1[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1.rar
Size

22.0MB
MD5

93af6f7706263e9ef649b02a7201ea0d
SHA1

cf2c186547877dafd65bde6e8f97433b8669172a
SHA256

6125a60d8989708d0c584905029c649fa5eea7a21c1de72957dfce6d9c37b6f8
SHA512

e73d82d3da513dbc63519fda26cb439ffa1a50b75dd5f2f0a1154c37d402ee96113d7b785251494d575ad79b6eac856c66bee0038dd53843ff0ffae0ea01f3d8
SSDEEP

393216:bDlHJTvxzvGy8FqA4BDGCUiyAKwzXup5VCh3Vj4TJ/Tgs4TGgO6jCIQTCEu6+Mv:pJzl7MD1TNeQWFj4l14TF7jCIQ7+Mv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/1/opengl32.dll

Files

1.rar
.rar
1/Injecting.dll
.dll windows:6 windows x64

489e398f49ceeda3418bb4d259205037

Code Sign

04:e1:80:52:e9:b5:5c:1f:0a:83:7a:3e:c2:3b:e7:50
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/01/2020, 00:00

Not After

20/01/2021, 12:00

Subject

SERIALNUMBER=6543638,CN=Krisp Technologies\, Inc,O=Krisp Technologies\, Inc,L=Berkeley,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8a:67:17:5d:b0:0a:7d:67:d4:30:8d:ac:17:2f:87:8b:ad:30:c1:1d:d0:e9:dc:ef:17:89:ba:a3:56:85:f8:bd
Signer

Actual PE Digest

8a:67:17:5d:b0:0a:7d:67:d4:30:8d:ac:17:2f:87:8b:ad:30:c1:1d:d0:e9:dc:ef:17:89:ba:a3:56:85:f8:bd

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

winmm

timeGetTime

kernel32

InitializeSListHead
DebugBreak
GetLastError
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetCurrentThreadId
GetStdHandle
WriteFile
IsDebuggerPresent
OutputDebugStringA
FormatMessageA
RaiseException
GetProcAddress
CloseHandle
SetEvent
ResetEvent
SetLastError
WideCharToMultiByte
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetStartupInfoW
RtlPcToFileHeader
RtlUnwindEx
InterlockedFlushSList
EncodePointer
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
LCMapStringW
GetFileType
FlushFileBuffers
GetConsoleCP
GetConsoleMode
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle
SetFilePointerEx
GetFileSizeEx
GetStringTypeW
CreateFileW
HeapSize
HeapReAlloc
WriteConsoleW

Exports

Exports

??0AEC@krips_aec@@QEAA@AEBV01@@Z
??0AEC@krips_aec@@QEAA@XZ
??1AEC@krips_aec@@UEAA@XZ
??4AEC@krips_aec@@QEAAAEAV01@AEBV01@@Z
??_7AEC@krips_aec@@6B@
?create@AEC@krips_aec@@SAPEAV12@AEBUConfig@12@@Z
?create@AEC@krips_aec@@SAPEAV12@XZ
?kChunkSizeMs@AEC@krips_aec@@2HB

Sections

.text
Size: 358KB - Virtual size: 358KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
1/Mercury Soft.exe
.exe windows:6 windows x64

4e53160a12270531910b87162a608761

Code Sign

0e:4d:67:f6:43:16:c9:2a:3b:7a:17:cc:46:97:6a:8f
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

28/07/2021, 00:00

Not After

27/07/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA256 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:e3:0b:b0:3e:42:1b:33:bc:87:cd:a5:3e:84:27:95
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA256 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/03/2023, 00:00

Not After

25/02/2025, 23:59

Subject

SERIALNUMBER=6543638,CN=Krisp Technologies\, Inc,O=Krisp Technologies\, Inc,L=Berkeley,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:d2:f4:b6:0f:1f:ed:97:f7:c2:a5:b2:88:24:72:02:bc:ed:ca:46:e5:40:f8:7a:6f:bd:73:2d:49:2d:d2:f7
Signer

Actual PE Digest

7b:d2:f4:b6:0f:1f:ed:97:f7:c2:a5:b2:88:24:72:02:bc:ed:ca:46:e5:40:f8:7a:6f:bd:73:2d:49:2d:d2:f7

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

gdi32

ChoosePixelFormat
CreateBitmap
CreateDCW
CreateDIBSection
CreateRectRgn
DeleteDC
DeleteObject
DescribePixelFormat
GetDeviceCaps
GetDeviceGammaRamp
SetDeviceGammaRamp
SetPixelFormat
SwapBuffers

kernel32

AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateFileA
CreateIoCompletionPort
CreateThread
CreateWaitableTimerExW
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
ExitProcess
FormatMessageW
FreeEnvironmentStringsW
FreeLibrary
GetConsoleMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStringsW
GetLastError
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetProcAddress
GetProcessAffinityMask
GetQueuedCompletionStatusEx
GetStartupInfoA
GetStdHandle
GetSystemDirectoryA
GetSystemInfo
GetSystemTimeAsFileTime
GetThreadContext
GetTickCount
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
MultiByteToWideChar
PostQueuedCompletionStatus
QueryPerformanceCounter
QueryPerformanceFrequency
ResumeThread
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetConsoleCtrlHandler
SetErrorMode
SetEvent
SetProcessPriorityBoost
SetThreadContext
SetThreadExecutionState
SetUnhandledExceptionFilter
SetWaitableTimer
Sleep
SuspendThread
SwitchToThread
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VerSetConditionMask
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteConsoleW
WriteFile
__C_specific_handler

msvcrt

__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_beginthread
_cexit
_errno
_exit
_fmode
_initterm
_onexit
_snwprintf
_vsnprintf
abort
calloc
exit
fprintf
free
fwprintf
fwrite
malloc
memcpy
memmove
memset
qsort
raise
realloc
signal
sprintf
sscanf
strcmp
strcpy
strcspn
strlen
strncmp
strncpy
strspn
strstr
strtok
strtol
strtoul
vfprintf
wcscmp
wcscpy

opengl32

wglGetProcAddress

shell32

DragAcceptFiles
DragFinish
DragQueryFileW
DragQueryPoint

user32

AdjustWindowRectEx
BringWindowToTop
ChangeDisplaySettingsExW
ClientToScreen
ClipCursor
CloseClipboard
CreateIconIndirect
CreateWindowExW
DefWindowProcW
DestroyIcon
DestroyWindow
DispatchMessageW
EmptyClipboard
EnumDisplayDevicesW
EnumDisplayMonitors
EnumDisplaySettingsExW
EnumDisplaySettingsW
FlashWindow
GetActiveWindow
GetClassLongPtrW
GetClientRect
GetClipboardData
GetCursorPos
GetDC
GetKeyState
GetLayeredWindowAttributes
GetMessageTime
GetMonitorInfoW
GetPropW
GetRawInputData
GetRawInputDeviceInfoA
GetRawInputDeviceList
GetSystemMetrics
GetWindowLongW
GetWindowPlacement
GetWindowRect
IsIconic
IsWindowVisible
IsZoomed
LoadCursorW
LoadImageW
MapVirtualKeyW
MessageBoxW
MonitorFromWindow
MoveWindow
MsgWaitForMultipleObjects
OffsetRect
OpenClipboard
PeekMessageW
PostMessageW
PtInRect
RegisterClassExW
RegisterDeviceNotificationW
RegisterRawInputDevices
ReleaseCapture
ReleaseDC
RemovePropW
ScreenToClient
SendMessageW
SetCapture
SetClipboardData
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetLayeredWindowAttributes
SetPropW
SetRect
SetWindowLongW
SetWindowPlacement
SetWindowPos
SetWindowTextW
ShowWindow
SystemParametersInfoW
ToUnicode
TrackMouseEvent
TranslateMessage
UnregisterClassW
UnregisterDeviceNotification
WaitMessage
WindowFromPoint

Exports

Exports

_cgo_dummy_export
glowDebugCallback_glcore32
goCharCB
goCharModsCB
goCursorEnterCB
goCursorPosCB
goDropCB
goErrorCB
goFramebufferSizeCB
goJoystickCB
goKeyCB
goMonitorCB
goMouseButtonCB
goScrollCB
goWindowCloseCB
goWindowContentScaleCB
goWindowFocusCB
goWindowIconifyCB
goWindowMaximizeCB
goWindowPosCB
goWindowRefreshCB
goWindowSizeCB

Sections

.text
Size: 5.5MB - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7.2MB - Virtual size: 7.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 411KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 605B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 5.8MB - Virtual size: 5.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 537KB - Virtual size: 536KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 6.0MB - Virtual size: 6.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/92
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/106
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
1/VersionStable.dll
.dll windows:5 windows x64

dc9fbafd0b96c0a640df70f088bfd2b0

Code Sign

33:00:00:02:d0:e7:eb:7c:2e:f6:ce:23:e1:00:00:00:00:02:d0
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/05/2022, 20:46

Not After

11/05/2023, 20:46

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:a4:ca:6d:58:de:c5:0e:e0:41:d9:32:8f:62:f5:2a:0b:c9:f5:56:80:3e:5d:8d:0c:49:97:4c:24:c9:8a:22
Signer

Actual PE Digest

05:a4:ca:6d:58:de:c5:0e:e0:41:d9:32:8f:62:f5:2a:0b:c9:f5:56:80:3e:5d:8d:0c:49:97:4c:24:c9:8a:22

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateEventW
CreateFileW
DeleteCriticalSection
EncodePointer
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileExW
FindNextFileW
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetConsoleOutputCP
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStringsW
GetEnvironmentVariableW
GetFileAttributesW
GetFileType
GetLastError
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemInfo
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
InitializeSListHead
InterlockedFlushSList
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
LCMapStringW
LeaveCriticalSection
LoadLibraryExA
LoadLibraryExW
LoadLibraryW
MultiByteToWideChar
OutputDebugStringA
OutputDebugStringW
QueryPerformanceCounter
RaiseException
ResetEvent
RtlCaptureContext
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwindEx
RtlVirtualUnwind
SetEvent
SetFilePointerEx
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForSingleObjectEx
WideCharToMultiByte
WriteConsoleW
WriteFile

Exports

Exports

CompareBrowserVersions
CreateCoreWebView2Environment
CreateCoreWebView2EnvironmentWithOptions
GetAvailableCoreWebView2BrowserVersionString

Sections

.text
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gxfg
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.retplne
Size: 512B - Virtual size: 92B

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.voltbl
Size: 512B - Virtual size: 68B

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
1/libEGL.dll
.dll windows:6 windows x86

a44c6eed545a636cf24d9bf63188ef0c

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:d7:d0:4b:42:84:68:84:7f:bb:6a:50:d3:70:6d:1c
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

02/06/2021, 00:00

Not After

06/06/2022, 23:59

Subject

SERIALNUMBER=HBA 722586,CN=Avira Operations GmbH & Co. KG,OU=Engineering Services,O=Avira Operations GmbH & Co. KG,L=Tettnang,ST=Baden-Württemberg,C=DE,1.3.6.1.4.1.311.60.2.1.1=#1303556c6d,1.3.6.1.4.1.311.60.2.1.2=#0c12426164656e2d57c3bc727474656d62657267,1.3.6.1.4.1.311.60.2.1.3=#13024445,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

38:63:de:f8
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

24/12/1999, 17:50

Not After

24/07/2029, 14:15

Subject

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

22/07/2015, 19:02

Not After

22/06/2029, 19:32

Subject

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8d:ce:15:f3:a7:94:c5:87:00:00:00:00:55:92:33:f4
Certificate

Issuer

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

22/07/2020, 15:33

Not After

29/12/2030, 16:29

Subject

CN=Entrust Timestamp Authority - TSA1,O=Entrust\, Inc.,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

24:d0:8c:30:f1:40:a5:a2:e9:c1:1c:32:60:a5:fd:f1:5c:98:8d:d7:02:e0:b2:3e:cb:0a:38:a6:df:c4:87:84
Signer

Actual PE Digest

24:d0:8c:30:f1:40:a5:a2:e9:c1:1c:32:60:a5:fd:f1:5c:98:8d:d7:02:e0:b2:3e:cb:0a:38:a6:df:c4:87:84

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

PathFileExistsW

kernel32

ReadFile
WriteFile
CloseHandle
CreateFileW
PeekNamedPipe
Sleep
GetSystemTime
FlushFileBuffers
HeapSize
GetLastError
SetUnhandledExceptionFilter
WriteConsoleW
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
EncodePointer
DecodePointer
LCMapStringEx
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
GetCPInfo
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
RaiseException
RtlUnwind
InterlockedFlushSList
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetFileAttributesExW
SetFileAttributesW
DeleteFileW
MoveFileExW
GetFileType
GetDriveTypeW
GetFileInformationByHandle
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SetEndOfFile
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetConsoleCP
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapFree
HeapAlloc
GetStdHandle
GetTimeZoneInformation
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetStdHandle
GetCurrentDirectoryW
GetFullPathNameW
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW

crypt32

CryptProtectData
CryptUnprotectData

rpcrt4

UuidCreate
RpcStringFreeW
UuidToStringW

Exports

Exports

AMSWSC_authenticate
AMSWSC_notify_expiration
AMSWSC_prepare_uninstall
AMSWSC_register_remediation
AMSWSC_set_log_callback
AMSWSC_shutdown_protected_service
AMSWSC_unregister_remediation
AMSWSC_update_protection_update_substatus
AMSWSC_update_scan_substatus
AMSWSC_update_settings_substatus
AMSWSC_update_status

Sections

.text
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
1/libgcc_s_dw2-1.dll
.dll windows:6 windows x86

72e2cd9e129b18aa647a30bd6ed95591

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2a:09:50:26:3e:06:49:6a:27:81:f5:50
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

11/07/2018, 11:33

Not After

11/07/2021, 11:33

Subject

SERIALNUMBER=HRA 722586,CN=Avira Operations GmbH & Co. KG,OU=Cloud\, Services and Infrastructure,O=Avira Operations GmbH & Co. KG,STREET=Kaplaneiweg 1,L=Tettnang,ST=Baden-Wuerttemberg,C=DE,1.2.840.113549.1.9.1=#0c0c63614061766972612e636f6d,1.3.6.1.4.1.311.60.2.1.1=#1303556c6d,1.3.6.1.4.1.311.60.2.1.2=#1312426164656e2d577565727474656d62657267,1.3.6.1.4.1.311.60.2.1.3=#13024445,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

11:21:b4:55:35:1e:bb:1a:b2:4f:97:ef:07:fe:2a:b3:0b:8a
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for Standard - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

22:4c:b7:e1:ed:ee:0d:dc:8d:0b:ae:1f:fa:51:6b:56:0e:0d:52:05:ce:94:ae:bb:43:7d:df:bc:60:ec:0c:7b
Signer

Actual PE Digest

22:4c:b7:e1:ed:ee:0d:dc:8d:0b:ae:1f:fa:51:6b:56:0e:0d:52:05:ce:94:ae:bb:43:7d:df:bc:60:ec:0c:7b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetProcessWorkingSetSize
VerifyVersionInfoW
DeleteFileW
GetFileSize
SetFileAttributesW
WriteFile
CreateIoCompletionPort
PostQueuedCompletionStatus
GetFileSizeEx
ReadFile
SetFilePointerEx
QueryPerformanceCounter
GetQueuedCompletionStatus
LoadLibraryW
ResetEvent
GetCurrentThread
GetCurrentThreadId
SetThreadPriority
TerminateThread
GetTickCount
VirtualQuery
MapViewOfFile
UnmapViewOfFile
WriteConsoleW
GetProcAddress
GetModuleHandleW
FreeLibrary
GetSystemInfo
OpenProcess
GetCurrentProcessId
GetCurrentProcess
Sleep
QueryPerformanceFrequency
SetErrorMode
VerSetConditionMask
GetModuleFileNameW
CreateEventW
WaitForSingleObject
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetOverlappedResult
DeviceIoControl
CreateFileW
SetLastError
GetLastError
CloseHandle
SetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
InterlockedFlushSList
RaiseException
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
MoveFileExW
HeapValidate
GetConsoleMode
GetFileType
ExitProcess
HeapFree
HeapAlloc
GetStdHandle
LCMapStringW
MultiByteToWideChar
GetProcessHeap
SetStdHandle
GetConsoleOutputCP
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
FlushFileBuffers
HeapSize
DecodePointer

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
UnregisterTraceGuids
RegisterTraceGuidsW
SetServiceStatus
TraceMessage
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

Exports

Exports

AVGDLL01
AVGDLL02
AVGDLL03
AVGDLL04
AVGDLL05
AVGDLL06
AVGDLL07
AVGDLL08
AVGDLL09
AVGDLL10
AVGDLL11
AVGDLL12
AVGDLL13
AVGDLL14
AVGDLL15

Sections

.text
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
1/nssckbi.dll
.dll windows:4 windows x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:44:18:e2:de:de:36:dd:29:74:c3:44:3a:fb:5c:e5
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

02/07/2021, 00:00

Not After

10/07/2024, 23:59

Subject

CN=Google LLC,O=Google LLC,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4b:3c:cb:57:aa:74:c1:df:f4:3a:25:61:2f:16:51:38:81:c3:e6:96:68:da:73:5d:4c:6d:d7:45:ee:c3:72:a7
Signer

Actual PE Digest

4b:3c:cb:57:aa:74:c1:df:f4:3a:25:61:2f:16:51:38:81:c3:e6:96:68:da:73:5d:4c:6d:d7:45:ee:c3:72:a7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 387KB - Virtual size: 387KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
1/opengl32.dll
.dll windows:6 windows x64

953a1d49fc9a274cd623a8ac0359ac89

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

shell32

SHGetKnownFolderPath
SHFileOperationW

advapi32

RegGetValueW
RegOpenKeyExA
RegCloseKey
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom

ole32

CoTaskMemFree

gdi32

SetPixelFormat
StretchDIBits
DescribePixelFormat
GetPixelFormat
GetGlyphOutlineA

user32

GetDC
ReleaseDC
GetWindowRect
CallNextHookEx
ClientToScreen
WindowFromDC
GetClientRect
SetWindowsHookExA
UnhookWindowsHookEx
AdjustWindowRectEx
LoadCursorA
DestroyWindow
EnumDisplaySettingsA
LoadIconA
CreateWindowExA
DefWindowProcA
RegisterClassA

kernel32

RtlUnwind
GetNumaHighestNodeNumber
GetConsoleMode
RtlCaptureStackBackTrace
WaitForMultipleObjectsEx
UnregisterWaitEx
QueryDepthSList
InterlockedPopEntrySList
SetProcessAffinityMask
GetVersionExW
GetModuleHandleA
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
TlsSetValue
Thread32Next
Thread32First
GetCurrentThreadId
CreateToolhelp32Snapshot
TlsAlloc
CloseHandle
GetCurrentProcessId
TlsGetValue
TlsFree
SetLastError
OutputDebugStringA
SwitchToThread
ReleaseSemaphore
WaitForSingleObject
CreateSemaphoreA
GetExitCodeThread
GetCurrentProcess
GetSystemInfo
GetSystemTimeAsFileTime
GetProcessTimes
VirtualFree
VirtualAlloc
SetErrorMode
GlobalMemoryStatusEx
GetConsoleWindow
IsDebuggerPresent
Sleep
QueryPerformanceFrequency
QueryPerformanceCounter
GetModuleFileNameA
GetFileType
WriteConsoleW
RaiseException
TryEnterCriticalSection
GetEnvironmentVariableW
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileExW
FindNextFileW
FlushFileBuffers
GetDiskFreeSpaceExA
GetDriveTypeW
GetFileAttributesW
GetFileInformationByHandle
GetFinalPathNameByHandleW
GetVolumePathNameW
SetFileAttributesW
SetFileInformationByHandle
SetFileTime
DuplicateHandle
GetLastError
GetSystemTime
VirtualQuery
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetModuleFileNameW
MoveFileExW
CreateHardLinkW
SystemTimeToFileTime
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
GetProcAddress
LoadLibraryW
K32EnumProcessModulesEx
FlushInstructionCache
VirtualProtect
GetStdHandle
GetCommandLineW
FindFirstFileW
GetLongPathNameW
GetNativeSystemInfo
GetModuleHandleW
DeleteTimerQueueTimer
SetConsoleMode
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
RtlCaptureContext
ExpandEnvironmentStringsW
SetUnhandledExceptionFilter
GetCurrentThread
SetConsoleCtrlHandler
SearchPathW
TerminateProcess
GetExitCodeProcess
CreateProcessW
CreateJobObjectW
AssignProcessToJobObject
SetInformationJobObject
LocalFree
FormatMessageA
ChangeTimerQueueTimer
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
InitializeSListHead
GetStartupInfoW
FormatMessageW
RtlPcToFileHeader
EncodePointer
DecodePointer
GetTickCount
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
InterlockedPushEntrySList
InterlockedFlushSList
RtlUnwindEx
LoadLibraryExW
ExitProcess
GetModuleHandleExW
CreateThread
ExitThread
ResumeThread
FreeLibraryAndExitThread
SetStdHandle
SetFilePointerEx
SetEndOfFile
HeapValidate
HeapWalk
WriteFile
GetConsoleCP
ReadFile
ReadConsoleW
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapQueryInformation
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileSizeEx
GetProcessHeap
GetTimeZoneInformation
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
OutputDebugStringW
CreateTimerQueue
SignalObjectAndWait
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
GetProcessAffinityMask

Exports

Exports

DrvCopyContext
DrvCreateContext
DrvCreateLayerContext
DrvDeleteContext
DrvDescribeLayerPlane
DrvDescribePixelFormat
DrvGetLayerPaletteEntries
DrvGetProcAddress
DrvPresentBuffers
DrvRealizeLayerPalette
DrvReleaseContext
DrvSetCallbackProcs
DrvSetContext
DrvSetLayerPaletteEntries
DrvSetPixelFormat
DrvShareLists
DrvSwapBuffers
DrvSwapLayerBuffers
DrvValidateVersion
glAccum
glActiveShaderProgram
glActiveTexture
glActiveTextureARB
glAlphaFunc
glAlphaFuncx
glAreTexturesResident
glAreTexturesResidentEXT
glArrayElement
glArrayElementEXT
glAttachObjectARB
glAttachShader
glBegin
glBeginConditionalRender
glBeginConditionalRenderNV
glBeginQuery
glBeginQueryARB
glBeginQueryIndexed
glBeginTransformFeedback
glBindAttribLocation
glBindAttribLocationARB
glBindBuffer
glBindBufferARB
glBindBufferBase
glBindBufferRange
glBindBuffersBase
glBindBuffersRange
glBindFragDataLocation
glBindFragDataLocationEXT
glBindFragDataLocationIndexed
glBindFramebuffer
glBindFramebufferEXT
glBindImageTexture
glBindImageTextures
glBindProgramARB
glBindProgramPipeline
glBindRenderbuffer
glBindRenderbufferEXT
glBindSampler
glBindSamplers
glBindTexture
glBindTextureEXT
glBindTextures
glBindTransformFeedback
glBindVertexArray
glBindVertexBuffer
glBindVertexBuffers
glBitmap
glBlendBarrier
glBlendColor
glBlendColorEXT
glBlendEquation
glBlendEquationEXT
glBlendEquationSeparate
glBlendEquationSeparatei
glBlendEquationSeparateiARB
glBlendEquationi
glBlendEquationiARB
glBlendFunc
glBlendFuncSeparate
glBlendFuncSeparateEXT
glBlendFuncSeparatei
glBlendFuncSeparateiARB
glBlendFunci
glBlendFunciARB
glBlitFramebuffer
glBufferData
glBufferDataARB
glBufferStorage
glBufferSubData
glBufferSubDataARB
glCallList
glCallLists
glCheckFramebufferStatus
glCheckFramebufferStatusEXT
glClampColor
glClampColorARB
glClear
glClearAccum
glClearBufferData
glClearBufferSubData
glClearBufferfi
glClearBufferfv
glClearBufferiv
glClearBufferuiv
glClearColor
glClearColorIiEXT
glClearColorIuiEXT
glClearColorx
glClearDepth
glClearDepthf
glClearDepthx
glClearIndex
glClearStencil
glClearTexImage
glClearTexSubImage
glClientActiveTexture
glClientActiveTextureARB
glClientWaitSync
glClipPlane
glClipPlanef
glClipPlanex
glColor3b
glColor3bv
glColor3d
glColor3dv
glColor3f
glColor3fv
glColor3i
glColor3iv
glColor3s
glColor3sv
glColor3ub
glColor3ubv
glColor3ui
glColor3uiv
glColor3us
glColor3usv
glColor4b
glColor4bv
glColor4d
glColor4dv
glColor4f
glColor4fv
glColor4i
glColor4iv
glColor4s
glColor4sv
glColor4ub
glColor4ubv
glColor4ui
glColor4uiv
glColor4us
glColor4usv
glColor4x
glColorMask
glColorMaskIndexedEXT
glColorMaski
glColorMaterial
glColorP3ui
glColorP3uiv
glColorP4ui
glColorP4uiv
glColorPointer
glColorPointerEXT
glColorSubTable
glColorTable
glColorTableParameterfv
glColorTableParameteriv
glCompileShader
glCompileShaderARB
glCompressedTexImage1D
glCompressedTexImage1DARB
glCompressedTexImage2D
glCompressedTexImage2DARB
glCompressedTexImage3D
glCompressedTexImage3DARB
glCompressedTexSubImage1D
glCompressedTexSubImage1DARB
glCompressedTexSubImage2D
glCompressedTexSubImage2DARB
glCompressedTexSubImage3D
glCompressedTexSubImage3DARB
glConvolutionFilter1D
glConvolutionFilter2D
glConvolutionParameterf
glConvolutionParameterfv
glConvolutionParameteri
glConvolutionParameteriv
glCopyBufferSubData
glCopyColorSubTable
glCopyColorTable
glCopyConvolutionFilter1D
glCopyConvolutionFilter2D
glCopyImageSubData
glCopyPixels
glCopyTexImage1D
glCopyTexImage2D
glCopyTexSubImage1D
glCopyTexSubImage2D
glCopyTexSubImage3D
glCopyTexSubImage3DEXT
glCreateProgram
glCreateProgramObjectARB
glCreateShader
glCreateShaderObjectARB
glCreateShaderProgramv
glCullFace
glDebugMessageCallback
glDebugMessageCallbackARB
glDebugMessageControl
glDebugMessageControlARB
glDebugMessageInsert
glDebugMessageInsertARB
glDeleteBuffers
glDeleteBuffersARB
glDeleteFramebuffers
glDeleteFramebuffersEXT
glDeleteLists
glDeleteObjectARB
glDeleteProgram
glDeleteProgramPipelines
glDeleteProgramsARB
glDeleteQueries
glDeleteQueriesARB
glDeleteRenderbuffers
glDeleteRenderbuffersEXT
glDeleteSamplers
glDeleteShader
glDeleteSync
glDeleteTextures
glDeleteTexturesEXT
glDeleteTransformFeedbacks
glDeleteVertexArrays
glDepthFunc
glDepthMask
glDepthRange
glDepthRangeArrayv
glDepthRangeIndexed
glDepthRangef
glDepthRangex
glDetachObjectARB
glDetachShader
glDisable
glDisableClientState
glDisableIndexedEXT
glDisableVertexAttribArray
glDisableVertexAttribArrayARB
glDisablei
glDispatchCompute
glDispatchComputeIndirect
glDrawArrays
glDrawArraysEXT
glDrawArraysIndirect
glDrawArraysInstanced
glDrawArraysInstancedARB
glDrawArraysInstancedBaseInstance
glDrawArraysInstancedEXT
glDrawBuffer
glDrawBuffers
glDrawBuffersARB
glDrawBuffersATI
glDrawElements
glDrawElementsBaseVertex
glDrawElementsIndirect
glDrawElementsInstanced
glDrawElementsInstancedARB
glDrawElementsInstancedBaseInstance
glDrawElementsInstancedBaseVertex
glDrawElementsInstancedBaseVertexBaseInstance
glDrawElementsInstancedEXT
glDrawPixels
glDrawRangeElements
glDrawRangeElementsBaseVertex
glDrawRangeElementsEXT
glDrawTransformFeedback
glDrawTransformFeedbackInstanced
glDrawTransformFeedbackStream
glDrawTransformFeedbackStreamInstanced
glEdgeFlag
glEdgeFlagPointer
glEdgeFlagPointerEXT
glEdgeFlagv
glEnable
glEnableClientState
glEnableIndexedEXT
glEnableVertexAttribArray
glEnableVertexAttribArrayARB
glEnablei
glEnd
glEndConditionalRender
glEndConditionalRenderNV
glEndList
glEndQuery
glEndQueryARB
glEndQueryIndexed
glEndTransformFeedback
glEvalCoord1d
glEvalCoord1dv
glEvalCoord1f
glEvalCoord1fv
glEvalCoord2d
glEvalCoord2dv
glEvalCoord2f
glEvalCoord2fv
glEvalMesh1
glEvalMesh2
glEvalPoint1
glEvalPoint2
glFeedbackBuffer
glFenceSync
glFinish
glFlush
glFlushMappedBufferRange
glFogCoordPointer
glFogCoordPointerEXT
glFogCoordd
glFogCoorddEXT
glFogCoorddv
glFogCoorddvEXT
glFogCoordf
glFogCoordfEXT
glFogCoordfv
glFogCoordfvEXT
glFogf
glFogfv
glFogi
glFogiv
glFogx
glFogxv
glFramebufferParameteri
glFramebufferRenderbuffer
glFramebufferRenderbufferEXT
glFramebufferTexture
glFramebufferTexture1D
glFramebufferTexture1DEXT
glFramebufferTexture2D
glFramebufferTexture2DEXT
glFramebufferTexture3D
glFramebufferTexture3DEXT
glFramebufferTextureLayer
glFramebufferTextureLayerEXT
glFrontFace
glFrustum
glFrustumf
glFrustumx
glGenBuffers
glGenBuffersARB
glGenFramebuffers
glGenFramebuffersEXT
glGenLists
glGenProgramPipelines
glGenProgramsARB
glGenQueries
glGenQueriesARB
glGenRenderbuffers
glGenRenderbuffersEXT
glGenSamplers
glGenTextures
glGenTexturesEXT
glGenTransformFeedbacks
glGenVertexArrays
glGenerateMipmap
glGenerateMipmapEXT
glGetActiveAtomicCounterBufferiv
glGetActiveAttrib
glGetActiveAttribARB
glGetActiveUniform
glGetActiveUniformARB
glGetActiveUniformBlockName
glGetActiveUniformBlockiv
glGetActiveUniformName
glGetActiveUniformsiv
glGetAttachedObjectsARB
glGetAttachedShaders
glGetAttribLocation
glGetAttribLocationARB
glGetBooleanIndexedvEXT
glGetBooleani_v
glGetBooleanv
glGetBufferParameteri64v
glGetBufferParameteriv
glGetBufferParameterivARB
glGetBufferPointerv
glGetBufferPointervARB
glGetBufferSubData
glGetBufferSubDataARB
glGetClipPlane
glGetClipPlanef
glGetClipPlanex
glGetColorTable
glGetColorTableParameterfv
glGetColorTableParameteriv
glGetCompressedTexImage
glGetCompressedTexImageARB
glGetConvolutionFilter
glGetConvolutionParameterfv
glGetConvolutionParameteriv
glGetDebugMessageLog
glGetDebugMessageLogARB
glGetDoublei_v
glGetDoublev
glGetError
glGetFixedv
glGetFloati_v
glGetFloatv
glGetFragDataIndex
glGetFragDataLocation
glGetFragDataLocationEXT
glGetFramebufferAttachmentParameteriv
glGetFramebufferAttachmentParameterivEXT
glGetFramebufferParameteriv
glGetGraphicsResetStatus
glGetGraphicsResetStatusARB
glGetHandleARB
glGetHistogram
glGetHistogramParameterfv
glGetHistogramParameteriv
glGetInfoLogARB
glGetInteger64i_v
glGetInteger64v
glGetIntegerIndexedvEXT
glGetIntegeri_v
glGetIntegerv
glGetLightfv
glGetLightiv
glGetLightxv
glGetMapdv
glGetMapfv
glGetMapiv
glGetMaterialfv
glGetMaterialiv
glGetMaterialxv
glGetMinmax
glGetMinmaxParameterfv
glGetMinmaxParameteriv
glGetMultisamplefv
glGetObjectLabel
glGetObjectParameterfvARB
glGetObjectParameterivARB
glGetObjectPtrLabel
glGetPixelMapfv
glGetPixelMapuiv
glGetPixelMapusv
glGetPointerv
glGetPointervEXT
glGetPolygonStipple
glGetProgramBinary
glGetProgramEnvParameterdvARB
glGetProgramEnvParameterfvARB
glGetProgramInfoLog
glGetProgramInterfaceiv
glGetProgramLocalParameterdvARB
glGetProgramLocalParameterfvARB
glGetProgramPipelineInfoLog
glGetProgramPipelineiv
glGetProgramResourceIndex
glGetProgramResourceLocation
glGetProgramResourceName
glGetProgramResourceiv
glGetProgramStringARB
glGetProgramiv
glGetProgramivARB
glGetQueryIndexediv
glGetQueryObjectiv
glGetQueryObjectivARB
glGetQueryObjectuiv
glGetQueryObjectuivARB
glGetQueryiv
glGetQueryivARB
glGetRenderbufferParameteriv
glGetRenderbufferParameterivEXT
glGetSamplerParameterIiv
glGetSamplerParameterIuiv
glGetSamplerParameterfv
glGetSamplerParameteriv
glGetSeparableFilter
glGetShaderInfoLog
glGetShaderPrecisionFormat
glGetShaderSource
glGetShaderSourceARB
glGetShaderiv
glGetString
glGetStringi
glGetSynciv
glGetTexEnvfv
glGetTexEnviv
glGetTexEnvxv
glGetTexGendv
glGetTexGenfv
glGetTexGeniv
glGetTexImage
glGetTexLevelParameterfv
glGetTexLevelParameteriv
glGetTexParameterIiv
glGetTexParameterIivEXT
glGetTexParameterIuiv
glGetTexParameterIuivEXT
glGetTexParameterfv
glGetTexParameteriv
glGetTexParameterxv

Sections

.text
Size: 25.1MB - Virtual size: 25.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8.9MB - Virtual size: 8.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 716KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 186KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

489e398f49ceeda3418bb4d259205037

Code Sign

04:e1:80:52:e9:b5:5c:1f:0a:83:7a:3e:c2:3b:e7:50Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

8a:67:17:5d:b0:0a:7d:67:d4:30:8d:ac:17:2f:87:8b:ad:30:c1:1d:d0:e9:dc:ef:17:89:ba:a3:56:85:f8:bdSigner

Headers

DLL Characteristics

File Characteristics

Imports

winmm

kernel32

Exports

Exports

Sections

.text Size: 358KB - Virtual size: 358KB

.rdata Size: 113KB - Virtual size: 113KB

.data Size: 5KB - Virtual size: 10KB

.pdata Size: 18KB - Virtual size: 17KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

4e53160a12270531910b87162a608761

Code Sign

0e:4d:67:f6:43:16:c9:2a:3b:7a:17:cc:46:97:6a:8fCertificate

Extended Key Usages

Key Usages

0c:e3:0b:b0:3e:42:1b:33:bc:87:cd:a5:3e:84:27:95Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

7b:d2:f4:b6:0f:1f:ed:97:f7:c2:a5:b2:88:24:72:02:bc:ed:ca:46:e5:40:f8:7a:6f:bd:73:2d:49:2d:d2:f7Signer

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

kernel32

msvcrt

opengl32

shell32

user32

Exports

Exports

Sections

.text Size: 5.5MB - Virtual size: 5.5MB

.data Size: 7.2MB - Virtual size: 7.2MB

.rdata Size: 5.4MB - Virtual size: 5.4MB

.pdata Size: 22KB - Virtual size: 22KB

.xdata Size: 13KB - Virtual size: 12KB

.bss Size: - Virtual size: 411KB

.edata Size: 1024B - Virtual size: 605B

.idata Size: 8KB - Virtual size: 8KB

.CRT Size: 512B - Virtual size: 104B

.tls Size: 512B - Virtual size: 16B

.rsrc Size: 7KB - Virtual size: 7KB

.reloc Size: 111KB - Virtual size: 110KB

/4 Size: 1KB - Virtual size: 1KB

/19 Size: 5.8MB - Virtual size: 5.8MB

/31 Size: 16KB - Virtual size: 15KB

04:e1:80:52:e9:b5:5c:1f:0a:83:7a:3e:c2:3b:e7:50
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

8a:67:17:5d:b0:0a:7d:67:d4:30:8d:ac:17:2f:87:8b:ad:30:c1:1d:d0:e9:dc:ef:17:89:ba:a3:56:85:f8:bd
Signer

.text
Size: 358KB - Virtual size: 358KB

.rdata
Size: 113KB - Virtual size: 113KB

.data
Size: 5KB - Virtual size: 10KB

.pdata
Size: 18KB - Virtual size: 17KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB

0e:4d:67:f6:43:16:c9:2a:3b:7a:17:cc:46:97:6a:8f
Certificate

0c:e3:0b:b0:3e:42:1b:33:bc:87:cd:a5:3e:84:27:95
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

7b:d2:f4:b6:0f:1f:ed:97:f7:c2:a5:b2:88:24:72:02:bc:ed:ca:46:e5:40:f8:7a:6f:bd:73:2d:49:2d:d2:f7
Signer

.text
Size: 5.5MB - Virtual size: 5.5MB

.data
Size: 7.2MB - Virtual size: 7.2MB

.rdata
Size: 5.4MB - Virtual size: 5.4MB

.pdata
Size: 22KB - Virtual size: 22KB

.xdata
Size: 13KB - Virtual size: 12KB

.bss
Size: - Virtual size: 411KB

.edata
Size: 1024B - Virtual size: 605B

.idata
Size: 8KB - Virtual size: 8KB

.CRT
Size: 512B - Virtual size: 104B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 7KB - Virtual size: 7KB

.reloc
Size: 111KB - Virtual size: 110KB

/4
Size: 1KB - Virtual size: 1KB

/19
Size: 5.8MB - Virtual size: 5.8MB

/31
Size: 16KB - Virtual size: 15KB

/45
Size: 1.7MB - Virtual size: 1.7MB

/57
Size: 537KB - Virtual size: 536KB

/70
Size: 16KB - Virtual size: 16KB

/81
Size: 6.0MB - Virtual size: 6.0MB

/92
Size: 1.6MB - Virtual size: 1.6MB

/106
Size: 512B - Virtual size: 48B

33:00:00:02:d0:e7:eb:7c:2e:f6:ce:23:e1:00:00:00:00:02:d0
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

05:a4:ca:6d:58:de:c5:0e:e0:41:d9:32:8f:62:f5:2a:0b:c9:f5:56:80:3e:5d:8d:0c:49:97:4c:24:c9:8a:22
Signer

.text
Size: 80KB - Virtual size: 80KB

.rdata
Size: 44KB - Virtual size: 44KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 5KB - Virtual size: 5KB

.00cfg
Size: 512B - Virtual size: 40B

.gxfg
Size: 4KB - Virtual size: 4KB

.retplne
Size: 512B - Virtual size: 92B

.tls
Size: 512B - Virtual size: 9B

.voltbl
Size: 512B - Virtual size: 68B

_RDATA
Size: 512B - Virtual size: 252B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0e:d7:d0:4b:42:84:68:84:7f:bb:6a:50:d3:70:6d:1c
Certificate

38:63:de:f8
Certificate

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

8d:ce:15:f3:a7:94:c5:87:00:00:00:00:55:92:33:f4
Certificate

24:d0:8c:30:f1:40:a5:a2:e9:c1:1c:32:60:a5:fd:f1:5c:98:8d:d7:02:e0:b2:3e:cb:0a:38:a6:df:c4:87:84
Signer

.text
Size: 162KB - Virtual size: 162KB

.rdata
Size: 66KB - Virtual size: 66KB

.data
Size: 5KB - Virtual size: 8KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 8KB

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate