41
SDL_HasSSE42
SDL_HasScreenKeyboardSupport
SDL_HasSurfaceRLE
SDL_HideWindow
SDL_Init
SDL_InitSubSystem
SDL_IntersectFRect
SDL_IntersectFRectAndLine
SDL_IntersectRect
SDL_IntersectRectAndLine
SDL_IsGameController
SDL_IsScreenKeyboardShown
SDL_IsScreenSaverEnabled
SDL_IsShapedWindow
SDL_IsTablet
SDL_IsTextInputActive
SDL_IsTextInputShown
SDL_JoystickAttachVirtual
SDL_JoystickAttachVirtualEx
SDL_JoystickClose
SDL_JoystickCurrentPowerLevel
SDL_JoystickDetachVirtual
SDL_JoystickEventState
SDL_JoystickFromInstanceID
SDL_JoystickFromPlayerIndex
SDL_JoystickGetAttached
SDL_JoystickGetAxis
SDL_JoystickGetAxisInitialState
SDL_JoystickGetBall
SDL_JoystickGetButton
SDL_JoystickGetDeviceGUID
SDL_JoystickGetDeviceInstanceID
SDL_JoystickGetDevicePlayerIndex
SDL_JoystickGetDeviceProduct
SDL_JoystickGetDeviceProductVersion
SDL_JoystickGetDeviceType
SDL_JoystickGetDeviceVendor
SDL_JoystickGetFirmwareVersion
SDL_JoystickGetGUID
SDL_JoystickGetGUIDFromString
SDL_JoystickGetGUIDString
SDL_JoystickGetHat
SDL_JoystickGetPlayerIndex
SDL_JoystickGetProduct
SDL_JoystickGetProductVersion
SDL_JoystickGetSerial
SDL_JoystickGetType
SDL_JoystickGetVendor
SDL_JoystickHasLED
SDL_JoystickHasRumble
SDL_JoystickHasRumbleTriggers
SDL_JoystickInstanceID
SDL_JoystickIsHaptic
SDL_JoystickIsVirtual
SDL_JoystickName
SDL_JoystickNameForIndex
SDL_JoystickNumAxes
SDL_JoystickNumBalls
SDL_JoystickNumButtons
SDL_JoystickNumHats
SDL_JoystickOpen
SDL_JoystickPath
SDL_JoystickPathForIndex
SDL_JoystickRumble
SDL_JoystickRumbleTriggers
SDL_JoystickSendEffect
SDL_JoystickSetLED
SDL_JoystickSetPlayerIndex
SDL_JoystickSetVirtualAxis
SDL_JoystickSetVirtualButton
SDL_JoystickSetVirtualHat
SDL_JoystickUpdate
SDL_LoadBMP_RW
SDL_LoadDollarTemplates
SDL_LoadFile
SDL_LoadFile_RW
SDL_LoadFunction
SDL_LoadObject
SDL_LoadWAV_RW
SDL_LockAudio
SDL_LockAudioDevice
SDL_LockJoysticks
SDL_LockMutex
SDL_LockSensors
SDL_LockSurface
SDL_LockTexture
SDL_LockTextureToSurface
SDL_Log
SDL_LogCritical
SDL_LogDebug
SDL_LogError
SDL_LogGetOutputFunction
SDL_LogGetPriority
SDL_LogInfo
SDL_LogMessage
SDL_LogMessageV
SDL_LogResetPriorities
SDL_LogSetAllPriority
SDL_LogSetOutputFunction
SDL_LogSetPriority
SDL_LogVerbose
SDL_LogWarn
SDL_LowerBlit
SDL_LowerBlitScaled
SDL_MapRGB
SDL_MapRGBA
SDL_MasksToPixelFormatEnum
SDL_MaximizeWindow
SDL_MemoryBarrierAcquireFunction
SDL_MemoryBarrierReleaseFunction
SDL_Metal_CreateView
SDL_Metal_DestroyView
SDL_Metal_GetDrawableSize
SDL_Metal_GetLayer
SDL_MinimizeWindow
SDL_MixAudio
SDL_MixAudioFormat
SDL_MouseIsHaptic
SDL_NewAudioStream
SDL_NumHaptics
SDL_NumJoysticks
SDL_NumSensors
SDL_OnApplicationDidBecomeActive
SDL_OnApplicationDidEnterBackground
SDL_OnApplicationDidReceiveMemoryWarning
SDL_OnApplicationWillEnterForeground
SDL_OnApplicationWillResignActive
SDL_OnApplicationWillTerminate
SDL_OpenAudio
SDL_OpenAudioDevice
SDL_OpenURL
SDL_PauseAudio
SDL_PauseAudioDevice
SDL_PeepEvents
SDL_PixelFormatEnumToMasks
SDL_PollEvent
SDL_PremultiplyAlpha
SDL_PumpEvents
SDL_PushEvent
SDL_QueryTexture
SDL_QueueAudio
SDL_Quit
SDL_QuitSubSystem
SDL_RWFromConstMem
SDL_RWFromFP
SDL_RWFromFile
SDL_RWFromMem
SDL_RWclose
SDL_RWread
SDL_RWseek
SDL_RWsize
SDL_RWtell
SDL_RWwrite

Sections

.text
Size: 855KB - Virtual size: 854KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 295KB - Virtual size: 295KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setup.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:44:18:e2:de:de:36:dd:29:74:c3:44:3a:fb:5c:e5
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

02/07/2021, 00:00

Not After

10/07/2024, 23:59

Subject

CN=Google LLC,O=Google LLC,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01
Certificate

Issuer

CN=Unknown issuer

Not Before

01/01/2013, 10:00

Not After

01/04/2013, 10:00

Subject

CN=Dummy certificate

Extended Key Usages

Key Usages

KeyUsageCertSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:cd:49:7a:a4:9a:9f:39:5f:e5:2d:25:64:37:c0:4b:b7:00:cf:62:a1:8b:09:4f:06:90:96:1a:a3:23:7a:9f
Signer

Actual PE Digest

06:cd:49:7a:a4:9a:9f:39:5f:e5:2d:25:64:37:c0:4b:b7:00:cf:62:a1:8b:09:4f:06:90:96:1a:a3:23:7a:9f

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
license-key.key
updater.ini
version.json

Sharing

General

Malware Config

Signatures

Files

Password: 2023

Password: 2023

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

88:d0:ff:fa:39:fe:d6:5e:69:9c:7a:19:b6:9f:c7:0a:62:0b:20:5b:af:e7:a8:99:02:5d:bc:6a:71:fc:0b:3bSigner

Headers

File Characteristics

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

TRANSIT Size: 512B - Virtual size: 29B

.data Size: 3KB - Virtual size: 265KB

.pdata Size: 45KB - Virtual size: 44KB

.rsrc Size: 66KB - Virtual size: 66KB

.reloc Size: 3KB - Virtual size: 3KB

Password: 2023

1ee86a608d231b83dca35006d3b58ed8

Code Sign

61:19:cc:93:00:01:00:00:00:66Certificate

Extended Key Usages

Key Usages

61:05:19:96:00:00:00:00:00:1bCertificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

50:e6:af:15:30:3d:56:cc:89:94:6c:c5:ee:40:bb:52:14:fa:8d:e0Signer

Headers

DLL Characteristics

File Characteristics

Imports

msvcr90

kernel32

Sections

.text Size: 3KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 860B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 344B

Password: 2023

e0bd3263fd5ea99b1d0c2f6f5194cc24

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

Sections

.text Size: 3KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 844B

.idata Size: 1024B - Virtual size: 536B

.rsrc Size: 1024B - Virtual size: 1016B

.reloc Size: 512B - Virtual size: 280B

Password: 2023

e0bd3263fd5ea99b1d0c2f6f5194cc24

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

Sections

.text Size: 3KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 844B

.idata Size: 1024B - Virtual size: 536B

.rsrc Size: 1024B - Virtual size: 1016B

.reloc Size: 512B - Virtual size: 280B

Password: 2023

dc33390e11f40d35aacb3b7595b60d08

Code Sign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39Certificate

Key Usages

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

88:d0:ff:fa:39:fe:d6:5e:69:9c:7a:19:b6:9f:c7:0a:62:0b:20:5b:af:e7:a8:99:02:5d:bc:6a:71:fc:0b:3b
Signer

.text
Size: 1.3MB - Virtual size: 1.3MB

TRANSIT
Size: 512B - Virtual size: 29B

.data
Size: 3KB - Virtual size: 265KB

.pdata
Size: 45KB - Virtual size: 44KB

.rsrc
Size: 66KB - Virtual size: 66KB

.reloc
Size: 3KB - Virtual size: 3KB

61:19:cc:93:00:01:00:00:00:66
Certificate

61:05:19:96:00:00:00:00:00:1b
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

50:e6:af:15:30:3d:56:cc:89:94:6c:c5:ee:40:bb:52:14:fa:8d:e0
Signer

.text
Size: 3KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 860B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 344B

.text
Size: 3KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 844B

.idata
Size: 1024B - Virtual size: 536B

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 512B - Virtual size: 280B

.text
Size: 3KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 844B

.idata
Size: 1024B - Virtual size: 536B

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 512B - Virtual size: 280B

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

08:4c:af:4d:f4:99:14:1d:40:4b:71:99:aa:2c:21:31
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

7b:b1:01:21:ff:0d:6b:21:e2:db:68:ef:fb:a5:ce:d5:6d:be:ae:a5
Signer

.text
Size: 73KB - Virtual size: 73KB

.rdata
Size: 18KB - Virtual size: 18KB

.data
Size: 4KB - Virtual size: 17KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 8KB - Virtual size: 7KB

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

88:d0:ff:fa:39:fe:d6:5e:69:9c:7a:19:b6:9f:c7:0a:62:0b:20:5b:af:e7:a8:99:02:5d:bc:6a:71:fc:0b:3b
Signer

.text
Size: 1.3MB - Virtual size: 1.3MB

TRANSIT
Size: 512B - Virtual size: 29B

.data
Size: 3KB - Virtual size: 265KB

.pdata
Size: 45KB - Virtual size: 44KB

.rsrc
Size: 66KB - Virtual size: 66KB

.reloc
Size: 3KB - Virtual size: 3KB

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

08:83:ff:77:ea:d4:9b:bf:c2:e5:e6:4e:b1:8d:09:77:4c:33:80:56:e5:ca:a6:ff:a0:3d:22:6f:31:73:ea:4c
Signer

.text
Size: 920KB - Virtual size: 920KB

TRANSIT
Size: 512B - Virtual size: 29B

PAGER32C
Size: 1024B - Virtual size: 729B

PAGE
Size: 27KB - Virtual size: 26KB

.rdata
Size: 115KB - Virtual size: 115KB

.data
Size: 2KB - Virtual size: 243KB

.pdata
Size: 36KB - Virtual size: 36KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 2KB

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate