dbb86d4af9dc351bcec414eb3e5f8be824fb18489e9a34818c1de8c0b9785cd9[.]zip[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

dbb86d4af9dc351bcec414eb3e5f8be824fb18489e9a34818c1de8c0b9785cd9.zip.zip
Size

15.3MB
MD5

90456c5d7bba4d72fcaae849239f04aa
SHA1

004010cedfaa728239110b5bf826c7ca03a770b7
SHA256

5dbbc5fa280bd88e32eac1f435d1cbebd7d24545b6421607015202582e653d85
SHA512

f5b6c9b407d2a9ea2d7fcfaa70c3081e52242b8b07bd17a19274606e6bc03a39d24702c118b94e3142b2829b5d00589de3bfc1c7ab82c0fb6b654a3dc7376634
SSDEEP

393216:5v9xGLnCRAtoX6wd9tAMy60+I4nYCqOwgbsd8R63d:bxG75wdnA36jxYHSsO4N

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack002/TreeSizeFreePortable/App/TreeSizeFree/TreeSizeFree.exe	upx
static1/unpack002/TreeSizeFreePortable/App/TreeSizeFree/TreeSizeFreeOld.exe	upx

Files

dbb86d4af9dc351bcec414eb3e5f8be824fb18489e9a34818c1de8c0b9785cd9.zip.zip
.zip

Password: infected
dbb86d4af9dc351bcec414eb3e5f8be824fb18489e9a34818c1de8c0b9785cd9.zip
.zip
TreeSizeFreePortable/App/AppInfo/EULA.txt
TreeSizeFreePortable/App/AppInfo/Launcher/Custom.nsh
TreeSizeFreePortable/App/AppInfo/Launcher/TreeSizeFreePortable.ini
TreeSizeFreePortable/App/AppInfo/appicon.ico
TreeSizeFreePortable/App/AppInfo/appicon_128.png
.png
TreeSizeFreePortable/App/AppInfo/appicon_16.png
.png
TreeSizeFreePortable/App/AppInfo/appicon_32.png
.png
TreeSizeFreePortable/App/AppInfo/appicon_75.png
.png
TreeSizeFreePortable/App/AppInfo/appinfo.ini
TreeSizeFreePortable/App/AppInfo/installer.ini
TreeSizeFreePortable/App/AppInfo/pac_installer_log.ini
TreeSizeFreePortable/App/DefaultData/settings/GlobalOptions.xml
.xml
TreeSizeFreePortable/App/TreeSizeFree/License.freeware.DE.txt
TreeSizeFreePortable/App/TreeSizeFree/License.freeware.EN.txt
TreeSizeFreePortable/App/TreeSizeFree/LicenseFiles/Abbrevia/License.txt
TreeSizeFreePortable/App/TreeSizeFree/LicenseFiles/Jedi Component Library/License.txt
TreeSizeFreePortable/App/TreeSizeFree/LicenseFiles/Spring4D/License.txt
TreeSizeFreePortable/App/TreeSizeFree/LicenseFiles/SynPDF/License.txt
TreeSizeFreePortable/App/TreeSizeFree/LicenseFiles/Virtual TreeView/License.txt
TreeSizeFreePortable/App/TreeSizeFree/LicenseFiles/Windows Ribbon Framework for Delphi/License.txt
TreeSizeFreePortable/App/TreeSizeFree/TreeSizeFree.chm
.chm
TreeSizeFreePortable/App/TreeSizeFree/TreeSizeFree.exe
.exe windows:5 windows x86

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

77:00:6a:fb:54:16:03:51:95:78:42:49
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

29/10/2018, 16:49

Not After

29/01/2022, 16:49

Subject

SERIALNUMBER=HRB 4920,CN=JAM Software GmbH,O=JAM Software GmbH,STREET=Am Wissenschaftspark 26,L=Trier,ST=Rheinland-Pfalz,C=DE,1.3.6.1.4.1.311.60.2.1.1=#1308576974746c696368,1.3.6.1.4.1.311.60.2.1.2=#130f526865696e6c616e642d5066616c7a,1.3.6.1.4.1.311.60.2.1.3=#13024445,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:a8:f7:25:76:dc:7b:14:7a:18:63:9e:8d:4d:eb:37
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

28/01/2021, 11:08

Not After

01/03/2032, 11:08

Subject

CN=Globalsign TSA for CodeSign1 - R6,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

52:ad:18:a6:90:8d:46:53:78:8c:63:39:a1:4a:1d:22:9c:54:5b:48:40:33:cb:66:10:ca:07:00:87:0e:ea:5d
Signer

Actual PE Digest

52:ad:18:a6:90:8d:46:53:78:8c:63:39:a1:4a:1d:22:9c:54:5b:48:40:33:cb:66:10:ca:07:00:87:0e:ea:5d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 21.6MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 7.2MB - Virtual size: 7.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 53KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
TreeSizeFreePortable/App/TreeSizeFree/TreeSizeFreeOld.exe
.exe windows:5 windows x86

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

77:00:6a:fb:54:16:03:51:95:78:42:49
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

29/10/2018, 16:49

Not After

29/01/2022, 16:49

Subject

SERIALNUMBER=HRB 4920,CN=JAM Software GmbH,O=JAM Software GmbH,STREET=Am Wissenschaftspark 26,L=Trier,ST=Rheinland-Pfalz,C=DE,1.3.6.1.4.1.311.60.2.1.1=#1308576974746c696368,1.3.6.1.4.1.311.60.2.1.2=#130f526865696e6c616e642d5066616c7a,1.3.6.1.4.1.311.60.2.1.3=#13024445,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

50:67:fa:46:ce:6c:fe:95:15:a6:9e:b2
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

14/06/2018, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign TSA for Advanced - G3 - 003-02,O=GMO GlobalSign K.K.,C=JP

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d2:82:5e:da:13:92:01:4e:24:c9:eb:4a:b2:4b:17:55:b7:45:4e:95:2d:0a:39:83:4c:a2:a9:8d:51:61:fd:ed
Signer

Actual PE Digest

d2:82:5e:da:13:92:01:4e:24:c9:eb:4a:b2:4b:17:55:b7:45:4e:95:2d:0a:39:83:4c:a2:a9:8d:51:61:fd:ed

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 28.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 7.6MB - Virtual size: 7.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 53KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
TreeSizeFreePortable/App/TreeSizeFree/TreeSizeFree_DE.chm
.chm
TreeSizeFreePortable/App/readme.txt
TreeSizeFreePortable/Data/PortableApps.comInstaller/license.ini
TreeSizeFreePortable/Other/Help/images/donation_button.png
.png
TreeSizeFreePortable/Other/Help/images/favicon.ico
TreeSizeFreePortable/Other/Help/images/help_background_footer.png
.png
TreeSizeFreePortable/Other/Help/images/help_background_header.png
.png
TreeSizeFreePortable/Other/Help/images/help_logo_top.png
.png
TreeSizeFreePortable/Other/Source/AppNamePortable.ini
TreeSizeFreePortable/Other/Source/LauncherLicense.txt
TreeSizeFreePortable/Other/Source/PortableApps.comInstallerCustom.nsh
TreeSizeFreePortable/Other/Source/Readme.txt
TreeSizeFreePortable/TreeSizeFreePortable.exe
.exe windows:5 windows x86

32f3282581436269b3a75b6675fe3e08

Code Sign

01:80:3b:c7:53:7a:18:18:c4:ab:13:54:69:96:3c:10
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

21/02/2019, 00:00

Not After

20/02/2022, 23:59

Subject

CN=Rare Ideas LLC,O=Rare Ideas LLC,POSTALCODE=10118,STREET=350 Fifth Ave Suite 5209,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

be:5a:4d:c1:7c:17:97:e6:cc:ae:26:c7:6b:44:69:46:1e:5e:68:93:f2:ab:53:53:87:1c:46:6a:c9:29:70:41
Signer

Actual PE Digest

be:5a:4d:c1:7c:17:97:e6:cc:ae:26:c7:6b:44:69:46:1e:5e:68:93:f2:ab:53:53:87:1c:46:6a:c9:29:70:41

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TreeSizeFreePortable/help.html
.html

Sharing

General

Malware Config

Signatures

Files

Password: infected

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0fCertificate

Extended Key Usages

Key Usages

77:00:6a:fb:54:16:03:51:95:78:42:49Certificate

Extended Key Usages

Key Usages

01:a8:f7:25:76:dc:7b:14:7a:18:63:9e:8d:4d:eb:37Certificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

52:ad:18:a6:90:8d:46:53:78:8c:63:39:a1:4a:1d:22:9c:54:5b:48:40:33:cb:66:10:ca:07:00:87:0e:ea:5dSigner

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 21.6MB

UPX1 Size: 7.2MB - Virtual size: 7.2MB

.rsrc Size: 53KB - Virtual size: 56KB

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0fCertificate

Extended Key Usages

Key Usages

77:00:6a:fb:54:16:03:51:95:78:42:49Certificate

Extended Key Usages

Key Usages

50:67:fa:46:ce:6c:fe:95:15:a6:9e:b2Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

d2:82:5e:da:13:92:01:4e:24:c9:eb:4a:b2:4b:17:55:b7:45:4e:95:2d:0a:39:83:4c:a2:a9:8d:51:61:fd:edSigner

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 28.2MB

UPX1 Size: 7.6MB - Virtual size: 7.6MB

.rsrc Size: 53KB - Virtual size: 56KB

32f3282581436269b3a75b6675fe3e08

Code Sign

01:80:3b:c7:53:7a:18:18:c4:ab:13:54:69:96:3c:10Certificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

be:5a:4d:c1:7c:17:97:e6:cc:ae:26:c7:6b:44:69:46:1e:5e:68:93:f2:ab:53:53:87:1c:46:6a:c9:29:70:41Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 11KB - Virtual size: 10KB

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

77:00:6a:fb:54:16:03:51:95:78:42:49
Certificate

01:a8:f7:25:76:dc:7b:14:7a:18:63:9e:8d:4d:eb:37
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

52:ad:18:a6:90:8d:46:53:78:8c:63:39:a1:4a:1d:22:9c:54:5b:48:40:33:cb:66:10:ca:07:00:87:0e:ea:5d
Signer

UPX0
Size: - Virtual size: 21.6MB

UPX1
Size: 7.2MB - Virtual size: 7.2MB

.rsrc
Size: 53KB - Virtual size: 56KB

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

77:00:6a:fb:54:16:03:51:95:78:42:49
Certificate

50:67:fa:46:ce:6c:fe:95:15:a6:9e:b2
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

d2:82:5e:da:13:92:01:4e:24:c9:eb:4a:b2:4b:17:55:b7:45:4e:95:2d:0a:39:83:4c:a2:a9:8d:51:61:fd:ed
Signer

UPX0
Size: - Virtual size: 28.2MB

UPX1
Size: 7.6MB - Virtual size: 7.6MB

.rsrc
Size: 53KB - Virtual size: 56KB

01:80:3b:c7:53:7a:18:18:c4:ab:13:54:69:96:3c:10
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

be:5a:4d:c1:7c:17:97:e6:cc:ae:26:c7:6b:44:69:46:1e:5e:68:93:f2:ab:53:53:87:1c:46:6a:c9:29:70:41
Signer

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 415KB

.ndata
Size: - Virtual size: 1.3MB

.rsrc
Size: 50KB - Virtual size: 49KB

.reloc
Size: 4KB - Virtual size: 3KB