Emsisoft-antimalware-remains[.]7z

Sharing

Copy URL

Twitter E-mail

General

Target

Emsisoft-antimalware-remains.7z
Size

8.6MB
MD5

d2a326a08538f74875a8692ccc9fe5d1
SHA1

fbc53608879f34fd94fbcabf9a383f8301068e73
SHA256

1d7810bab657a503d8a45daf6ddb810c7cd12cdadf4488222139dbbe61b21d04
SHA512

c4c2d76db75084a9edb8b182f1d2c9160db91a8518812159326a74a770457b58481da34a935eea66f2e9ea967ae410b9573e8ba866773e8bc4552f8c9cad2a22
SSDEEP

196608:LzgnnU7jPzeUdvvENgp9653IKXrJGCC/yRG2yH0/zeZAGa1:L0nU7Tzegv8u053nXVgyRG2yQzCAx1

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Emsisoft-antimalware-remains/samples/exe32/virussign.com_eda65160075859ae76bd3f02536e4180.vir	upx

Unsigned PE 9 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Emsisoft-antimalware-remains/samples/dll32/virussign.com_2e65474ff7ac6d6f12ae220059afd500.vir
unpack001/Emsisoft-antimalware-remains/samples/dll32/virussign.com_8fcdc3c89ac1c5ee0eca7a1b11b1e390.vir
unpack001/Emsisoft-antimalware-remains/samples/dll64/virussign.com_e15ddecaf847c07f84717bf90ea32b10.vir
unpack001/Emsisoft-antimalware-remains/samples/dll64/virussign.com_e8f13b1cfc69b9ea9a6181b2e15ccdb0.vir
unpack001/Emsisoft-antimalware-remains/samples/exe32/virussign.com_a09ee04bf0a6616843dbdeae0e8c8f10.vir
unpack001/Emsisoft-antimalware-remains/samples/exe32/virussign.com_b8bfacd3c3a363d77de79de971747e70.vir
unpack001/Emsisoft-antimalware-remains/samples/exe32/virussign.com_dd40012503223da7140ab4cb22f01f40.vir
unpack001/Emsisoft-antimalware-remains/samples/exe32/virussign.com_eda65160075859ae76bd3f02536e4180.vir
unpack001/Emsisoft-antimalware-remains/samples/exe32/virussign.com_fd04a0969228c7c83b006149aed20950.vir

Files

Emsisoft-antimalware-remains.7z
.7z
Emsisoft-antimalware-remains/emsisoft-anti-malware-aug22-2023--scan_230822-071138.txt
Emsisoft-antimalware-remains/emsisoft-aug22-2023-Forensics_230822-071648.txt
Emsisoft-antimalware-remains/samples/dll32/virussign.com_2e65474ff7ac6d6f12ae220059afd500.vir
.dll windows x86

47b95eaa8a92898962a601a6fb44ee48

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_adjust_fdiv
free
malloc
_initterm

kernel32

DisableThreadLibraryCalls

Exports

Exports

LD_lookup

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 580KB - Virtual size: 578KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 552B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Emsisoft-antimalware-remains/samples/dll32/virussign.com_58a83f5ac629c29913ed5a69de20c640.vir
.dll windows x86

8e1e263a3ab14ee8da35acbdb59d3b02

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:6a:58:d7:fa:22:35:12:35:00:09:37:e2:56:aa:54
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

02-03-2018 00:00

Not After

01-04-2019 23:59

Subject

CN=北京鼎普科技股份有限公司,OU=品质管理部,O=北京鼎普科技股份有限公司,L=北京,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7f:09:b3:b8:92:48:7b:9c:64:ec:0f:4b:53:9c:7c:7c
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

06-03-2018 00:00

Not After

02-04-2019 23:59

Subject

CN=北京鼎普科技股份有限公司,OU=品质管理部,O=北京鼎普科技股份有限公司,L=北京,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02-01-2017 00:00

Not After

01-04-2028 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5b:49:38:77:2f:0c:f7:f6:4a:38:9a:b5:d0:61:0b:8c:dd:2b:3d:9a:49:7b:fe:df:11:2c:b0:a3:3d:37:c4:77
Signer

Actual PE Digest

5b:49:38:77:2f:0c:f7:f6:4a:38:9a:b5:d0:61:0b:8c:dd:2b:3d:9a:49:7b:fe:df:11:2c:b0:a3:3d:37:c4:77

Digest Algorithm

sha256

PE Digest Matches

true

82:ba:fa:ca:f7:b3:c6:db:80:0c:3c:2d:87:8f:c2:f6:ba:2b:1f:e7
Signer

Actual PE Digest

82:ba:fa:ca:f7:b3:c6:db:80:0c:3c:2d:87:8f:c2:f6:ba:2b:1f:e7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42d

ord4123
ord1164
ord333
ord719
ord1114
ord1179
ord684
ord485
ord721
ord1787
ord4258
ord5086
ord2636
ord1510
ord590
ord1100
ord880
ord342

msvcrtd

_initterm
__CxxFrameHandler
_purecall
memset
??1type_info@@UAE@XZ
_free_dbg
_chkesp
_malloc_dbg
_adjust_fdiv
__dllonexit
_onexit

Exports

Exports

decrybuf
decryfile
encrybuf
encryfile

Sections

.text
Size: 96KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 959B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Emsisoft-antimalware-remains/samples/dll32/virussign.com_8fcdc3c89ac1c5ee0eca7a1b11b1e390.vir
.dll windows x86

f3b95daa521f7b92d73d4818bf2d8ee5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_initterm
malloc
_adjust_fdiv
__dllonexit
_onexit
free

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 530B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Emsisoft-antimalware-remains/samples/dll32/virussign.com_d8ac67aa772812a5277f9ab6c2866c30.vir
.dll windows x86

841cd8dad96381ce9cfc40ddd0184cd7

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

05:e6:a9:70:86:b9:c5:67:5a:af:89:c5:8f:fb:21:b8
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

21-03-2023 00:00

Not After

17-05-2026 23:59

Subject

CN=ADLINK TECHNOLOGY INC,OU=研發部,O=ADLINK TECHNOLOGY INC,ST=Taoyuan City,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

de:dc:26:80:8d:5d:b4:d8:00:0f:1b:5a:ff:34:89:ef:47:04:32:bb:06:a6:38:7d:7f:a5:4e:c8:23:e8:18:ef
Signer

Actual PE Digest

de:dc:26:80:8d:5d:b4:d8:00:0f:1b:5a:ff:34:89:ef:47:04:32:bb:06:a6:38:7d:7f:a5:4e:c8:23:e8:18:ef

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForMultipleObjects
CreateThread
CreateEventA
SetEvent
DeviceIoControl
GlobalFree
GlobalUnlock
GlobalUnfix
GlobalFix
GlobalLock
GlobalAlloc
WaitForSingleObject
CreateFileA
GetProcAddress
GetModuleHandleA
GetTimeFormatA
GetLocalTime
VirtualAlloc
VirtualFree
ResetEvent
CloseHandle
GetVersionExA
Sleep
RtlUnwind
ReadFile
SetEndOfFile
GetStringTypeW
GetStringTypeA
HeapFree
HeapAlloc
GetCommandLineA
GetVersion
EnterCriticalSection
LeaveCriticalSection
GetLastError
WriteFile
SetFilePointer
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
InitializeCriticalSection
HeapDestroy
HeapCreate
ExitProcess
HeapReAlloc
RaiseException
InterlockedDecrement
InterlockedIncrement
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetStdHandle
FlushFileBuffers
GetCPInfo
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetACP
GetOEMCP
LoadLibraryA

user32

wsprintfA
MessageBoxA

advapi32

RegEnumValueA
RegCloseKey
RegQueryInfoKeyA

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA

winmm

timeBeginPeriod
timeEndPeriod

Exports

Exports

AF_Erase
AF_Rd_Data
AF_Rd_Status
AF_Sector_Erase
AF_Wr_Byte
AF_Wr_Page
AF_Wr_Status
DSA_AI_9527_ConfigChannel
DSA_AI_9527_ConfigSampleRate
DSA_AI_9529_ConfigChannel
DSA_AI_AsyncCheck
DSA_AI_AsyncClear
DSA_AI_AsyncDblBufferHalfReady
DSA_AI_AsyncDblBufferHandled
DSA_AI_AsyncDblBufferMode
DSA_AI_AsyncDblBufferOverrun
DSA_AI_AsyncDblBufferToFile
DSA_AI_AsyncReTrigNextReady
DSA_AI_ContBufferReset
DSA_AI_ContBufferSetup
DSA_AI_ContReadChannel
DSA_AI_ContReadChannelToFile
DSA_AI_ContStatus
DSA_AI_ContVScale
DSA_AI_DataScaler
DSA_AI_EventCallBack
DSA_AI_EventCallBackWithArg
DSA_AI_InitialMemoryAllocated
DSA_AI_SetTimeOut
DSA_AI_Status
DSA_AO_9527_ConfigChannel
DSA_AO_9527_ConfigSampleRate
DSA_AO_AsyncCheck
DSA_AO_AsyncClear
DSA_AO_AsyncDblBufferHalfReady
DSA_AO_AsyncDblBufferMode
DSA_AO_ContBufferReset
DSA_AO_ContBufferSetup
DSA_AO_ContStatus
DSA_AO_ContWriteChannel
DSA_AO_ContWriteMultiChannels
DSA_AO_EventCallBack
DSA_AO_EventCallBackWithArg
DSA_AO_InitialMemoryAllocated
DSA_AO_SetTimeOut
DSA_AO_VoltScale
DSA_Auto_Calibration_ALL
DSA_Buffer_Alloc
DSA_Buffer_Free
DSA_CAL_LoadFromBank
DSA_CAL_SaveToUserBank
DSA_CAL_SetDefaultBank
DSA_ConfigSpeedRate
DSA_Device_Scan
DSA_GetAIEvent
DSA_GetAOEvent
DSA_GetActualRate
DSA_GetBaseAddr
DSA_GetCardActualRate
DSA_GetDeviceProperties
DSA_GetFPGAVersion
DSA_GetGeoAddr
DSA_GetLCRAddr
DSA_GetSerialNumber
DSA_QC_AIGainTestMode
DSA_QC_Calibration
DSA_QC_EEPROM_Clear_ALL
DSA_QC_EEPROM_Update_ALL
DSA_QC_EnableREF5V
DSA_QC_SetRefVolt
DSA_Register_Card
DSA_Register_Card_ByID
DSA_Release_Card
DSA_ResetSampleRate
DSA_SYN_CheckMultiCardStatus
DSA_SYN_ConfigMultiCard
DSA_SYN_SyncStart
DSA_SetSerialNumber
DSA_SetTimebase
DSA_TRG_Config
DSA_TRG_ConfigAnalogTrigger
DSA_TRG_GenTrigger
DSA_TRG_SoftTriggerGen
DSA_TRG_SourceClear
DSA_TRG_SourceConn
DSA_TRG_SourceDisConn
GetRegValue
GetRegValueByte
GetRegValueDWord
GetRegValueWord
SetRegValue
SetRegValueByte
SetRegValueDWord
SetRegValueWord
_9529_I2C_Control
_9529_I2C_EEReadDWord
_9529_I2C_EEWriteDWord
_9529_InitEEPROM
_9529_PrintCALConst
_9529_SaveGoldenBank
_9529_TestMode
_DSA_CAL_SetRefVoltage
_DSA_CAL_SwitchRefSrc

Sections

.text
Size: 140KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Emsisoft-antimalware-remains/samples/dll32/virussign.com_ea92de2fb75271cb90ca38ae082f73f0.vir
.dll windows x86

7b33197423f08d5868758b0f560fae0b

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29-01-1996 00:00

Not After

01-08-2028 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:db:a8:50:21:ee:00:c9:73:b5:c5:39:8b:2e:11:55
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

08-12-2009 00:00

Not After

07-01-2012 23:59

Subject

CN=Lenovo (Beijing) Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IT,O=Lenovo (Beijing) Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

37:45:0a:4b:e4:71:d9:02:a2:b2:d0:95:a9:0e:07:6b:30:cd:7c:bc
Signer

Actual PE Digest

37:45:0a:4b:e4:71:d9:02:a2:b2:d0:95:a9:0e:07:6b:30:cd:7c:bc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteFile
LeaveCriticalSection
EnterCriticalSection
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
LoadLibraryA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
MultiByteToWideChar
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Emsisoft-antimalware-remains/samples/dll64/virussign.com_e15ddecaf847c07f84717bf90ea32b10.vir
.dll windows x64

bd93999460f3e9b5ee3baa22db4b8bdf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

python311

_Py_Dealloc
PyCapsule_GetPointer
PyImport_ImportModule
_PyArg_ParseTuple_SizeT
PyModule_Create2
PyObject_GetAttrString
PyErr_NoMemory
PyCapsule_Type
PyExc_ImportError
PyErr_Print
PyEval_RestoreThread
PyErr_SetString
PyErr_Format
PyExc_AttributeError
PyExc_RuntimeError
PyEval_SaveThread

kernel32

InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
IsDebuggerPresent
DisableThreadLibraryCalls

vcruntime140

memset
memcpy
__C_specific_handler
__std_type_info_destroy_list

api-ms-win-crt-heap-l1-1-0

malloc
free

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_cexit
_execute_onexit_table
_initialize_onexit_table
_initialize_narrow_environment
_seh_filter_dll
_initterm_e
_initterm

api-ms-win-crt-math-l1-1-0

sqrt
fma

Exports

Exports

PyInit__pocketfft_internal

Sections

.text
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Emsisoft-antimalware-remains/samples/dll64/virussign.com_e8f13b1cfc69b9ea9a6181b2e15ccdb0.vir
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.text
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Emsisoft-antimalware-remains/samples/exe32/virussign.com_a09ee04bf0a6616843dbdeae0e8c8f10.vir
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 73B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Emsisoft-antimalware-remains/samples/exe32/virussign.com_b8bfacd3c3a363d77de79de971747e70.vir
.exe windows x86

df9d0b2ba4ebcb48c0f6de36e9e8d593

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
CreateErrorInfo
GetErrorInfo
SetErrorInfo
GetActiveObject
SysFreeString
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopyInd
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
SetSecurityDescriptorDacl
RegSetValueExA
RegSetValueExW
RegQueryValueExA
RegQueryValueExW
RegQueryInfoKeyA
RegQueryInfoKeyW
RegOpenKeyExA
RegOpenKeyExW
RegFlushKey
RegEnumKeyA
RegEnumKeyExW
RegDeleteValueA
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExA
RegCreateKeyExW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
LookupAccountSidW
InitializeSecurityDescriptor
GetUserNameA
GetUserNameW
GetTokenInformation
FreeSid
DuplicateTokenEx
AllocateAndInitializeSid
AdjustTokenPrivileges
UnlockServiceDatabase
StartServiceW
QueryServiceStatus
QueryServiceLockStatusW
OpenServiceW
OpenSCManagerW
ChangeServiceConfigW

user32

GetKeyboardType
LoadStringW
MessageBoxA
CharNextW
CreateWindowExA
CreateWindowExW
WindowFromPoint
WaitMessage
UpdateLayeredWindow
UpdateWindow
UnregisterClassA
UnregisterClassW
UnionRect
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoW
ShowWindow
ShowScrollBar
ShowOwnedPopups
SetWindowRgn
SetWindowsHookExW
SetWindowTextA
SetWindowTextW
SetWindowPos
SetWindowPlacement
SetWindowLongA
SetWindowLongW
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropW
SetParent
SetMenuItemInfoW
SetMenu
SetForegroundWindow
SetFocus
SetCursor
SetClipboardData
SetClassLongW
SetCapture
SetActiveWindow
SendMessageTimeoutA
SendMessageA
SendMessageW
ScrollWindow
ScreenToClient
RemovePropW
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
RegisterClipboardFormatW
RegisterClassA
RegisterClassW
RedrawWindow
PtInRect
PostThreadMessageA
PostThreadMessageW
PostQuitMessage
PostMessageA
PostMessageW
PeekMessageA
PeekMessageW
OpenClipboard
OffsetRect
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MessageBoxA
MessageBoxW
MessageBeep
MapWindowPoints
MapVirtualKeyW
LoadStringW
LoadKeyboardLayoutW
LoadImageA
LoadImageW
LoadIconW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageA
IsDialogMessageW
IsClipboardFormatAvailable
IsChild
InvalidateRect
IntersectRect
InsertMenuItemW
InsertMenuW
InflateRect
GetWindowThreadProcessId
GetWindowTextA
GetWindowTextW
GetWindowRect
GetWindowPlacement
GetWindowLongA
GetWindowLongW
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetScrollBarInfo
GetPropW
GetParent
GetWindow
GetMessagePos
GetMessageA
GetMessageW
GetMenuStringW
GetMenuState
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetIconInfo
GetForegroundWindow
GetFocus
GetDlgItem
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassNameA
GetClassNameW
GetClassLongW
GetClassInfoW
GetCapture
GetActiveWindow
FrameRect
FindWindowExW
FindWindowA
FindWindowW
FillRect
ExitWindowsEx
EqualRect
EnumWindows
EnumThreadWindows
EnumClipboardFormats
EnumChildWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextExW
DrawTextA
DrawTextW
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageA
DispatchMessageW
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcA
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
CreatePopupMenu
CreateMenu
CreateIcon
CloseClipboard
ClientToScreen
ChildWindowFromPoint
CheckMenuItem
CharUpperBuffW
CharToOemW
CharNextW
CharLowerBuffW
CharLowerW
CallWindowProcA
CallWindowProcW
CallNextHookEx
BringWindowToTop
BeginPaint
AttachThreadInput
AdjustWindowRectEx
ActivateKeyboardLayout

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
SetCurrentDirectoryW
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLastError
GetCurrentDirectoryW
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
ExitThread
CreateThread
CompareStringW
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
CreateFileW
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleW
lstrlenW
lstrcpyW
lstrcmpiW
lstrcmpA
lstrcmpW
WriteProcessMemory
WritePrivateProfileStringW
WriteFile
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQueryEx
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
UnmapViewOfFile
TryEnterCriticalSection
TerminateThread
TerminateProcess
SystemTimeToFileTime
SwitchToThread
SuspendThread
Sleep
SizeofResource
SignalObjectAndWait
SetUnhandledExceptionFilter
SetThreadPriority
SetThreadLocale
SetLastError
SetFilePointer
SetFileAttributesA
SetFileAttributesW
SetEvent
SetErrorMode
SetEndOfFile
SearchPathW
ResumeThread
ResetEvent
RemoveDirectoryA
RemoveDirectoryW
ReleaseMutex
ReadProcessMemory
ReadFile
RaiseException
QueryPerformanceFrequency
QueryPerformanceCounter
OutputDebugStringW
OpenProcess
OpenMutexW
OpenFileMappingA
OpenFileMappingW
MultiByteToWideChar
MulDiv
MoveFileW
MapViewOfFile
LockResource
LocalSize
LocalFree
LocalAlloc
LoadResource
LoadLibraryExA
LoadLibraryA
LoadLibraryW
LeaveCriticalSection
IsValidLocale
IsBadWritePtr
IsBadReadPtr
InitializeCriticalSection
HeapFree
HeapDestroy
HeapCreate
HeapAlloc
GlobalUnlock
GlobalSize
GlobalMemoryStatus
GlobalHandle
GlobalLock
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetWindowsDirectoryA
GetWindowsDirectoryW
GetVersionExA
GetVersionExW
GetVersion
GetTimeZoneInformation
GetTickCount
GetThreadPriority
GetThreadLocale
GetThreadContext
GetTempPathA
GetTempPathW
GetSystemTimeAsFileTime
GetSystemTime
GetSystemInfo
GetSystemDirectoryW
GetSystemDefaultLangID
GetStdHandle
GetProcAddress
GetPrivateProfileStringW
GetPriorityClass
GetModuleHandleA
GetModuleHandleW
GetModuleFileNameA
GetModuleFileNameW
GetLocaleInfoA
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileTime
GetFileSize
GetFileAttributesExW
GetFileAttributesA
GetFileAttributesW
GetExitCodeThread
GetExitCodeProcess
GetDriveTypeW
GetDiskFreeSpaceExA
GetDiskFreeSpaceExW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCurrentDirectoryA
GetCurrentDirectoryW
GetComputerNameA
GetComputerNameW
GetCommandLineA
GetCommandLineW
GetCPInfo
FreeResource
InterlockedIncrement
InterlockedExchangeAdd
InterlockedExchange
InterlockedDecrement
InterlockedCompareExchange
FreeLibrary
FormatMessageA
FormatMessageW
FlushInstructionCache
FindResourceA
FindResourceW
FindNextFileA
FindNextFileW
FindFirstFileA
FindFirstFileW
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
ExitThread
ExitProcess
EnumCalendarInfoA
EnterCriticalSection
DuplicateHandle
DeleteFileA
DeleteFileW
DeleteCriticalSection
CreateThread
CreateProcessA
CreateProcessW
CreatePipe
CreateMutexA
CreateMutexW
CreateFileMappingA
CreateFileMappingW
CreateFileA
CreateFileW
CreateEventA
CreateEventW
CreateDirectoryA
CreateDirectoryW
CopyFileA
CopyFileW
CompareStringA
CompareStringW
CloseHandle
Beep
RtlUnwind
Sleep
GetUserDefaultUILanguage
ProcessIdToSessionId

msimg32

TransparentBlt
AlphaBlend

gdi32

UnrealizeObject
TextOutA
TextOutW
StretchDIBits
StretchBlt
StartPage
StartDocA
StartDocW
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetMapMode
SetEnhMetaFileBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
SelectClipRgn
SaveDC
RestoreDC
ResizePalette
Rectangle
RectVisible
RealizePalette
PtInRegion
Polyline
PlgBlt
PlayEnhMetaFile
PatBlt
MoveToEx
MaskBlt
LineTo
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetViewportOrgEx
GetTextMetricsW
GetTextFaceA
GetTextExtentPoint32A
GetTextExtentPoint32W
GetTextExtentExPointW
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectType
GetObjectA
GetObjectW
GetNearestPaletteIndex
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetCurrentObject
GetClipBox
GetBrushOrgEx
GetBitmapBits
GdiFlush
FrameRgn
ExtTextOutW
ExcludeClipRect
EndPage
EndDoc
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRectRgnIndirect
CreateRectRgn
CreatePenIndirect
CreatePen
CreatePalette
CreateHalftonePalette
CreateFontIndirectW
CreateFontA
CreateFontW
CreateDIBitmap
CreateDIBSection
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileW
CombineRgn
BitBlt

version

VerQueryValueA
VerQueryValueW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
GetFileVersionInfoA
GetFileVersionInfoW

wsock32

WSACleanup
WSAStartup
WSAGetLastError
gethostbyname
socket
setsockopt
sendto
send
select
recvfrom
recv
ioctlsocket
inet_addr
htons
connect
closesocket
bind

shell32

Shell_NotifyIconW
ShellExecuteExA
ShellExecuteA
ShellExecuteW
SHGetFileInfoW
ExtractIconExW
SHGetSpecialFolderPathW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetMalloc

ole32

CreateStreamOnHGlobal
OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
ProgIDFromCLSID
StringFromCLSID
CoCreateInstance
CoInitializeSecurity
CoUninitialize
CoInitialize
IsEqualGUID
CLSIDFromString
CoTaskMemFree
StringFromCLSID
CoCreateGuid

wininet

InternetReadFile
InternetQueryOptionW
InternetOpenUrlW
InternetOpenW
InternetCrackUrlW
InternetConnectW
InternetCloseHandle
HttpSendRequestW
HttpOpenRequestW
HttpAddRequestHeadersW

comctl32

InitializeFlatSB
FlatSB_SetScrollProp
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollInfo
_TrackMouseEvent
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Remove
ImageList_DrawEx
ImageList_Replace
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
InitCommonControls

comdlg32

PrintDlgW
GetSaveFileNameA
GetSaveFileNameW
GetOpenFileNameW

powrprof

SetSuspendState

winmm

timeGetTime

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

msvcrt

free
malloc
strchr
isxdigit
isupper
isspace
ispunct
isprint
islower
isgraph
isdigit
iscntrl
isalpha
isalnum
toupper
tolower
strlen
memcmp
strncmp
memset
memmove
memcpy

Exports

Exports

madTraceProcess

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 227KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 82B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 592B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Emsisoft-antimalware-remains/samples/exe32/virussign.com_dd40012503223da7140ab4cb22f01f40.vir
.exe windows x86

b5bf74bb8542feb9870a7cf9357dfe6c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

DPtoLP
SetWindowOrgEx
SetViewportOrgEx
ModifyWorldTransform
SetGraphicsMode
SaveDC
BitBlt
CreateSolidBrush
CreateCompatibleBitmap
CreateFontIndirectW
GetStockObject
SetTextColor
SetBkMode
GetObjectA
GetObjectW
DeleteDC
SetLayout
CreateBitmap
SelectObject
GetTextMetricsW
DeleteObject
GetDeviceCaps
RestoreDC
CreateCompatibleDC

user32

UnregisterClassA
GetFocus
GetKeyState
DrawIcon
EnableWindow
IsWindowVisible
SendNotifyMessageW
SetScrollInfo
GetScrollInfo
SetScrollPos
ScrollWindowEx
ScrollWindow
GetScrollPos
SetFocus
DestroyWindow
SetRect
GetDlgItem
TrackMouseEvent
IsWindowEnabled
GetParent
ScreenToClient
DrawTextW
InvalidateRect
MoveWindow
GetWindowTextLengthW
GetWindowTextW
BeginPaint
EndPaint
IsIconic
GetLastActivePopup
GetAncestor
GetWindowRect
MapWindowPoints
FillRect
SystemParametersInfoW
GetSysColor
GetSystemMetrics
LoadImageW
PeekMessageW
MsgWaitForMultipleObjectsEx
KillTimer
GetCursorPos
CreatePopupMenu
AppendMenuW
SetMenuItemInfoW
SetMenuDefaultItem
TrackPopupMenu
DestroyMenu
BringWindowToTop
GetDC
ReleaseDC
LoadStringW
CharNextW
SetTimer
DestroyIcon
SetForegroundWindow
LoadIconW
RegisterWindowMessageW
GetMessageW
TranslateMessage
DispatchMessageW
FindWindowExW
IsWindow
GetClientRect
PostQuitMessage
PostMessageW
GetWindowLongW
CallWindowProcW
CreateWindowExW
RegisterClassExW
DefWindowProcW
LoadCursorW
GetClassInfoExW
ShowWindow
UpdateWindow
SetWindowTextW
SetWindowLongW
SendMessageW

msvcrt

_CxxThrowException
swprintf_s
__CxxFrameHandler3
_purecall
free
memmove_s
memcpy_s
_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
_errno
realloc
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_callnewh
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@XZ
_vsnwprintf
_resetstkoflw
wcscat_s
towupper
wcschr
wcsstr
iswspace
wcstol
_wtof
_ftol2_sse
wcscpy_s
wcsncpy_s
vswprintf_s
_vscwprintf
memset
malloc
_controlfp

ntdll

EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwRegisterTraceGuidsW
EtwUnregisterTraceGuids
EtwGetTraceEnableFlags
EtwTraceMessage

api-ms-win-security-base-l1-1-0

CheckTokenMembership
AllocateAndInitializeSid
FreeSid

gdiplus

GdipDrawPath
GdipDrawImageRectI
GdipFillPath
GdipCreateLineBrushFromRectWithAngleI
GdipCreateSolidFill
GdipCreateBitmapFromHICON
GdipDeletePath
GdipCreatePath
GdipDeletePen
GdipCreatePen1
GdipCloneImage
GdipCloneBrush
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawImageRectRectI
GdipMeasureString
GdipFillRectangleI
GdipSetSmoothingMode
GdipCreateFromHDC
GdipCreateLineBrushFromRectI
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipLoadImageFromFile
GdipDeleteFont
GdipDeleteGraphics
GdipDeleteStringFormat
GdipCreateStringFormat
GdipAlloc
GdipFree
GdipDeleteBrush
GdipAddPathArcI
GdipAddPathLineI
GdipClosePathFigure
GdiplusStartup
GdiplusShutdown

comctl32

ord344

kernel32

GetCurrentThreadId
SetLastError
lstrlenW
GetModuleFileNameW
HeapFree
RaiseException
GetProcessHeap
GetUserDefaultUILanguage
SizeofResource
LockResource
LoadResource
FindResourceW
DeleteCriticalSection
InitializeCriticalSection
GetLastError
HeapSetInformation
CloseHandle
CreateMutexW
CreateProcessW
FormatMessageW
InterlockedExchange
GlobalFree
GetCommandLineW
SetEvent
WaitForSingleObject
FindResourceExW
CreateThread
CreateEventW
FreeLibrary
InterlockedIncrement
InterlockedDecrement
LoadLibraryW
GetProcAddress
GetModuleHandleW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
EnterCriticalSection
LeaveCriticalSection
FlushInstructionCache
HeapAlloc
RegSetValueExW
lstrcmpiW
RegQueryInfoKeyW
RegEnumKeyExW
MultiByteToWideChar
LoadLibraryExW
RegQueryValueExW
GetLocaleInfoW
SetProcessWorkingSetSize
GetUserPreferredUILanguages
CheckElevationEnabled
GetTimeFormatW
GetDateFormatW
FileTimeToSystemTime
FileTimeToLocalFileTime
DeleteFileW
MoveFileExW
WriteFile
CreateFileW
GetTempFileNameW
GetTempPathW
GetSystemDefaultLangID
LocalFree
GetSystemTimeAsFileTime
DelayLoadFailureHook
InterlockedCompareExchange
LoadLibraryExA
GetVersionExA
HeapDestroy
HeapReAlloc
HeapSize
GetCurrentProcess
UnhandledExceptionFilter
TerminateProcess
OutputDebugStringA
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
VirtualAlloc
VirtualFree
LoadLibraryA

Sections

.text
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 139KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Emsisoft-antimalware-remains/samples/exe32/virussign.com_eda65160075859ae76bd3f02536e4180.vir
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 2.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

UPX1
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 32KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Emsisoft-antimalware-remains/samples/exe32/virussign.com_fd04a0969228c7c83b006149aed20950.vir
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 170B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Emsisoft-antimalware-remains/samples/filelist-01.txt
Emsisoft-antimalware-remains/samples/mzothers/virussign.com_9d56937818be5a456c80d801cf416e80.vir
Emsisoft-antimalware-remains/samples/others/virussign.com_4fd93d8805f5b548aeb4b8b2b61b5fb0.vir
.js
Emsisoft-antimalware-remains/samples/pdf/virussign.com_1041d86b9cb29dd445adf14896ea5370.vir
.pdf
Emsisoft-antimalware-remains/samples/pdf/virussign.com_2060d203cde4eef0f9872ce660c90e10.vir
.pdf
Emsisoft-antimalware-remains/samples/pdf/virussign.com_25479f7b2a75eed4a0e7f16877fec770.vir
.pdf
Emsisoft-antimalware-remains/samples/pdf/virussign.com_39178cc4792ff30308da3a8487bfaaf0.vir
.pdf
Emsisoft-antimalware-remains/samples/pdf/virussign.com_4bf2e898ddf4667bf32c43f5c74a4f00.vir
.pdf
Emsisoft-antimalware-remains/samples/pdf/virussign.com_5ee3e8e9e07eb1843b32883df8802060.vir
.pdf
Emsisoft-antimalware-remains/samples/pdf/virussign.com_6428460eea11de974dbd5631c8450c40.vir
.pdf
Emsisoft-antimalware-remains/samples/pdf/virussign.com_6acec242071d4a4a1797c1975cb82ec0.vir
.pdf
Emsisoft-antimalware-remains/samples/pdf/virussign.com_7140d2e1606730f8d9525b0a19b2b530.vir
.pdf
Emsisoft-antimalware-remains/samples/pdf/virussign.com_a166dc308e3ae9d57d970fde1fbed840.vir
.pdf
Emsisoft-antimalware-remains/samples/pdf/virussign.com_a4282beca028dac2bb18db56141ca1b0.vir
.pdf
Emsisoft-antimalware-remains/samples/pdf/virussign.com_b64da3455321e402a3cf30faba018980.vir
.pdf
Emsisoft-antimalware-remains/samples/pdf/virussign.com_c4beb39fbd7b11f88ba39f4304a20dc0.vir
.pdf
Emsisoft-antimalware-remains/samples/pdf/virussign.com_d2ddd63ed2e08fe205929ece60f70fe0.vir
.pdf
Emsisoft-antimalware-remains/samples/pdf/virussign.com_e5c72ec5d9b6f6d8a6022c2070fd2290.vir
.pdf
Emsisoft-antimalware-remains/samples/pdf/virussign.com_ebcec1fbacc2cfb5d0f4d40a097645e0.vir
.pdf
Emsisoft-antimalware-remains/samples/pdf/virussign.com_f425947561df3b2d961345ca56ae8a00.vir
.pdf

Sharing

General

Malware Config

Signatures

Files

47b95eaa8a92898962a601a6fb44ee48

Headers

File Characteristics

Imports

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 35KB

.rdata Size: 580KB - Virtual size: 578KB

.data Size: 4KB - Virtual size: 552B

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 5KB

8e1e263a3ab14ee8da35acbdb59d3b02

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78Certificate

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

06:6a:58:d7:fa:22:35:12:35:00:09:37:e2:56:aa:54Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78Certificate

Key Usages

7f:09:b3:b8:92:48:7b:9c:64:ec:0f:4b:53:9c:7c:7cCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6Certificate

Extended Key Usages

Key Usages

5b:49:38:77:2f:0c:f7:f6:4a:38:9a:b5:d0:61:0b:8c:dd:2b:3d:9a:49:7b:fe:df:11:2c:b0:a3:3d:37:c4:77Signer

82:ba:fa:ca:f7:b3:c6:db:80:0c:3c:2d:87:8f:c2:f6:ba:2b:1f:e7Signer

Headers

File Characteristics

Imports

mfc42d

msvcrtd

Exports

Exports

Sections

.text Size: 96KB - Virtual size: 93KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 22KB

.idata Size: 4KB - Virtual size: 959B

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 1KB

f3b95daa521f7b92d73d4818bf2d8ee5

Headers

File Characteristics

Imports

msvcrt

Sections

.text Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 1KB

.idata Size: 4KB - Virtual size: 530B

.rsrc Size: 172KB - Virtual size: 171KB

.reloc Size: 4KB - Virtual size: 456B

841cd8dad96381ce9cfc40ddd0184cd7

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

.text
Size: 36KB - Virtual size: 35KB

.rdata
Size: 580KB - Virtual size: 578KB

.data
Size: 4KB - Virtual size: 552B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 5KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

06:6a:58:d7:fa:22:35:12:35:00:09:37:e2:56:aa:54
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

7f:09:b3:b8:92:48:7b:9c:64:ec:0f:4b:53:9c:7c:7c
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

5b:49:38:77:2f:0c:f7:f6:4a:38:9a:b5:d0:61:0b:8c:dd:2b:3d:9a:49:7b:fe:df:11:2c:b0:a3:3d:37:c4:77
Signer

82:ba:fa:ca:f7:b3:c6:db:80:0c:3c:2d:87:8f:c2:f6:ba:2b:1f:e7
Signer

.text
Size: 96KB - Virtual size: 93KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 22KB

.idata
Size: 4KB - Virtual size: 959B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 1KB

.text
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 530B

.rsrc
Size: 172KB - Virtual size: 171KB

.reloc
Size: 4KB - Virtual size: 456B

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

05:e6:a9:70:86:b9:c5:67:5a:af:89:c5:8f:fb:21:b8
Certificate

de:dc:26:80:8d:5d:b4:d8:00:0f:1b:5a:ff:34:89:ef:47:04:32:bb:06:a6:38:7d:7f:a5:4e:c8:23:e8:18:ef
Signer

.text
Size: 140KB - Virtual size: 136KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 12KB - Virtual size: 66KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 8KB

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

2e:db:a8:50:21:ee:00:c9:73:b5:c5:39:8b:2e:11:55
Certificate

37:45:0a:4b:e4:71:d9:02:a2:b2:d0:95:a9:0e:07:6b:30:cd:7c:bc
Signer

.text
Size: 28KB - Virtual size: 24KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 32KB - Virtual size: 31KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 95KB - Virtual size: 95KB