6x[.]rar | Triage

Resubmissions

17-11-2023 11:39

231117-nsb4gsha54 10

Sharing

Copy URL

Twitter E-mail

General

Target

6x.rar
Size

8.9MB
MD5

9e48e265b3926103852b0165043cf2d1
SHA1

6f6a0b4f6e465358d1011ef91af3c04aea9d745d
SHA256

e74ae95242abb122523a9c5ca121d99ed569515554a5b02d592214947e4a0774
SHA512

060bb933b313646178f21ba6ca9e16b60a7223ac68aae5ed22f0412f89c7bba275ed3fa671abe1de32184c0504ec9556ee826f82b163bacc5fa97f8627a4982d
SSDEEP

196608:1dLA6C5V0SKvVUIPWtGKDG5Lwamv1S8XUBQhNn/fwcMQP:1dnZvVmdDG50ag48kSBnd3P

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/10.20 저작권 자료 2023 - Hybe Entertaiment.exe.vir
unpack001/2023-11-17.exe.vir
unpack001/Pokemon-Shellcode-Loader.exe.vir
unpack001/安全检查资产上报收集表-20231104-___xslx.vmp.scr.vir

Files

6x.rar
.rar
10.20 저작권 자료 2023 - Hybe Entertaiment.exe.vir
.exe windows:6 windows x64 arch:x64

57774cc808b3cd56644c8f38e48c1688

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW

bcrypt

BCryptOpenAlgorithmProvider
BCryptSetProperty
BCryptHashData
BCryptDestroyKey
BCryptDestroyHash
BCryptFinishHash
BCryptDecrypt
BCryptImportKey
BCryptEncrypt
BCryptCreateHash
BCryptCloseAlgorithmProvider
BCryptGenRandom
BCryptGetProperty

kernel32

TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
EncodePointer
RaiseException
RtlPcToFileHeader
RtlUnwindEx
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
GetTickCount64
SetLastError
GetDiskFreeSpaceExW
GetLastError
SetThreadErrorMode
K32EnumProcessModulesEx
FormatMessageW
CloseHandle
IsWow64Process
GetExitCodeProcess
CreateProcessW
OpenProcess
K32EnumProcesses
K32GetModuleInformation
K32GetModuleBaseNameW
K32GetModuleFileNameExW
GetProcessId
DuplicateHandle
CreatePipe
GetCPInfoExW
GetCurrentProcess
MultiByteToWideChar
WideCharToMultiByte
GetStdHandle
GetConsoleCP
GetConsoleOutputCP
CloseThreadpoolIo
GetCurrentProcessId
RaiseFailFastException
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToSystemTime
GetSystemTime
GetCurrentThread
WaitForSingleObject
Sleep
DeleteCriticalSection
LocalFree
EnterCriticalSection
SleepConditionVariableCS
LeaveCriticalSection
WakeConditionVariable
QueryPerformanceCounter
InitializeCriticalSection
InitializeConditionVariable
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForMultipleObjectsEx
GetCurrentThreadId
CreateThreadpoolWait
SetThreadpoolWait
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
CreateThreadpoolWork
CloseThreadpoolWork
SubmitThreadpoolWork
QueryPerformanceFrequency
GetFullPathNameW
GetLongPathNameW
LocalAlloc
GetProcAddress
CancelIoEx
CancelSynchronousIo
CreateIoCompletionPort
CopyFileExW
CreateDirectoryW
CreateFileW
CreateThreadpoolIo
StartThreadpoolIo
CancelThreadpoolIo
DeleteFileW
DeleteVolumeMountPointW
DeviceIoControl
ExpandEnvironmentStringsW
FindNextFileW
FindClose
FindFirstFileExW
FlushFileBuffers
FreeLibrary
GetCurrentDirectoryW
GetFileAttributesExW
GetFileInformationByHandleEx
GetFileType
GetModuleFileNameW
GetOverlappedResult
GetSystemDirectoryW
LoadLibraryExW
MoveFileExW
OpenThread
QueryUnbiasedInterruptTime
ReadFile
RemoveDirectoryW
SetFileAttributesW
SetFileInformationByHandle
SetFilePointerEx
CreateThread
ResumeThread
GetThreadPriority
SetThreadPriority
GetDynamicTimeZoneInformation
GetTimeZoneInformation
WriteFile
GetCurrentProcessorNumberEx
SetEvent
ResetEvent
CreateEventExW
GetEnvironmentVariableW
CreateMutexExW
GetConsoleMode
ReadConsoleW
WriteConsoleW
ExitProcess
FlushProcessWriteBuffers
WaitForSingleObjectEx
RtlVirtualUnwind
RtlCaptureContext
RtlRestoreContext
AddVectoredExceptionHandler
FlsAlloc
FlsGetValue
FlsSetValue
CreateEventW
TerminateProcess
SwitchToThread
SuspendThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualAlloc
VirtualProtect
VirtualFree
QueryInformationJobObject
GetModuleHandleW
GetModuleHandleExW
GetProcessAffinityMask
InitializeContext
GetEnabledXStateFeatures
SetXStateFeaturesMask
VirtualQuery
InitializeCriticalSectionEx
GetSystemTimeAsFileTime
DebugBreak
SleepEx
GlobalMemoryStatusEx
GetSystemInfo
GetLogicalProcessorInformation
GetLogicalProcessorInformationEx
GetLargePageMinimum
VirtualUnlock
VirtualAllocExNuma
IsProcessInJob
GetNumaHighestNodeNumber
GetProcessGroupAffinity
K32GetProcessMemoryInfo
UnhandledExceptionFilter
IsDebuggerPresent
RtlLookupFunctionEntry
InitializeSListHead

ole32

CoUninitialize
CoGetApartmentType
CoTaskMemFree
CoWaitForMultipleHandles
CoInitializeEx

secur32

GetUserNameExW

api-ms-win-crt-heap-l1-1-0

malloc
free
_set_new_mode
calloc
_callnewh

api-ms-win-crt-math-l1-1-0

ceil
__setusermatherr
pow
modf

api-ms-win-crt-string-l1-1-0

strcmp
_stricmp
wcsncmp
strcpy_s

api-ms-win-crt-convert-l1-1-0

strtoull

api-ms-win-crt-runtime-l1-1-0

terminate
__p___argc
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_exit
exit
abort
_initterm_e
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
_seh_filter_exe
_set_app_type
_configure_wide_argv
_initialize_wide_environment
_get_initial_wide_environment
_initterm
__p___wargv

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Exports

Exports

DotNetRuntimeDebugHeader

Sections

.text
Size: 408KB - Virtual size: 407KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.managed
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

hydrated
Size: - Virtual size: 569KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2023-11-17.exe.vir
.exe windows:1 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
20231116端.exe.vir
.exe windows:5 windows x64 arch:x64

f3be388634ac5e4a089c078c63df65ef

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:8b:08:39:9e:c7:03:62:3c:72:cd:20:77:ad:65:d9
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

08-08-2023 00:00

Not After

07-08-2026 23:59

Subject

SERIALNUMBER=HRB 109885,CN=win.rar GmbH,O=win.rar GmbH,L=Berlin,ST=Berlin,C=DE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#130e436861726c6f7474656e62757267,1.3.6.1.4.1.311.60.2.1.2=#13064265726c696e,1.3.6.1.4.1.311.60.2.1.3=#13024445

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:6f:7a:38:64:15:47:a0:25:d7:87:63:e1:4d:88:9e:b6:41:1a:a3:7e:93:b7:c8:25:d9:5f:23:84:13:af:41
Signer

Actual PE Digest

01:6f:7a:38:64:15:47:a0:25:d7:87:63:e1:4d:88:9e:b6:41:1a:a3:7e:93:b7:c8:25:d9:5f:23:84:13:af:41

Digest Algorithm

sha256

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit
GetErrorInfo
SysFreeString

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

user32

MessageBoxA
CharNextW
LoadStringW
MessageBoxW
LoadStringW
GetSystemMetrics
CharUpperW
CharLowerBuffW

kernel32

Sleep
VirtualFree
VirtualAlloc
HeapFree
HeapAlloc
GetProcessHeap
lstrlenW
lstrcpynW
VirtualQuery
GetTickCount
GetSystemInfo
GetVersion
CompareStringW
IsDBCSLeadByteEx
IsValidLocale
SetThreadLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetConsoleOutputCP
GetConsoleCP
GetACP
LoadLibraryExW
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetCommandLineW
FreeLibrary
GetLastError
UnhandledExceptionFilter
RtlUnwindEx
RtlUnwind
RaiseException
ExitProcess
GetCurrentThreadId
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FindFirstFileW
FindClose
WriteFile
SetFilePointer
SetEndOfFile
ReadFile
GetFileType
GetFileSize
CreateFileW
GetStdHandle
CloseHandle
GetProcAddress
RaiseException
LoadLibraryA
GetLastError
TlsSetValue
TlsGetValue
LocalFree
LocalAlloc
GetModuleHandleW
FreeLibrary
WriteFile
WideCharToMultiByte
WaitForSingleObject
VirtualQueryEx
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
TryEnterCriticalSection
SwitchToThread
SetLastError
SetFilePointer
SetEvent
SetEndOfFile
ResetEvent
ReadFile
LocalFree
LeaveCriticalSection
IsValidLocale
InitializeCriticalSection
HeapSize
HeapFree
HeapDestroy
HeapCreate
HeapAlloc
GetVersionExW
GetThreadLocale
GetStdHandle
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentProcess
GetCPInfoExW
GetCPInfo
GetACP
FreeLibrary
FormatMessageW
EnumSystemLocalesW
EnumCalendarInfoW
EnterCriticalSection
DeleteCriticalSection
CreateFileW
CreateEventW
CompareStringW
CloseHandle
Sleep

ole32

CLSIDFromProgID
CoCreateInstance
CoUninitialize
CoInitialize

wininet

InternetReadFile
InternetOpenUrlW
InternetOpenW
InternetCloseHandle

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 37KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 432B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Pokemon-Shellcode-Loader.exe.vir
.exe windows:6 windows x64 arch:x64

a9931e0d902b6427917aceec4415d2e3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SignalObjectAndWait
CreateEventW
CloseHandle
GetProcAddress
GetModuleHandleW
CreateFileW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
RtlUnwindEx
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
EncodePointer
RaiseException
RtlPcToFileHeader
GetStdHandle
WriteFile
GetModuleFileNameW
GetCurrentProcess
ExitProcess
TerminateProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetStringTypeW
GetProcessHeap
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
HeapSize
HeapReAlloc
WriteConsoleW

Sections

.text
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
安全检查资产上报收集表-20231104-___xslx.vmp.scr.vir
.exe windows:6 windows x64 arch:x64

6c927af95f9c9ff0e182008eff69742e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetModuleFileNameA
GetVersion
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

msvcp140

?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memmove

api-ms-win-crt-stdio-l1-1-0

__p__commode

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table

api-ms-win-crt-heap-l1-1-0

free

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-string-l1-1-0

strcmp

user32

CharUpperBuffW

Exports

Exports

Ս4� �!F&!��<'_� �v�M��FB�S�$s`Y��o��~��\�].�� ɛ��P�{�0rGMs�� Ę��8q��8��r��Yб��~��OՎλ��߿�e��y��}H�H�o1~D�~ ��X�!h�=ˣ��qg��<攵R2�� ,c��r`��C'ͫ]�ؐc��iQ��[��Sʿڬ[� �e4� �oi6�R}�� @�~�Y#�P�i��Ih��l�<q�<,��aG�0�ڼ�db �}��z�#lm|��8��`� � �Dɤe�7_��~�]� Rm"�]��ͅ��4Փ ��Y<�d�g9Fh��S�lj�錳�l΅�bb!�� B(X��I�� (r<FV�}axM�d�[^��g��:�ښ�m��FԦ�@�V�Nj�m�"�c��L��U�̕��=�&}�l>��C��y�C/�Tf�`�,�q] E�NB�W ��2�zrl�к��ݱ��~�K�ΐ��k8�(63��Ӎ��r(�34� F��I�%^��#E��?�jw��w��di�K��$b��W�8�X��_PznH+5��u� E6��8�[J��_�@�ǃ�d/~�h�Yʷ�//�N��N�&�s a"��;��;-��߁�L��E��ծ��&�� S�h4�3�t��Șt�|g�ּ��e��C=�~�@?�W�[o��I��{��F5u��8��w��m%�r��f�,��c@��D=��R��kY��_ڭ�<Ku��@"��&��,ha��$��Hϯ ��` ��b��OZ� �U�B��H7�պ��%��yН��nc%��=�4�xU0ۖ��l݁$o�3��r�td�Ӷ��sh��v��f�A-CO�5j��g��yƏ��,韔 �='��d��'��LF9#*�fs��-�K� (��܈k��S�ç��3�iY1��{]��7��&.Y>�ov��%��uG�,�z/��#�x��PB��ϔ(�+L�o�@vC��3�ΐ7�QT�q ��&Ƅc�z��Obxo8 63��<�[�Yȶm�R�;x�߇u�4��y�Da��'��6�SQ��fnȉ�ܜe��_�N��'"X��5 +8'��xJ��ʹ��~�dyDz��Xï��j��I�L�IbW囏g�e� �n�8�� ;��Q�(�#��?�'䇸�V��E��|%�"��'y�1�il3�q��O��*b��x��yO�>_K��z��:+�,��<��6�!�%��jMn��Wt^��2��rY��e��>�Gx��}S�q� "4&LR�\�̻��`'|=>�� k�V:�k��p�2��/�7��YY0��z��^�*�'ت䭊5��l�`!��y�5��](�d�ՍY!��#�G��"��Ϥ�ɟw�\��+fT� �W�$�8_!�@1�D-�I��˂�v�뵊�>��N�ƵƗ#��&�G��3w�0��$�,�)O�j��f�Yܾ��.��m��zw�r|es'��҃e.7[��޳.FO2i��JШ�ߒ��+*w��֮dFg�at��̴�MX�x�l ��P|:�X<OT�8(�(�)��ҩ��2�L�b��e �!�Z�3�@�L�~m��5vR|1y��> �"�u�n��v�Bk��V:�F�n��!bJu�JT@CtU-�n8��KE� /DS�g+qԈ�]9��.9n ��y�.NZ+c��y�k�6c��RHA!ڵ�L�ӓ_� ��a��kc�#�lo�,��G+:P�n��]��i=��}�̲G�ߜ�� Y&aa��&K��X��4�ғfv�,O"R[��a�ԙ�I��}B��&��©�fh��> ��̓X�&`\�)/��D��k�߯R��1&��jA��"��c�C"p�N3t��0r��ᎊ8[jpm�KN��k�Ԗ��]o�ǽmS�,D�$�{��h�sљ��΀RG�'M�2� M'��8��W��#�M?a�L}=��+'̦��u}�uЯm��=�Ŧ��v�T�+��V<"ث%�M^;��I��!�*Zp�V�Uo��:&��_��5�a�J�"�&wu�@��A��'��4�kgg��}�f��hu�:��o$�y��-&�Q�V��}��Ǖ�3BSw�y�x��%�Yv1W��F��D�2��|7~^�U�Ƕo6��e��@/�[��D��Y#��a��_��{~�«wb�J4��*~�\�^D�؂a3��/��w��>�q�/;1w��2�x�+�f�b�s��K�~+�f~,�p��Q�9:��g\Bs�y(�cT\�W-ND�8��̼¸��,��Q��7j�A�3��E:��wZ5�i��.N9g߹�� B�S"g�J�{f��Q��r+��t��׹�`�T��gRؔ�[��1ԛ, �q�Q�`$u��eT#��cv�Z/i��ʒ� ��~J3��t�wq�b��"ۀ�1B��-��s��]�AGh��n�m�(��5�(� MS>��eҲQg�@�� \j�5��'I�4�3�J�CZ��s��@��]�Q��TB��N��r^$9�o�L��٨��7!�w��s�5TT#�.#��0K�|1r)�a�04��| |!�%�'J��Ŷ��{��*aa��ף>��I�ҍǤ�\�x��̻�Hbi�=��<]��C� ��&�x��bs�:�{tN��S��鴝�"�>݌��|��AcWZ�䞼�p�Je�!��qUtDP��o� ��-� �Hn��E��[D'��)bӉ��=1�0[��?C]U�*��/%IE�娒8��tܗ

Sections

.text
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 732B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.'U$
Size: - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.r]`
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.)!^
Size: 6.0MB - Virtual size: 6.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
未解锁成功企业名单-电脑版.exe.vir
.exe windows:6 windows x64 arch:x64

e83e0ab574b090679b95fa30399a4252

Code Sign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

56:f0:08:e6:9a:7c:4c:3f:eb:38:9c:66:ea:f5:82:59
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

26-05-2014 00:00

Not After

24-06-2017 23:59

Subject

CN=MEDIATEK INC.,O=MEDIATEK INC.,L=HSINCHU,ST=TAIWAN,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5a:91:1b:ec:08:64:0d:94:8a:6f:c9:72:5f:38:41:e9:27:e0:fc:b7
Signer

Actual PE Digest

5a:91:1b:ec:08:64:0d:94:8a:6f:c9:72:5f:38:41:e9:27:e0:fc:b7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GlobalMemoryStatusEx
GetTickCount
WinExec
CreateProcessA
GetTempPathA
ExitProcess
HeapFree
VirtualFree
VirtualAlloc
LoadLibraryA
HeapAlloc
GetProcAddress
GetProcessHeap
FreeLibrary
IsBadReadPtr
GetModuleFileNameA
SizeofResource
VirtualProtect
WriteFile
lstrlenA
GetModuleHandleA
FreeResource
GetCommandLineA
Sleep
CreateFileMappingA
CopyFileA
GetLastError
CreateFileA
LockResource
CloseHandle
GetSystemInfo
LoadResource
FindResourceW
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

wsprintfA
MessageBoxA

Exports

Exports

��rJ��|�.�qd��<��O-g]?`��Y��$d�]#K.�*�p�_�*6�XY��>쪺�c�k�|F!>Lev�5�a��< �ĕ�Y�5�O@�/|��g�4��YQ|��4�� 藦K=��P\l��N#��&}�_�ٯ@�k��Y�\m��z:%�� 2L"�K}��p~ܯ��%Q�`^��D��ع ��l�v��7yA��#�ztO}?�\f\�Gi]@��p�ZҽKS�i�PY.��켻r�~[�H�`��^��/y��bw��W�7�z�"H�_�� r(�x��\q��-&]:�B��`C:|0�B��X�lpﭏ75��rM9(�ӪzfO�!�4��p��d��9T*o��9ݖ,A��'��nG6�H�\Z o �P�D�@�D�T�(jgFh=�ƈ�D�_4� � @SDi}��Ozr�[�2��`%QH��N�" �X��wբ.��@4)9;l�T��+�6Մ��ܶ/Y�Z��HF<6��j�*A�,AO<>�k�hk��YCH�qp7��c�D�kY�eɑʵBQߡ�� ~��L��/��q�]f��8�k0��26Hʗ�tIE�#�3��"adp9�P��ɤN�yE��5�x�Ρt�@[�Gªŝ�pV�#1Ap��! �{��1��~��o=��V��ngp�Xc��n׸��c�^�Qqgҳ13�r1��?2� . �[��i�O~ܩ�d��l��Nj5��3�� K�5�]N��L/�Ozʲ�ﺧ7�XNJ��m��-��A��C��af��n=a�Pmf+W%I��}[�s�O3e��?�aZ#�޲�-�؆�d��.�<�W�y��[붬�f��ޛ%��?|��[�� #oN�g��H�#�E̐�dQ��a&1��PcsV��̫�å�3ę�Q��&��0��n��4��R DgϽIo��{��!�Д�](aw]� R��?��.�6�5YD��S� gO6��$�Z�L[��@9A5�3k��P3re�DS�v� ��Ps�A#]�z.|3# ��\~4�IJ�x��h��M�3Q��=Q��|�7��&��H5��Z� �|��E�"L��:�\䍼��Z帯��T�� |Q)�ޜh�3ː�05H��_,��!��=):n��T<e ^e��3�M��M�ͧ��O��ЃK��Dڸ�Z��)��Cu /�C�� ւh�s��-��+n��Ә)�c�.�x�ߏ��TT4�P��K��+��H��i��Ľy=��)� ̮��RZ֕R��b�Q;��w�_ シ0�\�<.1m}�� on��ދ)�h��gk7<-�췁��w��G��*�ϓ(yX<�ÏP��B�x?�qw��R��:)�#�v�(�|]�wm�O�<|��N�=��9X�3�__|�|�=G�٭-B�A�{��bf-B�Db� ��5�I`��c8�c�V��4��t��R�#*cpٯ�I��E>��*-��^Z,w�'��8'>6/�!k�tț@�IO�s��\��(��7��*��y��b��̿TŰ�bw��y�^u]?�M��7�U�ح-I�bjfW��}sFU"p��7P��w�G�WS ��]~˜��R��یL򛼫��'�Y�y��,x�0�~=��L��}��Ώ��",��u� �Y�:�T�8�׮ ܕ@\`�E�\^kw޴0N��)�jM�̯{S�v��J*��΢��W��%p��ʺ��t��<�V��W�-�K9�n��i�rKH~��k*YQcf~�*FL#�3��~�7t�f�!e��_��N�N��,a+��#��N�^*jL[�,$d.�Ҩ=�cB�C�Xd1Uov�Z�?��&��eƮ��g��Ȥ�l�}�^-f��"��&S289ݞ�Yt9��8�9;6Y�{�O��sM�?��ym��t�1��W�؊P`��ק�i*I}*�Sn��2��<y��$�:��)��D��6�4�1Z�*�U^yd� �5ӋMB"��oP�(�c�Ns �F�D=��h��=n ��N�J��_`I0��|P!��F ��'m`]�`a�VF�yn[��n�me&��{�/��S�Юd�f� zZ��RU0�E�v�V��{"w��s�o[G�4��c��V� S�ig#8dʛAH��D`Ν��d�׫��(��x8�$�$�rA�u/�E^.2LRИ�ċ\6��>vi��h%�2��Y��bw��*CY��m_�>9�&��JO��5��u! ��bN��=ACLk��-�n�%y��7F�uu� ��'�za��m&��£�0��|��,0Th�9��"��NXY�8S�0�b�H��Z!�{K�ʒC1b��*$ MAA�?.�N��J��vQB��4�FX��S8#ёsn8V�Z�[ݝ�%(o2Ԏ_�!�R&��)_$�;��N�d�*(�J�� sT�oCm��!�T�o��^��u�F�R�c��xh�3�g%�%��/��DM?+z�q�~��a�]UϚ��]9��Rϩ��aE��e̕�w�� ؐ,2),n�r�\&E�OFh��4��a�n0�(��b4�]�I@��0��<��" ,�ezb4�E��Ռ9V�&�/�˪��{�!SZ��ʵʏ�1��`�Eo��㸾��,�.�=��P��:�;�ޮV��1�F|n��s�R'�MAZ̝H��p��q��yO�)��t>*+Ɋ��FǢy)��'�V��6ϗvr^�?�֬r�4z.��VѢ�L榴%��Tܶs��N��D��q#d�lv<�{��ʂ��i5~y�o�}��}v�Y��.d��G�Y��%{�� G�n_��]dޓ"YOc �{e"�?1�{��e�|Z��aW�R`(�;

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 516B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp00
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp01
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 218KB - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

57774cc808b3cd56644c8f38e48c1688

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

bcrypt

kernel32

ole32

secur32

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: 408KB - Virtual size: 407KB

.managed Size: 1.3MB - Virtual size: 1.3MB

hydrated Size: - Virtual size: 569KB

.rdata Size: 2.0MB - Virtual size: 2.0MB

.data Size: 9KB - Virtual size: 73KB

.pdata Size: 137KB - Virtual size: 136KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 25KB - Virtual size: 25KB

.reloc Size: 2KB - Virtual size: 1KB

Headers

DLL Characteristics

File Characteristics

Sections

CODE Size: 42KB - Virtual size: 42KB

DATA Size: 1024B - Virtual size: 592B

BSS Size: - Virtual size: 3KB

.idata Size: 2KB - Virtual size: 2KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: - Virtual size: 2KB

.rsrc Size: 9KB - Virtual size: 9KB

f3be388634ac5e4a089c078c63df65ef

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

04:8b:08:39:9e:c7:03:62:3c:72:cd:20:77:ad:65:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

01:6f:7a:38:64:15:47:a0:25:d7:87:63:e1:4d:88:9e:b6:41:1a:a3:7e:93:b7:c8:25:d9:5f:23:84:13:af:41Signer

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

ole32

wininet

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.data Size: 126KB - Virtual size: 126KB

.bss Size: - Virtual size: 37KB

.idata Size: 5KB - Virtual size: 5KB

.didata Size: 512B - Virtual size: 448B

.tls Size: - Virtual size: 432B

.text
Size: 408KB - Virtual size: 407KB

.managed
Size: 1.3MB - Virtual size: 1.3MB

hydrated
Size: - Virtual size: 569KB

.rdata
Size: 2.0MB - Virtual size: 2.0MB

.data
Size: 9KB - Virtual size: 73KB

.pdata
Size: 137KB - Virtual size: 136KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 25KB - Virtual size: 25KB

.reloc
Size: 2KB - Virtual size: 1KB

CODE
Size: 42KB - Virtual size: 42KB

DATA
Size: 1024B - Virtual size: 592B

BSS
Size: - Virtual size: 3KB

.idata
Size: 2KB - Virtual size: 2KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: - Virtual size: 2KB

.rsrc
Size: 9KB - Virtual size: 9KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

04:8b:08:39:9e:c7:03:62:3c:72:cd:20:77:ad:65:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

01:6f:7a:38:64:15:47:a0:25:d7:87:63:e1:4d:88:9e:b6:41:1a:a3:7e:93:b7:c8:25:d9:5f:23:84:13:af:41
Signer

.text
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 126KB - Virtual size: 126KB

.bss
Size: - Virtual size: 37KB

.idata
Size: 5KB - Virtual size: 5KB

.didata
Size: 512B - Virtual size: 448B

.tls
Size: - Virtual size: 432B

.rdata
Size: 512B - Virtual size: 40B

.pdata
Size: 76KB - Virtual size: 75KB

.rsrc
Size: 86KB - Virtual size: 86KB

.text
Size: 111KB - Virtual size: 111KB

.rdata
Size: 42KB - Virtual size: 41KB

.data
Size: 20KB - Virtual size: 32KB

.pdata
Size: 5KB - Virtual size: 4KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 45KB - Virtual size: 45KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: - Virtual size: 13KB

.pdata
Size: - Virtual size: 732B

.idata
Size: - Virtual size: 3KB

.'U$
Size: - Virtual size: 3.5MB

.r]`
Size: 2KB - Virtual size: 2KB

.)!^
Size: 6.0MB - Virtual size: 6.0MB

.reloc
Size: 512B - Virtual size: 184B

.rsrc
Size: 29KB - Virtual size: 28KB

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

56:f0:08:e6:9a:7c:4c:3f:eb:38:9c:66:ea:f5:82:59
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

5a:91:1b:ec:08:64:0d:94:8a:6f:c9:72:5f:38:41:e9:27:e0:fc:b7
Signer