1e5a04628496bb3519ce4364b3763257bca5f1bd10dfc7b35f28faa8188cfb13

Sharing

Copy URL Twitter E-mail

General

Target

1e5a04628496bb3519ce4364b3763257bca5f1bd10dfc7b35f28faa8188cfb13
Size

4.8MB
MD5

35122d0abe2f45ccba5ac845a2fabf29
SHA1

93a69c777007e986599614d31f7ca243d3179142
SHA256

1e5a04628496bb3519ce4364b3763257bca5f1bd10dfc7b35f28faa8188cfb13
SHA512

72f465d45979a372184ab69ddb089d5802d91c913ec040f488f348826b8b364dd2900dbc5e3fe2b66adec623f7b574c11af00d5dd3b66184a67cf59a092b8f11
SSDEEP

98304:OTjLRXQEIip1r2xVjTFERdA9cZrY5RIaHHUWkmNh6rzHHZkN7geApEpK/6fLc:sRXMijCxVnyK68ZHHu0h6rza7epsQ6fg

Score

6^/10

pdf evasion

Malware Config

Signatures

Malformed or missing cross-reference table in PDF
Malformed or missing cross-reference tables are often used to evade detection
pdf evasion

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/WinHex/Chinese.dat
unpack001/WinHex/x64/hash2.dll
unpack001/WinHex/x64/zlib1.dll
unpack001/WinHex/zlib1.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
static1/unpack001/WinHex/Dokan.exe	nsis_installer_1
static1/unpack001/WinHex/Dokan.exe	nsis_installer_2

Files

1e5a04628496bb3519ce4364b3763257bca5f1bd10dfc7b35f28faa8188cfb13
.zip
WinHex/Boot Sector FAT.tpl
WinHex/Boot Sector FAT32.tpl
WinHex/Boot Sector NTFS.tpl
WinHex/Case Report Classic.css
WinHex/Case Report.css
WinHex/Chinese.dat
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 702B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
WinHex/Chinese.txt
WinHex/Dokan.exe
.exe windows:4 windows x86 arch:x86

e160ef8e55bb9d162da4e266afd9eef3

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:01
Certificate

Issuer

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

Not Before

16/11/2006, 01:54

Not After

16/11/2026, 01:54

Subject

SERIALNUMBER=07969287,CN=Go Daddy Secure Certification Authority,OU=http://certificates.godaddy.com/repository,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8f:56:90:01:d5:0f:c4:57
Certificate

Issuer

SERIALNUMBER=07969287,CN=Go Daddy Secure Certification Authority,OU=http://certificates.godaddy.com/repository,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

30/01/2015, 09:32

Not After

30/01/2016, 09:32

Subject

CN=ISLOG,O=ISLOG,L=Strasbourg,ST=Alsace,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:00:37:b9:08:f8:71:ee:b5:e9:94:00:00:00:00:00:37
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

27/08/2013, 17:38

Not After

27/08/2023, 17:48

Subject

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

64:26:68:01:77:1b:3c:bd:da:ee:1a:b6:4b:b8:03:b9:e0:73:d3:b8
Signer

Actual PE Digest

64:26:68:01:77:1b:3c:bd:da:ee:1a:b6:4b:b8:03:b9:e0:73:d3:b8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
SearchPathA
GetShortPathNameA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetEnvironmentVariableA
GetWindowsDirectoryA
GetTempPathA
Sleep
CloseHandle
LoadLibraryA
lstrlenA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
ReadFile
lstrcpyA
lstrcatA
GetSystemDirectoryA
GetVersion
GetProcAddress
GlobalAlloc
CompareFileTime
SetFileTime
ExpandEnvironmentStringsA
lstrcmpiA
lstrcmpA
WaitForSingleObject
GlobalFree
GetExitCodeProcess
GetModuleHandleA
SetErrorMode
GetCommandLineA
LoadLibraryExA
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
WriteFile
FindClose
WritePrivateProfileStringA
MultiByteToWideChar
MulDiv
GetPrivateProfileStringA
FreeLibrary

user32

CreateWindowExA
EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
GetDC
SystemParametersInfoA
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
DestroyWindow
CreateDialogParamA
SetTimer
GetDlgItem
wsprintfA
SetForegroundWindow
ShowWindow
IsWindow
LoadImageA
SetWindowLongA
SetClipboardData
EmptyClipboard
OpenClipboard
EndPaint
PostQuitMessage
FindWindowExA
SendMessageTimeoutA
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA

advapi32

RegCloseKey
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumValueA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

CoCreateInstance
CoTaskMemFree
OleInitialize
OleUninitialize

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
WinHex/Ext Directory Entry.tpl
WinHex/Ext Group Descriptor.tpl
WinHex/Ext Inode.tpl
WinHex/Ext Superblock.tpl
WinHex/Ext4 Inode.tpl
WinHex/FAT Directory Entry.tpl
WinHex/FAT LFN Entry.tpl
WinHex/File Type Signatures Search.txt
.pdf
WinHex/GUID Partition Table.tpl
WinHex/HFS+ Volume Header.tpl
WinHex/Jump List Names.txt
WinHex/Master Boot Record.tpl
WinHex/NTFS FILE Record.tpl
WinHex/PVicCat.txt
WinHex/Phone Alias Table.txt
WinHex/Sample script.whs
WinHex/Text file conversion UNIX - Windows.whs
WinHex/Text file conversion Windows - UNIX.whs
WinHex/Tooltips.txt
WinHex/Video Signatures.txt
WinHex/WinHex64.exe
.exe windows:5 windows x64 arch:x64

4f367307e2b014ddc793f2ed28338861

Code Sign

64:33:51:d3:c7:38:9f:08
Certificate

Issuer

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

24/06/2016, 20:44

Not After

24/06/2031, 20:44

Subject

CN=SSL.com Code Signing Intermediate CA RSA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:f8:1a:38:50:63:79:c9:b4:78:e3:3d:a1:13:4f:d6
Certificate

Issuer

CN=SSL.com Code Signing Intermediate CA RSA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

19/05/2023, 16:54

Not After

16/05/2026, 16:54

Subject

CN=X-Ways Software Technology AG,O=X-Ways Software Technology AG,L=Bunde,ST=North Rhine-Westphalia,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

8e:f4:2c:1c:bd:29:6e:c6:58:72:d4:c7:24:eb:11:cd:52:9e:f7:96:56:5e:82:1e:67:22:c5:dd:75:06:78:cb
Signer

Actual PE Digest

8e:f4:2c:1c:bd:29:6e:c6:58:72:d4:c7:24:eb:11:cd:52:9e:f7:96:56:5e:82:1e:67:22:c5:dd:75:06:78:cb

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

oleaut32

SysFreeString
SysReAllocStringLen

user32

MessageBoxA
SetWindowLongPtrA
SetWindowLongPtrW
GetWindowLongPtrW
CreateWindowExA
CreateWindowExW
WindowFromPoint
WaitMessage
UpdateWindow
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TranslateAcceleratorA
TrackPopupMenu
SystemParametersInfoA
SystemParametersInfoW
SwitchDesktop
AnimateWindow
ShowWindow
ShowScrollBar
ShowCaret
SetWindowsHookExA
SetWindowTextA
SetWindowTextW
SetWindowPos
SetTimer
SetScrollInfo
SetParent
SetMenuItemInfoW
SetMenuItemBitmaps
SetMenuDefaultItem
SetMenu
SetKeyboardState
SetForegroundWindow
SetFocus
SetDlgItemTextA
SetDlgItemTextW
SetCursorPos
SetCursor
SetClipboardData
SetCaretPos
SetCapture
SetActiveWindow
SendMessageA
SendMessageW
SendInput
SendDlgItemMessageA
SendDlgItemMessageW
ScrollWindow
ReleaseDC
ReleaseCapture
RegisterWindowMessageA
RegisterClipboardFormatA
RegisterClassA
RegisterClassW
RedrawWindow
PtInRect
PostQuitMessage
PostMessageW
PeekMessageW
OpenDesktopW
OpenClipboard
OffsetRect
OemToCharBuffA
OemToCharA
MoveWindow
ModifyMenuA
ModifyMenuW
MessageBoxA
MessageBoxW
MessageBeep
MapWindowPoints
LoadMenuA
LoadImageA
LoadIconA
LoadCursorA
LoadCursorW
LoadBitmapA
LoadAcceleratorsA
KillTimer
IsZoomed
IsWindowVisible
IsWindowEnabled
IsWindow
IsIconic
IsDlgButtonChecked
IsDialogMessageW
IsClipboardFormatAvailable
InvertRect
InvalidateRect
IntersectRect
InsertMenuA
InsertMenuW
InflateRect
HideCaret
GetWindowThreadProcessId
GetWindowTextLengthW
GetWindowTextA
GetWindowTextW
GetWindowRect
GetWindowInfo
GetWindowDC
GetSystemMetrics
GetSystemMenu
GetSysColor
GetSubMenu
GetScrollPos
GetScrollInfo
GetParent
GetWindow
GetNextDlgTabItem
GetMessageW
GetMenuStringA
GetMenuStringW
GetMenuState
GetMenuItemID
GetMenuItemCount
GetKeyboardState
GetKeyState
GetIconInfo
GetForegroundWindow
GetFocus
GetDlgItemTextA
GetDlgItemTextW
GetDlgItemInt
GetDlgItem
GetDlgCtrlID
GetDC
GetCursorPos
GetClipboardOwner
GetClipboardFormatNameW
GetClipboardData
GetClientRect
GetClassNameA
GetClassNameW
GetClassInfoW
GetAsyncKeyState
GetActiveWindow
FindWindowA
FindWindowW
FillRect
ExitWindowsEx
EnumClipboardFormats
EnumChildWindows
EndPaint
EndDialog
EnableWindow
EnableMenuItem
EmptyClipboard
DrawTextA
DrawTextW
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DispatchMessageW
DialogBoxParamW
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCaret
DeleteMenu
DefWindowProcA
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
CreatePopupMenu
CreateMenu
CreateMDIWindowW
CreateCaret
CountClipboardFormats
CopyImage
CloseClipboard
CheckRadioButton
CheckMenuRadioItem
CheckMenuItem
CheckDlgButton
CharUpperBuffW
CharUpperW
CharNextW
CharLowerBuffW
CharLowerW
CallWindowProcA
CallWindowProcW
CallNextHookEx
BringWindowToTop
BeginPaint
AppendMenuA
AppendMenuW
CharLowerBuffA
CharLowerA
CharUpperBuffA
CharUpperA
CharToOemBuffA
CharToOemA
GetMonitorInfoA
MonitorFromWindow

kernel32

Sleep
VirtualFree
VirtualAlloc
HeapFree
HeapAlloc
GetProcessHeap
VirtualQuery
QueryPerformanceCounter
GetTickCount
GetSystemInfo
GetVersion
CompareStringW
IsDBCSLeadByteEx
SetThreadLocale
WideCharToMultiByte
MultiByteToWideChar
GetConsoleOutputCP
GetConsoleCP
GetACP
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetCommandLineW
FreeLibrary
GetLastError
UnhandledExceptionFilter
RtlUnwindEx
RtlUnwind
RaiseException
ExitProcess
GetCurrentThreadId
DeleteCriticalSection
InitializeCriticalSection
WriteFile
SetFilePointer
SetEndOfFile
ReadFile
GetFileType
GetFileSize
DeleteFileW
CreateFileW
GetStdHandle
CloseHandle
GetProcAddress
RaiseException
LoadLibraryA
GetLastError
TlsSetValue
TlsGetValue
LocalFree
LocalAlloc
GetModuleHandleW
FreeLibrary
lstrlenW
lstrcpynW
lstrcpyA
lstrcpyW
lstrcmpiA
lstrcmpW
lstrcatW
WriteProcessMemory
WriteFile
WinExec
WideCharToMultiByte
WaitForSingleObject
VirtualQueryEx
VirtualQuery
VirtualProtectEx
VirtualProtect
VirtualFree
VirtualAlloc
UnlockFile
TryEnterCriticalSection
TerminateThread
TerminateProcess
SystemTimeToFileTime
SuspendThread
Sleep
SizeofResource
SetUnhandledExceptionFilter
SetThreadPriority
SetThreadContext
SetPriorityClass
SetLastError
SetHandleInformation
SetFileTime
SetFilePointer
SetFileAttributesA
SetFileAttributesW
SetEvent
SetEndOfFile
SetCurrentDirectoryW
ResumeThread
ResetEvent
RemoveDirectoryW
ReadProcessMemory
ReadFile
QueryPerformanceFrequency
QueryPerformanceCounter
QueryDosDeviceW
PeekNamedPipe
OpenProcess
MultiByteToWideChar
MulDiv
MoveFileW
LockResource
LockFile
LocalUnlock
LocalLock
LocalFree
LocalFileTimeToFileTime
LocalAlloc
LoadResource
LoadLibraryExA
LoadLibraryExW
LoadLibraryA
LoadLibraryW
LeaveCriticalSection
IsBadWritePtr
IsBadReadPtr
InitializeCriticalSection
GlobalUnlock
GlobalSize
GlobalMemoryStatus
GlobalLock
GlobalFree
GlobalAlloc
GetWindowsDirectoryA
GetWindowsDirectoryW
GetVolumeInformationA
GetVolumeInformationW
GetVersionExW
GetTimeZoneInformation
GetTickCount
GetThreadTimes
GetThreadLocale
GetThreadContext
GetTempPathW
GetTempFileNameW
GetSystemTimeAsFileTime
GetSystemTime
GetSystemPowerStatus
GetSystemInfo
GetShortPathNameA
GetProcessVersion
GetProcessTimes
GetProcAddress
GetModuleHandleA
GetModuleHandleW
GetModuleFileNameA
GetModuleFileNameW
GetLocaleInfoA
GetLocalTime
GetLastError
GetHandleInformation
GetFileTime
GetFileSize
GetFileInformationByHandle
GetFileAttributesA
GetFileAttributesW
GetExitCodeProcess
GetEnvironmentVariableW
GetDriveTypeA
GetDriveTypeW
GetDiskFreeSpaceExA
GetDiskFreeSpaceExW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCurrentDirectoryA
GetCurrentDirectoryW
GetCommandLineW
GetACP
FreeLibrary
FormatMessageA
FormatMessageW
FlushInstructionCache
FlushFileBuffers
FindResourceA
FindNextFileA
FindNextFileW
FindFirstFileA
FindFirstFileW
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
EnumSystemCodePagesA
EnterCriticalSection
DuplicateHandle
DosDateTimeToFileTime
DeviceIoControl
DeleteFileA
DeleteFileW
DeleteCriticalSection
CreateThread
CreateProcessA
CreateProcessW
CreatePipe
CreateMutexA
CreateHardLinkW
CreateFileA
CreateFileW
CreateEventA
CreateEventW
CreateDirectoryW
CopyFileW
CompareStringW
CloseHandle
Beep
GetLongPathNameA
GetLongPathNameW
GlobalMemoryStatusEx
FindVolumeClose
FindNextVolumeW
FindFirstVolumeW
GetCPInfoExW
GetCPInfoExA
RtlCaptureStackBackTrace
GetDiskFreeSpaceExW
GetProcAddress
GetComputerNameExW
SetFilePointerEx
GetVolumePathNamesForVolumeNameW
OpenThread
GetFileSizeEx
FreeUserPhysicalPages
AllocateUserPhysicalPages

gdi32

TextOutA
TextOutW
StretchDIBits
StartPage
StartDocA
StartDocW
SetWorldTransform
SetTextColor
SetTextAlign
SetPixelV
SetPixel
SetGraphicsMode
SetDIBits
SetBkMode
SetBkColor
SelectObject
SelectClipRgn
Rectangle
PtInRegion
Polygon
MoveToEx
ModifyWorldTransform
LineTo
GetTextMetricsA
GetTextExtentPoint32A
GetTextExtentPoint32W
GetTextColor
GetStockObject
GetPixel
GetObjectA
GetObjectW
GetDeviceCaps
GetCharABCWidthsFloatW
GetBkColor
GetBitmapBits
ExtTextOutA
ExtTextOutW
EndPage
EndDoc
DeleteObject
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePen
CreateFontIndirectA
CreateFontIndirectW
CreateFontA
CreateFontW
CreateDIBitmap
CreateDIBSection
CreateDCA
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
AbortDoc

advapi32

SetSecurityDescriptorDacl
SetFileSecurityW
RegSetValueExA
RegSetValueExW
RegSetValueA
RegSetValueW
RegQueryValueExA
RegQueryValueExW
RegQueryValueW
RegOpenKeyExA
RegOpenKeyA
RegDeleteValueW
RegDeleteKeyA
RegDeleteKeyW
RegCreateKeyA
RegCreateKeyW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
LookupAccountNameW
IsTextUnicode
InitializeSecurityDescriptor
GetUserNameW
GetCurrentHwProfileA
AdjustTokenPrivileges

shell32

SHGetFileInfoA
SHGetFileInfoW
ShellExecuteA
ShellExecuteW
ExtractIconW
ExtractAssociatedIconW
DragQueryPoint
DragQueryFileW
DragFinish
DragAcceptFiles
SHGetFolderPathW
SHGetPathFromIDListW
SHBrowseForFolderW

winspool.drv

GetDefaultPrinterA
OpenPrinterA
EnumPrintersA
DocumentPropertiesA
ClosePrinter

powrprof

SetSuspendState

comctl32

ImageList_GetIconSize
ImageList_Draw
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_Destroy
ImageList_Create

setupapi

SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailA
SetupDiGetClassDevsW

winhttp

WinHttpSetOption
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpReadData
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpOpenRequest
WinHttpOpen
WinHttpConnect
WinHttpCloseHandle

comdlg32

CommDlgExtendedError
ChooseFontA
ChooseColorA
GetSaveFileNameW
GetOpenFileNameW

winmm

PlaySoundA

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 174KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 168KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 512B - Virtual size: 298B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 687KB - Virtual size: 687KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
WinHex/language.dat
WinHex/timezone.dat
WinHex/user.txt
WinHex/winhex.chm
.chm
WinHex/winhex.exe
.exe windows:4 windows x86 arch:x86

Code Sign

64:33:51:d3:c7:38:9f:08
Certificate

Issuer

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

24/06/2016, 20:44

Not After

24/06/2031, 20:44

Subject

CN=SSL.com Code Signing Intermediate CA RSA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:f8:1a:38:50:63:79:c9:b4:78:e3:3d:a1:13:4f:d6
Certificate

Issuer

CN=SSL.com Code Signing Intermediate CA RSA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

19/05/2023, 16:54

Not After

16/05/2026, 16:54

Subject

CN=X-Ways Software Technology AG,O=X-Ways Software Technology AG,L=Bunde,ST=North Rhine-Westphalia,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

9d:4d:9f:0b:c8:d1:62:ca:51:79:a5:63:35:18:3e:17:bb:6f:b2:e8:ac:82:d1:6e:e1:fc:b1:92:ee:c0:29:12
Signer

Actual PE Digest

9d:4d:9f:0b:c8:d1:62:ca:51:79:a5:63:35:18:3e:17:bb:6f:b2:e8:ac:82:d1:6e:e1:fc:b1:92:ee:c0:29:12

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 124KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 380B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 541KB - Virtual size: 541KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
WinHex/x64/hash2.dll
.dll windows:5 windows x64 arch:x64

65a07e83ad2d464605bbfa043427c1b0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentThreadId
FlsSetValue
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
EncodePointer
FlsGetValue
FlsFree
SetLastError
GetLastError
FlsAlloc
HeapFree
Sleep
GetProcAddress
GetModuleHandleW
ExitProcess
DecodePointer
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
HeapReAlloc
LoadLibraryW
WriteFile
GetModuleFileNameW
LCMapStringW
MultiByteToWideChar
GetStringTypeW
HeapSize

Sections

.text
Size: 143KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WinHex/x64/zlib1.dll
.dll windows:5 windows x64 arch:x64

d049ce821cc525c2e44f2c025b76a32c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
SetFilePointer
CloseHandle
GetFileType
CreateFileW
HeapFree
HeapAlloc
WideCharToMultiByte
GetCurrentThreadId
FlsSetValue
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetStartupInfoW
DeleteCriticalSection
SetStdHandle
EnterCriticalSection
LeaveCriticalSection
RtlUnwindEx
EncodePointer
DecodePointer
WriteFile
GetConsoleCP
GetConsoleMode
SetEndOfFile
GetProcessHeap
MultiByteToWideChar
ReadFile
GetProcAddress
GetModuleHandleW
ExitProcess
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
GetModuleFileNameW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FlsGetValue
FlsFree
SetLastError
FlsAlloc
Sleep
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteConsoleW
LoadLibraryW
LCMapStringW
GetStringTypeW
HeapReAlloc
HeapSize
FlushFileBuffers
CreateFileA

Exports

Exports

adler32
adler32_combine
adler32_combine64
adler32_z
compress
compress2
compressBound
crc32
crc32_combine
crc32_combine64
crc32_z
deflate
deflateBound
deflateCopy
deflateEnd
deflateGetDictionary
deflateInit2_
deflateInit_
deflateParams
deflatePending
deflatePrime
deflateReset
deflateResetKeep
deflateSetDictionary
deflateSetHeader
deflateTune
get_crc_table
gzbuffer
gzclearerr
gzclose
gzclose_r
gzclose_w
gzdirect
gzdopen
gzeof
gzerror
gzflush
gzfread
gzfwrite
gzgetc
gzgetc_
gzgets
gzoffset
gzoffset64
gzopen
gzopen64
gzopen_w
gzprintf
gzputc
gzputs
gzread
gzrewind
gzseek
gzseek64
gzsetparams
gztell
gztell64
gzungetc
gzvprintf
gzwrite
inflate
inflateBack
inflateBackEnd
inflateBackInit_
inflateCodesUsed
inflateCopy
inflateEnd
inflateGetDictionary
inflateGetHeader
inflateInit2_
inflateInit_
inflateMark
inflatePrime
inflateReset
inflateReset2
inflateResetKeep
inflateSetDictionary
inflateSync
inflateSyncPoint
inflateUndermine
inflateValidate
uncompress
uncompress2
zError
zlibCompileFlags
zlibVersion

Sections

.text
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WinHex/zlib1.dll
.dll windows:4 windows x86 arch:x86

66a201125fb55b79ced6d0ecd1985e10

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
GetModuleHandleA
GetProcAddress
InitializeCriticalSection
InterlockedExchange
IsDBCSLeadByteEx
LeaveCriticalSection
MultiByteToWideChar
Sleep
VirtualProtect
VirtualQuery
WideCharToMultiByte

msvcrt

_close
_lseek
_open
_read
_write
__dllonexit
__lc_codepage
__mb_cur_max
_errno
_iob
abort
fflush
fputc
free
fwrite
getenv
localeconv
malloc
memchr
memcpy
sprintf
strcat
strcpy
strerror
strlen
vfprintf
wcslen

Exports

Exports

adler32
adler32_combine
compress
compress2
compressBound
crc32
crc32_combine
deflate
deflateBound
deflateCopy
deflateEnd
deflateInit2_
deflateInit_
deflateParams
deflatePrime
deflateReset
deflateSetDictionary
deflateSetHeader
deflateTune
get_crc_table
gzbuffer
gzclearerr
gzclose
gzclose_r
gzclose_w
gzdirect
gzdopen
gzeof
gzerror
gzflush
gzgetc
gzgets
gzoffset
gzopen
gzprintf
gzputc
gzputs
gzread
gzrewind
gzseek
gzsetparams
gztell
gzungetc
gzwrite
inflate
inflateBack
inflateBackEnd
inflateBackInit_
inflateCopy
inflateEnd
inflateGetHeader
inflateInit2_
inflateInit_
inflateMark
inflatePrime
inflateReset
inflateReset2
inflateSetDictionary
inflateSync
inflateSyncPoint
inflateUndermine
uncompress
zError
zlibCompileFlags
zlibVersion

Sections

.text
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 512B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 900B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

CODE Size: 4KB - Virtual size: 3KB

DATA Size: 512B - Virtual size: 160B

BSS Size: - Virtual size: 1KB

.idata Size: 1024B - Virtual size: 702B

.reloc Size: 512B - Virtual size: 424B

.rsrc Size: 14KB - Virtual size: 14KB

e160ef8e55bb9d162da4e266afd9eef3

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

03:01Certificate

Key Usages

8f:56:90:01:d5:0f:c4:57Certificate

Extended Key Usages

Key Usages

33:00:00:00:37:b9:08:f8:71:ee:b5:e9:94:00:00:00:00:00:37Certificate

Extended Key Usages

Key Usages

64:26:68:01:77:1b:3c:bd:da:ee:1a:b6:4b:b8:03:b9:e0:73:d3:b8Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 149KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 4KB - Virtual size: 4KB

4f367307e2b014ddc793f2ed28338861

Code Sign

64:33:51:d3:c7:38:9f:08Certificate

Extended Key Usages

Key Usages

45:f8:1a:38:50:63:79:c9:b4:78:e3:3d:a1:13:4f:d6Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

8e:f4:2c:1c:bd:29:6e:c6:58:72:d4:c7:24:eb:11:cd:52:9e:f7:96:56:5e:82:1e:67:22:c5:dd:75:06:78:cbSigner

Headers

DLL Characteristics

File Characteristics

Imports

oleaut32

user32

kernel32

gdi32

advapi32

shell32

winspool.drv

powrprof

comctl32

setupapi

winhttp

comdlg32

CODE
Size: 4KB - Virtual size: 3KB

DATA
Size: 512B - Virtual size: 160B

BSS
Size: - Virtual size: 1KB

.idata
Size: 1024B - Virtual size: 702B

.reloc
Size: 512B - Virtual size: 424B

.rsrc
Size: 14KB - Virtual size: 14KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

03:01
Certificate

8f:56:90:01:d5:0f:c4:57
Certificate

33:00:00:00:37:b9:08:f8:71:ee:b5:e9:94:00:00:00:00:00:37
Certificate

64:26:68:01:77:1b:3c:bd:da:ee:1a:b6:4b:b8:03:b9:e0:73:d3:b8
Signer

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 149KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 4KB - Virtual size: 4KB

64:33:51:d3:c7:38:9f:08
Certificate

45:f8:1a:38:50:63:79:c9:b4:78:e3:3d:a1:13:4f:d6
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

8e:f4:2c:1c:bd:29:6e:c6:58:72:d4:c7:24:eb:11:cd:52:9e:f7:96:56:5e:82:1e:67:22:c5:dd:75:06:78:cb
Signer

.text
Size: 2.9MB - Virtual size: 2.9MB

.data
Size: 174KB - Virtual size: 173KB

.bss
Size: - Virtual size: 168KB

.idata
Size: 19KB - Virtual size: 19KB

.didata
Size: 512B - Virtual size: 298B

.tls
Size: - Virtual size: 1KB

.rdata
Size: 512B - Virtual size: 40B

.pdata
Size: 68KB - Virtual size: 67KB

.rsrc
Size: 687KB - Virtual size: 687KB

64:33:51:d3:c7:38:9f:08
Certificate

45:f8:1a:38:50:63:79:c9:b4:78:e3:3d:a1:13:4f:d6
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

9d:4d:9f:0b:c8:d1:62:ca:51:79:a5:63:35:18:3e:17:bb:6f:b2:e8:ac:82:d1:6e:e1:fc:b1:92:ee:c0:29:12
Signer

CODE
Size: 2.2MB - Virtual size: 2.2MB

DATA
Size: 77KB - Virtual size: 77KB

BSS
Size: - Virtual size: 124KB

.idata
Size: 13KB - Virtual size: 12KB

.tls
Size: - Virtual size: 380B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: - Virtual size: 106KB

.rsrc
Size: 541KB - Virtual size: 541KB

.text
Size: 143KB - Virtual size: 142KB

RT_CODE
Size: 2KB - Virtual size: 2KB

.rdata
Size: 36KB - Virtual size: 36KB

.data
Size: 5KB - Virtual size: 9KB

.pdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 90KB - Virtual size: 89KB

.rdata
Size: 34KB - Virtual size: 33KB

.data
Size: 5KB - Virtual size: 13KB

.pdata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 1KB - Virtual size: 1KB