01aa9ccc01f647ffba74eb84d1c94d7f2dd73500cafd98739c35c07997a245d8

Sharing

Copy URL Twitter E-mail

General

Target

01aa9ccc01f647ffba74eb84d1c94d7f2dd73500cafd98739c35c07997a245d8
Size

15.3MB
MD5

5df05763a89c49a36f061ea9e2374794
SHA1

78980cc22ab2a7ea62d576d6e9dc54b2a16976f6
SHA256

01aa9ccc01f647ffba74eb84d1c94d7f2dd73500cafd98739c35c07997a245d8
SHA512

a9b9b6b542032d948e395b4cf7736e0efea040bb6aa57d8460a7a2dcaf6f35f5f14de0ed8bc47dc5a7d836f0b9866f21b061ffa921529fe13369717a69c9ef25
SSDEEP

393216:IktQLd1YP9tImSDb4w9/QomJ0v/9CHyfWyuctMqc5FhJ/4cQ:IktS1Y7Ccw9/CC/90yfWNct7c594cQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/MightyPDF.exe
unpack001/dll/PdfiumViewer.dll
unpack001/dll/QRCoder.dll
unpack001/dll/x64/pdfium.dll
unpack001/dll/x86/pdfium.dll

Files

01aa9ccc01f647ffba74eb84d1c94d7f2dd73500cafd98739c35c07997a245d8
.zip
MightyPDF.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 629KB - Virtual size: 628KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 261KB - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MightyPDF.exe.config
.xml
MightyPDF.exe.manifest
dll/Microsoft.CSharp.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:01:17:f8:6f:28:fa:06:6d:8d:05:00:00:00:00:01:17
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/10/2018, 21:07

Not After

10/01/2020, 21:07

Subject

CN=Microsoft Time-Stamp Service,OU=Microsoft America Operations+OU=Thales TSS ESN:3BBD-E338-E9A1,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:b1:dd:ed:ba:54:e9:65:b8:5f:00:01:00:00:01:b1
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/07/2018, 20:11

Not After

26/07/2019, 20:11

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:03:5e:25:1c:99:1f:a3:1e:b8:00:00:00:00:01:03
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/07/2018, 20:08

Not After

26/07/2019, 20:08

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

80:ee:67:8c:1b:82:8b:65:08:1f:1e:9b:47:f5:d8:ee:b3:bc:5c:de:be:be:81:5e:4a:e9:13:ac:c4:49:45:c6
Signer

Actual PE Digest

80:ee:67:8c:1b:82:8b:65:08:1f:1e:9b:47:f5:d8:ee:b3:bc:5c:de:be:be:81:5e:4a:e9:13:ac:c4:49:45:c6

Digest Algorithm

sha256

PE Digest Matches

true

c9:4b:ce:4c:dd:66:4a:2c:7a:13:cf:a7:c2:94:ac:c9:dd:e2:37:3f
Signer

Actual PE Digest

c9:4b:ce:4c:dd:66:4a:2c:7a:13:cf:a7:c2:94:ac:c9:dd:e2:37:3f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dll/Newtonsoft.Json.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

06:ce:e1:31:be:6d:55:c8:07:f7:c0:c7:fb:44:e6:20
Certificate

Issuer

CN=DigiCert CS RSA4096 Root G5,O=DigiCert\, Inc.,C=US

Not Before

15/01/2021, 00:00

Not After

14/01/2046, 23:59

Subject

CN=DigiCert CS RSA4096 Root G5,O=DigiCert\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:de:32:e9:50:9b:44:aa:34:b1:da:f1:bc:0e:c8:73
Certificate

Issuer

CN=DigiCert CS RSA4096 Root G5,O=DigiCert\, Inc.,C=US

Not Before

15/07/2021, 00:00

Not After

14/07/2031, 23:59

Subject

CN=.NET Foundation Projects Code Signing CA2,O=.NET Foundation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:d1:40:7a:5a:bd:ed:43:d5:c1:73:12:1d:38:c5:29
Certificate

Issuer

CN=.NET Foundation Projects Code Signing CA2,O=.NET Foundation,C=US

Not Before

13/08/2021, 00:00

Not After

29/10/2024, 23:59

Subject

SERIALNUMBER=603 389 068,CN=Json.NET (.NET Foundation),O=Json.NET (.NET Foundation),L=Redmond,ST=Washington,C=US,1.3.6.1.4.1.311.60.2.1.2=#130a57617368696e67746f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

38:27:11:d0:35:02:fc:58:64:ae:1e:6c:cb:c5:eb:67:eb:5d:dc:c8:86:9e:e4:59:cc:0d:02:0e:5f:d1:fc:9b
Signer

Actual PE Digest

38:27:11:d0:35:02:fc:58:64:ae:1e:6c:cb:c5:eb:67:eb:5d:dc:c8:86:9e:e4:59:cc:0d:02:0e:5f:d1:fc:9b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 681KB - Virtual size: 680KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dll/PdfiumViewer.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 972B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dll/QRCoder.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 138KB - Virtual size: 138KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dll/System.Buffers.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:01:52:9b:40:9f:50:56:99:75:88:00:00:00:00:01:52
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:37

Not After

02/05/2020, 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d4:65:dc:35:86:93:2f:fb:0d:d0:c1:ac:2f:31:92:bd:28:75:14:21:57:3f:3b:7d:55:33:05:32:59:3d:d4:62
Signer

Actual PE Digest

d4:65:dc:35:86:93:2f:fb:0d:d0:c1:ac:2f:31:92:bd:28:75:14:21:57:3f:3b:7d:55:33:05:32:59:3d:d4:62

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dll/System.Configuration.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:01:17:f8:6f:28:fa:06:6d:8d:05:00:00:00:00:01:17
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/10/2018, 21:07

Not After

10/01/2020, 21:07

Subject

CN=Microsoft Time-Stamp Service,OU=Microsoft America Operations+OU=Thales TSS ESN:3BBD-E338-E9A1,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:b1:dd:ed:ba:54:e9:65:b8:5f:00:01:00:00:01:b1
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/07/2018, 20:11

Not After

26/07/2019, 20:11

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:03:5e:25:1c:99:1f:a3:1e:b8:00:00:00:00:01:03
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/07/2018, 20:08

Not After

26/07/2019, 20:08

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:ab:d9:4a:1f:94:e7:82:76:7d:ee:ac:52:30:37:b0:88:f0:18:0a:2d:ae:f3:41:0f:53:ec:5d:25:af:81:b8
Signer

Actual PE Digest

1d:ab:d9:4a:1f:94:e7:82:76:7d:ee:ac:52:30:37:b0:88:f0:18:0a:2d:ae:f3:41:0f:53:ec:5d:25:af:81:b8

Digest Algorithm

sha256

PE Digest Matches

true

88:53:3e:e8:8e:35:9f:ce:9c:f2:c3:12:99:34:70:9d:14:a1:9e:b5
Signer

Actual PE Digest

88:53:3e:e8:8e:35:9f:ce:9c:f2:c3:12:99:34:70:9d:14:a1:9e:b5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dll/System.Data.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:01:08:a2:f9:49:3a:c0:bc:e9:58:00:00:00:00:01:08
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2018, 20:20

Not After

23/11/2019, 20:20

Subject

CN=Microsoft Time-Stamp service,OU=Microsoft Ireland Operations Limited+OU=Thales TSS ESN:A841-4BB4-CA93,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:b1:dd:ed:ba:54:e9:65:b8:5f:00:01:00:00:01:b1
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/07/2018, 20:11

Not After

26/07/2019, 20:11

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:03:5e:25:1c:99:1f:a3:1e:b8:00:00:00:00:01:03
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/07/2018, 20:08

Not After

26/07/2019, 20:08

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8d:1c:ab:73:35:6e:f4:29:c8:fb:6e:f5:22:6f:c9:d6:c5:52:30:c5:0d:47:51:ad:8f:f4:7b:5a:a0:3e:9f:65
Signer

Actual PE Digest

8d:1c:ab:73:35:6e:f4:29:c8:fb:6e:f5:22:6f:c9:d6:c5:52:30:c5:0d:47:51:ad:8f:f4:7b:5a:a0:3e:9f:65

Digest Algorithm

sha256

PE Digest Matches

true

d5:3e:ed:ef:17:fc:8b:8b:d2:65:67:73:2f:5b:b2:6b:02:68:b7:ba
Signer

Actual PE Digest

d5:3e:ed:ef:17:fc:8b:8b:d2:65:67:73:2f:5b:b2:6b:02:68:b7:ba

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dll/System.Drawing.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:01:06:2f:03:6b:ee:bf:4e:7e:60:00:00:00:00:01:06
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2018, 20:20

Not After

23/11/2019, 20:20

Subject

CN=Microsoft Time-Stamp service,OU=Microsoft Ireland Operations Limited+OU=Thales TSS ESN:179E-4BB0-8246,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:b1:dd:ed:ba:54:e9:65:b8:5f:00:01:00:00:01:b1
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/07/2018, 20:11

Not After

26/07/2019, 20:11

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:03:5e:25:1c:99:1f:a3:1e:b8:00:00:00:00:01:03
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/07/2018, 20:08

Not After

26/07/2019, 20:08

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

49:37:38:df:ea:1b:b3:a9:4d:04:78:cd:41:f5:b4:fd:c8:37:d7:5a:a6:f3:f8:7a:04:fc:42:1f:45:12:b1:ce
Signer

Actual PE Digest

49:37:38:df:ea:1b:b3:a9:4d:04:78:cd:41:f5:b4:fd:c8:37:d7:5a:a6:f3:f8:7a:04:fc:42:1f:45:12:b1:ce

Digest Algorithm

sha256

PE Digest Matches

true

8a:d1:ad:be:db:ce:a4:80:29:5e:96:82:1a:e7:5d:67:8e:63:b7:fa
Signer

Actual PE Digest

8a:d1:ad:be:db:ce:a4:80:29:5e:96:82:1a:e7:5d:67:8e:63:b7:fa

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dll/System.IO.Compression.FileSystem.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:01:08:a2:f9:49:3a:c0:bc:e9:58:00:00:00:00:01:08
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2018, 20:20

Not After

23/11/2019, 20:20

Subject

CN=Microsoft Time-Stamp service,OU=Microsoft Ireland Operations Limited+OU=Thales TSS ESN:A841-4BB4-CA93,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:b1:dd:ed:ba:54:e9:65:b8:5f:00:01:00:00:01:b1
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/07/2018, 20:11

Not After

26/07/2019, 20:11

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:03:5e:25:1c:99:1f:a3:1e:b8:00:00:00:00:01:03
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/07/2018, 20:08

Not After

26/07/2019, 20:08

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:82:df:02:76:04:1b:de:ea:63:95:70:8b:f2:17:ff:b5:6f:54:2e:34:18:6d:57:b4:98:52:7f:25:1f:0e:be
Signer

Actual PE Digest

06:82:df:02:76:04:1b:de:ea:63:95:70:8b:f2:17:ff:b5:6f:54:2e:34:18:6d:57:b4:98:52:7f:25:1f:0e:be

Digest Algorithm

sha256

PE Digest Matches

true

76:bb:d6:3c:64:49:4e:46:63:48:49:fd:53:44:86:5a:84:46:9d:9a
Signer

Actual PE Digest

76:bb:d6:3c:64:49:4e:46:63:48:49:fd:53:44:86:5a:84:46:9d:9a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dll/System.IO.Compression.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:01:06:2f:03:6b:ee:bf:4e:7e:60:00:00:00:00:01:06
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2018, 20:20

Not After

23/11/2019, 20:20

Subject

CN=Microsoft Time-Stamp service,OU=Microsoft Ireland Operations Limited+OU=Thales TSS ESN:179E-4BB0-8246,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:b1:dd:ed:ba:54:e9:65:b8:5f:00:01:00:00:01:b1
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/07/2018, 20:11

Not After

26/07/2019, 20:11

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:03:5e:25:1c:99:1f:a3:1e:b8:00:00:00:00:01:03
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/07/2018, 20:08

Not After

26/07/2019, 20:08

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f6:5d:32:4f:60:46:12:ba:7b:43:c4:7e:2c:ae:a8:70:c2:2d:f8:d5:4b:61:66:01:89:9e:f8:e8:e1:08:6d:60
Signer

Actual PE Digest

f6:5d:32:4f:60:46:12:ba:7b:43:c4:7e:2c:ae:a8:70:c2:2d:f8:d5:4b:61:66:01:89:9e:f8:e8:e1:08:6d:60

Digest Algorithm

sha256

PE Digest Matches

true

04:a0:aa:87:bf:3b:4c:9c:34:b7:35:83:0f:7f:7f:a8:b4:99:1d:d3
Signer

Actual PE Digest

04:a0:aa:87:bf:3b:4c:9c:34:b7:35:83:0f:7f:7f:a8:b4:99:1d:d3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dll/System.Memory.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:02:52:8b:33:aa:f8:95:f3:39:db:00:00:00:00:02:52
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:32

Not After

01/09/2022, 18:32

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a4:6c:07:cf:a9:38:ad:dd:05:7b:ae:24:e4:ad:78:9e:fa:07:82:fb:e0:b3:ea:d5:f5:bc:8e:78:ff:71:9b:27
Signer

Actual PE Digest

a4:6c:07:cf:a9:38:ad:dd:05:7b:ae:24:e4:ad:78:9e:fa:07:82:fb:e0:b3:ea:d5:f5:bc:8e:78:ff:71:9b:27

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dll/System.Net.Http.Formatting.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:02:52:8b:33:aa:f8:95:f3:39:db:00:00:00:00:02:52
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:32

Not After

01/09/2022, 18:32

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9f:fe:74:72:55:6e:6b:45:33:1b:aa:b6:dd:fb:81:a1:15:b8:60:08:22:3a:06:a0:5b:5e:93:d5:ee:20:26:03
Signer

Actual PE Digest

9f:fe:74:72:55:6e:6b:45:33:1b:aa:b6:dd:fb:81:a1:15:b8:60:08:22:3a:06:a0:5b:5e:93:d5:ee:20:26:03

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 163KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dll/System.Net.Http.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:01:0b:bf:86:a4:4e:62:8e:e7:04:00:00:00:00:01:0b
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2018, 20:20

Not After

23/11/2019, 20:20

Subject

CN=Microsoft Time-Stamp service,OU=Microsoft Ireland Operations Limited+OU=Thales TSS ESN:A240-4B82-130E,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:b1:dd:ed:ba:54:e9:65:b8:5f:00:01:00:00:01:b1
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/07/2018, 20:11

Not After

26/07/2019, 20:11

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:03:5e:25:1c:99:1f:a3:1e:b8:00:00:00:00:01:03
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/07/2018, 20:08

Not After

26/07/2019, 20:08

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c2:d9:d5:77:c6:28:3a:57:86:a0:72:17:3e:5f:4c:ee:d9:11:2a:71:da:72:e4:3d:a1:f8:12:de:ce:98:9f:10
Signer

Actual PE Digest

c2:d9:d5:77:c6:28:3a:57:86:a0:72:17:3e:5f:4c:ee:d9:11:2a:71:da:72:e4:3d:a1:f8:12:de:ce:98:9f:10

Digest Algorithm

sha256

PE Digest Matches

true

f6:ce:e8:62:2d:f0:3e:17:5e:50:8e:1d:a7:fd:5c:ff:e7:cc:8b:ad
Signer

Actual PE Digest

f6:ce:e8:62:2d:f0:3e:17:5e:50:8e:1d:a7:fd:5c:ff:e7:cc:8b:ad

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dll/System.Numerics.Vectors.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:00:c2:a0:09:c5:37:76:e9:f6:cd:00:00:00:00:00:c2
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/09/2016, 17:58

Not After

07/09/2018, 17:58

Subject

CN=Microsoft Time-Stamp Service,OU=AOC+OU=Thales TSS ESN:C3B0-0F6A-4111,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:79:7c:2e:57:4e:52:e1:ca:d6:00:01:00:00:01:79
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/08/2017, 20:11

Not After

11/08/2018, 20:11

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:c4:e9:89:f8:7a:81:50:e9:ff:00:00:00:00:00:c4
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/08/2017, 20:20

Not After

11/08/2018, 20:20

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

99:0e:22:c8:fb:bc:e4:62:63:f1:99:41:db:03:50:70:a9:f7:d6:99:5f:43:9a:3b:2d:d5:4b:9c:fc:3d:7c:e6
Signer

Actual PE Digest

99:0e:22:c8:fb:bc:e4:62:63:f1:99:41:db:03:50:70:a9:f7:d6:99:5f:43:9a:3b:2d:d5:4b:9c:fc:3d:7c:e6

Digest Algorithm

sha256

PE Digest Matches

true

12:57:a0:40:75:36:a1:51:f8:dd:f2:97:bc:f9:16:a8:2c:bd:f3:8d
Signer

Actual PE Digest

12:57:a0:40:75:36:a1:51:f8:dd:f2:97:bc:f9:16:a8:2c:bd:f3:8d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dll/System.Runtime.CompilerServices.Unsafe.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:02:13:8c:0c:1c:31:35:bc:d2:5f:00:00:00:00:02:13
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/02/2021, 20:09

Not After

10/02/2022, 20:09

Subject

CN=.NET,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a0:70:99:f3:f5:b7:ef:fb:27:e6:01:6f:08:b5:3a:37:53:0b:75:67:14:d0:60:c5:7a:94:ea:2c:97:22:88:f7
Signer

Actual PE Digest

a0:70:99:f3:f5:b7:ef:fb:27:e6:01:6f:08:b5:3a:37:53:0b:75:67:14:d0:60:c5:7a:94:ea:2c:97:22:88:f7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dll/System.Windows.Forms.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:01:b1:dd:ed:ba:54:e9:65:b8:5f:00:01:00:00:01:b1
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/07/2018, 20:11

Not After

26/07/2019, 20:11

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:eb:69:aa:cc:3e:29:9f:2d:39:00:00:00:00:00:eb
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2018, 20:19

Not After

23/11/2019, 20:19

Subject

CN=Microsoft Time-Stamp Service,OU=Microsoft Operations Puerto Rico+OU=Thales TSS ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:03:5e:25:1c:99:1f:a3:1e:b8:00:00:00:00:01:03
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/07/2018, 20:08

Not After

26/07/2019, 20:08

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9d:6c:44:e7:8e:bd:ea:e5:51:ec:3c:fb:75:88:b9:47:92:45:33:0d:8f:99:39:9f:9e:c7:77:6b:1b:8f:45:78
Signer

Actual PE Digest

9d:6c:44:e7:8e:bd:ea:e5:51:ec:3c:fb:75:88:b9:47:92:45:33:0d:8f:99:39:9f:9e:c7:77:6b:1b:8f:45:78

Digest Algorithm

sha256

PE Digest Matches

true

fd:49:9d:06:d6:ed:7e:f8:34:b8:77:16:79:68:54:86:35:13:d8:96
Signer

Actual PE Digest

fd:49:9d:06:d6:ed:7e:f8:34:b8:77:16:79:68:54:86:35:13:d8:96

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dll/System.Xml.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:01:07:63:a5:19:2a:11:27:e5:d9:00:00:00:00:01:07
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2018, 20:20

Not After

23/11/2019, 20:20

Subject

CN=Microsoft Time-Stamp service,OU=Microsoft Ireland Operations Limited+OU=Thales TSS ESN:AB41-4B27-F026,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:b1:dd:ed:ba:54:e9:65:b8:5f:00:01:00:00:01:b1
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/07/2018, 20:11

Not After

26/07/2019, 20:11

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:03:5e:25:1c:99:1f:a3:1e:b8:00:00:00:00:01:03
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/07/2018, 20:08

Not After

26/07/2019, 20:08

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7c:7e:83:0b:6e:8e:c7:8f:1b:0b:40:6f:aa:a0:69:e8:15:77:9f:d6:bb:73:6e:f6:c1:59:a3:7f:93:8e:9c:e5
Signer

Actual PE Digest

7c:7e:83:0b:6e:8e:c7:8f:1b:0b:40:6f:aa:a0:69:e8:15:77:9f:d6:bb:73:6e:f6:c1:59:a3:7f:93:8e:9c:e5

Digest Algorithm

sha256

PE Digest Matches

true

d9:67:9a:86:5f:cd:e2:9b:37:a3:f7:65:dd:54:3d:bb:b5:df:c3:92
Signer

Actual PE Digest

d9:67:9a:86:5f:cd:e2:9b:37:a3:f7:65:dd:54:3d:bb:b5:df:c3:92

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 885KB - Virtual size: 885KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dll/System.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:01:06:2f:03:6b:ee:bf:4e:7e:60:00:00:00:00:01:06
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2018, 20:20

Not After

23/11/2019, 20:20

Subject

CN=Microsoft Time-Stamp service,OU=Microsoft Ireland Operations Limited+OU=Thales TSS ESN:179E-4BB0-8246,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:b1:dd:ed:ba:54:e9:65:b8:5f:00:01:00:00:01:b1
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/07/2018, 20:11

Not After

26/07/2019, 20:11

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:03:5e:25:1c:99:1f:a3:1e:b8:00:00:00:00:01:03
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/07/2018, 20:08

Not After

26/07/2019, 20:08

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d5:94:be:54:82:70:e6:86:ec:57:37:86:ea:a5:d1:b7:5b:7e:d6:43:69:e2:e1:30:58:91:15:cc:bd:22:1d:5f
Signer

Actual PE Digest

d5:94:be:54:82:70:e6:86:ec:57:37:86:ea:a5:d1:b7:5b:7e:d6:43:69:e2:e1:30:58:91:15:cc:bd:22:1d:5f

Digest Algorithm

sha256

PE Digest Matches

true

67:70:bb:9a:bc:7c:45:69:a5:c8:38:96:6c:7b:87:06:a3:5b:84:6c
Signer

Actual PE Digest

67:70:bb:9a:bc:7c:45:69:a5:c8:38:96:6c:7b:87:06:a3:5b:84:6c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dll/x64/pdfium.dll
.dll windows:5 windows x64 arch:x64

ef0836ceffb3d3b54a19c2102e4e447e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
VerSetConditionMask
VerifyVersionInfoW
GetCurrentProcessId
ResumeThread
GetThreadContext
SuspendThread
CloseHandle
OpenThread
GetCurrentThreadId
SwitchToThread
RaiseException
GetProcAddress
GetModuleHandleW
VirtualFree
VirtualAlloc
GetNativeSystemInfo
RtlCaptureStackBackTrace
GetSystemTime
DeleteCriticalSection
WideCharToMultiByte
MultiByteToWideChar
FindFirstFileExA
FindNextFileA
FindClose
GetLocalTime
CreateFileA
CreateFileW
GetFileSizeEx
SetFilePointerEx
ReadFile
WriteFile
FlushFileBuffers
SetEndOfFile
GetACP
GetWindowsDirectoryA
GetVersionExW
FreeLibrary
GetSystemDirectoryA
LoadLibraryA
Sleep
ResetEvent
SetEvent
CreateEventW
WaitForSingleObject
GetSystemTimeAsFileTime
GetLastError
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetTimeZoneInformation
GetUserGeoID
GetGeoInfoW
InitOnceExecuteOnce
ResolveLocaleName
GetLocaleInfoEx
GetCurrencyFormatEx
GetNumberFormatEx
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDateFormatEx
GetTimeFormatEx
GetCurrentThread
GetThreadTimes
DeleteFileA
GetTempPathA
GetTempFileNameA
GetStdHandle
GetFileType
OutputDebugStringA
GetSystemInfo
GetCurrentProcess
LoadLibraryW
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
QueryPerformanceFrequency
QueryPerformanceCounter
QueryThreadCycleTime
GetThreadPriority
SetThreadPriority
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
CreateSemaphoreA
ReleaseSemaphore
WaitForSingleObjectEx
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
EncodePointer
DecodePointer
InitializeCriticalSectionAndSpinCount
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
InterlockedPushEntrySList
InterlockedFlushSList
RtlPcToFileHeader
RtlUnwindEx
LoadLibraryExW
ExitProcess
GetModuleHandleExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleFileNameA
GetModuleFileNameW
HeapAlloc
HeapReAlloc
HeapFree
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapSize
GetConsoleCP
GetConsoleMode
ReadConsoleW
DeleteFileW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetProcessHeap
SetStdHandle
WriteConsoleW
GetUserDefaultLocaleName
SetLastError

advapi32

CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

gdi32

SetDIBitsToDevice
GdiComment
GetRegionData
GetClipRgn
CreateRectRgn
GetTextMetricsW
GetTextFaceA
CreateFontA
GetDIBits
BitBlt
CreateCompatibleBitmap
CreatePen
WidenPath
SelectClipPath
IntersectClipRect
EndPath
CreateFontIndirectA
CreateCompatibleDC
SelectObject
GetOutlineTextMetricsW
DeleteObject
DeleteDC
GetFontData
GetCharWidthW
EnumFontFamiliesExA
SetStretchBltMode
GetObjectType
CreateBitmap
GetObjectW
GetDeviceCaps
SaveDC
RestoreDC
StretchDIBits
EnumFontFamiliesExW
CreateSolidBrush
GetClipBox
MoveToEx
LineTo
SetMiterLimit
SetPolyFillMode
FillPath
StrokePath
StrokeAndFillPath
ExtCreatePen
BeginPath
PolyBezierTo
CloseFigure

user32

GetDC
ReleaseDC
FillRect

winmm

timeGetTime

dbghelp

SymGetModuleBase64
StackWalk64
SymFromAddr
SymGetLineFromAddr64
SymSetSearchPathW
SymGetSearchPathW
SymInitialize
SymSetOptions
SymFunctionTableAccess64

shlwapi

PathRemoveFileSpecW

Exports

Exports

FORM_DoDocumentAAction
FORM_DoDocumentJSAction
FORM_DoDocumentOpenAction
FORM_DoPageAAction
FORM_ForceToKillFocus
FORM_GetSelectedText
FORM_OnAfterLoadPage
FORM_OnBeforeClosePage
FORM_OnChar
FORM_OnFocus
FORM_OnKeyDown
FORM_OnKeyUp
FORM_OnLButtonDown
FORM_OnLButtonUp
FORM_OnMouseMove
FORM_OnRButtonDown
FORM_OnRButtonUp
FORM_ReplaceSelection
FPDFAction_GetDest
FPDFAction_GetFilePath
FPDFAction_GetType
FPDFAction_GetURIPath
FPDFAnnot_AppendObject
FPDFAnnot_CountAttachmentPoints
FPDFAnnot_GetAP
FPDFAnnot_GetAttachmentPoints
FPDFAnnot_GetColor
FPDFAnnot_GetFlags
FPDFAnnot_GetFormFieldAtPoint
FPDFAnnot_GetFormFieldFlags
FPDFAnnot_GetLinkedAnnot
FPDFAnnot_GetObject
FPDFAnnot_GetObjectCount
FPDFAnnot_GetRect
FPDFAnnot_GetStringValue
FPDFAnnot_GetSubtype
FPDFAnnot_GetValueType
FPDFAnnot_HasAttachmentPoints
FPDFAnnot_HasKey
FPDFAnnot_IsObjectSupportedSubtype
FPDFAnnot_IsSupportedSubtype
FPDFAnnot_RemoveObject
FPDFAnnot_SetAP
FPDFAnnot_SetAttachmentPoints
FPDFAnnot_SetColor
FPDFAnnot_SetFlags
FPDFAnnot_SetRect
FPDFAnnot_SetStringValue
FPDFAnnot_UpdateObject
FPDFAttachment_GetFile
FPDFAttachment_GetName
FPDFAttachment_GetStringValue
FPDFAttachment_GetValueType
FPDFAttachment_HasKey
FPDFAttachment_SetFile
FPDFAttachment_SetStringValue
FPDFAvail_Create
FPDFAvail_Destroy
FPDFAvail_GetDocument
FPDFAvail_GetFirstPageNum
FPDFAvail_IsDocAvail
FPDFAvail_IsFormAvail
FPDFAvail_IsLinearized
FPDFAvail_IsPageAvail
FPDFBitmap_Create
FPDFBitmap_CreateEx
FPDFBitmap_Destroy
FPDFBitmap_FillRect
FPDFBitmap_GetBuffer
FPDFBitmap_GetFormat
FPDFBitmap_GetHeight
FPDFBitmap_GetStride
FPDFBitmap_GetWidth
FPDFBookmark_Find
FPDFBookmark_GetAction
FPDFBookmark_GetDest
FPDFBookmark_GetFirstChild
FPDFBookmark_GetNextSibling
FPDFBookmark_GetTitle
FPDFCatalog_IsTagged
FPDFDOC_ExitFormFillEnvironment
FPDFDOC_InitFormFillEnvironment
FPDFDest_GetDestPageIndex
FPDFDest_GetLocationInPage
FPDFDest_GetPageIndex
FPDFDest_GetView
FPDFDoc_AddAttachment
FPDFDoc_DeleteAttachment
FPDFDoc_GetAttachment
FPDFDoc_GetAttachmentCount
FPDFDoc_GetPageMode
FPDFFont_Close
FPDFImageObj_GetBitmap
FPDFImageObj_GetImageDataDecoded
FPDFImageObj_GetImageDataRaw
FPDFImageObj_GetImageFilter
FPDFImageObj_GetImageFilterCount
FPDFImageObj_GetImageMetadata
FPDFImageObj_LoadJpegFile
FPDFImageObj_LoadJpegFileInline
FPDFImageObj_SetBitmap
FPDFImageObj_SetMatrix
FPDFLink_CloseWebLinks
FPDFLink_CountQuadPoints
FPDFLink_CountRects
FPDFLink_CountWebLinks
FPDFLink_Enumerate
FPDFLink_GetAction
FPDFLink_GetAnnotRect
FPDFLink_GetDest
FPDFLink_GetLinkAtPoint
FPDFLink_GetLinkZOrderAtPoint
FPDFLink_GetQuadPoints
FPDFLink_GetRect
FPDFLink_GetURL
FPDFLink_LoadWebLinks
FPDFPageObjMark_GetName
FPDFPageObj_CountMarks
FPDFPageObj_CreateNewPath
FPDFPageObj_CreateNewRect
FPDFPageObj_CreateTextObj
FPDFPageObj_Destroy
FPDFPageObj_GetBounds
FPDFPageObj_GetMark
FPDFPageObj_GetType
FPDFPageObj_HasTransparency
FPDFPageObj_NewImageObj
FPDFPageObj_NewTextObj
FPDFPageObj_SetBlendMode
FPDFPageObj_Transform
FPDFPageObj_TransformClipPath
FPDFPage_CloseAnnot
FPDFPage_CountObject
FPDFPage_CountObjects
FPDFPage_CreateAnnot
FPDFPage_Delete
FPDFPage_Flatten
FPDFPage_FormFieldZOrderAtPoint
FPDFPage_GenerateContent
FPDFPage_GetAnnot
FPDFPage_GetAnnotCount
FPDFPage_GetAnnotIndex
FPDFPage_GetCropBox
FPDFPage_GetMediaBox
FPDFPage_GetObject
FPDFPage_GetRotation
FPDFPage_HasFormFieldAtPoint
FPDFPage_HasTransparency
FPDFPage_InsertClipPath
FPDFPage_InsertObject
FPDFPage_New
FPDFPage_RemoveAnnot
FPDFPage_RemoveObject
FPDFPage_SetCropBox
FPDFPage_SetMediaBox
FPDFPage_SetRotation
FPDFPage_TransFormWithClip
FPDFPage_TransformAnnots
FPDFPathSegment_GetClose
FPDFPathSegment_GetPoint
FPDFPathSegment_GetType
FPDFPath_BezierTo
FPDFPath_Close
FPDFPath_CountSegments
FPDFPath_GetFillColor
FPDFPath_GetPathSegment
FPDFPath_GetStrokeColor
FPDFPath_LineTo
FPDFPath_MoveTo
FPDFPath_SetDrawMode
FPDFPath_SetFillColor
FPDFPath_SetLineCap
FPDFPath_SetLineJoin
FPDFPath_SetStrokeColor
FPDFPath_SetStrokeWidth
FPDFText_ClosePage
FPDFText_CountChars
FPDFText_CountRects
FPDFText_FindClose
FPDFText_FindNext
FPDFText_FindPrev
FPDFText_FindStart
FPDFText_GetBoundedText
FPDFText_GetCharBox
FPDFText_GetCharIndexAtPos
FPDFText_GetCharIndexFromTextIndex
FPDFText_GetCharOrigin
FPDFText_GetFontSize
FPDFText_GetRect
FPDFText_GetSchCount
FPDFText_GetSchResultIndex
FPDFText_GetText
FPDFText_GetTextIndexFromCharIndex
FPDFText_GetUnicode
FPDFText_LoadFont
FPDFText_LoadPage
FPDFText_SetFillColor
FPDFText_SetText
FPDF_AddInstalledFont
FPDF_AddRef
FPDF_BStr_Clear
FPDF_BStr_Init
FPDF_BStr_Set
FPDF_CloseDocument
FPDF_ClosePage
FPDF_CopyViewerPreferences
FPDF_CountNamedDests
FPDF_CreateClipPath
FPDF_CreateNewDocument
FPDF_DestroyClipPath
FPDF_DestroyLibrary
FPDF_DeviceToPage
FPDF_FFLDraw
FPDF_FreeDefaultSystemFontInfo
FPDF_GetDefaultSystemFontInfo
FPDF_GetDefaultTTFMap
FPDF_GetDocPermissions
FPDF_GetFileVersion
FPDF_GetFormType
FPDF_GetLastError
FPDF_GetMetaText
FPDF_GetNamedDest
FPDF_GetNamedDestByName
FPDF_GetPageBoundingBox
FPDF_GetPageCount
FPDF_GetPageHeight
FPDF_GetPageLabel
FPDF_GetPageSizeByIndex
FPDF_GetPageWidth
FPDF_GetSecurityHandlerRevision
FPDF_ImportNPagesToOne
FPDF_ImportPages
FPDF_InitLibrary
FPDF_InitLibraryWithConfig
FPDF_LoadCustomDocument
FPDF_LoadDocument
FPDF_LoadMemDocument
FPDF_LoadPage
FPDF_LoadXFA
FPDF_PageToDevice
FPDF_Release
FPDF_RemoveFormFieldHighlight
FPDF_RenderPage
FPDF_RenderPageBitmap
FPDF_RenderPageBitmapWithMatrix
FPDF_RenderPageBitmap_Start
FPDF_RenderPage_Close
FPDF_RenderPage_Continue
FPDF_SaveAsCopy
FPDF_SaveWithVersion
FPDF_SetFormFieldHighlightAlpha
FPDF_SetFormFieldHighlightColor
FPDF_SetPrintMode
FPDF_SetSandBoxPolicy
FPDF_SetSystemFontInfo
FPDF_StructElement_CountChildren
FPDF_StructElement_GetAltText
FPDF_StructElement_GetChildAtIndex
FPDF_StructElement_GetMarkedContentID
FPDF_StructElement_GetTitle
FPDF_StructElement_GetType
FPDF_StructTree_Close
FPDF_StructTree_CountChildren
FPDF_StructTree_GetChildAtIndex
FPDF_StructTree_GetForPage
FPDF_VIEWERREF_GetDuplex
FPDF_VIEWERREF_GetName
FPDF_VIEWERREF_GetNumCopies
FPDF_VIEWERREF_GetPrintPageRange
FPDF_VIEWERREF_GetPrintScaling
FSDK_SetUnSpObjProcessHandler

Sections

.text
Size: 11.4MB - Virtual size: 11.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 61KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 300KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dll/x86/pdfium.dll
.dll windows:5 windows x86 arch:x86

70a80dbefa7ae6ade9f21245398e5b6e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetCurrentProcessId
GetSystemTime
GetCurrentProcess
ResumeThread
GetThreadContext
SuspendThread
CloseHandle
OpenThread
GetCurrentThreadId
SwitchToThread
RaiseException
GetProcAddress
GetModuleHandleW
VirtualFree
VirtualAlloc
GetNativeSystemInfo
RtlCaptureStackBackTrace
IsWow64Process
DeleteCriticalSection
WideCharToMultiByte
MultiByteToWideChar
FindFirstFileExA
FindNextFileA
FindClose
GetLocalTime
CreateFileA
CreateFileW
GetFileSizeEx
SetFilePointerEx
ReadFile
WriteFile
FlushFileBuffers
SetEndOfFile
GetACP
GetWindowsDirectoryA
GetVersionExW
FreeLibrary
GetSystemDirectoryA
LoadLibraryA
Sleep
ResetEvent
SetEvent
CreateEventW
GetLastError
GetSystemTimeAsFileTime
GetUserDefaultLocaleName
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetTimeZoneInformation
GetUserGeoID
GetGeoInfoW
InitOnceExecuteOnce
ResolveLocaleName
GetLocaleInfoEx
GetCurrencyFormatEx
GetNumberFormatEx
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDateFormatEx
GetTimeFormatEx
GetCurrentThread
GetThreadTimes
DeleteFileA
GetTempPathA
GetTempFileNameA
GetStdHandle
GetFileType
OutputDebugStringA
GetSystemInfo
LoadLibraryW
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
QueryPerformanceFrequency
QueryPerformanceCounter
QueryThreadCycleTime
GetThreadPriority
SetThreadPriority
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
CreateSemaphoreA
ReleaseSemaphore
WaitForSingleObjectEx
InitializeSListHead
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
EncodePointer
DecodePointer
InitializeCriticalSectionAndSpinCount
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
InterlockedPushEntrySList
InterlockedFlushSList
RtlUnwind
LoadLibraryExW
ExitProcess
GetModuleHandleExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleFileNameA
GetModuleFileNameW
HeapAlloc
HeapReAlloc
HeapFree
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapSize
GetConsoleCP
GetConsoleMode
ReadConsoleW
DeleteFileW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetProcessHeap
SetStdHandle
WriteConsoleW
WaitForSingleObject
SetLastError

advapi32

CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

gdi32

SetDIBitsToDevice
GdiComment
GetRegionData
GetClipRgn
CreateRectRgn
GetTextMetricsW
GetTextFaceA
CreateFontA
GetDIBits
BitBlt
CreateCompatibleBitmap
CreatePen
WidenPath
SelectClipPath
IntersectClipRect
EndPath
CreateFontIndirectA
CreateCompatibleDC
SelectObject
GetOutlineTextMetricsW
DeleteObject
DeleteDC
GetFontData
GetCharWidthW
EnumFontFamiliesExA
SetStretchBltMode
GetObjectType
CreateBitmap
GetObjectW
GetDeviceCaps
SaveDC
RestoreDC
StretchDIBits
EnumFontFamiliesExW
CreateSolidBrush
GetClipBox
MoveToEx
LineTo
SetMiterLimit
SetPolyFillMode
FillPath
StrokePath
StrokeAndFillPath
ExtCreatePen
BeginPath
PolyBezierTo
CloseFigure

user32

GetDC
ReleaseDC
FillRect

winmm

timeGetTime

dbghelp

SymGetModuleBase64
StackWalk64
SymFromAddr
SymGetLineFromAddr64
SymSetSearchPathW
SymGetSearchPathW
SymInitialize
SymSetOptions
SymFunctionTableAccess64

shlwapi

PathRemoveFileSpecW

Exports

Exports

_FORM_DoDocumentAAction@8
_FORM_DoDocumentJSAction@4
_FORM_DoDocumentOpenAction@4
_FORM_DoPageAAction@12
_FORM_ForceToKillFocus@4
_FORM_GetSelectedText@16
_FORM_OnAfterLoadPage@8
_FORM_OnBeforeClosePage@8
_FORM_OnChar@16
_FORM_OnFocus@28
_FORM_OnKeyDown@16
_FORM_OnKeyUp@16
_FORM_OnLButtonDown@28
_FORM_OnLButtonUp@28
_FORM_OnMouseMove@28
_FORM_OnRButtonDown@28
_FORM_OnRButtonUp@28
_FORM_ReplaceSelection@12
_FPDFAction_GetDest@8
_FPDFAction_GetFilePath@12
_FPDFAction_GetType@4
_FPDFAction_GetURIPath@16
_FPDFAnnot_AppendObject@8
_FPDFAnnot_CountAttachmentPoints@4
_FPDFAnnot_GetAP@16
_FPDFAnnot_GetAttachmentPoints@8
_FPDFAnnot_GetColor@24
_FPDFAnnot_GetFlags@4
_FPDFAnnot_GetFormFieldAtPoint@24
_FPDFAnnot_GetFormFieldFlags@8
_FPDFAnnot_GetLinkedAnnot@8
_FPDFAnnot_GetObject@8
_FPDFAnnot_GetObjectCount@4
_FPDFAnnot_GetRect@8
_FPDFAnnot_GetStringValue@16
_FPDFAnnot_GetSubtype@4
_FPDFAnnot_GetValueType@8
_FPDFAnnot_HasAttachmentPoints@4
_FPDFAnnot_HasKey@8
_FPDFAnnot_IsObjectSupportedSubtype@4
_FPDFAnnot_IsSupportedSubtype@4
_FPDFAnnot_RemoveObject@8
_FPDFAnnot_SetAP@12
_FPDFAnnot_SetAttachmentPoints@8
_FPDFAnnot_SetColor@24
_FPDFAnnot_SetFlags@8
_FPDFAnnot_SetRect@8
_FPDFAnnot_SetStringValue@12
_FPDFAnnot_UpdateObject@8
_FPDFAttachment_GetFile@12
_FPDFAttachment_GetName@12
_FPDFAttachment_GetStringValue@16
_FPDFAttachment_GetValueType@8
_FPDFAttachment_HasKey@8
_FPDFAttachment_SetFile@16
_FPDFAttachment_SetStringValue@12
_FPDFAvail_Create@8
_FPDFAvail_Destroy@4
_FPDFAvail_GetDocument@8
_FPDFAvail_GetFirstPageNum@4
_FPDFAvail_IsDocAvail@8
_FPDFAvail_IsFormAvail@8
_FPDFAvail_IsLinearized@4
_FPDFAvail_IsPageAvail@12
_FPDFBitmap_Create@12
_FPDFBitmap_CreateEx@20
_FPDFBitmap_Destroy@4
_FPDFBitmap_FillRect@24
_FPDFBitmap_GetBuffer@4
_FPDFBitmap_GetFormat@4
_FPDFBitmap_GetHeight@4
_FPDFBitmap_GetStride@4
_FPDFBitmap_GetWidth@4
_FPDFBookmark_Find@8
_FPDFBookmark_GetAction@4
_FPDFBookmark_GetDest@8
_FPDFBookmark_GetFirstChild@8
_FPDFBookmark_GetNextSibling@8
_FPDFBookmark_GetTitle@12
_FPDFCatalog_IsTagged@4
_FPDFDOC_ExitFormFillEnvironment@4
_FPDFDOC_InitFormFillEnvironment@8
_FPDFDest_GetDestPageIndex@8
_FPDFDest_GetLocationInPage@28
_FPDFDest_GetPageIndex@8
_FPDFDest_GetView@12
_FPDFDoc_AddAttachment@8
_FPDFDoc_DeleteAttachment@8
_FPDFDoc_GetAttachment@8
_FPDFDoc_GetAttachmentCount@4
_FPDFDoc_GetPageMode@4
_FPDFFont_Close@4
_FPDFImageObj_GetBitmap@4
_FPDFImageObj_GetImageDataDecoded@12
_FPDFImageObj_GetImageDataRaw@12
_FPDFImageObj_GetImageFilter@16
_FPDFImageObj_GetImageFilterCount@4
_FPDFImageObj_GetImageMetadata@12
_FPDFImageObj_LoadJpegFile@16
_FPDFImageObj_LoadJpegFileInline@16
_FPDFImageObj_SetBitmap@16
_FPDFImageObj_SetMatrix@52
_FPDFLink_CloseWebLinks@4
_FPDFLink_CountQuadPoints@4
_FPDFLink_CountRects@8
_FPDFLink_CountWebLinks@4
_FPDFLink_Enumerate@12
_FPDFLink_GetAction@4
_FPDFLink_GetAnnotRect@8
_FPDFLink_GetDest@8
_FPDFLink_GetLinkAtPoint@20
_FPDFLink_GetLinkZOrderAtPoint@20
_FPDFLink_GetQuadPoints@12
_FPDFLink_GetRect@28
_FPDFLink_GetURL@16
_FPDFLink_LoadWebLinks@4
_FPDFPageObjMark_GetName@12
_FPDFPageObj_CountMarks@4
_FPDFPageObj_CreateNewPath@8
_FPDFPageObj_CreateNewRect@16
_FPDFPageObj_CreateTextObj@12
_FPDFPageObj_Destroy@4
_FPDFPageObj_GetBounds@20
_FPDFPageObj_GetMark@8
_FPDFPageObj_GetType@4
_FPDFPageObj_HasTransparency@4
_FPDFPageObj_NewImageObj@4
_FPDFPageObj_NewTextObj@12
_FPDFPageObj_SetBlendMode@8
_FPDFPageObj_Transform@52
_FPDFPageObj_TransformClipPath@52
_FPDFPage_CloseAnnot@4
_FPDFPage_CountObject@4
_FPDFPage_CountObjects@4
_FPDFPage_CreateAnnot@8
_FPDFPage_Delete@8
_FPDFPage_Flatten@8
_FPDFPage_FormFieldZOrderAtPoint@24
_FPDFPage_GenerateContent@4
_FPDFPage_GetAnnot@8
_FPDFPage_GetAnnotCount@4
_FPDFPage_GetAnnotIndex@8
_FPDFPage_GetCropBox@20
_FPDFPage_GetMediaBox@20
_FPDFPage_GetObject@8
_FPDFPage_GetRotation@4
_FPDFPage_HasFormFieldAtPoint@24
_FPDFPage_HasTransparency@4
_FPDFPage_InsertClipPath@8
_FPDFPage_InsertObject@8
_FPDFPage_New@24
_FPDFPage_RemoveAnnot@8
_FPDFPage_RemoveObject@8
_FPDFPage_SetCropBox@20
_FPDFPage_SetMediaBox@20
_FPDFPage_SetRotation@8
_FPDFPage_TransFormWithClip@12
_FPDFPage_TransformAnnots@52
_FPDFPathSegment_GetClose@4
_FPDFPathSegment_GetPoint@12
_FPDFPathSegment_GetType@4
_FPDFPath_BezierTo@28
_FPDFPath_Close@4
_FPDFPath_CountSegments@4
_FPDFPath_GetFillColor@20
_FPDFPath_GetPathSegment@8
_FPDFPath_GetStrokeColor@20
_FPDFPath_LineTo@12
_FPDFPath_MoveTo@12
_FPDFPath_SetDrawMode@12
_FPDFPath_SetFillColor@20
_FPDFPath_SetLineCap@8
_FPDFPath_SetLineJoin@8
_FPDFPath_SetStrokeColor@20
_FPDFPath_SetStrokeWidth@8
_FPDFText_ClosePage@4
_FPDFText_CountChars@4
_FPDFText_CountRects@12
_FPDFText_FindClose@4
_FPDFText_FindNext@4
_FPDFText_FindPrev@4
_FPDFText_FindStart@16
_FPDFText_GetBoundedText@44
_FPDFText_GetCharBox@24
_FPDFText_GetCharIndexAtPos@36
_FPDFText_GetCharIndexFromTextIndex@8
_FPDFText_GetCharOrigin@16
_FPDFText_GetFontSize@8
_FPDFText_GetRect@24
_FPDFText_GetSchCount@4
_FPDFText_GetSchResultIndex@4
_FPDFText_GetText@16
_FPDFText_GetTextIndexFromCharIndex@8
_FPDFText_GetUnicode@8
_FPDFText_LoadFont@20
_FPDFText_LoadPage@4
_FPDFText_SetFillColor@20
_FPDFText_SetText@8
_FPDF_AddInstalledFont@12
_FPDF_AddRef@0
_FPDF_BStr_Clear@4
_FPDF_BStr_Init@4
_FPDF_BStr_Set@12
_FPDF_CloseDocument@4
_FPDF_ClosePage@4
_FPDF_CopyViewerPreferences@8
_FPDF_CountNamedDests@4
_FPDF_CreateClipPath@16
_FPDF_CreateNewDocument@0
_FPDF_DestroyClipPath@4
_FPDF_DestroyLibrary@0
_FPDF_DeviceToPage@40
_FPDF_FFLDraw@36
_FPDF_FreeDefaultSystemFontInfo@4
_FPDF_GetDefaultSystemFontInfo@0
_FPDF_GetDefaultTTFMap@0
_FPDF_GetDocPermissions@4
_FPDF_GetFileVersion@8
_FPDF_GetFormType@4
_FPDF_GetLastError@0
_FPDF_GetMetaText@16
_FPDF_GetNamedDest@16
_FPDF_GetNamedDestByName@8
_FPDF_GetPageBoundingBox@8
_FPDF_GetPageCount@4
_FPDF_GetPageHeight@4
_FPDF_GetPageLabel@16
_FPDF_GetPageSizeByIndex@16
_FPDF_GetPageWidth@4
_FPDF_GetSecurityHandlerRevision@4
_FPDF_ImportNPagesToOne@20
_FPDF_ImportPages@16
_FPDF_InitLibrary@0
_FPDF_InitLibraryWithConfig@4
_FPDF_LoadCustomDocument@8
_FPDF_LoadDocument@8
_FPDF_LoadMemDocument@12
_FPDF_LoadPage@8
_FPDF_LoadXFA@4
_FPDF_PageToDevice@48
_FPDF_Release@0
_FPDF_RemoveFormFieldHighlight@4
_FPDF_RenderPage@32
_FPDF_RenderPageBitmap@32
_FPDF_RenderPageBitmapWithMatrix@20
_FPDF_RenderPageBitmap_Start@36
_FPDF_RenderPage_Close@4
_FPDF_RenderPage_Continue@8
_FPDF_SaveAsCopy@12
_FPDF_SaveWithVersion@16
_FPDF_SetFormFieldHighlightAlpha@8
_FPDF_SetFormFieldHighlightColor@12
_FPDF_SetPrintMode@4
_FPDF_SetSandBoxPolicy@8
_FPDF_SetSystemFontInfo@4
_FPDF_StructElement_CountChildren@4
_FPDF_StructElement_GetAltText@12
_FPDF_StructElement_GetChildAtIndex@8
_FPDF_StructElement_GetMarkedContentID@4
_FPDF_StructElement_GetTitle@12
_FPDF_StructElement_GetType@12
_FPDF_StructTree_Close@4
_FPDF_StructTree_CountChildren@4
_FPDF_StructTree_GetChildAtIndex@8
_FPDF_StructTree_GetForPage@4
_FPDF_VIEWERREF_GetDuplex@4
_FPDF_VIEWERREF_GetName@16
_FPDF_VIEWERREF_GetNumCopies@4
_FPDF_VIEWERREF_GetPrintPageRange@4
_FPDF_VIEWERREF_GetPrintScaling@4
_FSDK_SetUnSpObjProcessHandler@4

Sections

.text
Size: 9.5MB - Virtual size: 9.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 340KB - Virtual size: 340KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
使用说明.txt

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 629KB - Virtual size: 628KB

.sdata Size: 512B - Virtual size: 488B

.rsrc Size: 261KB - Virtual size: 261KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:01:17:f8:6f:28:fa:06:6d:8d:05:00:00:00:00:01:17Certificate

Extended Key Usages

33:00:00:01:b1:dd:ed:ba:54:e9:65:b8:5f:00:01:00:00:01:b1Certificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

33:00:00:01:03:5e:25:1c:99:1f:a3:1e:b8:00:00:00:00:01:03Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

80:ee:67:8c:1b:82:8b:65:08:1f:1e:9b:47:f5:d8:ee:b3:bc:5c:de:be:be:81:5e:4a:e9:13:ac:c4:49:45:c6Signer

c9:4b:ce:4c:dd:66:4a:2c:7a:13:cf:a7:c2:94:ac:c9:dd:e2:37:3fSigner

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 28KB - Virtual size: 28KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Code Sign

06:ce:e1:31:be:6d:55:c8:07:f7:c0:c7:fb:44:e6:20Certificate

Key Usages

0a:de:32:e9:50:9b:44:aa:34:b1:da:f1:bc:0e:c8:73Certificate

Extended Key Usages

Key Usages

0c:d1:40:7a:5a:bd:ed:43:d5:c1:73:12:1d:38:c5:29Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

38:27:11:d0:35:02:fc:58:64:ae:1e:6c:cb:c5:eb:67:eb:5d:dc:c8:86:9e:e4:59:cc:0d:02:0e:5f:d1:fc:9bSigner

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 681KB - Virtual size: 680KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 111KB - Virtual size: 110KB

.rsrc Size: 1024B - Virtual size: 972B

.reloc Size: 512B - Virtual size: 12B

.text
Size: 629KB - Virtual size: 628KB

.sdata
Size: 512B - Virtual size: 488B

.rsrc
Size: 261KB - Virtual size: 261KB

.reloc
Size: 512B - Virtual size: 12B

33:00:00:01:17:f8:6f:28:fa:06:6d:8d:05:00:00:00:00:01:17
Certificate

33:00:00:01:b1:dd:ed:ba:54:e9:65:b8:5f:00:01:00:00:01:b1
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:01:03:5e:25:1c:99:1f:a3:1e:b8:00:00:00:00:01:03
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

80:ee:67:8c:1b:82:8b:65:08:1f:1e:9b:47:f5:d8:ee:b3:bc:5c:de:be:be:81:5e:4a:e9:13:ac:c4:49:45:c6
Signer

c9:4b:ce:4c:dd:66:4a:2c:7a:13:cf:a7:c2:94:ac:c9:dd:e2:37:3f
Signer

.text
Size: 28KB - Virtual size: 28KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

06:ce:e1:31:be:6d:55:c8:07:f7:c0:c7:fb:44:e6:20
Certificate

0a:de:32:e9:50:9b:44:aa:34:b1:da:f1:bc:0e:c8:73
Certificate

0c:d1:40:7a:5a:bd:ed:43:d5:c1:73:12:1d:38:c5:29
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

38:27:11:d0:35:02:fc:58:64:ae:1e:6c:cb:c5:eb:67:eb:5d:dc:c8:86:9e:e4:59:cc:0d:02:0e:5f:d1:fc:9b
Signer

.text
Size: 681KB - Virtual size: 680KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 111KB - Virtual size: 110KB

.rsrc
Size: 1024B - Virtual size: 972B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 138KB - Virtual size: 138KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

33:00:00:01:52:9b:40:9f:50:56:99:75:88:00:00:00:00:01:52
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

d4:65:dc:35:86:93:2f:fb:0d:d0:c1:ac:2f:31:92:bd:28:75:14:21:57:3f:3b:7d:55:33:05:32:59:3d:d4:62
Signer

.text
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

33:00:00:01:17:f8:6f:28:fa:06:6d:8d:05:00:00:00:00:01:17
Certificate

33:00:00:01:b1:dd:ed:ba:54:e9:65:b8:5f:00:01:00:00:01:b1
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:01:03:5e:25:1c:99:1f:a3:1e:b8:00:00:00:00:01:03
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

1d:ab:d9:4a:1f:94:e7:82:76:7d:ee:ac:52:30:37:b0:88:f0:18:0a:2d:ae:f3:41:0f:53:ec:5d:25:af:81:b8
Signer

88:53:3e:e8:8e:35:9f:ce:9c:f2:c3:12:99:34:70:9d:14:a1:9e:b5
Signer

.text
Size: 76KB - Virtual size: 76KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

33:00:00:01:08:a2:f9:49:3a:c0:bc:e9:58:00:00:00:00:01:08
Certificate

33:00:00:01:b1:dd:ed:ba:54:e9:65:b8:5f:00:01:00:00:01:b1
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:01:03:5e:25:1c:99:1f:a3:1e:b8:00:00:00:00:01:03
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

8d:1c:ab:73:35:6e:f4:29:c8:fb:6e:f5:22:6f:c9:d6:c5:52:30:c5:0d:47:51:ad:8f:f4:7b:5a:a0:3e:9f:65
Signer

d5:3e:ed:ef:17:fc:8b:8b:d2:65:67:73:2f:5b:b2:6b:02:68:b7:ba
Signer