d7d2af1027480df32cd60e2081c0d015a1a8a9984c1b1743bf22f91512129af5[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

d7d2af1027480df32cd60e2081c0d015a1a8a9984c1b1743bf22f91512129af5.zip
Size

1.3MB
MD5

34ecc61503213b409a53aa97c25f3bfc
SHA1

1f9a5279ec339639f4e056d0f621d64809e2706a
SHA256

9080d43b5a498714756820e077e30241fdc716ea19c0c62f738a2135c38f2262
SHA512

a7dd42d1d0b9524e41cae4eb22d813e26f348f34a3ae89794cf275ddf7f81ae06c5c9ac28ce6822c7d8c1329a3b7c49c4f165ed8c77cfd651e41e134782e4713
SSDEEP

24576:alnxm/a3QkwXl7vo/mudkLOiuel0w/iy0h6io80+dIljQcg:aln4GQP9vo+u77yay0hHooUo

Score

1^/10

Malware Config

Signatures

Files

d7d2af1027480df32cd60e2081c0d015a1a8a9984c1b1743bf22f91512129af5.zip
.zip

Password: infected
lab.exe
.exe windows x86

e9b4b01511873215a72ac3432be3c070

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

54:8c:91:98:11:8f:cd:37:64:73:5d:5f:86:15:12:b1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

13/03/2010, 00:00

Not After

24/05/2013, 23:59

Subject

CN=National Instruments Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=National Instruments Corporation,L=Austin,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1a:85:3e:f5:f9:89:8f:7d:60:88:2c:f4:9e:09:17:27:ea:0c:3a:7e
Signer

Actual PE Digest

1a:85:3e:f5:f9:89:8f:7d:60:88:2c:f4:9e:09:17:27:ea:0c:3a:7e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

sndPlaySoundA
mciGetErrorStringA
mciGetDeviceIDA
timeGetTime
mciSendCommandA

ctl3d32

ord13
ord12
ord16

ltdis12n

ord122

ltfil12n

ord103
ord101

ltkrn12n

ord125
ord106
ord104

mfc90

ord6740
ord2045
ord2057
ord1935
ord2038
ord6257
ord3651
ord1694
ord4157
ord1222
ord1536
ord3052
ord2469
ord2691
ord6593
ord5851
ord636
ord2141
ord2470
ord6166
ord6527
ord6170
ord6525
ord333
ord6077
ord3479
ord525
ord6078
ord6464
ord3579
ord3612
ord4000
ord2911
ord6034
ord4706
ord2341
ord383
ord4425
ord6258
ord645
ord4023
ord3351
ord4673
ord5218
ord4112
ord1734
ord2080
ord5434
ord5437
ord4717
ord3224
ord6360
ord6362
ord978
ord2647
ord4417
ord2071
ord4684
ord5602
ord3565
ord451
ord686
ord2595
ord3767
ord1097
ord5638
ord5641
ord5092
ord5351
ord4944
ord4943
ord5326
ord4021
ord5358
ord3149
ord5176
ord337
ord613
ord778
ord3921
ord787
ord4703
ord4746
ord3928
ord4572
ord5008
ord4853
ord4329
ord5067
ord4985
ord4752
ord4852
ord3387
ord6165
ord6178
ord6497
ord2701
ord6179
ord2189
ord6318
ord1587
ord3372
ord6404
ord1588
ord6177
ord3150
ord1787
ord1724
ord4602
ord2227
ord1436
ord5414
ord1429
ord1435
ord2622
ord5388
ord5594
ord585
ord2284
ord1784
ord1721
ord6504
ord4601
ord4306
ord5785
ord4382
ord2078
ord2289
ord2297
ord2288
ord2269
ord2265
ord1437
ord1427
ord1434
ord4647
ord5578
ord6774
ord5635
ord5605
ord2137
ord576
ord615
ord2103
ord1604
ord4496
ord2277
ord1670
ord4640
ord3487
ord4707
ord4656
ord6023
ord5957
ord2260
ord6788
ord6649
ord6643
ord6048
ord4154
ord2587
ord1937
ord6787
ord6557
ord6786
ord4493
ord6057
ord5291
ord5179
ord6475
ord6474
ord6231
ord590
ord4858
ord2431
ord4411
ord6164
ord2340
ord2522
ord4044
ord6406
ord763
ord3055
ord3053
ord4626
ord1050
ord2300
ord1633
ord266
ord2692
ord2210
ord3529
ord411
ord2455
ord664
ord5394
ord4903
ord4872
ord4997
ord5040
ord4873
ord5329
ord2209
ord5136
ord3117
ord3524
ord405
ord4616
ord5151
ord3228
ord3489
ord4026
ord2904
ord2364
ord4727
ord375
ord4477
ord3141
ord1727
ord790
ord3273
ord784
ord2286
ord1786
ord1723
ord4649
ord3650
ord3223
ord2481
ord2082
ord3159
ord2591
ord4116
ord1556
ord406
ord2490
ord2501
ord4308
ord3010
ord3013
ord665
ord1767
ord4513
ord4386
ord5963
ord5997
ord1607
ord4392
ord300
ord6646
ord3654
ord6329
ord945
ord941
ord1603
ord6335
ord1699
ord4248
ord4252
ord693
ord2280
ord4644
ord3554
ord796
ord3663
ord3528
ord820
ord310
ord817
ord4030
ord3213
ord305
ord1611
ord6479
ord6482
ord4395
ord6242
ord766
ord3629
ord450
ord3999
ord670
ord4529
ord5798
ord1155
ord1715
ord4516
ord4431
ord265
ord4878
ord4875
ord4029
ord4981
ord5646
ord4434
ord4409
ord6783
ord4159
ord6781
ord4733
ord2251
ord2206
ord6018
ord4165
ord1046
ord5533
ord6721
ord5813
ord4199
ord2087
ord3209
ord5657
ord5659
ord4333
ord5663
ord6001
ord3110
ord4890
ord3659
ord589
ord793
ord767
ord1716
ord3277
ord3632
ord2100
ord436
ord1725
ord1691
ord367
ord2097
ord2590
ord788
ord5647
ord3271
ord4667
ord3652
ord595
ord6074
ord1357
ord1358
ord3477
ord2588
ord2106
ord316
ord2539
ord1183
ord601
ord3534
ord1137
ord1061
ord1252
ord1087
ord3987
ord1507
ord524
ord744
ord5152
ord4115
ord2723
ord2360
ord4617
ord5636
ord3506
ord374
ord4527
ord4396
ord4264
ord639
ord5061
ord4502
ord5373
ord6575
ord5350
ord5433
ord1700
ord4970
ord5339
ord2445
ord2079
ord2855
ord5432
ord5436
ord4716
ord4539
ord3225
ord5323
ord3221
ord6359
ord3222
ord6361
ord979
ord5786
ord3278
ord2646
ord2645
ord4416
ord1684
ord4330
ord5581
ord2070
ord5640
ord2369
ord1384
ord4683
ord6355
ord3217
ord5601
ord2138
ord4671
ord3564
ord2069
ord1108
ord1361
ord2130
ord4498
ord2282
ord3568
ord1182
ord2592
ord1144
ord549
ord4996
ord1016
ord4014
ord1409
ord2224
ord1711
ord3346
ord6391
ord1497
ord5645
ord5139
ord4686
ord1643
ord4678
ord756
ord3896
ord6291
ord6584
ord4013
ord4993
ord2899
ord6559
ord753
ord5495
ord5494
ord5496
ord5493
ord5216
ord5032
ord5286
ord5262
ord4594
ord5615
ord4618
ord5153
ord5309
ord2208
ord1810
ord1809
ord1678
ord3344
ord6388
ord1755
ord1752
ord4331
ord1496
ord4650
ord5585
ord2074
ord5497
ord6780
ord4589
ord5644
ord3732
ord5137
ord4688
ord1729
ord6446
ord5668
ord5666
ord958
ord963
ord967
ord965
ord969
ord2610
ord2630
ord2614
ord2620
ord2618
ord2616
ord2633
ord2628
ord2612
ord2635
ord2623
ord2605
ord2607

msvcr90

__getmainargs
_cexit
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_invoke_watson
_controlfp_s
_msize
asctime
_difftime32
_heapmin
_ftime32
strspn
_strnicmp
_errno
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
_invalid_parameter_noinfo
fprintf
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
_strlwr
isupper
_CItanh
_CIcosh
_CIsinh
_CIacos
_CIasin
rand
_CIpow
tolower
rename
fgets
_amsg_exit
_unlock
_tzset
memmove
malloc
sprintf
free
qsort
_i64toa
_ltoa
floor
strftime
_flushall
_getdrive
_chdrive
_findfirst32
_findnext32
_findclose
isdigit
strncmp
sscanf
_stricmp
_chdir
toupper
strrchr
div
_snprintf
_strdate
_strtime
_getcwd
remove
getenv
fwrite
strncat
_localtime32
ftell
fopen
strtok
atol
strstr
fseek
feof
fread
fclose
_time32
_mktime32
_splitpath
_makepath
memcpy
?terminate@@YAXXZ
_except_handler4_common
_decode_pointer
_onexit
_lock
_encode_pointer
fscanf
__dllonexit
atoi
_itoa
_exit
_mkdir
strtoul
_CIlog10
atof
_CIfmod
_control87
strchr
strncpy
_strupr
__CxxFrameHandler3
memset
_access
_setmbcp

kernel32

OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
GetProfileIntA
GetLocalTime
SetThreadAffinityMask
GetCurrentThread
TerminateThread
CreateThread
SearchPathA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoA
InterlockedCompareExchange
ExpandEnvironmentStringsA
Beep
GlobalSize
lstrcmpA
lstrlenA
lstrcatA
SetErrorMode
InterlockedExchange
GetShortPathNameA
GetTimeZoneInformation
FindNextFileA
GetSystemTimeAsFileTime
GetProcessTimes
FlushFileBuffers
GetCurrentProcess
GetProcessAffinityMask
SetProcessAffinityMask
GetModuleFileNameA
QueryPerformanceCounter
LocalLock
LocalUnlock
_lcreat
_lopen
_lclose
_hread
CreateDirectoryA
FindFirstFileA
FindClose
RemoveDirectoryA
GlobalHandle
GlobalReAlloc
GlobalMemoryStatus
CreateMutexA
GetVersionExA
SetHandleCount
GetCurrentThreadId
DeleteFileA
CopyFileA
GetFileSize
GetProfileStringA
GetWindowsDirectoryA
GetPrivateProfileStringA
QueryPerformanceFrequency
lstrcpyA
GlobalCompact
OutputDebugStringA
_hwrite
FormatMessageA
SetFilePointer
_lread
lstrcpynA
_llseek
OpenFile
GetLastError
SetLastError
GetPrivateProfileIntA
WritePrivateProfileStringA
WriteFile
ClearCommError
ReadFile
GetTickCount
GetDiskFreeSpaceA
MulDiv
WinExec
_lwrite
GlobalAlloc
GlobalLock
GlobalFree
GlobalUnlock
GetSystemInfo
FreeLibrary
GetModuleHandleA
GetVersion
GetCurrentProcessId
CreateFileA
CloseHandle
LoadLibraryA
GetProcAddress
Sleep
LocalFree
GetEnvironmentVariableA
LocalAlloc

user32

SetWindowTextA
GetWindowTextA
SetDlgItemTextA
GetFocus
GetDlgItemTextA
DestroyMenu
TrackPopupMenuEx
InsertMenuA
InsertMenuItemA
GetCursorPos
CreatePopupMenu
GetAsyncKeyState
GetDlgCtrlID
EndDialog
SetFocus
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetParent
DialogBoxParamA
MessageBeep
PostMessageA
LoadBitmapA
IsWindowEnabled
InvalidateRect
GetWindowWord
LockWindowUpdate
RedrawWindow
CreateDialogParamA
DestroyWindow
SetActiveWindow
MoveWindow
ShowWindow
UpdateWindow
CreateWindowExA
SetCursor
LoadCursorA
KillTimer
SetTimer
SetWindowLongA
GetWindowRect
IsIconic
DlgDirListComboBoxA
DlgDirSelectExA
DlgDirListA
DlgDirSelectComboBoxExA
DefWindowProcA
EndPaint
BeginPaint
GetClassInfoA
GetWindowLongA
RegisterClassA
LoadIconA
GetClientRect
IsDlgButtonChecked
ScreenToClient
GetActiveWindow
SetWindowWord
ClientToScreen
FillRect
ReleaseCapture
MessageBoxA
PtInRect
IsRectEmpty
IntersectRect
GetSysColor
SetCursorPos
SetCapture
TrackPopupMenu
EnableMenuItem
GetSubMenu
LoadMenuA
GetWindowDC
CopyRect
GetDesktopWindow
IsWindowVisible
AppendMenuA
DeleteMenu
GetDlgItemInt
UnregisterClassA
DdeUninitialize
DdeFreeStringHandle
DdeNameService
DdeGetData
DdeUnaccessData
DdeAccessData
DdeCreateDataHandle
GetDlgItem
DdeDisconnect
DdeFreeDataHandle
DdeClientTransaction
DdeConnect
DdeCreateStringHandleA
DdeDisconnectList
DdeQueryStringA
DdeQueryConvInfo
DdeQueryNextServer
DdeGetLastError
DdeConnectList
DdeInitializeA
DdePostAdvise
GetMenuItemID
GetMenuItemInfoA
GetMenuStringA
GetMenuState
CheckMenuItem
GetMenuItemCount
ScrollWindowEx
SetScrollPos
SetScrollRange
DrawTextA
SetDlgItemInt
CheckDlgButton
SendDlgItemMessageA
SetWindowPos
SetClassLongA
GetKeyState
CopyAcceleratorTableA
TranslateAcceleratorA
UnhookWindowsHookEx
UnhookWindowsHook
PeekMessageA
SetWindowsHookExA
SetWindowsHookA
LoadAcceleratorsA
SetWindowPlacement
GetWindowPlacement
SystemParametersInfoA
GetWindow
GetTopWindow
GetClassNameA
CharToOemA
GetWindowTextLengthA
SetMenu
GetSystemMenu
IsClipboardFormatAvailable
BringWindowToTop
DestroyCursor
CloseWindow
CallWindowProcA
SetMenuItemInfoA
LoadImageA
EnumChildWindows
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
ClipCursor
DestroyIcon
GetMenu
DrawMenuBar
ModifyMenuA
CreateMenu
GetCapture
GetUpdateRect
ShowScrollBar
WinHelpA
AttachThreadInput
GetWindowThreadProcessId
PostQuitMessage
GetMessageTime
ExitWindowsEx
IsWindow
ShowCursor
InSendMessage
GetDialogBaseUnits
SetRect
UnionRect
MapWindowPoints
MapVirtualKeyA
GetKeyNameTextA
DestroyAcceleratorTable
CreateAcceleratorTableA
keybd_event
ArrangeIconicWindows
CallNextHookEx
CheckRadioButton
wsprintfA
GetSystemMetrics
GetDC
ReleaseDC
EnableWindow
LoadStringA
DdeCmpStringHandles
SendMessageA
IsZoomed

gdi32

RestoreDC
CreateCompatibleDC
SaveDC
GetMapMode
SetMapMode
GetObjectA
DPtoLP
BitBlt
DeleteDC
SetPixel
SetROP2
SetTextAlign
SetMapperFlags
SetWindowExtEx
CreateSolidBrush
GetTextExtentPointA
SetTextColor
SetBkMode
TextOutA
Ellipse
GetStockObject
CreateBitmap
CreateCompatibleBitmap
CreateBitmapIndirect
SetBkColor
Rectangle
MoveToEx
LineTo
SelectObject
GetTextMetricsA
GetPixel
IntersectClipRect
GetTextColor
GetBkColor
PatBlt
GetDeviceCaps
OffsetWindowOrgEx
ScaleWindowExtEx
RoundRect
Escape
CreateEnhMetaFileA
CloseEnhMetaFile
DeleteEnhMetaFile
SetWindowOrgEx
PlayMetaFile
SetMetaFileBitsEx
CreateBrushIndirect
CreatePenIndirect
EndPage
EndDoc
CreateDCA
StartDocA
StartPage
CreateFontIndirectA
SetStretchBltMode
SetDIBitsToDevice
StretchDIBits
GetDIBits
SelectPalette
RealizePalette
CreateDIBitmap
CreatePalette
SetViewportExtEx
SetViewportOrgEx
CreateMetaFileA
CloseMetaFile
DeleteMetaFile
DeleteObject
StretchBlt

comdlg32

ChooseFontA
ChooseColorA
PrintDlgA
CommDlgExtendedError
GetSaveFileNameA
GetOpenFileNameA

advapi32

GetUserNameA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

shell32

SHGetFileInfoA
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetPathFromIDListA

comctl32

ImageList_LoadImageA
ImageList_Destroy
ImageList_EndDrag
ImageList_DragLeave
ImageList_DragMove

shlwapi

PathCompactPathExA

msvcp90

??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IABV12@@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_INIT_TE
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 251KB - Virtual size: 6.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

e9b4b01511873215a72ac3432be3c070

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

54:8c:91:98:11:8f:cd:37:64:73:5d:5f:86:15:12:b1Certificate

Extended Key Usages

Key Usages

1a:85:3e:f5:f9:89:8f:7d:60:88:2c:f4:9e:09:17:27:ea:0c:3a:7eSigner

Headers

DLL Characteristics

File Characteristics

Imports

winmm

ctl3d32

ltdis12n

ltfil12n

ltkrn12n

mfc90

msvcr90

kernel32

user32

gdi32

comdlg32

advapi32

shell32

comctl32

shlwapi

msvcp90

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

_INIT_TE Size: 6KB - Virtual size: 5KB

.rdata Size: 140KB - Virtual size: 140KB

.data Size: 251KB - Virtual size: 6.3MB

.rsrc Size: 2.8MB - Virtual size: 2.8MB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

54:8c:91:98:11:8f:cd:37:64:73:5d:5f:86:15:12:b1
Certificate

1a:85:3e:f5:f9:89:8f:7d:60:88:2c:f4:9e:09:17:27:ea:0c:3a:7e
Signer

.text
Size: 1.6MB - Virtual size: 1.6MB

_INIT_TE
Size: 6KB - Virtual size: 5KB

.rdata
Size: 140KB - Virtual size: 140KB

.data
Size: 251KB - Virtual size: 6.3MB

.rsrc
Size: 2.8MB - Virtual size: 2.8MB