IMSYS[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

IMSYS.exe
Size

807KB
MD5

4962ef5086d8a74f8ec269060d225738
SHA1

4d1e21503f09b425f89ea11aaec80670f6be666e
SHA256

800ff17121418ac82a4c3b8ba6608ff0ba34f6b0b189861fdb87bd4d7cbdcc44
SHA512

5b9d89d040327a6e90fe2131f21c17176f71fc690e2b8e74bda9c34e07eed7674ec6a7dc85b8febafd733fc4bad99a116d9a0bcf6d98a398f616225964643fb4
SSDEEP

12288:G17krIVa1+qnFSDWX28v9AAhz5CBFx6IFvGjNyXevZesYdw2pLd:GRkrRnFj28Frhz5CBFxTFvGPvsjp

Score

1^/10

Malware Config

Signatures

Files

IMSYS.exe
.exe windows:4 windows x86

048807d402d646b45e51cc5dac164e84

Code Sign

38:24:bf:9f:7e:08:ca:b6:a0:16:64:34:9d:82:38:e1
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/05/2016, 00:00

Not After

10/06/2019, 23:59

Subject

CN=北京勤哲软件技术有限责任公司,O=北京勤哲软件技术有限责任公司,L=北京,ST=北京,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

fe:5e:6d:73:3f:33:89:b6:3a:39:24:be:fb:0a:9c:ef:c8:c5:8d:b2
Signer

Actual PE Digest

fe:5e:6d:73:3f:33:89:b6:3a:39:24:be:fb:0a:9c:ef:c8:c5:8d:b2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

es_im_client

login
get_user_info
create_group
add_contacts
remove_contacts
init
send_msg
move_group_member
delete_group
free_user_info
get_last_error
fini
search_im_user

mfc80u

ord5609
ord4119
ord3082
ord2012
ord2065
ord630
ord385
ord2361
ord5053
ord3644
ord4126
ord1999
ord1293
ord4125
ord4383
ord5147
ord648
ord4267
ord4668
ord3338
ord4955
ord4438
ord4501
ord4437
ord4940
ord4784
ord4643
ord4198
ord4958
ord4775
ord5047
ord4974
ord4799
ord4380
ord4358
ord4395
ord4704
ord4393
ord4790
ord4375
ord4957
ord4378
ord4371
ord4373
ord4370
ord3968
ord4281
ord4788
ord4942
ord4194
ord4667
ord4510
ord4965
ord4474
ord4523
ord4964
ord4840
ord4495
ord4857
ord4362
ord4854
ord4433
ord3734
ord5043
ord4770
ord4553
ord1351
ord4914
ord4514
ord4513
ord4908
ord2411
ord5162
ord2412
ord5202
ord2415
ord1553
ord2413
ord1610
ord2414
ord2711
ord3471
ord410
ord6763
ord5910
ord4165
ord4172
ord4581
ord4226
ord587
ord2077
ord1536
ord3158
ord2155
ord2952
ord1785
ord4232
ord658
ord2083
ord3869
ord3873
ord5742
ord2489
ord2860
ord5869
ord5862
ord3224
ord1086
ord3901
ord5406
ord1616
ord462
ord2468
ord1182
ord1178
ord730
ord1577
ord3298
ord5398
ord3639
ord4258
ord4476
ord4560
ord2608
ord2615
ord6234
ord2007
ord2042
ord616
ord5152
ord5588
ord1370
ord5408
ord2736
ord2832
ord5491
ord4251
ord4846
ord4733
ord4699
ord1913
ord4216
ord3034
ord2762
ord5930
ord6039
ord368
ord3444
ord6284
ord741
ord2901
ord6288
ord667
ord1961
ord432
ord629
ord651
ord2364
ord1555
ord416
ord897
ord6015
ord6749
ord578
ord1271
ord5705
ord2460
ord310
ord2981
ord754
ord3793
ord2121
ord3985
ord5864
ord5618
ord3322
ord6161
ord6751
ord1237
ord2260
ord285
ord4094
ord1176
ord2085
ord6140
ord286
ord1274
ord5485
ord860
ord1946
ord5524
ord282
ord3238
ord1476
ord896
ord772
ord2122
ord899
ord657
ord1240
ord776
ord774
ord1085
ord2254
ord3189
ord4228
ord591
ord1922
ord1474
ord4092
ord2080
ord1538
ord3165
ord5829
ord4121
ord620
ord2282
ord3842
ord4231
ord1388
ord6262
ord1924
ord1475
ord3249
ord4093
ord2082
ord1561
ord3223
ord5747
ord6293
ord5327
ord6282
ord5316
ord1172
ord1007
ord5220
ord5096
ord3942
ord6215
ord5226
ord5378
ord5209
ord3826
ord566
ord3327
ord1273
ord1156
ord1096
ord4032
ord4475
ord3677
ord757
ord4008
ord5222
ord4562
ord5562
ord2239
ord3824
ord6272
ord3795
ord6274
ord4320
ord1049
ord2054
ord2009
ord5579
ord1911
ord3800
ord2925
ord1719
ord2225
ord5987
ord1502
ord2787
ord727
ord2785
ord4215
ord1011
ord2096
ord3678
ord6061
ord3590
ord326
ord5727
ord1959
ord2362
ord3877
ord4762
ord4347
ord3790
ord6143
ord6137
ord5782
ord3692
ord2063
ord6700
ord758
ord567
ord1479
ord1330
ord458
ord2857
ord3557
ord3753
ord2827
ord2861
ord2878
ord3581
ord3674
ord2490
ord2648
ord4234
ord1021
ord4314
ord2985
ord563
ord753
ord1118
ord3157
ord501
ord709
ord3204
ord3198
ord1925
ord3286
ord1572
ord1634
ord715
ord265
ord4026
ord4255
ord572
ord2651
ord6063
ord3756
ord293
ord6086
ord280
ord4098
ord283
ord5210
ord1894
ord760
ord1393
ord5981
ord3342
ord3311
ord1582
ord2086
ord1908
ord2366
ord5911
ord6721
ord577
ord1198
ord2311
ord762
ord1472
ord4276
ord2829
ord4716
ord354
ord2725
ord3397
ord1542
ord2531
ord1661
ord4179
ord1662
ord6271
ord2011
ord5067
ord4574
ord4884
ord1899
ord4729
ord5148
ord4206
ord4238
ord605
ord5196
ord5199
ord1590
ord4256
ord1646
ord3940
ord1392
ord1647
ord4480
ord5908
ord1955
ord1608
ord6720
ord5171
ord1611
ord5178
ord1353
ord3635
ord4961
ord3339
ord6275
ord3796
ord6273
ord1513
ord2163
ord2856
ord2169
ord2399
ord2381
ord2379
ord2397
ord2409
ord2386
ord2402
ord2407
ord2390
ord2392
ord2394
ord2388
ord2404
ord2384
ord931
ord927
ord929
ord925
ord920
ord3943
ord5229
ord2638
ord5231
ord3703
ord5956
ord3713
ord1591
ord3712
ord2527
ord2640
ord2534
ord2708
ord3435
ord4301
ord266
ord1079
ord764
ord383

msvcr80

wcschr
calloc
_wcstoui64
_ultoa_s
_wcsicmp
_set_errno
wcstol
memset
wcsncmp
wcsncpy_s
_strlwr_s
_resetstkoflw
_recalloc
__CxxFrameHandler3
memcpy
_get_errno
_wcstoi64
wcsnlen
atoi
_gcvt_s
_HUGE
strncmp
memmove_s
memcpy_s
_i64toa_s
strtol
iswspace
_fpclass
towupper
_itow_s
_wtoi
_itoa_s
_scwprintf
isspace
swprintf_s
wcstod
wcsftime
_time64
_localtime64_s
_invalid_parameter_noinfo
_beginthreadex
_ui64toa_s
sprintf_s
_ltow_s
__RTDynamicCast
??0exception@std@@QAE@XZ
_strtoui64
_purecall
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
memmove
_errno
strftime
_amsg_exit
?what@exception@std@@UBEPBDXZ
_msize
realloc
free
malloc
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_except_handler4_common
_invoke_watson
_controlfp_s
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_CxxThrowException

kernel32

DeleteCriticalSection
CloseHandle
GetFileSizeEx
WaitForSingleObject
SetEndOfFile
TerminateThread
InitializeCriticalSectionAndSpinCount
GetSystemInfo
UnmapViewOfFile
MapViewOfFile
LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
CreateFileMappingW
GetFullPathNameW
SetFilePointerEx
GetProcessHeap
HeapAlloc
HeapFree
GetDiskFreeSpaceW
DeleteFileW
QueryPerformanceCounter
GlobalAlloc
GetCurrentProcessId
HeapDestroy
GetTempPathA
LoadLibraryA
GetFileAttributesA
LocalFree
HeapCreate
GetSystemTime
GetLastError
HeapValidate
AreFileApisANSI
UnlockFile
GetFileAttributesW
GetFullPathNameA
DeleteFileA
LockFile
ReadFile
GetDiskFreeSpaceA
GetTickCount
CreateFileA
UnlockFileEx
CreateFileW
GetFileSize
GetSystemTimeAsFileTime
CreateMutexW
FormatMessageA
FlushFileBuffers
GetStartupInfoW
SetUnhandledExceptionFilter
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetThreadLocale
GetLocaleInfoA
GetACP
RaiseException
lstrlenA
lstrlenW
GetSystemDefaultLCID
GetProcAddress
WideCharToMultiByte
LoadLibraryW
SetThreadLocale
HeapReAlloc
GetModuleHandleW
MultiByteToWideChar
SetLastError
InterlockedExchange
GetModuleFileNameW
LoadLibraryExW
FindFirstFileW
Sleep
InterlockedCompareExchange
GlobalReAlloc
GlobalFree
GlobalSize
GetTempPathW
WriteFile
SetFilePointer
GetFileAttributesExW
HeapSize
FreeLibrary
GetVersionExA
LockFileEx
FormatMessageW
SystemTimeToFileTime

user32

GetDlgCtrlID
SetWindowLongW
UnregisterClassA
DestroyWindow
GetDlgItem
EnableWindow
SetWindowPos
GetWindowLongW
SetRect
TrackMouseEvent
SetCursor
PtInRect
ReleaseCapture
IntersectRect
CopyRect
PostThreadMessageW
GetDC
DestroyIcon
WindowFromPoint
LoadImageW
LoadCursorW
GetWindow
SetFocus
GetSystemMetrics
GetFocus
DeleteMenu
ScreenToClient
DestroyMenu
TrackPopupMenuEx
EnableMenuItem
SetCapture
GetCursorPos
ClientToScreen
AppendMenuW
SetMenuItemBitmaps
UpdateWindow
CreatePopupMenu
InvalidateRect
GetSysColor
SetForegroundWindow
GetWindowRect
GetClientRect
ReleaseDC
GetPropW
GetWindowDC
OffsetRect
RemovePropW
SetPropW
GetParent
IsWindow
SetWindowTextW
MessageBoxW
PostMessageW
SendMessageW
CreateWindowExW
EnumChildWindows

gdi32

GetDeviceCaps
GetDIBits
RealizePalette
SelectPalette
CreateSolidBrush
CreateFontIndirectW
GetClipBox
CreateRectRgn
ExtSelectClipRgn
BitBlt
SetDIBColorTable
CreateDIBSection
SelectObject
GetDIBColorTable
CreateFontW
CreateCompatibleDC
DeleteDC
StretchBlt
GetStockObject
GetObjectW
DeleteObject
CreateCompatibleBitmap

msimg32

AlphaBlend
TransparentBlt

advapi32

RegDeleteValueW
RegSetValueExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

shell32

SHBrowseForFolderW
ShellExecuteW
SHCreateDirectoryExW
SHGetPathFromIDListW

comctl32

ImageList_Create
ImageList_Destroy
ImageList_ReplaceIcon
ord17

shlwapi

PathFindFileNameW
PathRemoveFileSpecW

ole32

CoTaskMemFree
CoUninitialize
CoInitialize
CoCreateInstance
OleCreateStaticFromData
CreateILockBytesOnHGlobal
StgCreateDocfile
StgCreateDocfileOnILockBytes

oleaut32

VariantInit
SysAllocStringLen
VariantClear
VarUdateFromDate
SysFreeString

msvcp80

??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_WABV10@@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@V32@@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z

ws2_32

inet_addr
htons
recvfrom
sendto
setsockopt
WSAGetLastError
socket
WSACreateEvent
WSARecv
accept
WSASetEvent
WSAEnumNetworkEvents
WSASocketW
WSAResetEvent
WSAConnect
WSACloseEvent
freeaddrinfo
WSAGetOverlappedResult
WSASend
WSAEventSelect
WSASetLastError
send
recv
htonl
closesocket
WSAStartup
listen
bind
connect
WSACleanup
getaddrinfo

gdiplus

GdipFree
GdipAlloc
GdipGetImageHeight
GdiplusStartup
GdipDisposeImage
GdipCreateBitmapFromFile
GdipGetImageWidth
GdipGetImagePixelFormat
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipGetImageGraphicsContext
GdipCloneImage
GdipDrawImageI
GdipGetImagePalette
GdipDeleteGraphics
GdiplusShutdown
GdipGetImagePaletteSize
GdipCreateBitmapFromScan0

libeay32

ord796
ord811
ord342
ord340
ord341
ord2144

iphlpapi

GetIpAddrTable

libxml2

xmlDocSetRootElement
xmlFreeDoc
xmlSaveFile
xmlParseFile
xmlDocGetRootElement
xmlCopyDoc
xmlFreeNode
xmlCopyNode
xmlAddPrevSibling
xmlXPathNewContext
xmlXPathFreeObject
xmlParseDoc
xmlAddChild
xmlXPathFreeContext
xmlXPathEvalExpression
xmlUnlinkNode
xmlGetProp
xmlBufferFree
xmlFree
xmlNewNode
xmlSetProp
xmlNodeDump
xmlBufferContent
xmlNewChild
xmlBufferCreate
xmlNewDoc

Sections

.text
Size: 640KB - Virtual size: 637KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 124KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

048807d402d646b45e51cc5dac164e84

Code Sign

38:24:bf:9f:7e:08:ca:b6:a0:16:64:34:9d:82:38:e1Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

fe:5e:6d:73:3f:33:89:b6:3a:39:24:be:fb:0a:9c:ef:c8:c5:8d:b2Signer

Headers

File Characteristics

Imports

es_im_client

mfc80u

msvcr80

kernel32

user32

gdi32

msimg32

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

msvcp80

ws2_32

gdiplus

libeay32

iphlpapi

libxml2

Sections

.text Size: 640KB - Virtual size: 637KB

.rdata Size: 124KB - Virtual size: 122KB

.data Size: 12KB - Virtual size: 15KB

.rsrc Size: 24KB - Virtual size: 23KB

38:24:bf:9f:7e:08:ca:b6:a0:16:64:34:9d:82:38:e1
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

fe:5e:6d:73:3f:33:89:b6:3a:39:24:be:fb:0a:9c:ef:c8:c5:8d:b2
Signer

.text
Size: 640KB - Virtual size: 637KB

.rdata
Size: 124KB - Virtual size: 122KB

.data
Size: 12KB - Virtual size: 15KB

.rsrc
Size: 24KB - Virtual size: 23KB