32321_rnv_sgn[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

32321_rnv_sgn.zip
Size

27.1MB
MD5

8bd2844e3dfc9a602413f18ec62731fa
SHA1

15c504a7f442b7f0ab92183683b9a08c223b5c64
SHA256

c6b28f31fcb6ad2b12a318adcfc025169d56dcaea3f11bedafa0411ca8514301
SHA512

ac89e9b35611ae2fb1968e19aa53c7dd3a48d50c7e35f8a129c955a2d9a7841a1c894a27381e7326dbf366e60a61a2f9f0fb5e0d86abd42be5b0ca4fa78fe6ad
SSDEEP

786432:K+VRQngiCLXDZr/0wT6sa4pzLLQZ8bcAME7:K+VRVLDZr/9Gsa4pzLMq7MM

Score

1^/10

Malware Config

Signatures

Files

32321_rnv_sgn.zip
.zip
32321_rnv_sgn/32321/rnv_sgn/DATA.000
32321_rnv_sgn/32321/rnv_sgn/DATA.000.SHA2
32321_rnv_sgn/32321/rnv_sgn/default.grdvd
32321_rnv_sgn/32321/rnv_sgn/grdspactivate.dll
.dll windows:5 windows x86 arch:x86

fd8fab7a7fcaeb12bbd34a281328610e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:c3:0f:fe:fc:22:bb:28:0f:96:fe:a7:52:51
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

16/03/2016, 00:00

Not After

16/03/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

56:e3:2b:b0:2c:f6:1c:72:07:d9:93:fd
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G3,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2016, 12:25

Not After

07/12/2018, 13:13

Subject

CN=ZAO AKTIV-SOFT,OU=Software developing,O=ZAO AKTIV-SOFT,L=Moscow,ST=Moscow,C=RU,1.2.840.113549.1.9.1=#0c12686f746c696e65407275746f6b656e2e7275

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/11/2009, 10:00

Not After

18/03/2019, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1e:20:77:67:8e:b8:6f:0e:6c:d8:38:36
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

03/08/2016, 13:17

Not After

04/08/2019, 13:17

Subject

SERIALNUMBER=1037700094541,CN=Aktiv-Soft Closed Joint Stock Company,O=Aktiv-Soft Closed Joint Stock Company,STREET=ul. Bolshaya Ochakovskaya\, d. 47 A\, str. 01\, komn. 65,L=Moscow,ST=Moscow,C=RU,1.3.6.1.4.1.311.60.2.1.2=#13064d6f73636f77,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

19/02/2018, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign TSA for Advanced - G2

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

40:1c:a1:4b:2b:b3:37:fa:40:34:4c:91:59:ac:48:6a:1e:fc:22:18:01:88:07:af:06:0a:ed:5f:b9:22:30:7b
Signer

Actual PE Digest

40:1c:a1:4b:2b:b3:37:fa:40:34:4c:91:59:ac:48:6a:1e:fc:22:18:01:88:07:af:06:0a:ed:5f:b9:22:30:7b

Digest Algorithm

sha256

PE Digest Matches

true

1f:0e:d7:c0:86:b4:a3:9d:31:3a:1f:1b:72:3d:32:27:72:51:f6:96
Signer

Actual PE Digest

1f:0e:d7:c0:86:b4:a3:9d:31:3a:1f:1b:72:3d:32:27:72:51:f6:96

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

DestroyWindow
DispatchMessageA
UnregisterClassA
GetMessageA
UpdateWindow
GetProcessWindowStation
GetUserObjectInformationW
PostMessageA
CloseWindow
DefWindowProcA
TranslateMessage
ShowWindow
RegisterClassExA
SendMessageA
MessageBoxA

wldap32

ord46
ord211
ord41
ord27
ord301
ord33
ord79
ord22
ord35
ord143
ord60
ord50
ord26
ord30
ord200
ord32

ws2_32

send
WSACleanup
WSAStartup
WSASetLastError
__WSAFDIsSet
WSAGetLastError
select
WSAIoctl
setsockopt
getsockname
ntohs
bind
htons
getsockopt
getpeername
closesocket
socket
connect
freeaddrinfo
getaddrinfo
sendto
recvfrom
accept
listen
ioctlsocket
gethostname
shutdown
recv

kernel32

GetDriveTypeW
SetEnvironmentVariableA
CompareStringW
WriteConsoleW
GetTimeZoneInformation
LoadLibraryW
SetEndOfFile
SetStdHandle
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetLocaleInfoW
GetUserDefaultLCID
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
GetConsoleCP
GetStartupInfoW
SetHandleCount
HeapDestroy
HeapCreate
HeapSize
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
LCMapStringW
GetConsoleMode
SetConsoleMode
ReadConsoleInputA
SetConsoleCtrlHandler
ExitProcess
GetModuleHandleW
FindFirstFileExA
GetDriveTypeA
GetFileInformationByHandle
ExitThread
GetVersionExA
LocalFree
CreateMutexA
CloseHandle
ReleaseMutex
WaitForSingleObject
VirtualProtect
GetCurrentProcess
GetProcAddress
GetModuleHandleA
WideCharToMultiByte
MultiByteToWideChar
InitializeCriticalSection
DeleteCriticalSection
IsBadWritePtr
IsBadReadPtr
GetSystemTime
GetComputerNameA
GetModuleFileNameA
GetCurrentThreadId
GetCurrentProcessId
GetTickCount
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetProcessHeap
HeapFree
DeviceIoControl
CreateFileA
ReadFile
WriteFile
FreeLibrary
LoadLibraryA
FindNextFileW
FindClose
FindFirstFileW
Sleep
SetEvent
CreateThread
CreateEventA
LocalAlloc
GetTempPathA
GetFullPathNameA
SetFilePointer
GetEnvironmentVariableA
GetLastError
CreateDirectoryA
MapViewOfFile
CreateFileMappingA
FlushViewOfFile
WaitForMultipleObjects
Thread32Next
ResumeThread
OpenThread
Thread32First
CreateToolhelp32Snapshot
TerminateThread
CreateProcessA
SetFileTime
FindFirstFileA
Module32Next
Module32First
OpenProcess
LockResource
SizeofResource
LoadResource
FindResourceA
GetSystemTimeAsFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateFileW
DeleteFileW
GetFileSize
DeleteFileA
GetSystemInfo
SetLastError
SleepEx
VerifyVersionInfoA
VerSetConditionMask
FormatMessageA
PeekNamedPipe
GetFileType
GetStdHandle
ExpandEnvironmentStringsA
SystemTimeToFileTime
GetVersion
QueryPerformanceCounter
GlobalMemoryStatus
FlushConsoleInputBuffer
GetModuleFileNameW
GetCurrentDirectoryW
CreateDirectoryW
GetFileAttributesA
GetFileAttributesW
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
EncodePointer
DecodePointer
RaiseException
RtlUnwind
GetCommandLineA
HeapReAlloc

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetPathFromIDListA

advapi32

RegisterEventSourceA
ReportEventA
DeregisterEventSource

Exports

Exports

ActivateGuardantSPDongleA
ActivateGuardantSPDongleW
ActivateSPLicenseFileFromServerA
ActivateSPLicenseFileFromServerW
BackupSPDongleA
BackupSPDongleW
CheckSPDongleSerialNumber
CheckSPLicenseFileA
CheckSPLicenseFileW
CreateSPLicenseFileA
CreateSPLicenseFileW
DeleteSPDongle
DeleteSPDongleByID
GetFileNameByIdA
GetFileNameByIdW
GetSPDongleFirstActivationDateA
GetSPDongleFirstActivationDateW
GetSPDongleIdFromSerialNumber
PrepareSPLicenseToSendA
PrepareSPLicenseToSendW
ReadLicenseInfoA
ReadLicenseInfoW
RestoreSPDongleA
RestoreSPDongleW
SendSPLicenseFileToServerA
SendSPLicenseFileToServerW

Sections

.text
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 321KB - Virtual size: 321KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
32321_rnv_sgn/32321/rnv_sgn/install.exe
.exe windows:5 windows x86 arch:x86

2590744f53ec54fc35df3a32fb3c5054

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:c6:11:66:28:c1:f2:d8:fd:6e:a2:db:80:c9:ce:ae
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

29/07/2021, 00:00

Not After

30/07/2024, 23:59

Subject

CN=OOO Firma Integral,O=OOO Firma Integral,L=Saint-Petersburg,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5b:8a:fa:83:34:a7:a6:54:65:3a:39:77:a5:1d:6e:31:d1:f8:bb:71
Signer

Actual PE Digest

5b:8a:fa:83:34:a7:a6:54:65:3a:39:77:a5:1d:6e:31:d1:f8:bb:71

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

advapi32

RegSetValueExW

comctl32

ImageList_GetImageInfo

comdlg32

GetOpenFileNameW

gdi32

Pie

kernel32

GetModuleHandleA
LoadLibraryA
SetFileAttributesW
VirtualProtect

msvcrt

memcpy

netapi32

NetWkstaGetInfo

ole32

IsEqualGUID

oleaut32

SafeArrayPutElement

shell32

Shell_NotifyIconW

user32

CopyImage

version

GetFileVersionInfoSizeW

winspool.drv

DocumentPropertiesW

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 627KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: - Virtual size: 153B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 76B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.grd0010
Size: - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 558KB - Virtual size: 557KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.grd0012
Size: - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.grd0013
Size: - Virtual size: 311KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.grd0014
Size: 6.3MB - Virtual size: 6.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
32321_rnv_sgn/32321/rnv_sgn/readme.txt

Sharing

General

Malware Config

Signatures

Files

fd8fab7a7fcaeb12bbd34a281328610e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

47:c3:0f:fe:fc:22:bb:28:0f:96:fe:a7:52:51Certificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

56:e3:2b:b0:2c:f6:1c:72:07:d9:93:fdCertificate

Extended Key Usages

Key Usages

61:29:15:27:00:00:00:00:00:2aCertificate

Key Usages

04:00:00:00:00:01:25:07:1d:f9:afCertificate

Key Usages

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0fCertificate

Extended Key Usages

Key Usages

1e:20:77:67:8e:b8:6f:0e:6c:d8:38:36Certificate

Extended Key Usages

Key Usages

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3aCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

40:1c:a1:4b:2b:b3:37:fa:40:34:4c:91:59:ac:48:6a:1e:fc:22:18:01:88:07:af:06:0a:ed:5f:b9:22:30:7bSigner

1f:0e:d7:c0:86:b4:a3:9d:31:3a:1f:1b:72:3d:32:27:72:51:f6:96Signer

Headers

DLL Characteristics

File Characteristics

Imports

user32

wldap32

ws2_32

kernel32

shell32

advapi32

Exports

Exports

Sections

.text Size: 3.7MB - Virtual size: 3.7MB

.rdata Size: 321KB - Virtual size: 321KB

.data Size: 42KB - Virtual size: 59KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 80KB - Virtual size: 79KB

2590744f53ec54fc35df3a32fb3c5054

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

01:c6:11:66:28:c1:f2:d8:fd:6e:a2:db:80:c9:ce:aeCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

5b:8a:fa:83:34:a7:a6:54:65:3a:39:77:a5:1d:6e:31:d1:f8:bb:71Signer

Headers

File Characteristics

Imports

advapi32

comctl32

comdlg32

gdi32

kernel32

msvcrt

netapi32

ole32

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

47:c3:0f:fe:fc:22:bb:28:0f:96:fe:a7:52:51
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

56:e3:2b:b0:2c:f6:1c:72:07:d9:93:fd
Certificate

61:29:15:27:00:00:00:00:00:2a
Certificate

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

1e:20:77:67:8e:b8:6f:0e:6c:d8:38:36
Certificate

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

40:1c:a1:4b:2b:b3:37:fa:40:34:4c:91:59:ac:48:6a:1e:fc:22:18:01:88:07:af:06:0a:ed:5f:b9:22:30:7b
Signer

1f:0e:d7:c0:86:b4:a3:9d:31:3a:1f:1b:72:3d:32:27:72:51:f6:96
Signer

.text
Size: 3.7MB - Virtual size: 3.7MB

.rdata
Size: 321KB - Virtual size: 321KB

.data
Size: 42KB - Virtual size: 59KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 80KB - Virtual size: 79KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

01:c6:11:66:28:c1:f2:d8:fd:6e:a2:db:80:c9:ce:ae
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

5b:8a:fa:83:34:a7:a6:54:65:3a:39:77:a5:1d:6e:31:d1:f8:bb:71
Signer

.text
Size: - Virtual size: 5.5MB

.itext
Size: - Virtual size: 6KB

.data
Size: - Virtual size: 42KB

.bss
Size: - Virtual size: 627KB

.idata
Size: - Virtual size: 14KB

.didata
Size: - Virtual size: 3KB

.edata
Size: - Virtual size: 153B

.tls
Size: - Virtual size: 76B

.rdata
Size: - Virtual size: 93B

.grd0010
Size: - Virtual size: 248KB

.rsrc
Size: 558KB - Virtual size: 557KB

.grd0012
Size: - Virtual size: 1024B

.grd0013
Size: - Virtual size: 311KB

.grd0014
Size: 6.3MB - Virtual size: 6.3MB

.reloc
Size: 512B - Virtual size: 48B