sr-fe[.]iso | Triage

Sharing

Copy URL Twitter E-mail

General

Target

sr-fe.iso
Size

974.2MB
MD5

471b1a9ed502d11c8374cc637160ddc8
SHA1

03ce9c3f25860f151f489e21cd6cfe8e643e65af
SHA256

2fb93bc8f65a3f44f7bec85569a39ec8a0f968934e081aa1b1e181d1f17cfcd9
SHA512

6db4c2bb526ffa6c8bbd07e3c5a51e1175f11dc955ae8031cffca59b539547cda458b3c758a8281d64a710810e8908c402fce2e767d561a12e47702481bb75d1
SSDEEP

25165824:2JUpMPXPz2HhJT5muZYAj0JgnxpdK9ll8MA2:LaaH3T5mgYAjmgnx7n6

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/SKIDROW/SKIDROW.exe	upx
static1/unpack001/setup.exe	upx

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/SKIDROW/Fe_Data/Managed/Assembly-CSharp.dll
unpack001/SKIDROW/SKIDROW.exe
unpack001/setup.exe

Files

sr-fe.iso
.iso
SKIDROW/Fe.exe
.exe windows x64

4d7414a9fff36ee1af6d8d08923a7690

Code Sign

0f:7a:83:c4:f6:e0:1b:ef:71:16:83:b3:aa:6a:1d:50
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

08/02/2018, 00:00

Not After

04/01/2019, 12:00

Subject

CN=Zoink AB,O=Zoink AB,L=Göteborg,C=SE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

a2:fc:4e:3b:89:6d:91:87:92:db:23:c0:40:27:5d:8c:74:1d:40:c4:08:c1:b0:d2:d4:39:c5:57:5c:8e:a5:15
Signer

Actual PE Digest

a2:fc:4e:3b:89:6d:91:87:92:db:23:c0:40:27:5d:8c:74:1d:40:c4:08:c1:b0:d2:d4:39:c5:57:5c:8e:a5:15

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

hid

HidD_GetPreparsedData
HidD_GetHidGuid
HidD_GetProductString
HidD_GetManufacturerString
HidD_GetSerialNumberString
HidD_GetIndexedString
HidP_GetButtonCaps
HidP_GetCaps
HidP_MaxDataListLength
HidD_FreePreparsedData
HidP_GetValueCaps
HidD_GetAttributes
HidP_GetData

kernel32

MoveFileExW
GetFileAttributesExW
SetFileTime
SystemTimeToFileTime
GetSystemTime
CreateFileW
CopyFileW
FindClose
FindNextFileW
FindFirstFileW
FindFirstFileExW
SetFilePointer
ReplaceFileW
GetTempFileNameW
GetModuleFileNameW
VerifyVersionInfoW
VerSetConditionMask
GetVersionExW
GetSystemPowerStatus
GetSystemInfo
GetModuleHandleW
GlobalMemoryStatusEx
GetCurrentProcess
GetUserDefaultUILanguage
GetModuleHandleA
GetTickCount
LoadLibraryW
LocalAlloc
GetCurrentProcessId
SetUnhandledExceptionFilter
CreateThread
OpenEventW
DebugBreak
GetCurrentDirectoryW
GetComputerNameW
GetCommandLineW
GetTempPathW
CreateSemaphoreA
ResetEvent
GetOverlappedResult
SetEvent
CreateEventA
CreateEventW
CancelIo
WaitForMultipleObjects
GetStartupInfoA
VirtualProtect
VirtualFree
VirtualAlloc
IsDebuggerPresent
SetDllDirectoryW
GetFullPathNameW
ReleaseMutex
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateIoCompletionPort
GetQueuedCompletionStatus
GetWindowsDirectoryW
SleepEx
RaiseException
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
SetThreadPriority
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
SetHandleInformation
GetLocalTime
GetTimeZoneInformation
InitializeCriticalSection
LoadLibraryExW
GetFileSize
FileTimeToDosDateTime
FileTimeToLocalFileTime
GlobalLock
GetFileTime
VirtualQuery
GlobalMemoryStatus
SetErrorMode
FlushConsoleInputBuffer
GetStdHandle
DeleteFileW
SetThreadAffinityMask
WaitForSingleObject
GetProcessAffinityMask
ExitThread
InitializeSListHead
InterlockedPushEntrySList
InterlockedPopEntrySList
InterlockedFlushSList
CreateFileA
OpenEventA
SetWaitableTimer
CreateWaitableTimerA
GetSystemDirectoryA
WriteConsoleW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetProcessHeap
GetDriveTypeW
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
IsValidCodePage
GetOEMCP
GetACP
SetStdHandle
GetConsoleCP
FlsAlloc
FlsFree
FlsSetValue
FlsGetValue
SetHandleCount
HeapCreate
HeapSetInformation
TerminateProcess
UnhandledExceptionFilter
CompareStringW
GetCPInfo
LCMapStringW
PeekNamedPipe
GetFileInformationByHandle
GetConsoleMode
SetConsoleMode
ReadConsoleInputA
GetFullPathNameA
GetTimeFormatA
GetDateFormatA
FindFirstFileExA
GetDriveTypeA
FileTimeToSystemTime
GetStartupInfoW
GetCommandLineA
SetConsoleCtrlHandler
DuplicateHandle
HeapSize
HeapQueryInformation
ExitProcess
RtlUnwindEx
RtlPcToFileHeader
HeapAlloc
HeapReAlloc
HeapFree
GetStringTypeW
GetLocaleInfoW
DecodePointer
EncodePointer
CreateMutexW
FlushInstructionCache
CreateSemaphoreW
SignalObjectAndWait
GetModuleHandleExA
LoadLibraryExA
GetThreadLocale
VerifyVersionInfoA
ExpandEnvironmentStringsA
GetFileType
GetVersion
GlobalUnlock
GetVersionExA
GetModuleFileNameA
GetFileAttributesA
GetEnvironmentVariableA
LoadLibraryA
RemoveDirectoryW
SwitchToThread
CreateDirectoryW
GetProcAddress
SetEndOfFile
WriteFile
GetCurrentThreadId
CreateMutexA
ExpandEnvironmentStringsW
GetDiskFreeSpaceExA
FormatMessageW
GetCurrentDirectoryA
lstrcpynW
GlobalAlloc
CloseHandle
SetFilePointerEx
ReadFile
OutputDebugStringA
SetEnvironmentVariableA
GetCurrentThread
RtlCaptureContext
SuspendThread
GetThreadContext
ResumeThread
RtlLookupFunctionEntry
RtlVirtualUnwind
SetLastError
FreeLibrary
lstrcpyA
lstrcpynA
GetFileAttributesW
SetFileAttributesW
LocalFree
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
WideCharToMultiByte
MultiByteToWideChar
GetLastError
ReleaseSemaphore
WaitForSingleObjectEx
Sleep
FormatMessageA
QueryPerformanceFrequency
QueryPerformanceCounter
lstrlenA

user32

UpdateWindow
LoadImageW
DialogBoxParamA
WindowFromPoint
CreateDialogParamW
PeekMessageW
IsDialogMessageW
DispatchMessageW
MsgWaitForMultipleObjects
ValidateRect
SetTimer
EnableWindow
EnumDisplayDevicesA
CreateWindowExW
RegisterClassW
PeekMessageA
GetMessageA
KillTimer
GetCaretBlinkTime
wvsprintfA
MessageBoxW
EnumWindows
RegisterWindowMessageA
IsClipboardFormatAvailable
GetClipboardData
GetSystemMetrics
OpenClipboard
SetClipboardData
CloseClipboard
CheckDlgButton
GetUserObjectInformationA
GetThreadDesktop
SetCursor
LoadCursorA
DestroyCursor
DestroyIcon
SendMessageA
GetParent
GetWindowRect
GetWindowLongA
SetWindowPos
GetClientRect
GetWindowLongPtrA
DefWindowProcW
DestroyWindow
CreateDialogParamA
SetWindowLongPtrA
GetDlgItem
ChangeDisplaySettingsW
SetWindowLongA
MonitorFromWindow
EnumDisplaySettingsW
GetMonitorInfoW
UnregisterClassW
GetAncestor
OffsetRect
CopyRect
GetDesktopWindow
MessageBoxA
GetWindowPlacement
AdjustWindowRectEx
SetDlgItemTextW
SetDlgItemTextA
SendDlgItemMessageW
LoadIconA
EndDialog
DialogBoxParamW
RegisterClassExW
EnumDisplayMonitors
SetCapture
ReleaseCapture
UnregisterDeviceNotification
DispatchMessageA
TranslateMessage
PtInRect
GetMessageExtraInfo
GetAsyncKeyState
GetKeyState
EmptyClipboard
RegisterRawInputDevices
GetMessageTime
GetMessagePos
RegisterDeviceNotificationW
SystemParametersInfoW
GetRawInputData
GetFocus
IsWindowVisible
GetCursorPos
ClientToScreen
GetKeyNameTextW
GetProcessWindowStation
GetUserObjectInformationW
GetRawInputDeviceInfoW
GetRawInputDeviceList
GetWindowLongPtrW
SetWindowLongPtrW
PostQuitMessage
GetMonitorInfoA
SetFocus
ShowCursor
SetWindowTextW
SendMessageTimeoutA
IsIconic
ShowWindow
SetForegroundWindow
wsprintfA
GetDC
ReleaseDC
CreateIconIndirect
ScreenToClient
EnumDisplaySettingsA
MonitorFromPoint
ClipCursor
SetCursorPos
MonitorFromRect
CopyImage
IsDlgButtonChecked

version

GetFileVersionInfoA
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueA
GetFileVersionInfoSizeA

ole32

CoUninitialize
CoSetProxyBlanket
PropVariantClear
CoTaskMemAlloc
CoTaskMemFree
CoCreateGuid
StringFromGUID2
CoInitialize
CoCreateInstance

shlwapi

PathCanonicalizeW
SHDeleteKeyW
PathFileExistsW

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW

advapi32

CryptReleaseContext
RegisterEventSourceW
ReportEventW
DeregisterEventSource
RegDeleteValueA
RegQueryValueExA
RegSetValueExA
RegCreateKeyW
OpenProcessToken
GetTokenInformation
GetSidSubAuthority
GetUserNameA
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptAcquireContextA
CryptGetHashParam
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW

gdi32

GetObjectA
SwapBuffers
ChoosePixelFormat
SetPixelFormat
DeleteObject
CreateBitmap
CreateDIBSection
GetDeviceCaps

shell32

ShellExecuteW
SHFileOperationW
ShellExecuteExA
CommandLineToArgvW
SHGetFolderPathW

opengl32

wglGetProcAddress
wglDeleteContext
wglMakeCurrent
wglCreateContext
wglGetCurrentContext
wglGetCurrentDC

winmm

waveInGetNumDevs
timeBeginPeriod
timeGetTime
waveOutGetNumDevs
waveOutGetDevCapsA
waveOutGetDevCapsW
waveOutClose
waveOutOpen
waveOutUnprepareHeader
waveOutWrite
waveOutReset
waveOutGetPosition
waveInAddBuffer
waveInPrepareHeader
waveInUnprepareHeader
waveInGetDevCapsA
waveInGetDevCapsW
waveInStart
waveInOpen
waveInClose
waveInReset
waveOutPrepareHeader
timeEndPeriod

ws2_32

listen
connect
closesocket
socket
bind
inet_addr
__WSAFDIsSet
setsockopt
send
select
getsockname
gethostname
gethostbyname
ntohl
htonl
ntohs
htons
getprotobyname
accept
WSAGetLastError
WSAStartup
getpeername
recvfrom
WSACleanup
inet_ntoa
WSAIoctl
WSARecvFrom
ioctlsocket
WSASetLastError
WSASocketA
freeaddrinfo
sendto
getaddrinfo
getnameinfo
WSASetEvent
WSAEnumNetworkEvents
WSAResetEvent
WSAWaitForMultipleEvents
WSACloseEvent
WSACreateEvent
WSAEventSelect
getsockopt
WSACancelAsyncRequest
WSAAsyncGetHostByName
recv
shutdown

oleaut32

VariantChangeType
VariantClear
VariantInit
SysFreeString
SysAllocString

imm32

ImmReleaseContext
ImmSetOpenStatus
ImmGetCompositionStringW
ImmGetConversionStatus
ImmAssociateContextEx
ImmAssociateContext
ImmGetContext
ImmSetCompositionStringW

dnsapi

DnsQuery_A
DnsFree

iphlpapi

GetIpAddrTable

winhttp

WinHttpGetIEProxyConfigForCurrentUser

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement

Sections

.text
Size: 17.1MB - Virtual size: 17.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 700KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 895KB - Virtual size: 894KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rodata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.trace
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data1
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 554KB - Virtual size: 554KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 175KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ooa
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
SKIDROW/Fe_Data/Managed/Assembly-CSharp.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SKIDROW/Fe_Data/Mono/Native.dll
SKIDROW/SKIDROW.exe
.exe windows x64

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

UPX0
Size: - Virtual size: 828KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 407KB - Virtual size: 408KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
SKIDROW/language.txt
autorun.inf
setup.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 10.7MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 496KB - Virtual size: 500KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
skidrow.bin

Sharing

General

Malware Config

Signatures

Files

4d7414a9fff36ee1af6d8d08923a7690

Code Sign

0f:7a:83:c4:f6:e0:1b:ef:71:16:83:b3:aa:6a:1d:50Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6Certificate

Extended Key Usages

Key Usages

a2:fc:4e:3b:89:6d:91:87:92:db:23:c0:40:27:5d:8c:74:1d:40:c4:08:c1:b0:d2:d4:39:c5:57:5c:8e:a5:15Signer

Headers

DLL Characteristics

File Characteristics

Imports

hid

kernel32

user32

version

ole32

shlwapi

setupapi

advapi32

gdi32

shell32

opengl32

winmm

ws2_32

oleaut32

imm32

dnsapi

iphlpapi

winhttp

Exports

Exports

Sections

.text Size: 17.1MB - Virtual size: 17.1MB

.rdata Size: 3.0MB - Virtual size: 3.0MB

.data Size: 700KB - Virtual size: 1.4MB

.pdata Size: 895KB - Virtual size: 894KB

.rodata Size: 3KB - Virtual size: 2KB

.trace Size: 38KB - Virtual size: 38KB

.data1 Size: 512B - Virtual size: 64B

_RDATA Size: 4KB - Virtual size: 4KB

.rsrc Size: 554KB - Virtual size: 554KB

.reloc Size: 175KB - Virtual size: 174KB

.ooa Size: 2KB - Virtual size: 1KB

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.rsrc Size: 1024B - Virtual size: 768B

.reloc Size: 512B - Virtual size: 12B

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 828KB

UPX1 Size: 407KB - Virtual size: 408KB

.rsrc Size: 2KB - Virtual size: 4KB

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 10.7MB

UPX1 Size: 496KB - Virtual size: 500KB

.rsrc Size: 10KB - Virtual size: 12KB

0f:7a:83:c4:f6:e0:1b:ef:71:16:83:b3:aa:6a:1d:50
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

a2:fc:4e:3b:89:6d:91:87:92:db:23:c0:40:27:5d:8c:74:1d:40:c4:08:c1:b0:d2:d4:39:c5:57:5c:8e:a5:15
Signer

.text
Size: 17.1MB - Virtual size: 17.1MB

.rdata
Size: 3.0MB - Virtual size: 3.0MB

.data
Size: 700KB - Virtual size: 1.4MB

.pdata
Size: 895KB - Virtual size: 894KB

.rodata
Size: 3KB - Virtual size: 2KB

.trace
Size: 38KB - Virtual size: 38KB

.data1
Size: 512B - Virtual size: 64B

_RDATA
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 554KB - Virtual size: 554KB

.reloc
Size: 175KB - Virtual size: 174KB

.ooa
Size: 2KB - Virtual size: 1KB

.text
Size: 2.9MB - Virtual size: 2.9MB

.rsrc
Size: 1024B - Virtual size: 768B

.reloc
Size: 512B - Virtual size: 12B

UPX0
Size: - Virtual size: 828KB

UPX1
Size: 407KB - Virtual size: 408KB

.rsrc
Size: 2KB - Virtual size: 4KB

UPX0
Size: - Virtual size: 10.7MB

UPX1
Size: 496KB - Virtual size: 500KB

.rsrc
Size: 10KB - Virtual size: 12KB