ArmouryCrate[.]Service[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

ArmouryCrate.Service.exe
Size

390KB
MD5

73e8af9f97c6424d84bc65b249199a04
SHA1

ba1495562af4f0c5667b2305ebb38e7d13a1190f
SHA256

be1cf9abab0f75014182dcef1cfb795318c743e5c89629ea11a68e8bfecdf262
SHA512

50059b9b671ef210570df54c1b8281102dbb1a27a0733d31845836e4b6397b36ca179667f7a57a9e352e7594d7ce46da1b40545f178426fc330cb11a5fc3e815
SSDEEP

6144:iaACJpTiRufohhilEQgxFof8ZfB6OIhwJMa5iKOjt5/rTeH9s3impA+xYN:iaACJp8uOUldcDSV/X7PuyxpAyYN

Score

1^/10

Malware Config

Signatures

Files

ArmouryCrate.Service.exe
.exe windows:6 windows x64

803e5e8964b2bd7ddcd9c1bf7979a0cb

Code Sign

0c:98:38:f6:73:f9:b1:cc:e3:95:cf:ab:2b:66:84:e4
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

08/10/2020, 00:00

Not After

12/10/2023, 12:00

Subject

SERIALNUMBER=23638777,CN=ASUSTeK COMPUTER INC.,O=ASUSTeK COMPUTER INC.,L=Beitou District,ST=Taipei City,C=TW,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025457

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

63:9e:e8:ea:6b:35:bb:29:bd:19:62:1e:d6:a1:57:c8:de:7e:01:f1:ee:bc:4a:cf:67:61:66:2a:f8:94:37:81
Signer

Actual PE Digest

63:9e:e8:ea:6b:35:bb:29:bd:19:62:1e:d6:a1:57:c8:de:7e:01:f1:ee:bc:4a:cf:67:61:66:2a:f8:94:37:81

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

armourycrate.toolkit

?g_threadOwners@@3PEAV?$unordered_map@KV?$stack@U_ThreadOwner@@V?$deque@U_ThreadOwner@@V?$allocator@U_ThreadOwner@@@std@@@std@@@std@@U?$hash@K@2@U?$equal_to@K@2@V?$allocator@U?$pair@$$CBKV?$stack@U_ThreadOwner@@V?$deque@U_ThreadOwner@@V?$allocator@U_ThreadOwner@@@std@@@std@@@std@@@std@@@2@@std@@EA
?g_pLogCrashParam@@3PEAXEA
?g_cswThreadOwners@@3PEAVCCriticalSectionWrapper@@EA
?LogCrash@@YAXW4_CrashType@@PEAU_EXCEPTION_POINTERS@@@Z
?SetThreadCrashHandlers@@YAXAEBU_GUID@@PEB_W1@Z
?g_fnLogCrash@@3P6AXPEAXKPEAU_EXCEPTION_POINTERS@@AEBU_GUID@@PEB_W3@ZEA

ws2_32

WSACleanup
recv
closesocket
WSAStartup
__WSAFDIsSet
WSASocketW
WSAGetLastError
WSASetLastError
select
setsockopt
htonl
htons
bind
getsockname
ntohs
listen
accept
send

kernel32

DeleteTimerQueueEx
GetCurrentProcessId
CreateTimerQueueTimer
DeleteTimerQueueTimer
SetConsoleCtrlHandler
GetCommandLineW
GetTickCount
GetProcessHeap
HeapFree
OpenMutexW
CreateMutexW
RemoveDirectoryW
GetExitCodeThread
AttachConsole
GetSystemDirectoryW
CreatePipe
PeekNamedPipe
GetEnvironmentVariableW
GetFileSizeEx
DeleteFileW
IsDebuggerPresent
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
MultiByteToWideChar
GetProcessId
TerminateThread
LoadLibraryExW
AddDllDirectory
FindClose
FindNextFileW
AllocConsole
FindFirstFileW
Sleep
FreeLibrary
GetModuleHandleW
CreateProcessW
VerSetConditionMask
WTSGetActiveConsoleSessionId
CreateTimerQueue
GetProcAddress
Process32FirstW
OutputDebugStringW
Process32NextW
CreateToolhelp32Snapshot
OpenProcess
InitializeCriticalSectionEx
TerminateProcess
GetCurrentProcess
CreateDirectoryW
LocalFree
GetFileAttributesW
LocalAlloc
FlushFileBuffers
WaitNamedPipeW
WriteFile
SetLastError
ResetEvent
WaitForMultipleObjects
GetLastError
DeleteCriticalSection
GetCurrentThreadId
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
TryEnterCriticalSection
SetUnhandledExceptionFilter
OpenThread
CreateThread
SetEvent
CreateEventW
WaitForSingleObject
CloseHandle
ReadFile
GetFileSize
CreateFileW
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringA
LoadLibraryW
GetFirmwareEnvironmentVariableW
lstrcmpA
FileTimeToSystemTime
FileTimeToLocalFileTime
SystemTimeToFileTime
GetModuleFileNameW
GetExitCodeProcess
VerifyVersionInfoW
HeapAlloc

user32

UnregisterDeviceNotification
RegisterPowerSettingNotification
UnregisterPowerSettingNotification
RegisterDeviceNotificationW
GetUserObjectInformationW
DefWindowProcW
DispatchMessageW
GetProcessWindowStation
CloseWindow
RegisterClassW
CreateWindowExW
GetMessageW
TranslateMessage

advapi32

RegCloseKey
CloseEventLog
NotifyChangeEventLog
ReadEventLogW
GetOldestEventLogRecord
GetNumberOfEventLogRecords
RegNotifyChangeKeyValue
RegDeleteKeyExW
RegEnumKeyW
DeleteService
QueryServiceStatus
StartServiceW
CreateServiceW
ChangeServiceConfig2W
OpenSCManagerW
CloseServiceHandle
QueryServiceStatusEx
ControlService
OpenServiceW
EnumDependentServicesW
DeregisterEventSource
ReportEventW
RegisterEventSourceW
SetServiceStatus
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
RegEnumKeyExW
RegFlushKey
RegGetValueW
RegDeleteValueW
RegSetKeyValueW
RegDeleteKeyValueW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenEventLogW
RegCreateKeyExW
ConvertStringSidToSidW
RegSetValueExW
OpenProcessToken
InitializeAcl
RegOpenKeyExW
CreateProcessAsUserW
GetLengthSid
DuplicateTokenEx
AddAccessAllowedAce
RegQueryValueExW
GetTokenInformation
SetSecurityDescriptorDacl
GetAce
EqualSid
AllocateAndInitializeSid
SetEntriesInAclW
AreAllAccessesGranted
SetNamedSecurityInfoW
GetNamedSecurityInfoW
DeleteAce
FreeSid
InitializeSecurityDescriptor
MapGenericMask
BuildTrusteeWithSidW

shell32

SHGetSpecialFolderPathW
CommandLineToArgvW
SHGetFolderPathW
SHFileOperationW

ole32

CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CLSIDFromString
CoCreateInstance
CoUninitialize

oleaut32

VariantInit
SysFreeString
SysAllocString
VariantClear

msvcp140

??Bid@locale@std@@QEAA_KXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z
?unshift@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
?_Init@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXXZ
?getloc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEBA?AVlocale@2@XZ
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
_Query_perf_frequency
?_Xbad_alloc@std@@YAXXZ
_Query_perf_counter
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?_Ipfx@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?snextc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
?sgetc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_message@std@@YAKKPEADK@Z
?_Winerror_map@std@@YAHH@Z
_Remove_dir
_Unlink
_Stat
_Lstat
_Open_dir
_Close_dir
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z

shlwapi

PathFileExistsW
PathAppendW
PathIsDirectoryW
SHDeleteKeyW

wtsapi32

WTSQuerySessionInformationW
WTSEnumerateSessionsW
WTSFreeMemory
WTSQueryUserToken

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wintrust

WTHelperGetProvCertFromChain
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
WinVerifyTrust

crypt32

CryptQueryObject
CertFreeCertificateContext
CryptMsgClose
CryptDecodeObject
CertCloseStore
CertFindCertificateInStore
CertGetNameStringW
CryptMsgGetParam

api-ms-win-core-path-l1-1-0

PathCchRemoveFileSpec
PathCchAppend

vcruntime140

_local_unwind
memset
__CxxFrameHandler3
__std_terminate
_set_purecall_handler
__std_exception_destroy
__std_exception_copy
wcsrchr
__std_type_info_compare
__C_specific_handler
_CxxThrowException
memcmp
memcpy
memmove

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
signal
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_initterm_e
exit
_exit
_set_abort_behavior
_c_exit
_register_thread_local_exe_atexit_callback
_invalid_parameter_noinfo_noreturn
_invalid_parameter_noinfo
_errno
_set_invalid_parameter_handler
terminate
_set_new_handler
_register_onexit_function

api-ms-win-crt-stdio-l1-1-0

fgetc
__stdio_common_vsscanf
fflush
fgetwc
fputwc
__stdio_common_vsnwprintf_s
ungetc
ungetwc
__p__commode
_set_fmode
_wfsopen
__acrt_iob_func
_wfopen_s
__stdio_common_vswprintf
fclose
fwrite
fgetpos
_fseeki64
fsetpos
setvbuf
__stdio_common_vswprintf_s
__stdio_common_vfwprintf

api-ms-win-crt-heap-l1-1-0

_set_new_mode
realloc
malloc
free
_callnewh

api-ms-win-crt-string-l1-1-0

_wcsnicmp
wcsncat_s
_wcsicmp
wcscpy_s
towlower
wcsnlen
_stricmp
strnlen
strncpy_s
wcsncpy_s
tolower
wcscat_s
wcstok_s

api-ms-win-crt-locale-l1-1-0

setlocale
_configthreadlocale

api-ms-win-crt-time-l1-1-0

_localtime64_s
_time64
wcsftime

api-ms-win-crt-convert-l1-1-0

mbstowcs_s
_wtoi

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file
_wstat64i32

api-ms-win-crt-math-l1-1-0

__setusermatherr

Sections

.text
Size: 201KB - Virtual size: 201KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

803e5e8964b2bd7ddcd9c1bf7979a0cb

Code Sign

0c:98:38:f6:73:f9:b1:cc:e3:95:cf:ab:2b:66:84:e4Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

63:9e:e8:ea:6b:35:bb:29:bd:19:62:1e:d6:a1:57:c8:de:7e:01:f1:ee:bc:4a:cf:67:61:66:2a:f8:94:37:81Signer

Headers

DLL Characteristics

File Characteristics

Imports

armourycrate.toolkit

ws2_32

kernel32

user32

advapi32

shell32

ole32

oleaut32

msvcp140

shlwapi

wtsapi32

userenv

version

wintrust

crypt32

api-ms-win-core-path-l1-1-0

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: 201KB - Virtual size: 201KB

.rdata Size: 93KB - Virtual size: 92KB

.data Size: 4KB - Virtual size: 6KB

.pdata Size: 11KB - Virtual size: 10KB

.rsrc Size: 69KB - Virtual size: 69KB

.reloc Size: 1024B - Virtual size: 592B

0c:98:38:f6:73:f9:b1:cc:e3:95:cf:ab:2b:66:84:e4
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

63:9e:e8:ea:6b:35:bb:29:bd:19:62:1e:d6:a1:57:c8:de:7e:01:f1:ee:bc:4a:cf:67:61:66:2a:f8:94:37:81
Signer

.text
Size: 201KB - Virtual size: 201KB

.rdata
Size: 93KB - Virtual size: 92KB

.data
Size: 4KB - Virtual size: 6KB

.pdata
Size: 11KB - Virtual size: 10KB

.rsrc
Size: 69KB - Virtual size: 69KB

.reloc
Size: 1024B - Virtual size: 592B