NEAS[.]108cbe3d7757748ed994f095e6389670[.]cab

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.108cbe3d7757748ed994f095e6389670.cab
Size

3.2MB
MD5

108cbe3d7757748ed994f095e6389670
SHA1

40a68a01625a8380cec08401df079ade6f5d32e0
SHA256

1027d3cde9ef849479606e266c8b87add68a07cc7d0aeb8081a9654b5cab457a
SHA512

bf7312ca281c1a21a54177c0a06bba6517e249e41f93614c3fdf93332a047f164ca187b367bd5764d753423eab3f6be84f2aaf0528c9aed8724e26a609512f99
SSDEEP

98304:K88sgWu3oE/1uCu2LHmXvnhjSIInOrMQ/xziS:V+3F/g0aXvhungz

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/kltap.sys_X86
unpack001/ksde.exe
unpack001/ksde_azure.exe

Files

NEAS.108cbe3d7757748ed994f095e6389670.cab
.cab
kltap.cat_X86
kltap.inf_X86
kltap.sys_X86
.sys windows:10 windows x86

1d74ae25b22ff9dc514e92514df2b6f2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ndis.sys

NdisReadNetworkAddress
NdisFreeMemory
NdisInitializeEvent
NdisResetEvent
NdisWaitEvent
NdisOpenConfigurationEx
NdisAllocateMemoryWithTagPriority
NdisGetSystemUpTimeEx
NdisAllocateNetBufferListPool
NdisFreeNetBufferListPool
NdisGetDataBuffer
NdisMSetMiniportAttributes
NdisCloseConfiguration
NdisDeregisterDeviceEx
NdisMIndicateStatusEx
NdisAllocateMemoryWithTag
NdisSetEvent
NdisFreeNetBufferList
NdisAllocateNetBufferAndNetBufferList
NdisAllocateMdl
NdisFreeMdl
NdisMIndicateReceiveNetBufferLists
NdisInitializeReadWriteLock
NdisMRegisterMiniportDriver
NdisMDeregisterMiniportDriver
NdisMSendNetBufferListsComplete
NdisReadConfiguration
NdisReleaseReadWriteLock
NdisRegisterDeviceEx
NdisAcquireReadWriteLock

ntoskrnl.exe

RtlAppendUnicodeStringToString
IofCompleteRequest
IoCsqInitialize
IoCsqRemoveNextIrp
MmMapLockedPagesSpecifyCache
RtlGetVersion
RtlIsNtDdiVersionAvailable
MmGetSystemRoutineAddress
IoCsqInsertIrp
RtlUnwind
RtlUnicodeToMultiByteN
RtlInitUnicodeString
KeBugCheckEx
RtlFreeAnsiString
RtlUnicodeStringToAnsiString

hal

KfReleaseSpinLock
KeGetCurrentIrql
KfAcquireSpinLock

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 780B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 708B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kltun.cat_x86
kltun.inf_x86
kltun.sys_x86
.sys windows:6 windows x86

baee709702b1e9df3b5af2d0d475d844

Code Sign

33:00:00:00:f3:15:8e:a5:7d:1c:55:9f:29:00:00:00:00:00:f3
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12-01-2023 19:14

Not After

15-12-2023 19:14

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18-04-2012 23:48

Not After

18-04-2027 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28-07-2020 00:00

Not After

18-03-2029 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

13:bf:f1:25:c6:50:d7:c5:a0:82:20:8f
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

04-08-2022 10:44

Not After

04-08-2025 10:44

Subject

SERIALNUMBER=1027739867473,CN=AO Kaspersky Lab,O=AO Kaspersky Lab,STREET=sh Leningradskoe\, 39A / str 2,L=Moscow,ST=Moscow,C=RU,1.3.6.1.4.1.311.60.2.1.2=#13064d6f73636f77,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:19:20:13:4c:d7:52:07:5d:6f:07:fb:6a:d1:cc:2d:f1:07:9d:20:f9:52:6a:b4:60:8b:ce:84:ea:a5:f5:df
Signer

Actual PE Digest

01:19:20:13:4c:d7:52:07:5d:6f:07:fb:6a:d1:cc:2d:f1:07:9d:20:f9:52:6a:b4:60:8b:ce:84:ea:a5:f5:df

Digest Algorithm

sha256

PE Digest Matches

true

01:19:20:13:4c:d7:52:07:5d:6f:07:fb:6a:d1:cc:2d:f1:07:9d:20:f9:52:6a:b4:60:8b:ce:84:ea:a5:f5:df
Signer

Actual PE Digest

01:19:20:13:4c:d7:52:07:5d:6f:07:fb:6a:d1:cc:2d:f1:07:9d:20:f9:52:6a:b4:60:8b:ce:84:ea:a5:f5:df

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

fwpkclnt.sys

FwpmProviderDeleteByKey0
FwpmTransactionAbort0
FwpmTransactionBegin0
FwpmTransactionCommit0
FwpmFilterAdd0
FwpmFilterDeleteById0
FwpmBfeStateSubscribeChanges0
FwpmBfeStateUnsubscribeChanges0
FwpmBfeStateGet0
FwpmCalloutAdd0
FwpmCalloutDeleteByKey0
FwpsCalloutRegister1
FwpsCalloutUnregisterById0
FwpmSubLayerDeleteByKey0
FwpmSubLayerAdd0
FwpmEngineOpen0
FwpmProviderAdd0
FwpsAcquireClassifyHandle0
FwpsReleaseClassifyHandle0
FwpsAcquireWritableLayerDataPointer0
FwpmEngineClose0
FwpsApplyModifiedLayerData0

ndis.sys

NdisAllocateMemoryWithTagPriority
NdisGetDataBuffer
NdisMIndicateReceiveNetBufferLists
NdisFreeNetBufferListPool
NdisAllocateNetBufferAndNetBufferList
NdisMSendNetBufferListsComplete
NdisOpenConfigurationEx
NdisCloseConfiguration
NdisAllocateNetBufferListPool
NdisFreeNetBufferList
NdisMDeregisterMiniportDriver
NdisMRegisterMiniportDriver
NdisMSetMiniportAttributes
NdisRegisterDeviceEx
NdisFreeMemoryWithTagPriority
NdisGetDeviceReservedExtension
NdisReadConfiguration
NdisMIndicateStatusEx
NdisDeregisterDeviceEx

ntoskrnl.exe

ExAcquireSpinLockExclusive
ExFreePoolWithTag
KeInitializeEvent
ExReleaseRundownProtection
KeBugCheckEx
RtlInitUnicodeString
RtlGetVersion
MmGetSystemRoutineAddress
IoWMIRegistrationControl
IoCsqInitialize
IoCsqRemoveNextIrp
IoCsqInsertIrp
MmMapLockedPagesSpecifyCache
IofCompleteRequest
ZwWaitForSingleObject
KeWaitForMultipleObjects
PsCreateSystemThread
ExReInitializeRundownProtection
ExReleaseSpinLockShared
ExAcquireSpinLockShared
KeSetEvent
PsGetCurrentThreadId
ZwClose
PsTerminateSystemThread
KeQueryActiveProcessorCountEx
ExDeleteNPagedLookasideList
ExInitializeNPagedLookasideList
InterlockedPushEntrySList
InterlockedPopEntrySList
ExUuidCreate
KeDelayExecutionThread
MmHighestUserAddress
ZwQuerySystemInformation
_stricmp
RtlImageNtHeader
_vsnwprintf
memmove
RtlUnwind
ExInitializeRundownProtection
ExWaitForRundownProtectionRelease
memcpy_s
ExReleaseSpinLockExclusive
ExRundownCompleted
ExAcquireRundownProtection
ExAllocatePoolWithTag
memcpy
memset

hal

ExAcquireFastMutex
KeReleaseInStackQueuedSpinLock
KfReleaseSpinLock
KfAcquireSpinLock
KeAcquireInStackQueuedSpinLock
ExReleaseFastMutex

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 532B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ksde.exe
.exe windows:5 windows x86

b6e1ba760cbeffdce764e8827f82651a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpiW
FindResourceW
LoadResource
LockResource
lstrlenW
OutputDebugStringW
lstrcpyW
FreeResource
lstrcatW
LoadLibraryW
GetProcAddress
GetCommandLineW
ExitProcess
TerminateProcess
lstrcpynW
HeapFree
GetModuleFileNameW
HeapAlloc
FreeLibrary
GetProcessHeap
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent

advapi32

RegQueryValueExW
RegEnumKeyW
RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 820B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ksde.kcat
ksde_azure.exe
.exe windows:5 windows x86

4eb087fb4320d9c065cf54041a998208

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpiW
FindResourceW
LoadResource
LockResource
lstrlenW
OutputDebugStringW
lstrcpyW
FreeResource
lstrcatW
LoadLibraryW
GetProcAddress
GetCommandLineW
ExitProcess
TerminateProcess
lstrcpynW
HeapFree
GetModuleFileNameW
HeapAlloc
FreeLibrary
GetProcessHeap
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent

advapi32

RegQueryValueExW
RegEnumKeyW
RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 820B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ksde_azure.kcat
ksdeinst.dll
.dll windows:6 windows x86

5e966c519992e9b5ebc485fa5d9b518e

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28-07-2020 00:00

Not After

18-03-2029 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

13:bf:f1:25:c6:50:d7:c5:a0:82:20:8f
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

04-08-2022 10:44

Not After

04-08-2025 10:44

Subject

SERIALNUMBER=1027739867473,CN=AO Kaspersky Lab,O=AO Kaspersky Lab,STREET=sh Leningradskoe\, 39A / str 2,L=Moscow,ST=Moscow,C=RU,1.3.6.1.4.1.311.60.2.1.2=#13064d6f73636f77,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1a:cc:0c:ca:0c:2c:b1:40:61:6e:db:ac:81:b9:6e
Certificate

Issuer

CN=Kaspersky Lab,O=Kaspersky Lab,L=Moscow,C=RU

Not Before

25-08-2021 14:06

Not After

25-08-2036 14:06

Subject

CN=Kaspersky Lab,O=Kaspersky Lab,L=Moscow,C=RU

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b2:0b:cd:1f:9b:43:77:df:de:9e:d5:e3:4c:17:08:b1:73:77:6d:84:21:ef:00:9e:2c:31:a9:c8:12:2c:29:60
Signer

Actual PE Digest

b2:0b:cd:1f:9b:43:77:df:de:9e:d5:e3:4c:17:08:b1:73:77:6d:84:21:ef:00:9e:2c:31:a9:c8:12:2c:29:60

Digest Algorithm

sha256

PE Digest Matches

true

b2:0b:cd:1f:9b:43:77:df:de:9e:d5:e3:4c:17:08:b1:73:77:6d:84:21:ef:00:9e:2c:31:a9:c8:12:2c:29:60
Signer

Actual PE Digest

b2:0b:cd:1f:9b:43:77:df:de:9e:d5:e3:4c:17:08:b1:73:77:6d:84:21:ef:00:9e:2c:31:a9:c8:12:2c:29:60

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msi

ord103
ord125
ord8
ord17
ord74

userenv

UnloadUserProfile

shlwapi

SHDeleteKeyW

kernel32

SetStdHandle
FreeEnvironmentStringsW
HeapFree
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
HeapAlloc
DecodePointer
GetProcAddress
DeleteCriticalSection
GetProcessHeap
GetModuleHandleW
Sleep
ExpandEnvironmentStringsW
SetUnhandledExceptionFilter
GetLocalTime
GetCurrentProcessId
CreateFileW
FlushFileBuffers
CloseHandle
OpenProcess
GetSystemDirectoryW
LoadLibraryExW
GetModuleFileNameA
GetModuleHandleExA
FreeLibrary
GetFileAttributesW
GetCurrentDirectoryW
GetModuleFileNameW
GetModuleHandleExW
LoadLibraryW
GetEnvironmentVariableW
DeleteFileW
MoveFileExW
CopyFileW
InitializeCriticalSectionEx
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
WriteFile
GetConsoleOutputCP
GetConsoleMode
GetCurrentThreadId
GetOEMCP
GetACP
FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
SetFilePointerEx
GetFileInformationByHandleEx
MultiByteToWideChar
WideCharToMultiByte
WaitForSingleObjectEx
QueryPerformanceCounter
QueryPerformanceFrequency
WriteConsoleW
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
IsDebuggerPresent
OutputDebugStringW
SetEvent
ResetEvent
CreateEventW
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
RtlUnwind
InterlockedFlushSList
SetLastError
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCPInfo
ExitProcess
GetStdHandle
GetFileType
GetStringTypeW
LCMapStringW
HeapSize
HeapReAlloc
IsValidCodePage

advapi32

RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shell32

SHGetFolderPathW

Exports

Exports

GetVersionedAVPInstaller
MsiProductActivate
MsiProductDeactivate
MsiProductRbActivate
MsiProductUpgradeSettings

Sections

.text
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msi_common.dll
.dll windows:6 windows x86

78b689e3a1ba4a9f32ad53e0cb1b27f5

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28-07-2020 00:00

Not After

18-03-2029 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

13:bf:f1:25:c6:50:d7:c5:a0:82:20:8f
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

04-08-2022 10:44

Not After

04-08-2025 10:44

Subject

SERIALNUMBER=1027739867473,CN=AO Kaspersky Lab,O=AO Kaspersky Lab,STREET=sh Leningradskoe\, 39A / str 2,L=Moscow,ST=Moscow,C=RU,1.3.6.1.4.1.311.60.2.1.2=#13064d6f73636f77,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1a:cc:0c:ca:0c:2c:b1:40:61:6e:db:ac:81:b9:6e
Certificate

Issuer

CN=Kaspersky Lab,O=Kaspersky Lab,L=Moscow,C=RU

Not Before

25-08-2021 14:06

Not After

25-08-2036 14:06

Subject

CN=Kaspersky Lab,O=Kaspersky Lab,L=Moscow,C=RU

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e6:cb:45:64:d1:a1:91:20:0a:79:c7:5c:ae:a5:5a:2e:45:c2:a3:a7:0c:56:f7:10:c2:30:1a:6b:d1:40:f2:4b
Signer

Actual PE Digest

e6:cb:45:64:d1:a1:91:20:0a:79:c7:5c:ae:a5:5a:2e:45:c2:a3:a7:0c:56:f7:10:c2:30:1a:6b:d1:40:f2:4b

Digest Algorithm

sha256

PE Digest Matches

true

e6:cb:45:64:d1:a1:91:20:0a:79:c7:5c:ae:a5:5a:2e:45:c2:a3:a7:0c:56:f7:10:c2:30:1a:6b:d1:40:f2:4b
Signer

Actual PE Digest

e6:cb:45:64:d1:a1:91:20:0a:79:c7:5c:ae:a5:5a:2e:45:c2:a3:a7:0c:56:f7:10:c2:30:1a:6b:d1:40:f2:4b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msi

ord17
ord73
ord145
ord159
ord32
ord49
ord171
ord48
ord74
ord103
ord125
ord8

kernel32

GetFileAttributesW
GetSystemDirectoryW
RaiseException
HeapAlloc
MoveFileExW
GetProcessHeap
GetModuleFileNameA
GetEnvironmentVariableW
GetModuleHandleExA
LoadLibraryW
GetModuleHandleW
FreeLibrary
FormatMessageW
GetTickCount
Sleep
CreateProcessW
WaitForSingleObject
GetExitCodeProcess
FindResourceExW
LoadResource
LockResource
SizeofResource
FindClose
SetFileAttributesW
DeleteFileW
RemoveDirectoryW
WriteFile
CopyFileW
SetCurrentDirectoryW
InitializeCriticalSectionEx
DeleteCriticalSection
DecodePointer
GetCurrentProcess
SetSystemFileCacheSize
HeapReAlloc
HeapSize
GlobalFindAtomA
GetVersionExA
lstrlenW
lstrcpyW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
GetTempPathW
GetModuleFileNameW
FindNextFileW
HeapFree
FindFirstFileW
CreateDirectoryW
SetUnhandledExceptionFilter
LoadLibraryExW
GetCurrentProcessId
GetProcAddress
GetLocalTime
CloseHandle
GetLastError
WriteConsoleW
OpenProcess
GetCurrentThreadId
CreateFileW
ExpandEnvironmentStringsW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
QueryFullProcessImageNameW
GetFileType
GetStdHandle
InitOnceComplete
InitOnceBeginInitialize
LocalFree
FormatMessageA
FindFirstFileExW
GetFileAttributesExW
GetFileInformationByHandle
SetFilePointerEx
AreFileApisANSI
GetFileInformationByHandleEx
MultiByteToWideChar
WideCharToMultiByte
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
EncodePointer
CompareStringEx
GetCPInfo
LCMapStringEx
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
CreateEventW
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
RtlUnwind
InterlockedFlushSList
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess

user32

wsprintfW
MessageBoxW
GetWindow
GetWindowThreadProcessId
GetTopWindow
ExitWindowsEx

advapi32

LookupAccountSidW
RegEnumKeyExW
RegDeleteKeyExW
RegDeleteValueW
RegQueryInfoKeyA
RegCreateKeyExW
RegFlushKey
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegEnumValueW
RegQueryInfoKeyW
GetUserNameW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW

shell32

ShellExecuteExW

rpcrt4

UuidCreate

Exports

Exports

AddRegistryKey
CheckRebootPending
CopyFileDeferred
CopyFileImmediate
CopyFileX64Deferred
CopyFilesDeferred
CopyFilesImmediate
CopyFilesX64Deferred
CopyFolderDeferred
CopyFolderImmediate
CopyKeys
CreateRegistryValueDeferred
DeleteLicenseInfoEx
DeleteLicenseList
ExecDeferred
ExecImmediate
FlushRegistry
MessageBoxDeferred
MessageBoxImmediate
MigrateLicenseInfoEx
MoveKeys
RemoveFilesDeferred
RemoveFilesX64Deferred
RemoveFolderDeferred
RemoveFolderEx
RemoveFolderImmediate
RemoveFoldersByMask
RemoveRegistryKey
RemoveRegistryKeyDeferred
RemoveRegistryValueDeferred
RenameFile
SIDLookup
SetTmProfilesValue
SystemReboot

Sections

.text
Size: 237KB - Virtual size: 236KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msi_misc.dll
.dll windows:6 windows x86

169ff70f968c3ed14eed4bee261472df

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28-07-2020 00:00

Not After

18-03-2029 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

13:bf:f1:25:c6:50:d7:c5:a0:82:20:8f
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

04-08-2022 10:44

Not After

04-08-2025 10:44

Subject

SERIALNUMBER=1027739867473,CN=AO Kaspersky Lab,O=AO Kaspersky Lab,STREET=sh Leningradskoe\, 39A / str 2,L=Moscow,ST=Moscow,C=RU,1.3.6.1.4.1.311.60.2.1.2=#13064d6f73636f77,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1a:cc:0c:ca:0c:2c:b1:40:61:6e:db:ac:81:b9:6e
Certificate

Issuer

CN=Kaspersky Lab,O=Kaspersky Lab,L=Moscow,C=RU

Not Before

25-08-2021 14:06

Not After

25-08-2036 14:06

Subject

CN=Kaspersky Lab,O=Kaspersky Lab,L=Moscow,C=RU

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7f:37:cc:a2:98:52:e6:7a:5f:30:9e:3a:82:18:4b:89:65:04:b5:33:01:1b:53:45:fd:43:af:b1:72:24:70:02
Signer

Actual PE Digest

7f:37:cc:a2:98:52:e6:7a:5f:30:9e:3a:82:18:4b:89:65:04:b5:33:01:1b:53:45:fd:43:af:b1:72:24:70:02

Digest Algorithm

sha256

PE Digest Matches

true

7f:37:cc:a2:98:52:e6:7a:5f:30:9e:3a:82:18:4b:89:65:04:b5:33:01:1b:53:45:fd:43:af:b1:72:24:70:02
Signer

Actual PE Digest

7f:37:cc:a2:98:52:e6:7a:5f:30:9e:3a:82:18:4b:89:65:04:b5:33:01:1b:53:45:fd:43:af:b1:72:24:70:02

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msi

ord120
ord195
ord158
ord73
ord49
ord17
ord32
ord118
ord26
ord166
ord163
ord162
ord124
ord121
ord159
ord160
ord144
ord145
ord74
ord103
ord125
ord8
ord116

wintrust

CryptCATAdminRemoveCatalog
CryptCATAdminReleaseContext
WinVerifyTrustEx
CryptCATAdminReleaseCatalogContext
CryptCATAdminAddCatalog
CryptCATAdminAcquireContext
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WTHelperGetProvCertFromChain

mscoree

CLRCreateInstance

advapi32

RegUnLoadKeyW
BuildTrusteeWithSidW
GetNamedSecurityInfoW
RegGetValueW
RegDeleteKeyA
QueryServiceConfig2A
SetServiceObjectSecurity
BuildTrusteeWithSidA
GetSecurityDescriptorDacl
QueryServiceObjectSecurity
RegSetKeyValueW
ChangeServiceConfigW
QueryServiceConfigW
StartServiceW
QueryServiceConfigA
ChangeServiceConfigA
QueryServiceStatus
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
OpenSCManagerA
OpenServiceW
ControlService
DeleteService
RegFlushKey
CloseServiceHandle
RegEnumKeyExW
RegCreateKeyW
ConvertSecurityDescriptorToStringSecurityDescriptorW
SetSecurityDescriptorGroup
GetUserNameW
EnumServicesStatusA
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
SetSecurityDescriptorOwner
RegSetValueExW
ImpersonateLoggedOnUser
RevertToSelf
RegDeleteKeyW
RegDeleteValueW
GetLengthSid
RegLoadKeyW
GetEffectiveRightsFromAclW
RegEnumValueW
LookupPrivilegeValueA
FreeSid
AllocateAndInitializeSid
InitializeAcl
AddAccessAllowedAce
AddAccessDeniedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegOpenKeyW
RegQueryInfoKeyW
RegEnumKeyExA
RegEnumValueA
SetNamedSecurityInfoW
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegEnumKeyW
ConvertStringSidToSidW
ConvertSidToStringSidW
LookupAccountSidW
SetEntriesInAclW
SetFileSecurityW
RegDeleteValueA
CreateWellKnownSid
SetEntriesInAclA
RegSetKeySecurity
OpenSCManagerW
QueryServiceStatusEx
RegOpenKeyA
OpenServiceA

version

VerQueryValueW
VerQueryValueA
GetFileVersionInfoW
GetFileVersionInfoSizeW

userenv

ExpandEnvironmentStringsForUserW
UnloadUserProfile
GetProfilesDirectoryW

psapi

GetMappedFileNameA
GetMappedFileNameW
EnumProcesses

rpcrt4

RpcEpUnregister
RpcServerUnregisterIf
RpcStringFreeW
UuidToStringW
UuidCreateSequential
UuidFromStringW
UuidCreate
I_RpcSendReceive
RpcCancelThread
RpcSsDestroyClientContext
I_RpcFreeBuffer
NDRCContextUnmarshall
RpcErrorStartEnumeration
I_RpcGetBuffer
RpcErrorEndEnumeration
RpcBindingFree
RpcErrorGetNextRecord
NDRCContextMarshall

fltlib

FilterSendMessage
FilterConnectCommunicationPort

ntdll

NtCreateFile
RtlDetermineDosPathNameType_U
NtQueryInformationProcess
NtQueryObject
NtWriteFile
NtSetInformationFile
NtReadFile
NtFlushBuffersFile
NtQueryInformationFile

cabinet

ord20
ord23
ord22

ws2_32

inet_addr

kernel32

CompareStringEx
GetStartupInfoW
InitializeSListHead
OpenEventA
UnhandledExceptionFilter
SetWaitableTimer
CreateWaitableTimerW
GetCPInfo
GetLocaleInfoEx
IsDebuggerPresent
IsProcessorFeaturePresent
LCMapStringEx
EncodePointer
TryEnterCriticalSection
InitializeSRWLock
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
CreateSymbolicLinkW
GetFileInformationByHandleEx
AreFileApisANSI
SetFileInformationByHandle
SetEndOfFile
InitOnceBeginInitialize
InitOnceComplete
GetStringTypeW
GetLastError
GetProcessHeap
HeapFree
HeapAlloc
GetProcAddress
GetModuleHandleW
GetCurrentProcess
ExpandEnvironmentStringsW
GetWindowsDirectoryW
GetModuleFileNameA
GetModuleHandleExA
MoveFileExW
LocalFree
ReadFile
InitializeCriticalSectionEx
CreateFileW
CloseHandle
RaiseException
DecodePointer
DeleteCriticalSection
FreeLibrary
GetCurrentThreadId
OpenProcess
RtlUnwind
GetCurrentProcessId
LoadLibraryExW
SetUnhandledExceptionFilter
CreateDirectoryW
FindFirstFileW
GetFileSizeEx
FindNextFileW
DeviceIoControl
GetModuleFileNameW
GetTempPathW
FindClose
GetFileAttributesW
GetSystemDirectoryW
GetCurrentDirectoryW
GetTempFileNameW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
CreateEventW
SetEvent
ResetEvent
GetEnvironmentVariableW
LoadLibraryW
FindResourceExW
LoadResource
LockResource
SizeofResource
QueryFullProcessImageNameW
Sleep
lstrlenA
GetComputerNameA
lstrcpynA
LocalAlloc
OpenMutexA
GetFileAttributesExW
GetModuleHandleA
WriteFile
SetFilePointerEx
FlushFileBuffers
CreateProcessW
GetExitCodeProcess
SetCurrentDirectoryW
DeleteFileW
CopyFileW
DisconnectNamedPipe
ConnectNamedPipe
CreateNamedPipeW
OpenEventW
ResumeThread
WaitForMultipleObjects
FindFirstFileExW
TerminateProcess
FormatMessageW
GetTickCount
MultiByteToWideChar
FormatMessageA
LoadLibraryA
GetFileAttributesA
SetFileAttributesA
DeleteFileA
MoveFileExA
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SetFilePointer
SetEnvironmentVariableW
GetProcessAffinityMask
SetProcessAffinityMask
GetFileSize
Process32First
Process32Next
CreateEventA
GetOverlappedResult
CancelIo
GetDriveTypeW
SetFileAttributesW
MoveFileW
SetDllDirectoryW
CreateThread
WideCharToMultiByte
WaitForSingleObjectEx
WriteConsoleW
DuplicateHandle
ReleaseSemaphore
GetFullPathNameW
RemoveDirectoryW
OpenMutexW
ReleaseMutex
SetLastError
GlobalDeleteAtom
lstrlenW
GlobalAddAtomW
GlobalFindAtomW
GetLogicalDrives
UnmapViewOfFile
FindAtomW
CreateMutexW
CreateFileMappingW
MapViewOfFile
DeleteAtom
AddAtomW
GetSystemInfo
GetExitCodeThread
GetVersion
VerSetConditionMask
VerifyVersionInfoW
QueryDosDeviceA
GetLogicalDriveStringsA
GetSystemTimeAsFileTime
HeapCreate
HeapDestroy
QueryDosDeviceW
GetProcessId
GetProcessIoCounters
GetProcessTimes
VirtualFree
VirtualAlloc
GetVolumePathNameW
GetVolumeNameForVolumeMountPointW
GetVolumePathNamesForVolumeNameW
QueryPerformanceCounter
LCMapStringW
GlobalAlloc
GlobalFree
GetFileInformationByHandle
HeapReAlloc
HeapSize
CompareStringW
TlsSetValue
GetModuleHandleExW
TlsAlloc
TlsGetValue
TlsFree
VirtualQuery
VirtualProtect
QueryPerformanceFrequency
SwitchToThread
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WaitForMultipleObjectsEx
CreateDirectoryExW
CreateHardLinkW
CopyFileExW
IsWow64Process
InitializeCriticalSectionAndSpinCount
Module32NextW
Module32FirstW
OutputDebugStringW
InterlockedPushEntrySList
InterlockedFlushSList
ExitThread
FreeLibraryAndExitThread
ExitProcess
GetStdHandle
GetFileType
GetDateFormatW
GetTimeFormatW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleOutputCP
GetConsoleMode
GetTimeZoneInformation
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
ReadConsoleW
GetLocalTime
CreateSemaphoreA

user32

wsprintfW
GetSystemMetrics
CharUpperBuffA

shell32

ShellExecuteA
ShellExecuteExW

ole32

CoInitializeEx
CoCreateInstance
CoTaskMemFree
CoUninitialize
CoCreateGuid
CoInitializeSecurity
StringFromGUID2

crypt32

CertFreeCertificateChain
CryptMsgClose
CertCloseStore
CertFindCertificateInStore
CryptMsgGetParam
CryptQueryObject
CertGetNameStringA
CertDuplicateCertificateContext
CryptVerifyCertificateSignatureEx
CertGetCertificateContextProperty
CertGetNameStringW
CryptStringToBinaryA
CertFreeCertificateContext
CertCreateCertificateContext

wininet

InternetQueryOptionA
InternetConnectW
InternetOpenW
InternetCloseHandle
InternetCrackUrlW
HttpSendRequestW
HttpOpenRequestW
HttpQueryInfoW
InternetQueryOptionW
InternetSetOptionA

Exports

Exports

?CheckNetcfgLockImmediate@@YGIK@Z
?GetTracer@@YAPAUITracer@eka@@XZ
?ModuleLabelForLoader@@YGIXZ
?RbClearKAVUnPasswd@@YGIK@Z
?SelfProtectionRegImpl@@YGIKPBD0K@Z
AddLicenseFile
AddToConfigurationsList
AddToDriverVerifier
AmrDriversCleanup
BinaryExtractAndLockFilesImmediate
CallAsLastImmediate
ChangeCryptoContainersIconLocation
CheckActivationLicenseOnPortal
CheckDriverAvailable
CheckKAVUnPasswd
CheckMspRollback
CheckNetcfgLockDeferred
CheckOSBootMode
CheckOSDeviceGuardMode
CheckObjectsToSave
CheckProduct
CheckServiceState
CleanSystemVolumeInfo
ClearKAVUnPasswd
ClearKAVUnPasswdArea
ClearRebootPendingBefore21Mr7
ConfirmUninstall
CopyProductInfoIniToProduct
CopyRegistryTreesFromOldVersion
CreatePresaveConfigurationsFolder
CustomizeEkaSettings
CustomizeProductSettings
DelayInstallationFinish
DeleteServicePPL
DetachKMA
DisableProfiles
DrvInstStart
DumpDriverStatus
DumpPendingFileRenames
EnableFullScanCA
EnableProductAutostart
EnableRebootPendingWithRegKey
EnableRebootPendingWithRegKeyAndEvent
EnableTraceToDebugOutputCA
EnableTraceToFileCA
EnsureDirectoriesAccessibleOrCreatable
ExportSettings
ExtractCAB
ExtractSZip
FindApp
FindAppNoCheck
FindRunningProcesses
FirstDeferredBlock
FirstDeferredBlockKsde
FirstDeferredBlockKsdeRb
FirstDeferredBlockRb
ForcePendingFileRenames
GetNeedReboot
GetSettingsVersion
ImportReg
InitKAVUnPasswd
InitializePrevVersionInfo
InstallDate_Set
IsCabSourceReady
LaunchURL
LockDirectory
LockStartDrivers
MakeConfigurationsList
MakeINSTALLBASESID
MakePCID
MakeUPDATETARGET
MoveAgreementFiles
MoveAllUsersRegistryProductShortcuts
PrepareProductInfoIni
PresaveConfigurationsForStatisticsSender
RMLocResume
RMLocSuspend
RbCheckDriverAvailable
RbClearKAVUnPasswdArea
RbRegisterRMLoc
RbUpgradeDrvSettings
ReadWindowsImageState
RegisterCatFiles
RegisterRMLoc
RegisterRMLocReg
RegisterRMLocServer
RegisterRMLocServices
RemoveAllUsersComponentsDesktopShortcuts
RemoveAllUsersIEMenuExt
RemoveAllUsersRegKey
RemoveConfigurations
RemoveDeinstall
RemoveFromConfigurationsList
RemoveLeftRegKeys
RemoveLeftRegKeysDeleteBackup
RemoveLeftRegKeysRb
RemoveLocalizationFiles
RemoveRestorePoint
RemoveSymblinksRecursive
RemoveUpdaterList
ResetDriverSettings
ResetInsOsVer
ResetMainRootComponent
ResetMainRootComponentRb
ResetPrevVersionInitMode
ResetPrevVersionInitModeRb
ResetRegKeyAccessRights
RestoreDNSCache
RestoreProfiles
ReturnError
ReturnUserExit
RollbackUnloadApp
SendUninstallStatOnCancel
SendUninstallStatOnFailure
SendUninstallStatOnSuccess
SetADProp
SetARPHELPLINK
SetAffinityMaskForRootProcess
SetAllowServiceStop
SetCurrentProductName
SetDeinstall
SetDoNotAllowServiceStop
SetDotnetLocation
SetERMLocProp
SetEnvironmenVariables
SetInsOSVer
SetInstallSupportDir
SetIsInstalled
SetIsInstalledReg
SetIsKAVUnPasswd
SetLSPApplicationCategory
SetLastShowedWelcomeTour
SetNeedReboot
SetOldFilesLocationProps
SetPIWInitMode
SetPIWInitModeSetProp
SetPermissions
SetProductRoot
SetProductStatus
SetProductStatusSetProp
SetSTATUSProp
SetServiceDACL
SetServiceDelayedAutoStart
SetServiceKlwfpStartDisabled
SetServiceRestart
SetShortcutProperty_AppUserModelID
Set_VERSION_NT
SignalInstallCompleted
StartDriverEx
StartServiceEx
StopDriverEx
UnloadApp
UnloadLegacyKPM
UnregisterCAServer
UnregisterCatFiles
UnregisterDriver
UnregisterRMLocServer
UnregisterRMLocServices
UpdateBundleProductType
UpdateInstalledSiComponentList
UpgradeDrvSettings
WarmupBarrier
WarmupDotNet
WarnIfDumpsFound
WriteBinRegistryKeyFromFile
WriteInstallResultToReg

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 551KB - Virtual size: 551KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 109KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1d74ae25b22ff9dc514e92514df2b6f2

Headers

DLL Characteristics

File Characteristics

Imports

ndis.sys

ntoskrnl.exe

hal

Sections

.text Size: 17KB - Virtual size: 16KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 780B

PAGE Size: 3KB - Virtual size: 2KB

INIT Size: 2KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 708B

baee709702b1e9df3b5af2d0d475d844

Code Sign

33:00:00:00:f3:15:8e:a5:7d:1c:55:9f:29:00:00:00:00:00:f3Certificate

Extended Key Usages

61:0b:aa:c1:00:00:00:00:00:09Certificate

Key Usages

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

13:bf:f1:25:c6:50:d7:c5:a0:82:20:8fCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

01:19:20:13:4c:d7:52:07:5d:6f:07:fb:6a:d1:cc:2d:f1:07:9d:20:f9:52:6a:b4:60:8b:ce:84:ea:a5:f5:dfSigner

01:19:20:13:4c:d7:52:07:5d:6f:07:fb:6a:d1:cc:2d:f1:07:9d:20:f9:52:6a:b4:60:8b:ce:84:ea:a5:f5:dfSigner

Headers

DLL Characteristics

File Characteristics

Imports

fwpkclnt.sys

ndis.sys

ntoskrnl.exe

hal

Sections

.text Size: 34KB - Virtual size: 33KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 532B

PAGE Size: 1024B - Virtual size: 968B

INIT Size: 3KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

b6e1ba760cbeffdce764e8827f82651a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 820B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 260B

4eb087fb4320d9c065cf54041a998208

Headers

DLL Characteristics

File Characteristics

Imports

.text
Size: 17KB - Virtual size: 16KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 780B

PAGE
Size: 3KB - Virtual size: 2KB

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 708B

33:00:00:00:f3:15:8e:a5:7d:1c:55:9f:29:00:00:00:00:00:f3
Certificate

61:0b:aa:c1:00:00:00:00:00:09
Certificate

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

13:bf:f1:25:c6:50:d7:c5:a0:82:20:8f
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

01:19:20:13:4c:d7:52:07:5d:6f:07:fb:6a:d1:cc:2d:f1:07:9d:20:f9:52:6a:b4:60:8b:ce:84:ea:a5:f5:df
Signer

01:19:20:13:4c:d7:52:07:5d:6f:07:fb:6a:d1:cc:2d:f1:07:9d:20:f9:52:6a:b4:60:8b:ce:84:ea:a5:f5:df
Signer

.text
Size: 34KB - Virtual size: 33KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 532B

PAGE
Size: 1024B - Virtual size: 968B

INIT
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 820B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 260B

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 820B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 272B

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

13:bf:f1:25:c6:50:d7:c5:a0:82:20:8f
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

1a:cc:0c:ca:0c:2c:b1:40:61:6e:db:ac:81:b9:6e
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

b2:0b:cd:1f:9b:43:77:df:de:9e:d5:e3:4c:17:08:b1:73:77:6d:84:21:ef:00:9e:2c:31:a9:c8:12:2c:29:60
Signer

b2:0b:cd:1f:9b:43:77:df:de:9e:d5:e3:4c:17:08:b1:73:77:6d:84:21:ef:00:9e:2c:31:a9:c8:12:2c:29:60
Signer

.text
Size: 129KB - Virtual size: 128KB

.rdata
Size: 54KB - Virtual size: 53KB

.data
Size: 3KB - Virtual size: 7KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 7KB

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

13:bf:f1:25:c6:50:d7:c5:a0:82:20:8f
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate