NEAS[.]NEASNEAS7f8f310241aa93dee7b4c0e97c1d30b8e50e96ffec619288de13f25d2ca555c7exeexeexe_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.NEASNEAS7f8f310241aa93dee7b4c0e97c1d30b8e50e96ffec619288de13f25d2ca555c7exeexeexe_JC.exe
Size

222KB
MD5

9f827d15fe257543fa8c8c42c33e389a
SHA1

76ab3458d75986bd1be148a5ca2d22318622b7c5
SHA256

7f8f310241aa93dee7b4c0e97c1d30b8e50e96ffec619288de13f25d2ca555c7
SHA512

9fd5c0044250f24484396abde8db525c1ddbbe9509e1ab1ecbdb25997a0fc217fbf3d4fc8233883f763824183095a320a99fd9d7e55643d70233327da06e8b4f
SSDEEP

6144:8IaOLnT2UpqoFX1qAimnNWuvkjeTBNG82rx/6QFi9jpapT3DeJR:NnSUlAANbvk6TXG8SU2p32R

Score

1^/10

Malware Config

Signatures

Files

NEAS.NEASNEAS7f8f310241aa93dee7b4c0e97c1d30b8e50e96ffec619288de13f25d2ca555c7exeexeexe_JC.exe
.dll windows:6 windows x64

5aad8eb7668926ff5dde618738f4ff53

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6c:04:1b:e0:8a:5f:cd:47:36:e2:85:04:be:b7:78:6c
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

20/03/2023, 00:00

Not After

19/03/2026, 23:59

Subject

CN=Mark Straver,O=Mark Straver,ST=Jönköpings län,C=SE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9e:8e:de:4d:89:93:a0:a3:ee:83:d5:2f:48:9a:a0:dd:9f:e7:50:03:71:a0:f2:17:34:12:fb:d6:37:4e:ac:e6
Signer

Actual PE Digest

9e:8e:de:4d:89:93:a0:a3:ee:83:d5:2f:48:9a:a0:dd:9f:e7:50:03:71:a0:f2:17:34:12:fb:d6:37:4e:ac:e6

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

VerSetConditionMask
SearchPathW
CreateFileW
WriteFile
IsDebuggerPresent
OutputDebugStringA
EncodePointer
DecodePointer
CloseHandle
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcess
GetCurrentThreadId
GetSystemInfo
VirtualAllocEx
VirtualProtectEx
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetModuleHandleA
GetProcAddress
LoadLibraryExA
VerifyVersionInfoA
TerminateProcess
GetEnvironmentVariableA
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TlsAlloc
TlsGetValue
TlsSetValue
VirtualAlloc
VirtualFree
DisableThreadLibraryCalls
RtlLookupFunctionEntry
RtlVirtualUnwind
DuplicateHandle
GetLastError
TryEnterCriticalSection
SetEvent
WaitForSingleObject
CreateEventA
SignalObjectAndWait
GetCurrentThread
SuspendThread
ResumeThread
GetThreadContext
LocalFree
FormatMessageA
QueryPerformanceCounter
QueryPerformanceFrequency
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetProcessTimes
GetSystemTime
GetTickCount64
GetSystemTimeAdjustment
SystemTimeToFileTime
GetSystemTimeAsFileTime
GetCurrentProcessId
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlCaptureContext
GetModuleHandleW
FreeLibrary
VirtualQuery
VirtualProtect
RaiseException
InitializeSListHead

msvcp140

??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Xlength_error@std@@YAXPEBD@Z
?_Raise_handler@std@@3P6AXAEBVexception@stdext@@@ZEA
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z

vcruntime140

__C_specific_handler
strchr
memcpy
__std_type_info_destroy_list
memset
memchr
memmove

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_invoke_watson
_invalid_parameter_noinfo_noreturn
_crt_atexit
_cexit
_initterm
_initterm_e
strerror
_errno
_beginthreadex
_execute_onexit_table

api-ms-win-crt-string-l1-1-0

_stricmp
isxdigit
wcsncpy
_strnicmp
strncpy

api-ms-win-crt-stdio-l1-1-0

_read
_open
_dup
fclose
__stdio_common_vfprintf
__stdio_common_vsprintf
fflush
_write
_close
fputs
__acrt_iob_func
_lseeki64
_wopen

api-ms-win-crt-convert-l1-1-0

_ltoa
_strtoui64
wcstombs

api-ms-win-crt-math-l1-1-0

_fdopen
ceil
_dclass

api-ms-win-crt-heap-l1-1-0

malloc
free

api-ms-win-crt-environment-l1-1-0

getenv

Exports

Exports

??0Decimal@blink@@QEAA@AEBV01@@Z
??0Decimal@blink@@QEAA@AEBVEncodedData@01@@Z
??0Decimal@blink@@QEAA@H@Z
??0Decimal@blink@@QEAA@W4Sign@01@H_K@Z
??0SHA1Sum@mozilla@@QEAA@XZ
??0TimeStampValue@mozilla@@AEAA@_K0_N@Z
??4Decimal@blink@@QEAAAEAV01@AEBV01@@Z
??8Decimal@blink@@QEBA_NAEBV01@@Z
??9Decimal@blink@@QEBA_NAEBV01@@Z
??DDecimal@blink@@QEBA?AV01@AEBV01@@Z
??GDecimal@blink@@QEBA?AV01@AEBV01@@Z
??GDecimal@blink@@QEBA?AV01@XZ
??GTimeStampValue@mozilla@@QEBA_KAEBV01@@Z
??HDecimal@blink@@QEBA?AV01@AEBV01@@Z
??KDecimal@blink@@QEBA?AV01@AEBV01@@Z
??MDecimal@blink@@QEBA_NAEBV01@@Z
??NDecimal@blink@@QEBA_NAEBV01@@Z
??ODecimal@blink@@QEBA_NAEBV01@@Z
??PDecimal@blink@@QEBA_NAEBV01@@Z
??XDecimal@blink@@QEAAAEAV01@AEBV01@@Z
??YDecimal@blink@@QEAAAEAV01@AEBV01@@Z
??YTimeStampValue@mozilla@@QEAAAEAV01@_J@Z
??ZDecimal@blink@@QEAAAEAV01@AEBV01@@Z
??ZTimeStampValue@mozilla@@QEAAAEAV01@_J@Z
??_0Decimal@blink@@QEAAAEAV01@AEBV01@@Z
??_FDecimal@blink@@QEAAXXZ
?AcquireStackWalkWorkaroundLock@@YAXXZ
?CheckQPC@TimeStampValue@mozilla@@AEBA_KAEBV12@@Z
?ComputeProcessUptime@TimeStamp@mozilla@@CA_KXZ
?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@AEBAXPEBDHHHPEAVStringBuilder@2@@Z
?CreateExponentialRepresentation@DoubleToStringConverter@double_conversion@@AEBAXPEBDHHPEAVStringBuilder@2@@Z
?DllBlocklist_CheckStatus@@YA_NXZ
?DllBlocklist_Initialize@@YAXXZ
?DllBlocklist_SetInXPCOMLoadOnMainThread@@YAX_N@Z
?DllBlocklist_WriteNotes@@YAXPEAX@Z
?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPEADHPEA_NPEAH3@Z
?EcmaScriptConverter@DoubleToStringConverter@double_conversion@@SAAEBV12@XZ
?FramePointerStackWalk@mozilla@@YA_NP6AXIPEAX00@ZII0PEAPEAX0@Z
?HandleSpecialValues@DoubleToStringConverter@double_conversion@@AEBA_NNPEAVStringBuilder@2@@Z
?HashBytes@mozilla@@YAIPEBX_K@Z
?IsFloat32Representable@mozilla@@YA_NN@Z
?MozDescribeCodeAddress@@YA_NPEAXPEAUMozCodeAddressDetails@@@Z
?MozFormatCodeAddress@@YAXPEADIIPEBXPEBD2_J2I@Z
?MozFormatCodeAddressDetails@@YAXPEADIIPEAXPEBUMozCodeAddressDetails@@@Z
?MozStackWalk@@YA_NP6AXIPEAX00@ZII0_K0@Z
?Now@TimeStamp@mozilla@@CA?AV12@_N@Z
?ProcessCreation@TimeStamp@mozilla@@SA?AV12@AEA_N@Z
?RecordProcessRestart@TimeStamp@mozilla@@SAXXZ
?ReleaseStackWalkWorkaroundLock@@YAXXZ
?ResolutionInTicks@BaseTimeDurationPlatformUtils@mozilla@@SA_JXZ
?Shutdown@TimeStamp@mozilla@@SAXXZ
?StackWalkInitCriticalAddress@@YAXXZ
?Startup@TimeStamp@mozilla@@SAXXZ
?TicksFromMilliseconds@BaseTimeDurationPlatformUtils@mozilla@@SA_JN@Z
?ToExponential@DoubleToStringConverter@double_conversion@@QEBA_NNHPEAVStringBuilder@2@@Z
?ToFixed@DoubleToStringConverter@double_conversion@@QEBA_NNHPEAVStringBuilder@2@@Z
?ToPrecision@DoubleToStringConverter@double_conversion@@QEBA_NNHPEA_NPEAVStringBuilder@2@@Z
?ToSeconds@BaseTimeDurationPlatformUtils@mozilla@@SAN_J@Z
?ToSecondsSigDigits@BaseTimeDurationPlatformUtils@mozilla@@SAN_J@Z
?ToShortestIeeeNumber@DoubleToStringConverter@double_conversion@@AEBA_NNPEAVStringBuilder@2@W4DtoaMode@12@@Z
?TryAcquireStackWalkWorkaroundLock@@YA_NXZ
?Unused@mozilla@@3Uunused_t@1@B
?abs@Decimal@blink@@QEBA?AV12@XZ
?alignOperands@Decimal@blink@@CA?AUAlignedOperands@12@AEBV12@0@Z
?avx2_enabled@sse_private@mozilla@@3_NA
?avx_enabled@sse_private@mozilla@@3_NA
?ceil@Decimal@blink@@QEBA?AV12@XZ
?compareTo@Decimal@blink@@AEBA?AV12@AEBV12@@Z
?compress@LZ4@Compression@mozilla@@SA_KPEBD_KPEAD@Z
?compressLimitedOutput@LZ4@Compression@mozilla@@SA_KPEBD_KPEAD1@Z
?decompress@LZ4@Compression@mozilla@@SA_NPEBDPEAD_K@Z
?decompress@LZ4@Compression@mozilla@@SA_NPEBD_KPEAD1PEA_K@Z
?decompressPartial@LZ4@Compression@mozilla@@SA_NPEBD_KPEAD1PEA_K@Z
?finish@SHA1Sum@mozilla@@QEAAXAEAY0BE@E@Z
?floor@Decimal@blink@@QEBA?AV12@XZ
?fromDouble@Decimal@blink@@SA?AV12@N@Z
?fromString@Decimal@blink@@SA?AV12@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?gChaosFeatures@detail@mozilla@@3W4ChaosFeature@2@A
?gChaosModeCounter@detail@mozilla@@3V?$Atomic@I$01X@2@A
?gTwoCharEscapes@detail@mozilla@@3QBDB
?infinity@Decimal@blink@@SA?AV12@W4Sign@12@@Z
?kBase10MaximalLength@DoubleToStringConverter@double_conversion@@2HB
?mmx_enabled@sse_private@mozilla@@3_NA
?mozalloc_abort@@YAXQEBD@Z
?mozalloc_handle_oom@@YAX_K@Z
?mozalloc_set_oom_abort_handler@@YAXP6AX_K@Z@Z
?nan@Decimal@blink@@SA?AV12@XZ
?remainder@Decimal@blink@@QEBA?AV12@AEBV12@@Z
?round@Decimal@blink@@QEBA?AV12@XZ
?sse3_enabled@sse_private@mozilla@@3_NA
?sse4_1_enabled@sse_private@mozilla@@3_NA
?sse4_2_enabled@sse_private@mozilla@@3_NA
?sse4a_enabled@sse_private@mozilla@@3_NA
?ssse3_enabled@sse_private@mozilla@@3_NA
?toDouble@Decimal@blink@@QEBANXZ
?toString@Decimal@blink@@QEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?toString@Decimal@blink@@QEBA_NPEAD_K@Z
?update@SHA1Sum@mozilla@@QEAAXPEBXI@Z
?zero@Decimal@blink@@SA?AV12@W4Sign@12@@Z
HeapAlloc
HeapFree
HeapReAlloc
MOZ_CrashOOL
MOZ_CrashPrintf
MOZ_Z_adler32
MOZ_Z_adler32_combine
MOZ_Z_compress
MOZ_Z_compress2
MOZ_Z_compressBound
MOZ_Z_crc32
MOZ_Z_crc32_combine
MOZ_Z_deflate
MOZ_Z_deflateBound
MOZ_Z_deflateCopy
MOZ_Z_deflateEnd
MOZ_Z_deflateInit2_
MOZ_Z_deflateInit_
MOZ_Z_deflateParams
MOZ_Z_deflatePending
MOZ_Z_deflatePrime
MOZ_Z_deflateReset
MOZ_Z_deflateResetKeep
MOZ_Z_deflateSetDictionary
MOZ_Z_deflateSetHeader
MOZ_Z_deflateTune
MOZ_Z_get_crc_table
MOZ_Z_gzbuffer
MOZ_Z_gzclearerr
MOZ_Z_gzclose
MOZ_Z_gzclose_r
MOZ_Z_gzclose_w
MOZ_Z_gzdirect
MOZ_Z_gzdopen
MOZ_Z_gzeof
MOZ_Z_gzerror
MOZ_Z_gzflush
MOZ_Z_gzgetc_
MOZ_Z_gzgets
MOZ_Z_gzoffset
MOZ_Z_gzoffset64
MOZ_Z_gzopen
MOZ_Z_gzopen64
MOZ_Z_gzopen_w
MOZ_Z_gzprintf
MOZ_Z_gzputc
MOZ_Z_gzputs
MOZ_Z_gzread
MOZ_Z_gzrewind
MOZ_Z_gzseek
MOZ_Z_gzseek64
MOZ_Z_gzsetparams
MOZ_Z_gztell
MOZ_Z_gztell64
MOZ_Z_gzungetc
MOZ_Z_gzvprintf
MOZ_Z_gzwrite
MOZ_Z_inflate
MOZ_Z_inflateBack
MOZ_Z_inflateBackEnd
MOZ_Z_inflateBackInit_
MOZ_Z_inflateCopy
MOZ_Z_inflateEnd
MOZ_Z_inflateGetDictionary
MOZ_Z_inflateGetHeader
MOZ_Z_inflateInit2_
MOZ_Z_inflateInit_
MOZ_Z_inflateMark
MOZ_Z_inflatePrime
MOZ_Z_inflateReset
MOZ_Z_inflateReset2
MOZ_Z_inflateResetKeep
MOZ_Z_inflateSetDictionary
MOZ_Z_inflateSync
MOZ_Z_inflateSyncPoint
MOZ_Z_inflateUndermine
MOZ_Z_uncompress
MOZ_Z_uncompress2
MOZ_Z_zError
MOZ_Z_zlibCompileFlags
MOZ_Z_zlibVersion
_aligned_free
_aligned_malloc
_expand
_malloc_message
_malloc_options
_msize
_recalloc
_strdup
_wcsdup
adler32_z
calloc
crc32_z
deflateGetDictionary
free
frex
gMozCrashReason
gMozillaPoisonBase
gMozillaPoisonSize
gMozillaPoisonValue
gzfread
gzfwrite
gzgetc
inflateCodesUsed
inflateValidate
jemalloc_free_dirty_pages
jemalloc_purge_freed_pages
jemalloc_stats
malloc
malloc_good_size
malloc_usable_size
mozPoisonValueInit
moz_malloc_size_of
moz_malloc_usable_size
moz_xcalloc
moz_xmalloc
moz_xrealloc
moz_xstrdup
posix_memalign
realloc
strdup
strndup
wcsdup

Sections

.text
Size: 149KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5aad8eb7668926ff5dde618738f4ff53

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

6c:04:1b:e0:8a:5f:cd:47:36:e2:85:04:be:b7:78:6cCertificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

9e:8e:de:4d:89:93:a0:a3:ee:83:d5:2f:48:9a:a0:dd:9f:e7:50:03:71:a0:f2:17:34:12:fb:d6:37:4e:ac:e6Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-environment-l1-1-0

Exports

Exports

Sections

.text Size: 149KB - Virtual size: 148KB

.rdata Size: 50KB - Virtual size: 49KB

.data Size: 2KB - Virtual size: 4KB

.pdata Size: 9KB - Virtual size: 8KB

.rsrc Size: 1024B - Virtual size: 920B

.reloc Size: 512B - Virtual size: 372B

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

6c:04:1b:e0:8a:5f:cd:47:36:e2:85:04:be:b7:78:6c
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

9e:8e:de:4d:89:93:a0:a3:ee:83:d5:2f:48:9a:a0:dd:9f:e7:50:03:71:a0:f2:17:34:12:fb:d6:37:4e:ac:e6
Signer

.text
Size: 149KB - Virtual size: 148KB

.rdata
Size: 50KB - Virtual size: 49KB

.data
Size: 2KB - Virtual size: 4KB

.pdata
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 1024B - Virtual size: 920B

.reloc
Size: 512B - Virtual size: 372B