f3801bf68fc0101e873c86c1bc4d9497[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

f3801bf68fc0101e873c86c1bc4d9497.bin
Size

3.4MB
MD5

f3801bf68fc0101e873c86c1bc4d9497
SHA1

fe32407cac254aca429084ed90d7a69f3e3a85e2
SHA256

f04b658275238872c3329c8a4efb0967774e2edbe5b218d4ffc00762fccb3e11
SHA512

daaa8160d51eda2fb3d2574c6f3408daba000852751d417f2b8a87670157ad1c341d059712ba6adc10d73ef0ba071c310f384e93103cd5bb3b2f1dd0009dcfb0
SSDEEP

49152:gwzFfOmCKyUSkAMhsJpKgKpJ5GLwkYsB1X9KwVjD8SvHcs8OxP4r/HwGXnLvwg7c:gGOUS4hcpskgsr1VjDxEs82Ar/FLXo

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack002/hendo.dll
unpack002/saobu.exe

Files

f3801bf68fc0101e873c86c1bc4d9497.bin
.zip

Password: infected
11ebb7145e8a82a20f82746c5ffac231a002b136735e9e4a0f1f2c16f31e77e0
.zip

Password: infected
hendo.dll
.dll windows x86

Password: infected

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
saobu.exe
.exe windows x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
satt.bat
x64/SQLite.Interop.dll
.dll windows x64

Password: infected

d99c34fbf4a27bd49bd158efcb5d8cc5

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:0c:c7:2c:cf:31:ae:9b:2e:36:41:0a:d0:ee:98:92
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

01/10/2021, 00:00

Not After

12/12/2024, 23:59

Subject

SERIALNUMBER=364617-96,CN=Mistachkin Systems (Joseph Mistachkin),O=Mistachkin Systems (Joseph Mistachkin),L=Beaverton,ST=Oregon,C=US,1.3.6.1.4.1.311.60.2.1.2=#13064f7265676f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#130f427573696e65737320456e74697479

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:0c:c7:2c:cf:31:ae:9b:2e:36:41:0a:d0:ee:98:92
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

01/10/2021, 00:00

Not After

12/12/2024, 23:59

Subject

SERIALNUMBER=364617-96,CN=Mistachkin Systems (Joseph Mistachkin),O=Mistachkin Systems (Joseph Mistachkin),L=Beaverton,ST=Oregon,C=US,1.3.6.1.4.1.311.60.2.1.2=#13064f7265676f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#130f427573696e65737320456e74697479

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cf:d4:f4:c6:67:41:51:25:50:fe:04:71:14:50:fb:c3:8a:96:d0:e8:62:36:97:2d:eb:8d:05:97:81:a3:1e:a9:08:57:1c:47:e4:b3:9c:61:07:82:ad:63:6c:e8:02:52:73:2c:bf:34:b4:5d:5e:81:4d:22:e1:53:b2:5d:e2:13
Signer

Actual PE Digest

cf:d4:f4:c6:67:41:51:25:50:fe:04:71:14:50:fb:c3:8a:96:d0:e8:62:36:97:2d:eb:8d:05:97:81:a3:1e:a9:08:57:1c:47:e4:b3:9c:61:07:82:ad:63:6c:e8:02:52:73:2c:bf:34:b4:5d:5e:81:4d:22:e1:53:b2:5d:e2:13

Digest Algorithm

sha512

PE Digest Matches

true

b6:7a:e6:77:bc:d2:69:c2:1a:a2:30:5d:0d:3c:28:b0:7a:c4:c3:ff
Signer

Actual PE Digest

b6:7a:e6:77:bc:d2:69:c2:1a:a2:30:5d:0d:3c:28:b0:7a:c4:c3:ff

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

CorBindToRuntimeEx

wintrust

WinVerifyTrust

kernel32

GetFullPathNameW
lstrlenW
WriteFile
GetDiskFreeSpaceW
OutputDebugStringA
GetModuleFileNameW
SetEnvironmentVariableW
LockFile
LeaveCriticalSection
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
GetEnvironmentVariableW
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
lstrlenA
GetEnvironmentVariableA
WaitForSingleObject
CreateFileW
GetFileAttributesW
GetCurrentThreadId
lstrcmpA
UnmapViewOfFile
HeapValidate
lstrcatA
HeapSize
MultiByteToWideChar
Sleep
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetLastError
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
EnterCriticalSection
DisableThreadLibraryCalls
LoadLibraryA
lstrcatW
WaitForSingleObjectEx
DeleteFileA
DeleteFileW
HeapReAlloc
CloseHandle
GetSystemInfo
LoadLibraryW
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
GetProcAddress
CreateFileMappingA
LocalFree
LockFileEx
GetFileSize
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
SystemTimeToFileTime
GetModuleHandleW
FreeLibrary
WideCharToMultiByte
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
WriteConsoleW
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
SetStdHandle
RaiseException
HeapFree
HeapCreate
TryEnterCriticalSection
ReadFile
AreFileApisANSI
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CreateFileA
lstrcmpiW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwindEx
InterlockedFlushSList
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameA
CompareStringW
LCMapStringW
GetACP
GetTimeZoneInformation
GetStringTypeW
GetStdHandle
GetFileType
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA

user32

wsprintfA
wsprintfW

advapi32

CryptAcquireContextW
CryptEncrypt
CryptDecrypt
CryptCreateHash
CryptDeriveKey
CryptHashData
CryptDestroyHash
CryptReleaseContext
CryptDestroyKey

Exports

Exports

SI0019486164d7bf44
SI02ba66995d97a90f
SI03287dbc8723fdd9
SI04b638e115f7beb4
SI04ce52527311d73d
SI04fc6f8a1e017f73
SI0504e2b10fc984a6
SI08e1b81c309b0697
SI093ec945feac7a9f
SI0a5994a5732236aa
SI0a5abed06696b608
SI0b7b29d9f4d9e9cd
SI0baa26a8603fbeaa
SI0ea978ea1c0d405a
SI106a696fe4411f05
SI11c76cd24cbc4f5a
SI140dacdec9d5041b
SI143d3c343ba8f025
SI14b078570350825e
SI14f276d110ea07d2
SI1698350d8fe62095
SI19682c472152ed2e
SI1b5f3547d13ba432
SI1b7dde7e97584ae2
SI1d073d65c838cf5f
SI1d2e911ac01d0e2a
SI1da0a0558762261c
SI2443a50be142b79d
SI24b9ac65c591ee78
SI257c42d028c92062
SI25e7ed432da5abe2
SI26bead82d146f523
SI26ecabef7303a42d
SI26f15d49d07fe93a
SI279a729adc1377d7
SI2836277b871ce8fa
SI28cd73ca34f8fb73
SI2a15a1761404662d
SI2a54b637f740510b
SI2de6c00a59e7266e
SI2f17e57366f2805e
SI2f719ae9d2d6fe5e
SI3145812b5ff77358
SI3455a1cea238c256
SI350ef657c32efd79
SI352a26dec0656975
SI35b071367928739e
SI36d903e8ae1034f7
SI371968036eb4539a
SI3721ad633fe2573d
SI37ce1131ccb4e11f
SI3862a1ce27ef5703
SI38b2a832762db8ac
SI3a79cd3b97e12d27
SI3b5b10d9ddfee5ca
SI3c382270243917a2
SI3c49f645ceb670cc
SI3cbdfafed17209a8
SI3d262250f51c6b05
SI3d4a59f30e3066e7
SI3eeccb23f013126d
SI4004f11c66fafdc3
SI419eb095ca17491d
SI45c0ebd9695268ad
SI45fe92a006b7a736
SI467bb3798f593774
SI4919ea51262dac3c
SI4a17a8a321d6ec6a
SI4bab566a390e239c
SI4d728c49baeb336f
SI4de37165831bc271
SI4dfb599f3fd3e023
SI5012edaf9a9b576b
SI523067e3e1269727
SI53b960648e352398
SI5460c9874d9a9c36
SI55523c66e4a81c11
SI565732004973ce4e
SI56805d3cb6ea5260
SI58ae048217841433
SI59ef51e4227a1e60
SI5b8b7f6e43119418
SI5c09368f04cf7aa2
SI5cff166c599de746
SI5d045c2b9d9b73fa
SI5ea70b9767a9e9ce
SI606edd9d386f5df5
SI60bfb2a7e6c9c0e3
SI611d33161126275a
SI613bc819b96e1775
SI6187cc864ff10c8f
SI61c731d3f0a5a8a6
SI63f918e55acf1c40
SI66be4ec506ed664f
SI698058cf78c6a869
SI6a086e2f49de7e85
SI72535cfc141a05c2
SI73e26334041d137d
SI747f3b763c8524f5
SI75e0cee60392beec
SI7742db5e5c879069
SI77d1487d2c16c856
SI78561b4f7190c8dd
SI785b181261fdc0bd
SI7991725b877e4051
SI7af3787a4ab6b5b0
SI7d9178711dcd6811
SI7da1c71ef2b6697a
SI7e5af6a8bfaa1747
SI7f2136bd3d2988aa
SI7f3350ed5ca228bf
SI810facc01c4e99e6
SI81dd6ea067523204
SI837eea5ba53f61b3
SI83f01e67cc2cc9a2
SI85018aaa81082789
SI853298524d63488b
SI8554a644a22f6f20
SI8668b1fc92c22ce1
SI87ee2ec0596a27ef
SI8b1f1431e854f393
SI8b4ecf9e9b46e30b
SI8b6fe1d4af2fdb27
SI8bd848f76b779693
SI8c91429ec00ce6ea
SI8f46df6c19cb419c
SI9006fa68bc924c6f
SI947263e5a132a998
SI965595dac5504b14
SI96e96b93e3971a75
SI971aea6e1a3ae173
SI9ced4623ecd3a3df
SI9e7440e5cce5dc43
SI9edfb98001bcad06
SIa0b934f9dd65efc0
SIa0da56ff87b86dd4
SIa0e5ab23d1190dca
SIa129aff02640c9fe
SIa25f4de441a18204
SIa2c646e1460e3d6a
SIa48df0905a06105d
SIa5013de19e424d00
SIa9bfcac726a70265
SIa9d260dfe73149da
SIaa3c70b5d386c1fa
SIaa3fada7ca685a32
SIaa8f19242494c08c
SIabcd6360beb68a2a
SIabe868fb63f052f8
SIac677082e755b84d
SIae3be833182ff91d
SIaebfdeab19641351
SIaf4898799c5c5ab8
SIafa80a0dba5e3a76
SIb21b3064163c0cda
SIb22cf6c68ac1220a
SIb2d853f1157189a5
SIb30987ff703d6e36
SIb369846d768c8d78
SIb3941677af59e24d
SIb41581ca1b61ed15
SIb57167164aea0161
SIb7b5b2f8e5976737
SIb8a2357403777398
SIb99186e559a4aff6
SIba36cbed52191512
SIbae13b5cc010bd67
SIc0ea1e3857b0ec43
SIc0f749663083c28a
SIc0f7fc1c96c2f62b
SIc2aaa7918e50464c
SIc4f8bd1f4b581f4f
SIc5e3cd0a498a1779
SIc63f2c66e9fadd2d
SIc6b2972f1a2dc615
SIc7e5bd609ce4c68a
SIc8e3ed89cf504a6c
SIc9a5f32c73143c77
SIc9f2182c4a948277
SIca49018e24ca57ec
SIcb4a928df499bdf6
SId08a69e2f8f143ba
SId290cb03f3dc3f61
SId56a8ebc35663981
SId59e1d487aca89f9
SId5fff727332fb0f9
SId65d58073bd498dc
SId7d7db98a12d19ea
SIda2943ab88fe2b4e
SIdb6bf1b7b5944bb6
SIdbad5a35d7a3205c
SIde1622bcd84f5091
SIdfd4204af97948d5
SIe0b31ba0fca9dfae
SIe47e4c5201c5334a
SIeb85fb6ed1178f6e
SIed7328d4da7ea496
SIefa0b6ff8825450f
SIf2f03057a674dd64
SIf39369f79e9f653d
SIf44cd2b5614ea7da
SIf5c71e022d4e16c5
SIf61494071db20f41
SIf67c886bb709cc2f
SIf6ca1239c6e3c3e4
SIfe86240eeda8764b
SIfeac64b03115a142
sqlite3_cryptoapi_init
sqlite3_fts5_init
sqlite3_fts_init
sqlite3_percentile_init
sqlite3_regexp_init
sqlite3_sha_init
sqlite3_shathree_init
sqlite3_totype_init
sqlite3_vtshim_init

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 268KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/SQLite.Interop.dll
.dll windows x86

Password: infected

c7ed3cced4a9a7e77612b9900591b547

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:0c:c7:2c:cf:31:ae:9b:2e:36:41:0a:d0:ee:98:92
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

01/10/2021, 00:00

Not After

12/12/2024, 23:59

Subject

SERIALNUMBER=364617-96,CN=Mistachkin Systems (Joseph Mistachkin),O=Mistachkin Systems (Joseph Mistachkin),L=Beaverton,ST=Oregon,C=US,1.3.6.1.4.1.311.60.2.1.2=#13064f7265676f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#130f427573696e65737320456e74697479

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:0c:c7:2c:cf:31:ae:9b:2e:36:41:0a:d0:ee:98:92
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

01/10/2021, 00:00

Not After

12/12/2024, 23:59

Subject

SERIALNUMBER=364617-96,CN=Mistachkin Systems (Joseph Mistachkin),O=Mistachkin Systems (Joseph Mistachkin),L=Beaverton,ST=Oregon,C=US,1.3.6.1.4.1.311.60.2.1.2=#13064f7265676f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#130f427573696e65737320456e74697479

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d4:95:db:a3:94:61:26:b1:2d:bf:e5:f6:9d:dc:72:f7:db:9d:f3:dc:57:45:22:31:d8:03:41:3c:a9:c1:40:36:35:f1:d8:eb:0f:93:68:3d:65:82:2c:53:e9:4e:6a:73:c0:da:2a:28:82:1f:1c:8a:cf:a4:68:b4:d9:8a:39:10
Signer

Actual PE Digest

d4:95:db:a3:94:61:26:b1:2d:bf:e5:f6:9d:dc:72:f7:db:9d:f3:dc:57:45:22:31:d8:03:41:3c:a9:c1:40:36:35:f1:d8:eb:0f:93:68:3d:65:82:2c:53:e9:4e:6a:73:c0:da:2a:28:82:1f:1c:8a:cf:a4:68:b4:d9:8a:39:10

Digest Algorithm

sha512

PE Digest Matches

true

4e:c9:2e:71:0b:72:3e:5b:a9:de:43:94:da:02:17:9e:ee:b8:68:7e
Signer

Actual PE Digest

4e:c9:2e:71:0b:72:3e:5b:a9:de:43:94:da:02:17:9e:ee:b8:68:7e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

CorBindToRuntimeEx

wintrust

WinVerifyTrust

kernel32

GetFullPathNameW
lstrlenW
WriteFile
GetDiskFreeSpaceW
OutputDebugStringA
GetModuleFileNameW
SetEnvironmentVariableW
LockFile
LeaveCriticalSection
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
GetEnvironmentVariableW
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
lstrlenA
GetEnvironmentVariableA
WaitForSingleObject
CreateFileW
GetFileAttributesW
GetCurrentThreadId
lstrcmpA
UnmapViewOfFile
HeapValidate
lstrcatA
HeapSize
MultiByteToWideChar
Sleep
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetLastError
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
EnterCriticalSection
DisableThreadLibraryCalls
LoadLibraryA
lstrcatW
WaitForSingleObjectEx
DeleteFileA
DeleteFileW
HeapReAlloc
CloseHandle
GetSystemInfo
LoadLibraryW
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
GetProcAddress
CreateFileMappingA
LocalFree
LockFileEx
GetFileSize
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
SystemTimeToFileTime
GetModuleHandleW
FreeLibrary
WideCharToMultiByte
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
WriteConsoleW
lstrcmpiW
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
RaiseException
SetStdHandle
DecodePointer
HeapFree
HeapCreate
TryEnterCriticalSection
ReadFile
AreFileApisANSI
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CreateFileA
MapViewOfFile
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
InterlockedFlushSList
RtlUnwind
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameA
CompareStringW
LCMapStringW
GetACP
GetTimeZoneInformation
GetStringTypeW
GetStdHandle
GetFileType
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA

user32

wsprintfA
wsprintfW

advapi32

CryptAcquireContextW
CryptEncrypt
CryptDecrypt
CryptCreateHash
CryptDeriveKey
CryptHashData
CryptDestroyHash
CryptReleaseContext
CryptDestroyKey

Exports

Exports

SI02ba66995d97a90f
SI03287dbc8723fdd9
SI04ce52527311d73d
SI0504e2b10fc984a6
SI08e1b81c309b0697
SI093ec945feac7a9f
SI0a5994a5732236aa
SI0a5abed06696b608
SI0b7b29d9f4d9e9cd
SI0baa26a8603fbeaa
SI0ea978ea1c0d405a
SI106a696fe4411f05
SI11c76cd24cbc4f5a
SI143d3c343ba8f025
SI14b078570350825e
SI14f276d110ea07d2
SI1698350d8fe62095
SI19682c472152ed2e
SI1b5f3547d13ba432
SI1b7dde7e97584ae2
SI2443a50be142b79d
SI24b9ac65c591ee78
SI257c42d028c92062
SI26bead82d146f523
SI26ecabef7303a42d
SI26f15d49d07fe93a
SI279a729adc1377d7
SI2836277b871ce8fa
SI28cd73ca34f8fb73
SI2a15a1761404662d
SI2a54b637f740510b
SI2f17e57366f2805e
SI3145812b5ff77358
SI3455a1cea238c256
SI350ef657c32efd79
SI352a26dec0656975
SI35b071367928739e
SI371968036eb4539a
SI3721ad633fe2573d
SI37ce1131ccb4e11f
SI38b2a832762db8ac
SI3c382270243917a2
SI3c49f645ceb670cc
SI3cbdfafed17209a8
SI3d4a59f30e3066e7
SI3eeccb23f013126d
SI45c0ebd9695268ad
SI45fe92a006b7a736
SI467bb3798f593774
SI4919ea51262dac3c
SI4a17a8a321d6ec6a
SI4bab566a390e239c
SI4d728c49baeb336f
SI4de37165831bc271
SI523067e3e1269727
SI53b960648e352398
SI5460c9874d9a9c36
SI55523c66e4a81c11
SI565732004973ce4e
SI56805d3cb6ea5260
SI5c09368f04cf7aa2
SI5cff166c599de746
SI5d045c2b9d9b73fa
SI5ea70b9767a9e9ce
SI606edd9d386f5df5
SI60bfb2a7e6c9c0e3
SI6187cc864ff10c8f
SI61c731d3f0a5a8a6
SI63f918e55acf1c40
SI66be4ec506ed664f
SI698058cf78c6a869
SI6a086e2f49de7e85
SI72535cfc141a05c2
SI73e26334041d137d
SI747f3b763c8524f5
SI75e0cee60392beec
SI7742db5e5c879069
SI77d1487d2c16c856
SI78561b4f7190c8dd
SI785b181261fdc0bd
SI7991725b877e4051
SI7af3787a4ab6b5b0
SI7d9178711dcd6811
SI7da1c71ef2b6697a
SI7e5af6a8bfaa1747
SI7f2136bd3d2988aa
SI81dd6ea067523204
SI837eea5ba53f61b3
SI83f01e67cc2cc9a2
SI85018aaa81082789
SI853298524d63488b
SI8554a644a22f6f20
SI8668b1fc92c22ce1
SI87ee2ec0596a27ef
SI8b1f1431e854f393
SI8b6fe1d4af2fdb27
SI8bd848f76b779693
SI8c91429ec00ce6ea
SI8f46df6c19cb419c
SI9006fa68bc924c6f
SI96e96b93e3971a75
SI9ced4623ecd3a3df
SI9e7440e5cce5dc43
SI9edfb98001bcad06
SIa0b934f9dd65efc0
SIa129aff02640c9fe
SIa25f4de441a18204
SIa2c646e1460e3d6a
SIa5013de19e424d00
SIa9bfcac726a70265
SIa9d260dfe73149da
SIaa3fada7ca685a32
SIaa8f19242494c08c
SIabcd6360beb68a2a
SIabe868fb63f052f8
SIac677082e755b84d
SIae3be833182ff91d
SIb21b3064163c0cda
SIb22cf6c68ac1220a
SIb2d853f1157189a5
SIb30987ff703d6e36
SIb41581ca1b61ed15
SIb57167164aea0161
SIb7b5b2f8e5976737
SIb8a2357403777398
SIb99186e559a4aff6
SIba36cbed52191512
SIbae13b5cc010bd67
SIc0ea1e3857b0ec43
SIc0f7fc1c96c2f62b
SIc4f8bd1f4b581f4f
SIc5e3cd0a498a1779
SIc63f2c66e9fadd2d
SIc6b2972f1a2dc615
SIc7e5bd609ce4c68a
SIc9a5f32c73143c77
SIc9f2182c4a948277
SIca49018e24ca57ec
SIcb4a928df499bdf6
SId08a69e2f8f143ba
SId290cb03f3dc3f61
SId59e1d487aca89f9
SId5fff727332fb0f9
SIdb6bf1b7b5944bb6
SIdbad5a35d7a3205c
SIde1622bcd84f5091
SIdfd4204af97948d5
SIe47e4c5201c5334a
SIed7328d4da7ea496
SIefa0b6ff8825450f
SIf2f03057a674dd64
SIf44cd2b5614ea7da
SIf61494071db20f41
SIf67c886bb709cc2f
SIfe86240eeda8764b
SIfeac64b03115a142
_SI0019486164d7bf44@12
_SI04b638e115f7beb4@20
_SI04fc6f8a1e017f73@20
_SI140dacdec9d5041b@12
_SI1d073d65c838cf5f@12
_SI1d2e911ac01d0e2a@4
_SI1da0a0558762261c@8
_SI25e7ed432da5abe2@0
_SI2de6c00a59e7266e@4
_SI2f719ae9d2d6fe5e@8
_SI36d903e8ae1034f7@12
_SI3862a1ce27ef5703@4
_SI3a79cd3b97e12d27@8
_SI3b5b10d9ddfee5ca@4
_SI3d262250f51c6b05@32
_SI4004f11c66fafdc3@4
_SI419eb095ca17491d@12
_SI4dfb599f3fd3e023@12
_SI5012edaf9a9b576b@12
_SI58ae048217841433@12
_SI59ef51e4227a1e60@40
_SI5b8b7f6e43119418@0
_SI611d33161126275a@24
_SI613bc819b96e1775@8
_SI7f3350ed5ca228bf@112
_SI810facc01c4e99e6@12
_SI8b4ecf9e9b46e30b@12
_SI947263e5a132a998@36
_SI965595dac5504b14@12
_SI971aea6e1a3ae173@12
_SIa0da56ff87b86dd4@12
_SIa0e5ab23d1190dca@8
_SIa48df0905a06105d@4
_SIaa3c70b5d386c1fa@4
_SIaebfdeab19641351@12
_SIaf4898799c5c5ab8@44
_SIafa80a0dba5e3a76@12
_SIb369846d768c8d78@4
_SIb3941677af59e24d@12
_SIc0f749663083c28a@8
_SIc2aaa7918e50464c@4
_SIc8e3ed89cf504a6c@8
_SId56a8ebc35663981@12
_SId65d58073bd498dc@12
_SId7d7db98a12d19ea@8
_SIda2943ab88fe2b4e@20
_SIe0b31ba0fca9dfae@4
_SIeb85fb6ed1178f6e@16
_SIf39369f79e9f653d@8
_SIf5c71e022d4e16c5@12
_SIf6ca1239c6e3c3e4@8
sqlite3_cryptoapi_init
sqlite3_fts5_init
sqlite3_fts_init
sqlite3_percentile_init
sqlite3_regexp_init
sqlite3_sha_init
sqlite3_shathree_init
sqlite3_totype_init
sqlite3_vtshim_init

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Password: infected

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 4.7MB - Virtual size: 4.7MB

.rsrc Size: 1024B - Virtual size: 852B

.reloc Size: 512B - Virtual size: 12B

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 2KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

Password: infected

d99c34fbf4a27bd49bd158efcb5d8cc5

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:0c:c7:2c:cf:31:ae:9b:2e:36:41:0a:d0:ee:98:92Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:0c:c7:2c:cf:31:ae:9b:2e:36:41:0a:d0:ee:98:92Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

cf:d4:f4:c6:67:41:51:25:50:fe:04:71:14:50:fb:c3:8a:96:d0:e8:62:36:97:2d:eb:8d:05:97:81:a3:1e:a9:08:57:1c:47:e4:b3:9c:61:07:82:ad:63:6c:e8:02:52:73:2c:bf:34:b4:5d:5e:81:4d:22:e1:53:b2:5d:e2:13Signer

b6:7a:e6:77:bc:d2:69:c2:1a:a2:30:5d:0d:3c:28:b0:7a:c4:c3:ffSigner

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

wintrust

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 268KB - Virtual size: 268KB

.data Size: 18KB - Virtual size: 24KB

.pdata Size: 72KB - Virtual size: 72KB

.gfids Size: 512B - Virtual size: 156B

.rsrc Size: 2KB - Virtual size: 2KB

.text
Size: 4.7MB - Virtual size: 4.7MB

.rsrc
Size: 1024B - Virtual size: 852B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:0c:c7:2c:cf:31:ae:9b:2e:36:41:0a:d0:ee:98:92
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:0c:c7:2c:cf:31:ae:9b:2e:36:41:0a:d0:ee:98:92
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

cf:d4:f4:c6:67:41:51:25:50:fe:04:71:14:50:fb:c3:8a:96:d0:e8:62:36:97:2d:eb:8d:05:97:81:a3:1e:a9:08:57:1c:47:e4:b3:9c:61:07:82:ad:63:6c:e8:02:52:73:2c:bf:34:b4:5d:5e:81:4d:22:e1:53:b2:5d:e2:13
Signer

b6:7a:e6:77:bc:d2:69:c2:1a:a2:30:5d:0d:3c:28:b0:7a:c4:c3:ff
Signer

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 268KB - Virtual size: 268KB

.data
Size: 18KB - Virtual size: 24KB

.pdata
Size: 72KB - Virtual size: 72KB

.gfids
Size: 512B - Virtual size: 156B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 5KB - Virtual size: 5KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:0c:c7:2c:cf:31:ae:9b:2e:36:41:0a:d0:ee:98:92
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:0c:c7:2c:cf:31:ae:9b:2e:36:41:0a:d0:ee:98:92
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

d4:95:db:a3:94:61:26:b1:2d:bf:e5:f6:9d:dc:72:f7:db:9d:f3:dc:57:45:22:31:d8:03:41:3c:a9:c1:40:36:35:f1:d8:eb:0f:93:68:3d:65:82:2c:53:e9:4e:6a:73:c0:da:2a:28:82:1f:1c:8a:cf:a4:68:b4:d9:8a:39:10
Signer

4e:c9:2e:71:0b:72:3e:5b:a9:de:43:94:da:02:17:9e:ee:b8:68:7e
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 164KB - Virtual size: 163KB

.data
Size: 11KB - Virtual size: 14KB

.gfids
Size: 512B - Virtual size: 168B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 36KB - Virtual size: 35KB