New Compressed (zipped) Folder[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

New Compressed (zipped) Folder.zip
Size

347KB
MD5

2bea4a59a823f0734296b787e71afd17
SHA1

9d411787002dbfc33a6768c73f4a586493435274
SHA256

b8719d16413541198a1e439de10b46706fbcb0270827eb8758a414ede85b0941
SHA512

8ef4c3c5ce096b1ecdd068c8a85cb5e4a9f9e0ad6474be07adfd524f337866d4b95a841a0bab6877986ad8a23cb4fb165abb6a9e0c9b81aa4feb9c7c17f8efc7
SSDEEP

6144:ooVcANcN9bDcQdedP4Grh6dStJqejCd6LhrFp4I0huyILQK4w7oTDx:oOcASzIQ0T1Jee24RpyI5LmDx

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

https://discord.com/api/webhooks/1159847598799208468/htjfq99LJZBCCW2PApvX09Ee-grIdGlvvCTaAnrPMVE1KvyNy2thKz776Qglk2-jUxdb

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/0d2761a3e32ec7f81e85331884bec3362226a1d339cf27529b377208689e5456.exe
unpack001/50dfbc1f6e3d3177449809d932d12206961f9247f624cf1eee951d1fbcd60511.dll
unpack001/6753fc386a8be8c7581c0740edc10d4142c8d647a0867a7d3b53661ce8d9e2c3.exe
unpack001/d3b1261ede6d43ccac79efdff0ffb53befa10e85032aa9e9e1661cbe6ea5d219.exe
unpack001/f31d4be2ed36280868ff07df2eea5b9f5367784c2bbc273690233523a1b0e3f7.exe

Files

New Compressed (zipped) Folder.zip
.zip
0d2761a3e32ec7f81e85331884bec3362226a1d339cf27529b377208689e5456.exe
.exe windows:4 windows x86

a219390c7ec90f3e72e772b674064123

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm50

__vbaVarTstGt
__vbaVarSub
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaVarVargNofree
__vbaFreeVar
__vbaLenBstr
__vbaLateIdCall
__vbaStrVarMove
__vbaPut3
__vbaFreeVarList
_adj_fdiv_m64
__vbaPut4
__vbaFreeObjList
__vbaR8Sgn
ord516
_adj_fprem1
__vbaResume
__vbaStrCat
ord660
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaVarCmpGe
__vbaLateMemSt
__vbaVarPow
__vbaVarForInit
__vbaExitProc
ord300
ord595
__vbaOnError
__vbaObjSet
ord302
_adj_fdiv_m16i
ord303
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
__vbaFpR4
ord306
ord308
ord309
__vbaFpR8
__vbaBoolVarNull
_CIsin
__vbaErase
__vbaVargVarMove
ord632
__vbaVarCmpGt
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaVarAbs
__vbaGenerateBoundsError
ord529
__vbaGet3
__vbaStrCmp
__vbaGet4
__vbaVarTstEq
__vbaPrintObj
__vbaI2I4
__vbaObjVar
DllFunctionCall
__vbaVarOr
__vbaAryConstruct
_adj_fpatan
__vbaAryRebase1Var
__vbaR4Var
__vbaLateIdCallLd
__vbaRedim
EVENT_SINK_Release
ord601
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaExceptHandler
__vbaPrintFile
ord606
_adj_fprem
_adj_fdivr_m64
__vbaVarDiv
ord608
__vbaVarCmpLe
__vbaFPException
__vbaStrVarVal
ord534
__vbaVarCat
__vbaI2Var
ord537
_CIlog
__vbaErrorOverflow
__vbaFileOpen
ord647
ord648
__vbaR8Str
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaVarCmpLt
__vbaFreeStrList
__vbaDerefAry1
_adj_fdivr_m32
__vbaR8Var
__vbaPowerR8
_adj_fdiv_r
ord685
ord100
__vbaI4Var
__vbaVarAdd
__vbaVarDup
__vbaStrToAnsi
ord614
__vbaVarTstGe
__vbaVarCopy
__vbaFpI4
_CIatan
__vbaStrMove
ord650
_allmul
__vbaLateIdSt
_CItan
ord546
__vbaFPInt
__vbaVarForNext
_CIexp
ord580
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 217KB - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
298bda6934276760168fae06a92b2f71e51368e6c9356ee693f5bf3982d00d77.ps1
.ps1
50dfbc1f6e3d3177449809d932d12206961f9247f624cf1eee951d1fbcd60511.dll
.dll windows:4 windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 457KB - Virtual size: 456KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
5fff5b86dcb2fcf85d7bfa1398bf1aa78bcbaddf462763e51adf1d286c82f36d.exe
.exe windows:4 windows x86

a4e92bb60f01e6d7ce91682f59d6a78b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

66:fa:90:aa:81:fd:61:af:ab:b3:d2:64:55:a0:09:0d
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

06/07/2015, 00:00

Not After

05/07/2017, 23:59

Subject

CN=Kiwoong Information & Communication Corp\,,OU=IT Team,O=Kiwoong Information & Communication Corp\,,L=Geumcheon-gu,ST=SEOUL,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ea:dd:3e:f8:d1:21:96:f1:83:32:d8:27:02:bd:c9:5b:1e:ed:02:fb
Signer

Actual PE Digest

ea:dd:3e:f8:d1:21:96:f1:83:32:d8:27:02:bd:c9:5b:1e:ed:02:fb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaStrI2
_CIcos
_adj_fptan
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaCVarAryUdt
__vbaStrCat
ord660
__vbaSetSystemError
__vbaRecDestruct
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryVar
__vbaAryDestruct
__vbaLateMemSt
__vbaExitProc
ord300
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
ord303
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
ord306
__vbaBoolVar
ord520
ord309
__vbaBoolVarNull
_CIsin
__vbaErase
ord632
ord525
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaObjVar
__vbaI2I4
DllFunctionCall
ord670
_adj_fpatan
__vbaRedim
EVENT_SINK_Release
ord600
_CIsqrt
__vbaObjIs
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
__vbaPrintFile
__vbaStrToUnicode
ord314
_adj_fprem
_adj_fdivr_m64
ord315
__vbaI2Str
ord316
ord531
ord716
__vbaFPException
ord717
__vbaUbound
__vbaStrVarVal
__vbaVarCat
ord537
ord644
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaInStr
__vbaNew2
__vbaR8Str
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
ord681
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaI4Var
__vbaVarCmpEq
ord610
__vbaVarAdd
__vbaAryLock
__vbaLateMemCall
__vbaVarDup
__vbaStrToAnsi
__vbaFpI4
__vbaVarLateMemCallLd
ord616
__vbaLateMemCallLd
_CIatan
__vbaStrMove
__vbaAryCopy
__vbaCastObj
ord619
_allmul
__vbaLenVarB
_CItan
ord546
__vbaAryUnlock
_CIexp
__vbaFreeObj
__vbaFreeStr
__vbaRecAssign

Sections

.text
Size: 152KB - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
6753fc386a8be8c7581c0740edc10d4142c8d647a0867a7d3b53661ce8d9e2c3.exe
.exe windows:6 windows x86

c5f6dc1f90a38f06246665a0433b1d04

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

vcruntime140

__current_exception
__current_exception_context
memset
_except_handler4_common
__FrameUnwindFilter

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_register_onexit_function
_controlfp_s
terminate
__p___argv
_cexit
_register_thread_local_exe_atexit_callback
_c_exit
abort
_exit
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
_initialize_onexit_table
_set_app_type
_seh_filter_exe
__p___argc

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode

kernel32

TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetCurrentProcess
GetModuleHandleW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
Sleep

mscoree

_CorExeMain

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
99f88559c1bad41ce0c963c16417f308cd40daea673215f25b0f84114aba957e.ps1
.ps1
9e101940dbd206578c80cc81888c2698a36a12f533361de8dde57aaf2307a3b6.vbs
.vbs
a4f643930f7dea2b36b3dcdf3bf572009e3d3f80eb413f7b554f1c0fc1454e2e.ps1
.ps1
d3b1261ede6d43ccac79efdff0ffb53befa10e85032aa9e9e1661cbe6ea5d219.exe
.exe windows:4 windows x86

2c5f2513605e48f2d8ea5440a870cb9e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
wcsncmp
memmove
wcsncpy
wcsstr
_wcsnicmp
_wcsdup
free
_wcsicmp
wcslen
wcscpy
wcscmp
wcscat
memcpy
tolower
malloc

kernel32

GetModuleHandleW
HeapCreate
GetStdHandle
SetConsoleCtrlHandler
HeapDestroy
ExitProcess
WriteFile
GetTempFileNameW
LoadLibraryExW
EnumResourceTypesW
FreeLibrary
RemoveDirectoryW
EnumResourceNamesW
GetCommandLineW
LoadResource
SizeofResource
FreeResource
FindResourceW
GetNativeSystemInfo
GetShortPathNameW
GetWindowsDirectoryW
GetSystemDirectoryW
EnterCriticalSection
CloseHandle
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
TerminateThread
CreateThread
GetProcAddress
GetVersionExW
Sleep
WideCharToMultiByte
HeapAlloc
HeapFree
LoadLibraryW
GetCurrentProcessId
GetCurrentThreadId
GetModuleFileNameW
PeekNamedPipe
TerminateProcess
GetEnvironmentVariableW
SetEnvironmentVariableW
GetCurrentProcess
DuplicateHandle
CreatePipe
CreateProcessW
GetExitCodeProcess
SetUnhandledExceptionFilter
HeapSize
MultiByteToWideChar
CreateDirectoryW
SetFileAttributesW
GetTempPathW
DeleteFileW
GetCurrentDirectoryW
SetCurrentDirectoryW
CreateFileW
SetFilePointer
TlsFree
TlsGetValue
TlsSetValue
TlsAlloc
HeapReAlloc
DeleteCriticalSection
InterlockedCompareExchange
InterlockedExchange
GetLastError
SetLastError
UnregisterWait
GetCurrentThread
RegisterWaitForSingleObject

user32

CharUpperW
CharLowerW
MessageBoxW
DefWindowProcW
DestroyWindow
GetWindowLongW
GetWindowTextLengthW
GetWindowTextW
UnregisterClassW
LoadIconW
LoadCursorW
RegisterClassExW
IsWindowEnabled
EnableWindow
GetSystemMetrics
CreateWindowExW
SetWindowLongW
SendMessageW
SetFocus
CreateAcceleratorTableW
SetForegroundWindow
BringWindowToTop
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
DestroyAcceleratorTable
PostMessageW
GetForegroundWindow
GetWindowThreadProcessId
IsWindowVisible
EnumWindows
SetWindowPos

gdi32

GetStockObject

comctl32

InitCommonControlsEx

shell32

ShellExecuteExW
SHGetFolderLocation
SHGetPathFromIDListW

winmm

timeBeginPeriod

ole32

CoInitialize
CoTaskMemFree

shlwapi

PathAddBackslashW
PathRenameExtensionW
PathQuoteSpacesW
PathRemoveArgsW
PathRemoveBackslashW

Sections

.code
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
d6036e25b3a80afc1cc736b62338458b5f9d6643903df3618817e4db71e26314.ps1
.ps1
dad42acaceb845bc18d8530ad5663a770ad222646c52ae495042580b3857a140.ps1
.ps1
dc488f3616dfd7d0c1f1c8f50a33f7d898709e40a45b832979c9e3f38f738996.js
f31d4be2ed36280868ff07df2eea5b9f5367784c2bbc273690233523a1b0e3f7.exe
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
f7ddaca98fc31549da88eb647b5905a895163dd426a06a4dc672ab829c74d225.ps1
.ps1

Sharing

General

Malware Config

Extracted

Signatures

Files

a219390c7ec90f3e72e772b674064123

Headers

File Characteristics

Imports

msvbvm50

Sections

.text Size: 217KB - Virtual size: 216KB

.data Size: 512B - Virtual size: 13KB

.idata Size: 3KB - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 11KB

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 457KB - Virtual size: 456KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

a4e92bb60f01e6d7ce91682f59d6a78b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6dCertificate

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

66:fa:90:aa:81:fd:61:af:ab:b3:d2:64:55:a0:09:0dCertificate

Extended Key Usages

Key Usages

ea:dd:3e:f8:d1:21:96:f1:83:32:d8:27:02:bd:c9:5b:1e:ed:02:fbSigner

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 152KB - Virtual size: 150KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 3KB

c5f6dc1f90a38f06246665a0433b1d04

Headers

DLL Characteristics

File Characteristics

Imports

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

kernel32

mscoree

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 19KB - Virtual size: 20KB

.data Size: 512B - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 988B

2c5f2513605e48f2d8ea5440a870cb9e

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

gdi32

comctl32

.text
Size: 217KB - Virtual size: 216KB

.data
Size: 512B - Virtual size: 13KB

.idata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 11KB

.text
Size: 457KB - Virtual size: 456KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

66:fa:90:aa:81:fd:61:af:ab:b3:d2:64:55:a0:09:0d
Certificate

ea:dd:3e:f8:d1:21:96:f1:83:32:d8:27:02:bd:c9:5b:1e:ed:02:fb
Signer

.text
Size: 152KB - Virtual size: 150KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 3KB

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 19KB - Virtual size: 20KB

.data
Size: 512B - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 988B

.code
Size: 14KB - Virtual size: 14KB

.text
Size: 54KB - Virtual size: 54KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 8KB - Virtual size: 8KB

.text
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B