stormkitty | 9ef929399eb29c3c23cb999d37c1a0bdef71386e4917d90baffe64e34f603939

Sharing

Copy URL

Twitter E-mail

General

Target

9ef929399eb29c3c23cb999d37c1a0bdef71386e4917d90baffe64e34f603939
Size

3.5MB
MD5

c37171efe5ae927a103289543b695deb
SHA1

7ca7a2ef560badebd38611a7318932dfbaf8dee9
SHA256

9ef929399eb29c3c23cb999d37c1a0bdef71386e4917d90baffe64e34f603939
SHA512

daca64be4321c0eded607236c8f186459c4de4069e9384360f34acf496a77a94ba32d7d4faab2dddd56bf5e663c467b247a31f8c26beea7428354d50f2afe23f
SSDEEP

98304:+Wn6DfnEOWmP/oI8N8WW2eCxQQqa2KLXjWRQIHlrUKPbJu:+o6DJWmP/o3pW7Ta2KMHlrdk

Score

10^/10

stormkitty

Malware Config

Signatures

StormKitty payload 1 IoCs

resource	yara_rule
static1/unpack001/Tool Reg Gmail/Tool Reg Gmail.exe	family_stormkitty

Stormkitty family
stormkitty

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Tool Reg Gmail/Tool Reg Gmail.exe

Files

9ef929399eb29c3c23cb999d37c1a0bdef71386e4917d90baffe64e34f603939
.rar

Password: infected
Tool Reg Gmail/SQLite.Interop.dll
.dll windows x86

Password: infected

b04260b0adf8a3fb288f474e303bb391

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:0c:c7:2c:cf:31:ae:9b:2e:36:41:0a:d0:ee:98:92
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

01-10-2021 00:00

Not After

12-12-2024 23:59

Subject

SERIALNUMBER=364617-96,CN=Mistachkin Systems (Joseph Mistachkin),O=Mistachkin Systems (Joseph Mistachkin),L=Beaverton,ST=Oregon,C=US,1.3.6.1.4.1.311.60.2.1.2=#13064f7265676f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#130f427573696e65737320456e74697479

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29-03-2022 00:00

Not After

14-03-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:0c:c7:2c:cf:31:ae:9b:2e:36:41:0a:d0:ee:98:92
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

01-10-2021 00:00

Not After

12-12-2024 23:59

Subject

SERIALNUMBER=364617-96,CN=Mistachkin Systems (Joseph Mistachkin),O=Mistachkin Systems (Joseph Mistachkin),L=Beaverton,ST=Oregon,C=US,1.3.6.1.4.1.311.60.2.1.2=#13064f7265676f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#130f427573696e65737320456e74697479

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29-03-2022 00:00

Not After

14-03-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

71:95:87:94:05:7a:f6:b9:67:1b:a8:cc:35:a3:f4:22:f4:1b:f8:f2:8d:bc:ed:03:37:ac:e4:d2:cc:6c:fd:4f:c1:2b:7e:d8:bb:84:7d:d6:ea:5e:11:1b:82:29:9e:17:ed:3d:ff:ef:72:ba:03:26:de:11:84:13:32:d0:78:21
Signer

Actual PE Digest

71:95:87:94:05:7a:f6:b9:67:1b:a8:cc:35:a3:f4:22:f4:1b:f8:f2:8d:bc:ed:03:37:ac:e4:d2:cc:6c:fd:4f:c1:2b:7e:d8:bb:84:7d:d6:ea:5e:11:1b:82:29:9e:17:ed:3d:ff:ef:72:ba:03:26:de:11:84:13:32:d0:78:21

Digest Algorithm

sha512

PE Digest Matches

true

ca:58:c0:61:1c:f1:85:75:8f:c5:c4:8b:99:13:87:98:d9:e0:a5:25
Signer

Actual PE Digest

ca:58:c0:61:1c:f1:85:75:8f:c5:c4:8b:99:13:87:98:d9:e0:a5:25

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

StrongNameSignatureVerificationEx
StrongNameFreeBuffer
StrongNameErrorInfo
CorBindToRuntimeEx
StrongNameTokenFromAssembly

wintrust

WinVerifyTrust

kernel32

GetEnvironmentVariableW
HeapReAlloc
CreateFileA
GetFileSize
CreateMutexW
HeapCompact
SetFilePointer
TryEnterCriticalSection
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
FreeLibrary
HeapAlloc
SystemTimeToFileTime
SetEnvironmentVariableW
QueryPerformanceCounter
HeapFree
WaitForSingleObject
InterlockedCompareExchange
UnlockFile
FlushViewOfFile
LockFile
WaitForSingleObjectEx
OutputDebugStringW
GetModuleHandleW
GetTickCount
UnlockFileEx
GetProcessHeap
GetSystemTimeAsFileTime
FormatMessageA
WriteFile
InitializeCriticalSection
WideCharToMultiByte
LoadLibraryW
Sleep
FormatMessageW
GetVersionExW
HeapDestroy
GetFileAttributesA
GetFullPathNameA
HeapCreate
HeapValidate
GetFileAttributesW
ReadFile
GetModuleFileNameW
CreateFileW
MultiByteToWideChar
lstrlenW
FlushFileBuffers
GetTempPathW
GetLastError
GetProcAddress
HeapSize
LockFileEx
EnterCriticalSection
GetDiskFreeSpaceW
LoadLibraryA
CreateFileMappingA
CreateFileMappingW
GetDiskFreeSpaceA
GetSystemInfo
lstrcmpiW
lstrcatW
GetFileAttributesExW
DeleteCriticalSection
OutputDebugStringA
GetCurrentThreadId
SetEnvironmentVariableA
CloseHandle
DeleteFileW
GetCurrentProcessId
GetTempPathA
LocalFree
GetSystemTime
AreFileApisANSI
DeleteFileA
CompareStringW
GetFullPathNameW
LCMapStringW
SetStdHandle
WriteConsoleW
LeaveCriticalSection
GetVersionExA
EncodePointer
DecodePointer
CreateThread
ExitThread
LoadLibraryExW
IsDebuggerPresent
IsProcessorFeaturePresent
GetCommandLineA
GetTimeZoneInformation
SetLastError
InterlockedIncrement
InterlockedDecrement
ExitProcess
GetModuleHandleExW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStdHandle
GetFileType
GetModuleFileNameA
GetEnvironmentStringsW
FreeEnvironmentStringsW
RaiseException
GetConsoleCP
GetConsoleMode
SetFilePointerEx
RtlUnwind
GetStringTypeW

user32

wsprintfW

advapi32

CryptDestroyHash
CryptDecrypt
CryptDestroyKey
CryptCreateHash
CryptEncrypt
CryptReleaseContext
CryptDeriveKey
CryptAcquireContextW
CryptHashData

Exports

Exports

SI02815e94e2c315f7
SI039413da2b10b773
SI054e3c8468772b2b
SI0628e029b7e108db
SI077534168313d3ed
SI0938f783b19237a0
SI0a886fd4c720116f
SI0bdc6d0c384d2e10
SI0cff507887d45bcd
SI0d6b1c4a8f9f99d4
SI0da8b85fb82501d5
SI11726a584883eb5b
SI13396627163b7740
SI157f8e08193aa53b
SI1773c1143669a2d4
SI179fdc030276548d
SI1d81196412d3ef05
SI1def9b218f2b4647
SI1e14e4ca4a95bf49
SI1f188bbd4af5db07
SI21a888837ee363be
SI23fce3fb79cbb177
SI24f086e117ed378d
SI255d44cceccc3fc7
SI2560e79b9e8e0efc
SI258150823cbe6bde
SI2711207af0065fc8
SI28dd7560c8be508f
SI294b84466eaff39a
SI2a62764d0ab77e14
SI2b645959c9369085
SI2d11646dfe5d0c6a
SI2eb4079ca3a05cbf
SI2f014207a555e535
SI33ef63550c5242fb
SI341218eede1b5e9b
SI386737cd2a0fdd19
SI3997e7de4e90e1b3
SI3c17a08e4bd9b715
SI3ce20b46a489236f
SI43bfa22e745af6d8
SI44d6ee46b9c95458
SI45fe9413d5eae770
SI475081909f1229d5
SI47e966d3c8ed1d1c
SI486b02ac296e0b17
SI528b790fd6ac4633
SI55f8c019b2e5ed58
SI56bf96ba405a1160
SI599b44278adc9bc1
SI5b8ed01c5811b4d5
SI5ca7a2a9e7f1b871
SI5f6198a74f6a66c1
SI5f81f83484be3abd
SI5f8c56b9ec22dac6
SI609a818d5fbe9ac9
SI61339d837097a253
SI6199891c0152daea
SI61ebe33d35212c42
SI66864656aba1350f
SI670f4f88bee34d06
SI690e97ad40a6d636
SI6986c52c0c452cc1
SI6b1ea8359a4bab8f
SI6c336868b0a5fe32
SI6d1c17b1fb262865
SI6d7b2699ee23d3f8
SI72ec7143af42ede1
SI74043e952a2cd403
SI7520d000053e0d14
SI7a5090ee686ee20d
SI7ba05ce94ad6ec39
SI7c80035d85f12db7
SI7cec4139b0e05c44
SI7d59e220321e2f41
SI7e589f074eae40b8
SI7f61887459ad69d9
SI7fbe039e0a0a9e80
SI7fca2652f71267db
SI8181a48bde70c668
SI870da7e43adb4ee2
SI89eaf1bd7a956980
SI8a4e5681c1906ed7
SI9086cecb6f6cb06e
SI9142d5013e275b68
SI92a9d705cf067ce9
SI95b0bda85d917b2e
SI962c27000aacea2e
SI98872790d4e8efd1
SI9a83e170c880ff66
SI9ce43ab9f0988669
SI9d59c342e257f634
SI9f7fed40b32f2518
SIa2d290f3cce83950
SIa3f72e1fcd28493d
SIa487294f7b3982b5
SIa56f9b6b87626f82
SIa6ac334abbe174be
SIa6adfe554ffc7cbf
SIa97f15c7a9a3fcec
SIac17d6653268c29d
SIb01052dff9582bba
SIb3a01e7c57f0fe15
SIb3a698858b4f4c1e
SIb3adde975ae37b85
SIb7ca6c18f9b627e3
SIb8b2ca972163fd1d
SIb90da090982f4b08
SIbadadf3b9880be1c
SIbae16952f377e56d
SIbaf8241fbd0ce62c
SIbbe901f293754481
SIbbfce5c96068face
SIbcc66e0ffc3a4a1a
SIbf23d3c9d85dbdc9
SIc15bffd7e1940157
SIc2f1bb5274db50ad
SIc5e7050b98faec6c
SIc6d60081c2db6a17
SIc8187efca8c1cb7a
SIcd04f8e391a31c9f
SIcdd4568419784a8a
SIcf8c2c23760a4499
SId2c7880f24f06d7c
SId2c89445431c35db
SId644b1bddd2a2bbd
SId6fdbb9d0d4025e5
SId81be8ee89587e08
SId81cf9ee807123a7
SId93ded5c6e4c47cf
SIdeafee00e45abdd7
SIdff2308d05ffee18
SIe1f990609c49e19e
SIea85a8543a7ed080
SIeab73374c21d5265
SIebbb430d08e906d0
SIee287d5c749c90fb
SIef4f0710e0d4fe79
SIf17d2cb586e5ed0b
SIf317063645427306
SIf36d68994f8a3dbc
SIf55420fc5e7a71c7
SIf5788ad6b55cce99
SIf78f8f1191d53f8b
SIf7e752fd3d0936c7
SIfc766c3d655f3fe2
SIfdd143ea824fb4f0
SIff65f01991d44537
_SI0ce1fad4c4f4a7fb@8
_SI2205f161df7092bc@12
_SI27b50b0098946eb0@12
_SI2a4d8b6ad44eebf1@12
_SI37a08ac191c978d9@12
_SI3ae1edd0b6623730@8
_SI3f6b70ecace50eb3@44
_SI473a804e6f038305@8
_SI4b285cf3ba62c252@4
_SI4ca8ca7236e6114c@4
_SI4d5fafa34f690772@8
_SI4edf79ad44a9cff4@24
_SI4ee0a8e4fbaae675@0
_SI506e50fb03c2d89a@12
_SI56aabcf29f5e6720@16
_SI577edba978146092@4
_SI57cb62b7ae61cb1b@12
_SI5bb9251d9841cbec@4
_SI6527c62a1dabea11@20
_SI6e43416f0f0e0e16@12
_SI772bd4b1b0106e5b@4
_SI782e3aea35580db5@12
_SI7b32bbd817c65bb8@0
_SI7d92c115a9fdcf4b@8
_SI8a4f24784a6e0dd7@4
_SI917c1d969e6de20e@12
_SI9a7f75f0346092f5@20
_SI9cb60bb60df261b3@32
_SI9ee262799bd281d7@4
_SI9eee50437bcc1191@12
_SIa3d8d3d7074939f8@12
_SIac40f022a187cea2@12
_SIac721dd2e74c9941@12
_SIafaf563ba75328fe@4
_SIb4c632894b76cc1d@20
_SIb534977cefbb73a0@12
_SIbbb652829bd5e949@112
_SIc28680a63df4f588@12
_SIc62437a375ae6e3e@8
_SIc6bf4b86ca97d9ec@4
_SId02b7e5e97e1e93a@8
_SId8f3329973466732@12
_SId8f792fefa4b5275@4
_SIe2c7699ad7342993@36
_SIe43bdb992e04bab8@8
_SIe51ef6b50d4bca6d@8
_SIe8488cc730a7a082@12
_SIea4bbb6d1ee2a307@8
_SIefe0985609bde5e8@12
_SIfd60417394c54f67@12
sqlite3_cryptoapi_init
sqlite3_fts5_init
sqlite3_fts_init
sqlite3_percentile_init
sqlite3_regexp_init
sqlite3_sha_init
sqlite3_totype_init
sqlite3_vtshim_init

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 198KB - Virtual size: 197KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Tool Reg Gmail/Tool Reg Gmail.exe
.exe windows x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

b04260b0adf8a3fb288f474e303bb391

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:0c:c7:2c:cf:31:ae:9b:2e:36:41:0a:d0:ee:98:92Certificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:0c:c7:2c:cf:31:ae:9b:2e:36:41:0a:d0:ee:98:92Certificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

71:95:87:94:05:7a:f6:b9:67:1b:a8:cc:35:a3:f4:22:f4:1b:f8:f2:8d:bc:ed:03:37:ac:e4:d2:cc:6c:fd:4f:c1:2b:7e:d8:bb:84:7d:d6:ea:5e:11:1b:82:29:9e:17:ed:3d:ff:ef:72:ba:03:26:de:11:84:13:32:d0:78:21Signer

ca:58:c0:61:1c:f1:85:75:8f:c5:c4:8b:99:13:87:98:d9:e0:a5:25Signer

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

wintrust

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 198KB - Virtual size: 197KB

.data Size: 21KB - Virtual size: 29KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 43KB - Virtual size: 43KB

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.rsrc Size: 7KB - Virtual size: 7KB

.reloc Size: 512B - Virtual size: 12B

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:0c:c7:2c:cf:31:ae:9b:2e:36:41:0a:d0:ee:98:92
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:0c:c7:2c:cf:31:ae:9b:2e:36:41:0a:d0:ee:98:92
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

71:95:87:94:05:7a:f6:b9:67:1b:a8:cc:35:a3:f4:22:f4:1b:f8:f2:8d:bc:ed:03:37:ac:e4:d2:cc:6c:fd:4f:c1:2b:7e:d8:bb:84:7d:d6:ea:5e:11:1b:82:29:9e:17:ed:3d:ff:ef:72:ba:03:26:de:11:84:13:32:d0:78:21
Signer

ca:58:c0:61:1c:f1:85:75:8f:c5:c4:8b:99:13:87:98:d9:e0:a5:25
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 198KB - Virtual size: 197KB

.data
Size: 21KB - Virtual size: 29KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 43KB - Virtual size: 43KB

.text
Size: 2.9MB - Virtual size: 2.9MB

.rsrc
Size: 7KB - Virtual size: 7KB

.reloc
Size: 512B - Virtual size: 12B