CookieEnjoyer[.]zip

Resubmissions

04/07/2023, 13:16

230704-qhv5qadc96 10

04/07/2023, 13:11

230704-qe63tadc65 10

Sharing

Copy URL

Twitter E-mail

General

Target

CookieEnjoyer.zip
Size

8.3MB
MD5

2bbde533926544ac2c2f06bbd87594ff
SHA1

72b5f1d0dc7f87f4af85172671b25d18982033c1
SHA256

535930bd0cd42da35da4bbbd15007f83e051a630141b0bcf6df50c2269ad3d27
SHA512

a303b0c95e653508a119a5395ef969ec0e3ea5cab8ce60fa43a0094664094283cdee53c365578404093718a1b3351f17b9da66a8b5f59be1b90bb5150d998ebd
SSDEEP

196608:QMp0/bYAI1niAG+s9kuGLEB3+oWQ1kKa47MYf1V4tqSk:QR/bYAIJOHQLNQ2Xcf12u

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/CookieEnjoyer/CookieEnjoyer v1.1.exe	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/CookieEnjoyer/CookieEnjoyer v1.1.exe

Files

CookieEnjoyer.zip
.zip
CookieEnjoyer/CookieEnjoyer v1.1.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 6.4MB - Virtual size: 6.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CookieEnjoyer/CookieEnjoyer v1.1.pdb
CookieEnjoyer/EntityFramework.xml
.xml
CookieEnjoyer/Newtonsoft.Json.xml
.xml
CookieEnjoyer/System.Diagnostics.DiagnosticSource.xml
.xml
CookieEnjoyer/x64/SQLite.Interop.dll
.dll windows x64

56568d263b8f0fbaf90fda41effb57f1

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:0c:c7:2c:cf:31:ae:9b:2e:36:41:0a:d0:ee:98:92
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

01/10/2021, 00:00

Not After

12/12/2024, 23:59

Subject

SERIALNUMBER=364617-96,CN=Mistachkin Systems (Joseph Mistachkin),O=Mistachkin Systems (Joseph Mistachkin),L=Beaverton,ST=Oregon,C=US,1.3.6.1.4.1.311.60.2.1.2=#13064f7265676f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#130f427573696e65737320456e74697479

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:0c:c7:2c:cf:31:ae:9b:2e:36:41:0a:d0:ee:98:92
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

01/10/2021, 00:00

Not After

12/12/2024, 23:59

Subject

SERIALNUMBER=364617-96,CN=Mistachkin Systems (Joseph Mistachkin),O=Mistachkin Systems (Joseph Mistachkin),L=Beaverton,ST=Oregon,C=US,1.3.6.1.4.1.311.60.2.1.2=#13064f7265676f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#130f427573696e65737320456e74697479

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

56:eb:de:df:9c:b8:0f:03:aa:7a:8e:2b:be:fb:9e:b5:82:f1:3b:e3:a8:2b:0d:7d:d8:d8:13:76:1d:fe:30:a2:29:e3:9b:e3:af:f0:d6:9e:98:d6:3a:da:ba:08:60:b9:bb:03:3a:3a:2c:dd:1d:96:30:f7:2e:d7:58:07:6f:fc
Signer

Actual PE Digest

56:eb:de:df:9c:b8:0f:03:aa:7a:8e:2b:be:fb:9e:b5:82:f1:3b:e3:a8:2b:0d:7d:d8:d8:13:76:1d:fe:30:a2:29:e3:9b:e3:af:f0:d6:9e:98:d6:3a:da:ba:08:60:b9:bb:03:3a:3a:2c:dd:1d:96:30:f7:2e:d7:58:07:6f:fc

Digest Algorithm

sha512

PE Digest Matches

true

1f:32:3a:b8:eb:0f:7f:5b:71:c0:1c:37:0e:42:8f:20:8e:b1:e9:de
Signer

Actual PE Digest

1f:32:3a:b8:eb:0f:7f:5b:71:c0:1c:37:0e:42:8f:20:8e:b1:e9:de

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

CorBindToRuntimeEx

wintrust

WinVerifyTrust

kernel32

GetFullPathNameW
lstrlenW
WriteFile
GetDiskFreeSpaceW
OutputDebugStringA
GetModuleFileNameW
SetEnvironmentVariableW
LockFile
LeaveCriticalSection
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
GetEnvironmentVariableW
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
WaitForSingleObject
CreateFileW
GetFileAttributesW
GetCurrentThreadId
UnmapViewOfFile
HeapValidate
HeapSize
MultiByteToWideChar
Sleep
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetLastError
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
CreateFileA
DisableThreadLibraryCalls
EnterCriticalSection
lstrcatW
WaitForSingleObjectEx
DeleteFileA
DeleteFileW
HeapReAlloc
CloseHandle
GetSystemInfo
LoadLibraryW
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
GetProcAddress
CreateFileMappingA
LocalFree
LockFileEx
GetFileSize
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
SystemTimeToFileTime
GetModuleHandleW
FreeLibrary
WideCharToMultiByte
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
lstrcmpiW
WriteConsoleW
GetTickCount
FlushFileBuffers
SetStdHandle
RaiseException
HeapFree
HeapCreate
TryEnterCriticalSection
ReadFile
AreFileApisANSI
GetConsoleCP
GetConsoleMode
SetFilePointerEx
LoadLibraryA
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwindEx
InterlockedFlushSList
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameA
CompareStringW
LCMapStringW
GetACP
GetTimeZoneInformation
GetStringTypeW
GetStdHandle
GetFileType
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA

user32

wsprintfW

advapi32

CryptAcquireContextW
CryptEncrypt
CryptDecrypt
CryptCreateHash
CryptDeriveKey
CryptHashData
CryptDestroyHash
CryptReleaseContext
CryptDestroyKey

Exports

Exports

SI01290ccda2c08117
SI013a90511e949b99
SI019bb1b0f8b88a4b
SI01f2e1e38fd8dfcd
SI0205288c09c4da1c
SI05acf7f13d83ef68
SI05e4faf8d2d5065f
SI06ad3f4f233fab5b
SI074a26a6bce53634
SI08295ce2aca70863
SI0942bf2cdfbcbce1
SI0eec257817cfc527
SI0f45dfa7051356c4
SI1066e7ad782ea882
SI10e4ec2593e4bdd4
SI124a949911a522a1
SI12f9286f5bd6f098
SI12fe1f150b42ac38
SI14849b3d0e89b1e0
SI15e46d353ddec488
SI1647e559283d26e2
SI1686085452cb6c90
SI16e108f53793a43a
SI16e172772b0b1706
SI1709fb0c78fe6bc7
SI17c3a78ecf9eff4c
SI1818f2c8eadbcd54
SI18b9c7fd6d90deff
SI1ad41a0e33dff249
SI1b8a3298ea828a3b
SI1bf8975e567ea97a
SI1bfa1d92146eadb1
SI1bfe410acac3c9be
SI1e7babb0bb0adcc2
SI209d1bfbbab7da73
SI209eb0dd58fa77ae
SI2102da665922f66a
SI216a233b40cb7147
SI25ca8d2baaee0750
SI25d73a5ab4d6cacb
SI28687b581b626bbf
SI28a6405343e7bbd9
SI2a71c3377e6c357f
SI2cc330551d123067
SI30455e90830ca460
SI33209d52126464ab
SI34e0a4f84fed7ec1
SI353770fd94e573c1
SI3542aeff9c3855db
SI367e45cee72bfd47
SI37012ee3c6dde764
SI38de1207a575b65a
SI3bb401944414ce69
SI3e5389eb172bc856
SI3f65beeaaa0d85de
SI4251c713c05a3b5e
SI42669818b7978ed1
SI4490ba755e98e797
SI4507744386fcba0a
SI457a7dc78746ca90
SI47cc739b3bdc3dc6
SI493bdcf3d13ad302
SI4b170c874686e4d8
SI525814a3c7849b6c
SI527544a37185bd6a
SI527c455c79b66da5
SI53af60c92476ad6f
SI53d16af9fd9dc018
SI5492f6d28289950b
SI558bdfe0e27562ea
SI56ddcf38809cce55
SI58b3396e563758e2
SI58d9c9e758678014
SI596241adb70ce0e2
SI5b4aedd0c04bd151
SI5b914c29cf5a7984
SI6039a77d8b3fe4a1
SI63770fcd460a846c
SI6423b87d77537d0e
SI6448e5eb2ca66d9e
SI644ad6803933fc53
SI64d795d8d6a5652c
SI670a722dbc4b11ed
SI681faac9c0128a40
SI68689a9b2961f1c3
SI688b887ce4a2e5bc
SI6afceccab898a321
SI6c799e24bc9109fd
SI6cff36399d6b8510
SI6da43f525fcc10f2
SI708dc027c2a0b01f
SI71d54e41ee149c1b
SI71da61fbbaaa7074
SI7501ae36b96de01e
SI7559ce66b2a83683
SI7607824c610843ac
SI769271af19a2299d
SI77dfbddb9b6d65d2
SI783c2997f4bbe903
SI7b811ab87b7b7a6c
SI7d8b2b5b65802a7c
SI7e899b5a8ad87eab
SI81c3656e0c2c152b
SI821a25758b212c1b
SI8259474343588db4
SI841b860ec95cb540
SI842d9c1989f08a60
SI8476de5ad2e1f63e
SI86be81683e8ee826
SI87f584c5f9c8cd81
SI88473e35770c74fa
SI8955d5517e10b3b8
SI8b0d9e6837e61abc
SI8bd1a2ecd61e628f
SI8bdbd256a7a800ee
SI8c5d6a3d79dd16ae
SI8cb1ce55b92259b1
SI8d503b48c50b0f0b
SI8d98262fc9dcd199
SI8db78c75599d54bb
SI8ea977f217df4eb6
SI905dcc543d48caab
SI911c8a4b74b6de07
SI91da00d7298230f3
SI9383891d346ef4b7
SI93dfc8fa53d5b31f
SI94ecb64e9dbb8338
SI952d22c6db518ea2
SI9555aa94e5464fb7
SI95d251bc4895e058
SI96516336c99ce75a
SI96d7cc1e6c528820
SI9728956559a83c71
SI98fcda7827970a5d
SI99449f6fa6d0dabc
SI9a326fe0ddbebf12
SI9dbf9d88aa001ea6
SI9e5caf3f82afbec6
SIa07e0e87d9c86d40
SIa0b89be8ea9562cc
SIa364946505687432
SIa7c1cd9b020850a4
SIa8a7ecc7b42638c6
SIa9bcec858971f4c7
SIaa0f8e0c251cfd1d
SIab9b1bd6a4822cb2
SIabb2be07ffdb1945
SIae265b9a3e7ff7d8
SIaf003abaa59f4e17
SIb03c6e79afae3a3e
SIb12933c5b4a9b1f8
SIb20222b622b9f6ae
SIb378d0a537411fb9
SIb50fc3839c421869
SIb58d68e34259bb85
SIb61de3ea47c362fc
SIb64c92262f98df4c
SIb75bb703537e34a8
SIb80a1b71f58ea310
SIbdf2cc3159ddf9a9
SIbf02a0e02928adea
SIbf5934dfe2a8d472
SIc14fb8a21feb2e94
SIc60c813695b0a929
SIc6ecc041c46c67c2
SIc73e44ad36c6c308
SIc9b8df374df75071
SIcaac088b33f92dac
SIcaedf2c29ebe4e44
SIccd01f4d70f48acf
SIcd51961be732e0d3
SIcfe1e5cf0035a8c9
SId17980a984b0df0a
SId2ea6a764978b870
SId3575b24dfdbea5d
SId61cfc777bf4f00a
SId68f4562cd5aecf9
SId6f924c8ba3d05b2
SId95bb14c42234d8e
SIda0491b2623dcc8d
SIdac3904ec873f97d
SIdace78b5300c999f
SIdb45e174afb28e2c
SIdbdaa654d0b26d40
SIdcfb39991ebbc7da
SIdd048b2fedb74020
SIdd8123a9d5986c26
SIdd99c1c074d20b83
SIe1639e708407f10b
SIe2f92b70742a9bc1
SIe609bd7d2871cbd6
SIe969e8d8137a8a33
SIeaf6f475f4e274e5
SIec8bf9affd85b987
SIee4a1cd279a7db69
SIeef348ae766c388c
SIf0a08171cb5be57f
SIf6e594a0ca15fef7
SIf7b501d343c24f69
SIfabc748b81ce8fcf
SIfbde1ee423d263fe
SIfc4b758a3d39aef3
SIfce41a414fc927fb
SIffb8076c269e2a85
SIffcf65ff995c2367
sqlite3_cryptoapi_init
sqlite3_fts5_init
sqlite3_fts_init
sqlite3_percentile_init
sqlite3_regexp_init
sqlite3_sha_init
sqlite3_shathree_init
sqlite3_totype_init
sqlite3_vtshim_init

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 265KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CookieEnjoyer/x86/SQLite.Interop.dll
.dll windows x86

c289006d6c96851feed040ce96a27295

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:0c:c7:2c:cf:31:ae:9b:2e:36:41:0a:d0:ee:98:92
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

01/10/2021, 00:00

Not After

12/12/2024, 23:59

Subject

SERIALNUMBER=364617-96,CN=Mistachkin Systems (Joseph Mistachkin),O=Mistachkin Systems (Joseph Mistachkin),L=Beaverton,ST=Oregon,C=US,1.3.6.1.4.1.311.60.2.1.2=#13064f7265676f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#130f427573696e65737320456e74697479

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:0c:c7:2c:cf:31:ae:9b:2e:36:41:0a:d0:ee:98:92
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

01/10/2021, 00:00

Not After

12/12/2024, 23:59

Subject

SERIALNUMBER=364617-96,CN=Mistachkin Systems (Joseph Mistachkin),O=Mistachkin Systems (Joseph Mistachkin),L=Beaverton,ST=Oregon,C=US,1.3.6.1.4.1.311.60.2.1.2=#13064f7265676f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#130f427573696e65737320456e74697479

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cd:7c:2a:cb:8f:83:8b:fd:39:45:14:12:9c:29:94:a0:87:2a:3e:a0:d5:fc:86:28:0f:4d:9e:19:0e:48:e6:39:db:b0:39:4c:66:b9:d9:26:7f:a8:54:2e:96:0c:cc:87:ac:99:e7:0c:aa:6e:d5:16:4e:96:3c:53:b7:c6:9b:b9
Signer

Actual PE Digest

cd:7c:2a:cb:8f:83:8b:fd:39:45:14:12:9c:29:94:a0:87:2a:3e:a0:d5:fc:86:28:0f:4d:9e:19:0e:48:e6:39:db:b0:39:4c:66:b9:d9:26:7f:a8:54:2e:96:0c:cc:87:ac:99:e7:0c:aa:6e:d5:16:4e:96:3c:53:b7:c6:9b:b9

Digest Algorithm

sha512

PE Digest Matches

true

3d:52:30:40:ae:27:33:0d:09:81:63:f8:52:8a:bf:5c:e3:a8:03:c4
Signer

Actual PE Digest

3d:52:30:40:ae:27:33:0d:09:81:63:f8:52:8a:bf:5c:e3:a8:03:c4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

CorBindToRuntimeEx

wintrust

WinVerifyTrust

kernel32

GetFullPathNameW
lstrlenW
WriteFile
GetDiskFreeSpaceW
OutputDebugStringA
GetModuleFileNameW
SetEnvironmentVariableW
LockFile
LeaveCriticalSection
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
GetEnvironmentVariableW
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
WaitForSingleObject
CreateFileW
GetFileAttributesW
GetCurrentThreadId
UnmapViewOfFile
HeapValidate
HeapSize
MultiByteToWideChar
Sleep
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetLastError
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
CreateFileA
DisableThreadLibraryCalls
EnterCriticalSection
lstrcatW
WaitForSingleObjectEx
DeleteFileA
DeleteFileW
HeapReAlloc
CloseHandle
GetSystemInfo
LoadLibraryW
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
GetProcAddress
CreateFileMappingA
LocalFree
LockFileEx
GetFileSize
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
SystemTimeToFileTime
GetModuleHandleW
FreeLibrary
WideCharToMultiByte
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
lstrcmpiW
WriteConsoleW
GetTickCount
FlushFileBuffers
RaiseException
SetStdHandle
HeapFree
HeapCreate
TryEnterCriticalSection
ReadFile
AreFileApisANSI
GetConsoleCP
GetConsoleMode
SetFilePointerEx
LoadLibraryA
QueryPerformanceCounter
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
InterlockedFlushSList
RtlUnwind
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameA
CompareStringW
LCMapStringW
GetACP
GetTimeZoneInformation
GetStringTypeW
GetStdHandle
GetFileType
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
DecodePointer

user32

wsprintfW

advapi32

CryptAcquireContextW
CryptEncrypt
CryptDecrypt
CryptCreateHash
CryptDeriveKey
CryptHashData
CryptDestroyHash
CryptReleaseContext
CryptDestroyKey

Exports

Exports

SI01290ccda2c08117
SI013a90511e949b99
SI01f2e1e38fd8dfcd
SI0205288c09c4da1c
SI05acf7f13d83ef68
SI06ad3f4f233fab5b
SI08295ce2aca70863
SI0eec257817cfc527
SI12f9286f5bd6f098
SI14849b3d0e89b1e0
SI15e46d353ddec488
SI1686085452cb6c90
SI16e172772b0b1706
SI1709fb0c78fe6bc7
SI1818f2c8eadbcd54
SI18b9c7fd6d90deff
SI1ad41a0e33dff249
SI1b8a3298ea828a3b
SI1bf8975e567ea97a
SI1bfa1d92146eadb1
SI1bfe410acac3c9be
SI1e7babb0bb0adcc2
SI209d1bfbbab7da73
SI209eb0dd58fa77ae
SI2102da665922f66a
SI216a233b40cb7147
SI25ca8d2baaee0750
SI25d73a5ab4d6cacb
SI28687b581b626bbf
SI28a6405343e7bbd9
SI2a71c3377e6c357f
SI2cc330551d123067
SI30455e90830ca460
SI33209d52126464ab
SI353770fd94e573c1
SI3542aeff9c3855db
SI367e45cee72bfd47
SI37012ee3c6dde764
SI38de1207a575b65a
SI4251c713c05a3b5e
SI4490ba755e98e797
SI457a7dc78746ca90
SI525814a3c7849b6c
SI527544a37185bd6a
SI527c455c79b66da5
SI53d16af9fd9dc018
SI558bdfe0e27562ea
SI56ddcf38809cce55
SI58b3396e563758e2
SI58d9c9e758678014
SI596241adb70ce0e2
SI5b4aedd0c04bd151
SI5b914c29cf5a7984
SI6039a77d8b3fe4a1
SI63770fcd460a846c
SI64d795d8d6a5652c
SI670a722dbc4b11ed
SI681faac9c0128a40
SI68689a9b2961f1c3
SI6afceccab898a321
SI6c799e24bc9109fd
SI6da43f525fcc10f2
SI71d54e41ee149c1b
SI71da61fbbaaa7074
SI7501ae36b96de01e
SI7559ce66b2a83683
SI7607824c610843ac
SI769271af19a2299d
SI77dfbddb9b6d65d2
SI783c2997f4bbe903
SI7b811ab87b7b7a6c
SI7d8b2b5b65802a7c
SI7e899b5a8ad87eab
SI8259474343588db4
SI841b860ec95cb540
SI842d9c1989f08a60
SI8476de5ad2e1f63e
SI86be81683e8ee826
SI87f584c5f9c8cd81
SI88473e35770c74fa
SI8955d5517e10b3b8
SI8b0d9e6837e61abc
SI8bdbd256a7a800ee
SI8c5d6a3d79dd16ae
SI8cb1ce55b92259b1
SI8d503b48c50b0f0b
SI8d98262fc9dcd199
SI8db78c75599d54bb
SI8ea977f217df4eb6
SI905dcc543d48caab
SI911c8a4b74b6de07
SI91da00d7298230f3
SI9383891d346ef4b7
SI93dfc8fa53d5b31f
SI94ecb64e9dbb8338
SI952d22c6db518ea2
SI95d251bc4895e058
SI9728956559a83c71
SI98fcda7827970a5d
SI99449f6fa6d0dabc
SI9a326fe0ddbebf12
SI9dbf9d88aa001ea6
SI9e5caf3f82afbec6
SIa07e0e87d9c86d40
SIa0b89be8ea9562cc
SIa364946505687432
SIa7c1cd9b020850a4
SIa9bcec858971f4c7
SIaa0f8e0c251cfd1d
SIab9b1bd6a4822cb2
SIabb2be07ffdb1945
SIae265b9a3e7ff7d8
SIb12933c5b4a9b1f8
SIb20222b622b9f6ae
SIb378d0a537411fb9
SIb50fc3839c421869
SIb58d68e34259bb85
SIb80a1b71f58ea310
SIbdf2cc3159ddf9a9
SIbf02a0e02928adea
SIbf5934dfe2a8d472
SIc14fb8a21feb2e94
SIc60c813695b0a929
SIc6ecc041c46c67c2
SIc73e44ad36c6c308
SIc9b8df374df75071
SIcaac088b33f92dac
SIcaedf2c29ebe4e44
SIccd01f4d70f48acf
SId17980a984b0df0a
SId3575b24dfdbea5d
SId6f924c8ba3d05b2
SId95bb14c42234d8e
SIda0491b2623dcc8d
SIdac3904ec873f97d
SIdace78b5300c999f
SIdb45e174afb28e2c
SIdbdaa654d0b26d40
SIdcfb39991ebbc7da
SIe1639e708407f10b
SIe2f92b70742a9bc1
SIe969e8d8137a8a33
SIeaf6f475f4e274e5
SIec8bf9affd85b987
SIee4a1cd279a7db69
SIeef348ae766c388c
SIf0a08171cb5be57f
SIf6e594a0ca15fef7
SIf7b501d343c24f69
SIfabc748b81ce8fcf
SIfbde1ee423d263fe
SIfc4b758a3d39aef3
SIfce41a414fc927fb
SIffb8076c269e2a85
_SI019bb1b0f8b88a4b@12
_SI05e4faf8d2d5065f@12
_SI074a26a6bce53634@4
_SI0942bf2cdfbcbce1@8
_SI0f45dfa7051356c4@4
_SI1066e7ad782ea882@8
_SI10e4ec2593e4bdd4@8
_SI124a949911a522a1@16
_SI12fe1f150b42ac38@20
_SI1647e559283d26e2@4
_SI16e108f53793a43a@4
_SI17c3a78ecf9eff4c@20
_SI34e0a4f84fed7ec1@44
_SI3bb401944414ce69@12
_SI3e5389eb172bc856@32
_SI3f65beeaaa0d85de@12
_SI42669818b7978ed1@4
_SI4507744386fcba0a@4
_SI47cc739b3bdc3dc6@12
_SI493bdcf3d13ad302@8
_SI4b170c874686e4d8@12
_SI53af60c92476ad6f@8
_SI5492f6d28289950b@12
_SI6423b87d77537d0e@12
_SI6448e5eb2ca66d9e@12
_SI644ad6803933fc53@12
_SI688b887ce4a2e5bc@12
_SI6cff36399d6b8510@36
_SI708dc027c2a0b01f@4
_SI81c3656e0c2c152b@12
_SI821a25758b212c1b@12
_SI8bd1a2ecd61e628f@112
_SI9555aa94e5464fb7@4
_SI96516336c99ce75a@24
_SI96d7cc1e6c528820@40
_SIa8a7ecc7b42638c6@20
_SIaf003abaa59f4e17@12
_SIb03c6e79afae3a3e@4
_SIb61de3ea47c362fc@8
_SIb64c92262f98df4c@12
_SIb75bb703537e34a8@8
_SIcd51961be732e0d3@12
_SIcfe1e5cf0035a8c9@12
_SId2ea6a764978b870@12
_SId61cfc777bf4f00a@8
_SId68f4562cd5aecf9@8
_SIdd048b2fedb74020@4
_SIdd8123a9d5986c26@0
_SIdd99c1c074d20b83@8
_SIe609bd7d2871cbd6@0
_SIffcf65ff995c2367@12
sqlite3_cryptoapi_init
sqlite3_fts5_init
sqlite3_fts_init
sqlite3_percentile_init
sqlite3_regexp_init
sqlite3_sha_init
sqlite3_shathree_init
sqlite3_totype_init
sqlite3_vtshim_init

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 163KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: - Virtual size: 3.2MB

.vmp0 Size: - Virtual size: 1KB

.vmp1 Size: 6.4MB - Virtual size: 6.4MB

.rsrc Size: 33KB - Virtual size: 33KB

.reloc Size: 512B - Virtual size: 12B

56568d263b8f0fbaf90fda41effb57f1

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:0c:c7:2c:cf:31:ae:9b:2e:36:41:0a:d0:ee:98:92Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:0c:c7:2c:cf:31:ae:9b:2e:36:41:0a:d0:ee:98:92Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

56:eb:de:df:9c:b8:0f:03:aa:7a:8e:2b:be:fb:9e:b5:82:f1:3b:e3:a8:2b:0d:7d:d8:d8:13:76:1d:fe:30:a2:29:e3:9b:e3:af:f0:d6:9e:98:d6:3a:da:ba:08:60:b9:bb:03:3a:3a:2c:dd:1d:96:30:f7:2e:d7:58:07:6f:fcSigner

1f:32:3a:b8:eb:0f:7f:5b:71:c0:1c:37:0e:42:8f:20:8e:b1:e9:deSigner

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

wintrust

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 265KB - Virtual size: 264KB

.data Size: 18KB - Virtual size: 23KB

.pdata Size: 71KB - Virtual size: 71KB

.gfids Size: 512B - Virtual size: 156B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 5KB - Virtual size: 5KB

c289006d6c96851feed040ce96a27295

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:0c:c7:2c:cf:31:ae:9b:2e:36:41:0a:d0:ee:98:92Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

.text
Size: - Virtual size: 3.2MB

.vmp0
Size: - Virtual size: 1KB

.vmp1
Size: 6.4MB - Virtual size: 6.4MB

.rsrc
Size: 33KB - Virtual size: 33KB

.reloc
Size: 512B - Virtual size: 12B

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:0c:c7:2c:cf:31:ae:9b:2e:36:41:0a:d0:ee:98:92
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:0c:c7:2c:cf:31:ae:9b:2e:36:41:0a:d0:ee:98:92
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

56:eb:de:df:9c:b8:0f:03:aa:7a:8e:2b:be:fb:9e:b5:82:f1:3b:e3:a8:2b:0d:7d:d8:d8:13:76:1d:fe:30:a2:29:e3:9b:e3:af:f0:d6:9e:98:d6:3a:da:ba:08:60:b9:bb:03:3a:3a:2c:dd:1d:96:30:f7:2e:d7:58:07:6f:fc
Signer

1f:32:3a:b8:eb:0f:7f:5b:71:c0:1c:37:0e:42:8f:20:8e:b1:e9:de
Signer

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 265KB - Virtual size: 264KB

.data
Size: 18KB - Virtual size: 23KB

.pdata
Size: 71KB - Virtual size: 71KB

.gfids
Size: 512B - Virtual size: 156B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 5KB - Virtual size: 5KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:0c:c7:2c:cf:31:ae:9b:2e:36:41:0a:d0:ee:98:92
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:0c:c7:2c:cf:31:ae:9b:2e:36:41:0a:d0:ee:98:92
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

cd:7c:2a:cb:8f:83:8b:fd:39:45:14:12:9c:29:94:a0:87:2a:3e:a0:d5:fc:86:28:0f:4d:9e:19:0e:48:e6:39:db:b0:39:4c:66:b9:d9:26:7f:a8:54:2e:96:0c:cc:87:ac:99:e7:0c:aa:6e:d5:16:4e:96:3c:53:b7:c6:9b:b9
Signer

3d:52:30:40:ae:27:33:0d:09:81:63:f8:52:8a:bf:5c:e3:a8:03:c4
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 163KB - Virtual size: 162KB

.data
Size: 11KB - Virtual size: 14KB

.gfids
Size: 512B - Virtual size: 168B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 35KB - Virtual size: 34KB