d940b8f64cee2564eae81d24a87fb918bd34b64704e71140846d35b60183d7cd

Sharing

Copy URL

Twitter E-mail

General

Target

d940b8f64cee2564eae81d24a87fb918bd34b64704e71140846d35b60183d7cd
Size

10.3MB
MD5

c5b538b110fbb1a02fb92bb4a47e7862
SHA1

0fef4aab8a974dd882281d24dd843267d33da7cc
SHA256

d940b8f64cee2564eae81d24a87fb918bd34b64704e71140846d35b60183d7cd
SHA512

aabdef31372ae1d72f0306c92d294740beccb74460ca8ed0c5223119c71b3d2ab80daf915c12e1f8173309bb3b5e0f06f0117c77f2506c6efc601a91122b657a
SSDEEP

196608:1TVryFl+X3C/En47aCnGy2qGeOS7E+NsUTsvZrFD0i0ypB6aMS:17B4mmXHGrD9rt0iR/MS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/bdzsfx.x86.sfx

Files

d940b8f64cee2564eae81d24a87fb918bd34b64704e71140846d35b60183d7cd
.zip
Arkview.x64.exe
.exe windows:6 windows x64 arch:x64

1a8b4ffbf9f2ebe357383289b60f9d3b

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:2d:ba:a0:52:13:f6:ea:e3:56:65:03:d3:5c:05:ad
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

28-03-2023 00:00

Not After

27-03-2026 23:59

Subject

CN=Bandisoft International Inc.,O=Bandisoft International Inc.,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:2d:ba:a0:52:13:f6:ea:e3:56:65:03:d3:5c:05:ad
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

28-03-2023 00:00

Not After

27-03-2026 23:59

Subject

CN=Bandisoft International Inc.,O=Bandisoft International Inc.,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

bb:6b:ab:53:db:a7:2f:c2:60:a1:62:d5:6a:7e:5c:e3:ad:40:7e:bd:7f:83:21:79:a8:38:2a:70:16:25:08:dc
Signer

Actual PE Digest

bb:6b:ab:53:db:a7:2f:c2:60:a1:62:d5:6a:7e:5c:e3:ad:40:7e:bd:7f:83:21:79:a8:38:2a:70:16:25:08:dc

Digest Algorithm

sha256

PE Digest Matches

true

55:a0:9d:08:0d:6c:61:d5:e5:52:d9:c1:4f:b0:95:c1:71:ce:a4:b3
Signer

Actual PE Digest

55:a0:9d:08:0d:6c:61:d5:e5:52:d9:c1:4f:b0:95:c1:71:ce:a4:b3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SetFileAttributesW
LoadLibraryExW
GetSystemDirectoryW
LoadLibraryW
WideCharToMultiByte
MultiByteToWideChar
IsDBCSLeadByteEx
WaitForSingleObject
GetCurrentProcessId
TerminateProcess
GetSystemInfo
VerSetConditionMask
VerifyVersionInfoW
Sleep
lstrcmpW
MulDiv
SetFilePointerEx
SetEndOfFile
WriteFile
DeleteCriticalSection
InitializeCriticalSectionEx
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
RaiseException
SetLastError
CreateEventW
SetEvent
ResetEvent
InitializeCriticalSection
FlushFileBuffers
GetTickCount
GetExitCodeThread
GetUserDefaultLangID
lstrcmpiW
DecodePointer
SetErrorMode
MoveFileW
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
FindFirstFileExW
GetOEMCP
GetACP
IsValidCodePage
GetCPInfo
GetStringTypeW
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetStdHandle
GetCommandLineW
GetCommandLineA
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RtlUnwind
RtlPcToFileHeader
RtlUnwindEx
WaitForSingleObjectEx
InitializeConditionVariable
SetThreadPriority
WakeConditionVariable
SleepConditionVariableCS
ExitProcess
DeleteFileA
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
LoadLibraryExA
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
IsDebuggerPresent
FindNextFileW
GetFullPathNameW
CreateDirectoryW
LocalFree
GetFileSizeEx
GetFileSize
FindClose
GetFileAttributesW
lstrlenW
DeleteFileW
GetTempFileNameW
GetTempPathW
WriteConsoleW
GetModuleFileNameW
GetCurrentProcess
FreeLibrary
GetProcAddress
GetModuleHandleW
GetSystemTimeAsFileTime
GetFileTime
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
ReadFile
SetFilePointer
CreateFileW
GetTickCount64
OutputDebugStringA
OutputDebugStringW
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
CloseHandle
GetLastError

user32

RegisterWindowMessageW
InvalidateRect
GetWindowDC
SetScrollInfo
SetScrollRange
EndPaint
BeginPaint
GetSysColor
GetWindowTextLengthW
GetFocus
EnableWindow
GetDlgItem
GetPropW
KillTimer
GetCursorPos
GetKeyState
PtInRect
UnionRect
DestroyCursor
RegisterClassW
SetTimer
CreateIconFromResource
LoadCursorFromFileW
UpdateWindow
TrackMouseEvent
SetCapture
ReleaseCapture
MessageBoxW
FindWindowW
SendMessageW
GetSystemMetrics
SystemParametersInfoW
GetWindowRect
MonitorFromRect
GetMonitorInfoW
CopyRect
MonitorFromPoint
CharNextW
MsgWaitForMultipleObjects
GetMessageW
LoadAcceleratorsW
TranslateAcceleratorW
LoadIconW
MonitorFromWindow
RemovePropW
InflateRect
OffsetRect
EqualRect
MoveWindow
GetWindowLongW
SetWindowPos
ScreenToClient
ClientToScreen
PeekMessageW
SetCursor
SetScrollPos
PostMessageW
SetPropW
CreateWindowExW
LoadCursorW
GetClassInfoExW
RegisterClassExW
UnregisterClassW
SetFocus
IsWindowEnabled
GetWindow
DestroyWindow
CharNextExA
SetWindowTextW
IntersectRect
SetWindowRgn
AdjustWindowRectEx
SetWindowLongW
ShowWindow
CallWindowProcW
GetWindowLongPtrW
SetWindowLongPtrW
DefWindowProcW
SetProcessDPIAware
SubtractRect
SetRect
SetRectEmpty
MapWindowPoints
GetClientRect
IsRectEmpty
wsprintfW
DrawTextW
ReleaseDC
GetDC
GetWindowPlacement
GetWindowTextW
IsWindowVisible
GetParent
IsWindow
PostQuitMessage
DispatchMessageW
TranslateMessage

gdi32

OffsetRgn
CreateSolidBrush
CreateCompatibleBitmap
BitBlt
ExcludeClipRect
MoveToEx
LineTo
ExtCreateRegion
CombineRgn
CreateDIBSection
CreateCompatibleDC
DeleteDC
SelectObject
SetTextColor
SetBkMode
CreateFontW
CreateRectRgn
DeleteObject
GetTextMetricsW
GetStockObject
GetObjectW
SetBkColor
ExtTextOutW
SetWindowOrgEx
GetDeviceCaps

advapi32

RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyExW
RegQueryInfoKeyW
IsTextUnicode
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

shell32

SHAppBarMessage
ShellExecuteW
CommandLineToArgvW

ole32

StgOpenStorageEx
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoUninitialize
CoInitializeEx
CoTaskMemFree
StgCreateStorageEx
CoInitialize

oleaut32

VarUI4FromStr

shlwapi

PathIsDirectoryW
StrCmpLogicalW
PathCanonicalizeW

uxtheme

OpenThemeData
DrawThemeBackground
CloseThemeData

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 726KB - Virtual size: 726KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Arkview.x86.exe
.exe windows:6 windows x86 arch:x86

e80cfee3245298c5ba73d0985ebae8a1

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:2d:ba:a0:52:13:f6:ea:e3:56:65:03:d3:5c:05:ad
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

28-03-2023 00:00

Not After

27-03-2026 23:59

Subject

CN=Bandisoft International Inc.,O=Bandisoft International Inc.,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:2d:ba:a0:52:13:f6:ea:e3:56:65:03:d3:5c:05:ad
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

28-03-2023 00:00

Not After

27-03-2026 23:59

Subject

CN=Bandisoft International Inc.,O=Bandisoft International Inc.,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

49:7d:34:e6:8f:a4:2e:c8:29:21:d2:e4:78:63:ec:7c:3d:ec:a7:f0:a7:93:75:59:b9:c4:12:a8:04:3f:dc:08
Signer

Actual PE Digest

49:7d:34:e6:8f:a4:2e:c8:29:21:d2:e4:78:63:ec:7c:3d:ec:a7:f0:a7:93:75:59:b9:c4:12:a8:04:3f:dc:08

Digest Algorithm

sha256

PE Digest Matches

true

9a:80:39:ee:24:ac:a3:f3:68:f6:3f:7a:66:fa:e8:8c:43:9a:02:e6
Signer

Actual PE Digest

9a:80:39:ee:24:ac:a3:f3:68:f6:3f:7a:66:fa:e8:8c:43:9a:02:e6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileAttributesW
LoadLibraryExW
GetSystemDirectoryW
LoadLibraryW
WideCharToMultiByte
MultiByteToWideChar
IsDBCSLeadByteEx
WaitForSingleObject
GetCurrentProcessId
TerminateProcess
GetSystemInfo
VerSetConditionMask
VerifyVersionInfoW
Sleep
lstrcmpW
MulDiv
SetFilePointerEx
SetEndOfFile
WriteFile
DeleteCriticalSection
InitializeCriticalSectionEx
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
RaiseException
SetLastError
CreateEventW
SetEvent
ResetEvent
InitializeCriticalSection
FlushFileBuffers
GetTickCount
GetExitCodeThread
GetUserDefaultLangID
lstrcmpiW
DecodePointer
SetErrorMode
MoveFileW
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
FindFirstFileExW
GetOEMCP
IsValidCodePage
GetCPInfo
GetStringTypeW
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetStdHandle
GetCommandLineW
GetCommandLineA
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RtlUnwind
WaitForSingleObjectEx
InitializeConditionVariable
SetThreadPriority
WakeConditionVariable
SleepConditionVariableCS
ExitProcess
DeleteFileA
QueryPerformanceCounter
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
IsDebuggerPresent
FindNextFileW
GetFullPathNameW
CreateDirectoryW
LocalFree
GetFileSizeEx
GetFileSize
FindClose
GetFileAttributesW
lstrlenW
DeleteFileW
GetTempFileNameW
GetTempPathW
GetModuleFileNameW
WriteConsoleW
GetCurrentProcess
FreeLibrary
GetProcAddress
GetModuleHandleW
GetSystemTimeAsFileTime
GetFileTime
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
ReadFile
SetFilePointer
CreateFileW
GetTickCount64
OutputDebugStringA
OutputDebugStringW
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
CloseHandle
GetACP
GetLastError

user32

KillTimer
RegisterWindowMessageW
InvalidateRect
GetWindowDC
SetScrollInfo
SetScrollRange
SetScrollPos
EndPaint
BeginPaint
GetSysColor
GetFocus
EnableWindow
GetDlgItem
GetPropW
RemovePropW
GetCursorPos
GetKeyState
PtInRect
RegisterClassW
DestroyCursor
SetCursor
InflateRect
PostMessageW
SetPropW
CreateWindowExW
LoadCursorW
GetClassInfoExW
SetTimer
CreateIconFromResource
LoadCursorFromFileW
UpdateWindow
TrackMouseEvent
SetCapture
ReleaseCapture
MessageBoxW
FindWindowW
SendMessageW
GetSystemMetrics
SystemParametersInfoW
GetWindowRect
MonitorFromRect
GetMonitorInfoW
CopyRect
MonitorFromPoint
CharNextW
MsgWaitForMultipleObjects
GetWindowTextLengthW
GetMessageW
LoadAcceleratorsW
TranslateAcceleratorW
LoadIconW
MonitorFromWindow
UnionRect
OffsetRect
EqualRect
TranslateMessage
MoveWindow
GetWindowLongW
SetWindowPos
ScreenToClient
ClientToScreen
RegisterClassExW
UnregisterClassW
SetFocus
IsWindowEnabled
GetWindow
DestroyWindow
CharNextExA
SetWindowTextW
IntersectRect
SetWindowRgn
AdjustWindowRectEx
ShowWindow
CallWindowProcW
SetWindowLongW
DefWindowProcW
SetProcessDPIAware
SubtractRect
SetRect
SetRectEmpty
MapWindowPoints
GetClientRect
IsRectEmpty
wsprintfW
DrawTextW
ReleaseDC
GetDC
GetWindowPlacement
GetWindowTextW
IsWindowVisible
GetParent
IsWindow
PostQuitMessage
DispatchMessageW
PeekMessageW

gdi32

OffsetRgn
CreateSolidBrush
CreateCompatibleBitmap
BitBlt
ExcludeClipRect
MoveToEx
LineTo
ExtCreateRegion
CombineRgn
CreateDIBSection
CreateCompatibleDC
DeleteDC
SelectObject
SetTextColor
SetBkMode
CreateFontW
CreateRectRgn
DeleteObject
GetDeviceCaps
ExtTextOutW
SetBkColor
GetObjectW
SetWindowOrgEx
GetStockObject
GetTextMetricsW

advapi32

RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyExW
RegQueryInfoKeyW
IsTextUnicode
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
SetNamedSecurityInfoW
SetEntriesInAclW
FreeSid
AllocateAndInitializeSid

shell32

ShellExecuteW
SHAppBarMessage
CommandLineToArgvW

ole32

CoInitialize
CoUninitialize
CoTaskMemRealloc
CoCreateInstance
CoTaskMemAlloc
CoInitializeEx
CoTaskMemFree
StgCreateStorageEx
StgOpenStorageEx

oleaut32

VarUI4FromStr

shlwapi

StrCmpLogicalW
PathIsDirectoryW
PathCanonicalizeW

uxtheme

CloseThemeData
OpenThemeData
DrawThemeBackground

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 561KB - Virtual size: 561KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bandizip.x64.exe
.exe windows:6 windows x64 arch:x64

3f531ff964c0e9b57758f9a368030814

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:2d:ba:a0:52:13:f6:ea:e3:56:65:03:d3:5c:05:ad
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

28-03-2023 00:00

Not After

27-03-2026 23:59

Subject

CN=Bandisoft International Inc.,O=Bandisoft International Inc.,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:2d:ba:a0:52:13:f6:ea:e3:56:65:03:d3:5c:05:ad
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

28-03-2023 00:00

Not After

27-03-2026 23:59

Subject

CN=Bandisoft International Inc.,O=Bandisoft International Inc.,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

c9:bc:01:74:59:ff:dc:18:a4:c2:07:e6:a9:49:71:6d:47:0c:8f:36:1f:98:92:50:b4:8c:14:a5:ef:32:f1:c2
Signer

Actual PE Digest

c9:bc:01:74:59:ff:dc:18:a4:c2:07:e6:a9:49:71:6d:47:0c:8f:36:1f:98:92:50:b4:8c:14:a5:ef:32:f1:c2

Digest Algorithm

sha256

PE Digest Matches

false

42:b8:4b:56:2c:76:90:9f:c8:04:1f:ab:9b:40:6c:bd:8e:01:2d:f9
Signer

Actual PE Digest

42:b8:4b:56:2c:76:90:9f:c8:04:1f:ab:9b:40:6c:bd:8e:01:2d:f9

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetComputerNameA
LocalAlloc
FileTimeToLocalFileTime
GetModuleHandleExW
lstrcpynW
MulDiv
VerSetConditionMask
VerifyVersionInfoW
GlobalLock
GlobalUnlock
FormatMessageW
SetFilePointerEx
SetEndOfFile
lstrlenA
RtlCaptureContext
GlobalMemoryStatusEx
CreateThread
ExitProcess
SetUnhandledExceptionFilter
CompareStringOrdinal
VirtualProtect
GlobalSize
GetSystemTime
SystemTimeToFileTime
InitializeCriticalSection
CreateEventW
SetEvent
CreateFileMappingW
MapViewOfFile
OpenFileMappingW
UnmapViewOfFile
VirtualQueryEx
GetDateFormatW
GetTimeFormatW
CompareFileTime
GetVersion
WritePrivateProfileStringW
GetWindowsDirectoryW
ResetEvent
GetUserDefaultUILanguage
GetTickCount
GetExitCodeThread
GetUserDefaultLangID
lstrcpyA
GetFileInformationByHandleEx
SetCurrentDirectoryW
GetStdHandle
SetConsoleTextAttribute
CompareStringW
MoveFileW
TerminateThread
SetPriorityClass
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
GetLongPathNameW
FreeConsole
AllocConsole
LCMapStringW
IsDebuggerPresent
GetComputerNameW
GetPrivateProfileStringW
CreateMutexW
GetSystemInfo
DecodePointer
SetErrorMode
GetCommandLineW
GetDriveTypeW
GetShortPathNameW
SetThreadPriority
lstrcatA
WaitForMultipleObjects
GetPrivateProfileIntW
ReleaseMutex
VirtualQuery
WriteConsoleW
FlushFileBuffers
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
FindFirstFileExW
SetStdHandle
GetOEMCP
GetACP
IsValidCodePage
GetCPInfo
GetStringTypeW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
GetCommandLineA
GetFileType
FreeLibraryAndExitThread
ExitThread
SetConsoleCtrlHandler
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RtlPcToFileHeader
RtlUnwindEx
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
LoadLibraryExA
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
TerminateProcess
OpenProcess
GetCurrentProcessId
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
IsDBCSLeadByteEx
MultiByteToWideChar
WideCharToMultiByte
LoadLibraryW
GetSystemDirectoryW
LoadLibraryExW
SetFileAttributesW
RemoveDirectoryW
lstrcpyW
GetFullPathNameW
CreateDirectoryW
LocalFree
GetFileSizeEx
GetFileSize
GetFileAttributesW
lstrlenW
GetTempFileNameW
GetTempPathW
GetCurrentDirectoryW
GetModuleFileNameW
GetDiskFreeSpaceW
GlobalFree
GlobalAlloc
GetCurrentThread
GetCurrentProcess
FreeLibrary
GetProcAddress
GetModuleHandleW
GetVolumeInformationW
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
FileTimeToSystemTime
GetSystemTimeAsFileTime
GetFileTime
OutputDebugStringW
DeviceIoControl
Sleep
GetTickCount64
FindClose
FindNextFileW
lstrcmpW
FindFirstFileW
CreateFileW
ReadFile
SetFilePointer
WriteFile
CloseHandle
InitializeCriticalSectionEx
DeleteCriticalSection
RaiseException
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
SetLastError
DeleteFileW
GetLastError
RtlUnwind
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
lstrcmpiW
HeapDestroy

user32

SendMessageTimeoutW
IsWindowEnabled
SetPropW
CharNextExA
GetSubMenu
GetMenuItemInfoW
ModifyMenuW
GetMenuItemID
GetMenuStringW
GetMenuItemCount
EnumChildWindows
IntersectRect
SetWindowRgn
AdjustWindowRectEx
SetProcessDPIAware
SubtractRect
RegisterClipboardFormatW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
ReleaseCapture
SetCapture
SetWindowLongW
GetClassLongW
EnumWindows
GetClassNameW
PostMessageW
wsprintfW
BringWindowToTop
SetForegroundWindow
DestroyIcon
GetForegroundWindow
GetWindowPlacement
GetWindowThreadProcessId
IsWindow
IsDialogMessageW
ClientToScreen
MonitorFromPoint
CopyRect
MonitorFromRect
SystemParametersInfoW
LoadIconW
CreateDialogIndirectParamW
GetCapture
GetMessageW
GetFocus
DrawIconEx
GetScrollInfo
ScrollWindow
RedrawWindow
TrackPopupMenu
GetMenuDefaultItem
RegisterClassW
GetPropW
RemovePropW
EnumDisplayMonitors
UnionRect
ChangeWindowMessageFilter
WaitForInputIdle
DestroyCursor
GetKeyState
CreateIconFromResource
MsgWaitForMultipleObjectsEx
GetDlgItemInt
SetDlgItemInt
DeleteMenu
InsertMenuW
GetMenu
SendMessageW
GetWindowTextLengthW
GetWindowTextW
GetWindowLongW
SetWindowPos
GetClientRect
MapWindowPoints
GetParent
SetWindowLongPtrW
CreatePopupMenu
GetSysColor
GetWindowRect
InvalidateRect
GetDlgItem
GetMonitorInfoW
MonitorFromWindow
GetWindow
SetDlgItemTextW
EnableWindow
GetActiveWindow
UnregisterClassW
DialogBoxParamW
EndDialog
CharNextW
TranslateAcceleratorW
LoadAcceleratorsW
GetKeyNameTextW
GetKeyboardLayout
MapVirtualKeyExW
GetShellWindow
EnableMenuItem
CheckMenuItem
SetWindowPlacement
CreateDialogParamW
DrawFocusRect
IsCharAlphaNumericW
MessageBoxW
DestroyMenu
LoadMenuW
TrackMouseEvent
UpdateWindow
AttachThreadInput
LoadCursorFromFileW
MoveWindow
FindWindowExW
ShowWindow
SetFocus
GetCaretPos
FindWindowW
GetClassInfoExW
RegisterClassExW
InflateRect
EqualRect
KillTimer
SetTimer
GetCursorPos
PtInRect
SetRect
OffsetRect
GetWindowDC
LoadCursorW
SetCursor
DefWindowProcW
DestroyWindow
GetDlgCtrlID
GetWindowLongPtrW
CallWindowProcW
IsWindowVisible
CallNextHookEx
SetWindowsHookExW
UnhookWindowsHookEx
SetWindowTextW
PeekMessageW
TranslateMessage
DispatchMessageW
PostQuitMessage
RegisterWindowMessageW
SetRectEmpty
GetDesktopWindow
DrawTextW
BeginPaint
EndPaint
GetSystemMetrics
CreateWindowExW
SetScrollInfo
SetScrollRange
ScreenToClient
IsRectEmpty
ReleaseDC
GetDC
SetScrollPos

gdi32

SetPixel
CombineRgn
ExtCreateRegion
LineTo
MoveToEx
OffsetRgn
CreateDIBSection
OffsetWindowOrgEx
CreateFontW
CreateRectRgn
GetDeviceCaps
GetStockObject
GetTextExtentPoint32W
ExcludeClipRect
GetTextMetricsW
DeleteDC
BitBlt
SetBkMode
SetWindowOrgEx
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
SetTextColor
ExtTextOutW
SetBkColor
CreateFontIndirectW
GetObjectW
DeleteObject
CreateSolidBrush

comdlg32

ChooseFontW
ChooseColorW
GetSaveFileNameW
GetOpenFileNameW

advapi32

CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
OpenProcessToken
GetTokenInformation
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyExW
RegQueryInfoKeyW
ConvertSidToStringSidW
IsTextUnicode
RevertToSelf
AreAllAccessesGranted
AccessCheck
ImpersonateSelf
GetFileSecurityW
OpenThreadToken

shell32

SHGetFolderPathW
ord155
SHOpenFolderAndSelectItems
ord190
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteW
DragFinish
DragQueryFileW
ShellExecuteExW
SHGetFolderLocation
SHGetSpecialFolderPathW
ExtractIconExW
Shell_NotifyIconW
DragAcceptFiles
SHGetDataFromIDListW
SHCreateDirectoryExW
ord2
ord21
ord4
SHGetSpecialFolderLocation
SHGetMalloc
SHGetDesktopFolder
ord727
SHGetFileInfoW
SHChangeNotify
SHAppBarMessage
SHFileOperationW

ole32

OleUninitialize
OleInitialize
CoInitialize
CoTaskMemRealloc
CoUninitialize
CoInitializeEx
OleCreate
OleSetContainedObject
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
CoTaskMemAlloc
CoTaskMemFree
StgOpenStorageEx
OleGetClipboard
ReleaseStgMedium
OleSetClipboard
CoCreateInstance
DoDragDrop

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString
VarUI4FromStr

shlwapi

PathIsDirectoryW
PathCanonicalizeW
StrFormatByteSizeW
StrStrW
AssocQueryStringW
PathFileExistsW
PathMatchSpecW
PathGetDriveNumberW
StrCmpLogicalW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
VerQueryValueA

comctl32

ImageList_GetIconSize
ImageList_Create
ImageList_SetBkColor
ImageList_SetIconSize
ImageList_Destroy
ord381
ImageList_Add
_TrackMouseEvent
ord17
ImageList_Remove
ImageList_GetIcon

wininet

HttpEndRequestW
InternetWriteFile
HttpSendRequestExW
HttpSendRequestW
InternetErrorDlg
HttpQueryInfoW
HttpAddRequestHeadersW
InternetConnectA
InternetSetOptionW
InternetOpenW
InternetCrackUrlA
InternetCloseHandle
HttpOpenRequestA
InternetQueryOptionW
InternetQueryDataAvailable
InternetReadFile
InternetCheckConnectionW

uxtheme

CloseThemeData
DrawThemeBackground
OpenThemeData
SetWindowTheme

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 755KB - Virtual size: 754KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 41KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

ve_share
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bandizip.x86.exe
.exe windows:6 windows x86 arch:x86

dae7d30d77b52f2f2199a0d1c9d90a92

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:2d:ba:a0:52:13:f6:ea:e3:56:65:03:d3:5c:05:ad
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

28-03-2023 00:00

Not After

27-03-2026 23:59

Subject

CN=Bandisoft International Inc.,O=Bandisoft International Inc.,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:2d:ba:a0:52:13:f6:ea:e3:56:65:03:d3:5c:05:ad
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

28-03-2023 00:00

Not After

27-03-2026 23:59

Subject

CN=Bandisoft International Inc.,O=Bandisoft International Inc.,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

19:f6:2c:d5:75:63:ab:d7:69:3d:7f:72:36:a9:80:9d:2e:43:a4:10:a0:4d:83:3b:bf:29:92:cd:20:03:0e:53
Signer

Actual PE Digest

19:f6:2c:d5:75:63:ab:d7:69:3d:7f:72:36:a9:80:9d:2e:43:a4:10:a0:4d:83:3b:bf:29:92:cd:20:03:0e:53

Digest Algorithm

sha256

PE Digest Matches

false

95:60:fe:c8:7d:cc:84:3d:32:ed:0f:bd:f0:db:0a:b4:49:83:29:e0
Signer

Actual PE Digest

95:60:fe:c8:7d:cc:84:3d:32:ed:0f:bd:f0:db:0a:b4:49:83:29:e0

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetComputerNameA
LocalAlloc
FileTimeToLocalFileTime
GetModuleHandleExW
lstrcpynW
MulDiv
VerSetConditionMask
VerifyVersionInfoW
GlobalLock
GlobalUnlock
FormatMessageW
SetFilePointerEx
SetEndOfFile
lstrlenA
CreateThread
ExitProcess
SetUnhandledExceptionFilter
CompareStringOrdinal
VirtualProtect
GlobalSize
GetSystemTime
SystemTimeToFileTime
InitializeCriticalSection
CreateEventW
SetEvent
CreateFileMappingW
MapViewOfFile
OpenFileMappingW
UnmapViewOfFile
VirtualQueryEx
GetDateFormatW
GetTimeFormatW
CompareFileTime
GetVersion
WritePrivateProfileStringW
GetWindowsDirectoryW
ResetEvent
GetUserDefaultUILanguage
GetTickCount
GetExitCodeThread
GetUserDefaultLangID
lstrcpyA
GetFileInformationByHandleEx
SetCurrentDirectoryW
GetStdHandle
SetConsoleTextAttribute
CompareStringW
MoveFileW
GlobalMemoryStatusEx
TerminateThread
SetPriorityClass
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
GetLongPathNameW
FreeConsole
AllocConsole
LCMapStringW
GetSystemInfo
GetComputerNameW
GetPrivateProfileStringW
CreateMutexW
lstrcmpiW
DecodePointer
SetErrorMode
GetCommandLineW
GetDriveTypeW
GetShortPathNameW
SetThreadPriority
lstrcatA
WaitForMultipleObjects
GetPrivateProfileIntW
ReleaseMutex
WriteConsoleW
FlushFileBuffers
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
FindFirstFileExW
SetStdHandle
GetOEMCP
GetACP
IsValidCodePage
GetCPInfo
GetStringTypeW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
GetCommandLineA
GetFileType
FreeLibraryAndExitThread
ExitThread
SetConsoleCtrlHandler
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RtlUnwind
QueryPerformanceCounter
GetStartupInfoW
UnhandledExceptionFilter
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
TerminateProcess
OpenProcess
GetCurrentProcessId
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
IsDBCSLeadByteEx
MultiByteToWideChar
WideCharToMultiByte
LoadLibraryW
GetSystemDirectoryW
LoadLibraryExW
SetFileAttributesW
RemoveDirectoryW
lstrcpyW
GetFullPathNameW
CreateDirectoryW
LocalFree
GetFileSizeEx
GetFileSize
GetFileAttributesW
lstrlenW
GetTempFileNameW
GetTempPathW
GetCurrentDirectoryW
GetModuleFileNameW
GetDiskFreeSpaceW
GlobalFree
GlobalAlloc
GetCurrentThread
GetCurrentProcess
FreeLibrary
GetProcAddress
GetModuleHandleW
GetVolumeInformationW
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
FileTimeToSystemTime
GetSystemTimeAsFileTime
GetFileTime
OutputDebugStringW
DeviceIoControl
Sleep
GetTickCount64
FindClose
FindNextFileW
lstrcmpW
FindFirstFileW
CreateFileW
ReadFile
SetFilePointer
WriteFile
CloseHandle
InitializeCriticalSectionEx
DeleteCriticalSection
RaiseException
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
SetLastError
DeleteFileW
GetLastError
FindResourceExW
FindResourceW
LoadResource
VirtualQuery
LockResource
SizeofResource
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
IsDebuggerPresent
HeapDestroy

user32

SendMessageTimeoutW
IsWindowEnabled
SetPropW
CharNextExA
GetSubMenu
GetMenuItemInfoW
ModifyMenuW
GetMenuItemID
GetMenuStringW
GetMenuItemCount
EnumChildWindows
IntersectRect
SetWindowRgn
AdjustWindowRectEx
SetProcessDPIAware
SubtractRect
RegisterClipboardFormatW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
ReleaseCapture
SetCapture
GetClassLongW
EnumWindows
GetClassNameW
PostMessageW
wsprintfW
BringWindowToTop
SetForegroundWindow
AttachThreadInput
GetForegroundWindow
GetWindowPlacement
DestroyIcon
IsWindow
IsDialogMessageW
ClientToScreen
MonitorFromPoint
CopyRect
MonitorFromRect
SystemParametersInfoW
FindWindowW
GetClassInfoExW
RegisterClassExW
InflateRect
EqualRect
KillTimer
SetTimer
LoadIconW
CreateDialogIndirectParamW
GetCapture
GetMessageW
GetFocus
DrawIconEx
ScrollWindow
RedrawWindow
CreatePopupMenu
TrackPopupMenu
GetMenuDefaultItem
RegisterClassW
GetPropW
RemovePropW
EnumDisplayMonitors
MsgWaitForMultipleObjectsEx
GetDlgItemInt
SetDlgItemInt
DeleteMenu
InsertMenuW
GetMenu
CharNextW
TranslateAcceleratorW
LoadAcceleratorsW
GetKeyNameTextW
GetKeyboardLayout
MapVirtualKeyExW
SendMessageW
GetWindowTextLengthW
GetScrollInfo
GetWindowTextW
GetWindowLongW
SetWindowLongW
SetWindowPos
GetClientRect
MapWindowPoints
GetParent
GetSysColor
GetWindowRect
InvalidateRect
GetDlgItem
GetMonitorInfoW
MonitorFromWindow
GetWindow
SetDlgItemTextW
EnableWindow
GetActiveWindow
UnregisterClassW
DialogBoxParamW
EndDialog
GetShellWindow
EnableMenuItem
CheckMenuItem
SetWindowPlacement
CreateDialogParamW
DrawFocusRect
IsCharAlphaNumericW
MessageBoxW
DestroyMenu
LoadMenuW
TrackMouseEvent
UpdateWindow
LoadCursorFromFileW
CreateIconFromResource
GetKeyState
DestroyCursor
WaitForInputIdle
ChangeWindowMessageFilter
GetWindowThreadProcessId
UnionRect
MoveWindow
FindWindowExW
ShowWindow
SetFocus
GetCaretPos
GetCursorPos
PtInRect
SetRect
OffsetRect
GetWindowDC
SetScrollInfo
SetScrollRange
ScreenToClient
IsRectEmpty
ReleaseDC
GetDC
SetScrollPos
LoadCursorW
SetCursor
DefWindowProcW
DestroyWindow
GetDlgCtrlID
CallWindowProcW
IsWindowVisible
CallNextHookEx
SetWindowsHookExW
UnhookWindowsHookEx
SetWindowTextW
PeekMessageW
TranslateMessage
DispatchMessageW
PostQuitMessage
RegisterWindowMessageW
SetRectEmpty
GetDesktopWindow
DrawTextW
BeginPaint
EndPaint
GetSystemMetrics
CreateWindowExW

gdi32

SetPixel
CombineRgn
ExtCreateRegion
LineTo
MoveToEx
OffsetRgn
CreateDIBSection
OffsetWindowOrgEx
CreateFontW
CreateRectRgn
GetDeviceCaps
GetStockObject
GetTextExtentPoint32W
ExcludeClipRect
GetTextMetricsW
DeleteDC
BitBlt
SetBkMode
SetWindowOrgEx
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
SetTextColor
ExtTextOutW
SetBkColor
CreateFontIndirectW
GetObjectW
DeleteObject
CreateSolidBrush

comdlg32

ChooseFontW
ChooseColorW
GetSaveFileNameW
GetOpenFileNameW

advapi32

CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
FreeSid
SetEntriesInAclW
SetNamedSecurityInfoW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyExW
RegQueryInfoKeyW
ConvertSidToStringSidW
IsTextUnicode
RevertToSelf
AreAllAccessesGranted
AccessCheck
ImpersonateSelf
GetFileSecurityW
OpenThreadToken

shell32

SHGetFolderPathW
ord155
SHOpenFolderAndSelectItems
ord190
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteW
DragFinish
DragQueryFileW
ShellExecuteExW
SHGetFolderLocation
SHGetSpecialFolderPathW
ExtractIconExW
Shell_NotifyIconW
DragAcceptFiles
SHGetDataFromIDListW
SHCreateDirectoryExW
ord2
ord4
SHGetSpecialFolderLocation
SHGetMalloc
SHGetDesktopFolder
ord727
SHGetFileInfoW
ord21
SHChangeNotify
SHAppBarMessage
SHFileOperationW

ole32

OleUninitialize
OleInitialize
CoInitialize
CoTaskMemRealloc
CoUninitialize
CoInitializeEx
OleCreate
OleSetContainedObject
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
DoDragDrop
CoTaskMemAlloc
CoTaskMemFree
StgOpenStorageEx
OleGetClipboard
ReleaseStgMedium
CoCreateInstance
OleSetClipboard

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString
VarUI4FromStr

shlwapi

PathIsDirectoryW
PathCanonicalizeW
StrFormatByteSizeW
StrStrW
AssocQueryStringW
PathFileExistsW
PathMatchSpecW
PathGetDriveNumberW
StrCmpLogicalW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
VerQueryValueA

comctl32

ImageList_GetIconSize
ImageList_Create
ImageList_SetBkColor
ImageList_SetIconSize
ImageList_Destroy
ord381
ImageList_Add
_TrackMouseEvent
ord17
ImageList_Remove
ImageList_GetIcon

wininet

HttpEndRequestW
InternetWriteFile
HttpSendRequestExW
HttpSendRequestW
InternetErrorDlg
HttpQueryInfoW
HttpAddRequestHeadersW
InternetConnectA
InternetSetOptionW
InternetOpenW
InternetCrackUrlA
InternetCloseHandle
HttpOpenRequestA
InternetQueryOptionW
InternetQueryDataAvailable
InternetReadFile
InternetCheckConnectionW

uxtheme

CloseThemeData
DrawThemeBackground
OpenThemeData
SetWindowTheme

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 505KB - Virtual size: 505KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ve_share
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VersionNo.ini
ark.x64.dll
.dll windows:6 windows x64 arch:x64

4505eaaec60a898c962e3b3a38096d99

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:2d:ba:a0:52:13:f6:ea:e3:56:65:03:d3:5c:05:ad
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

28-03-2023 00:00

Not After

27-03-2026 23:59

Subject

CN=Bandisoft International Inc.,O=Bandisoft International Inc.,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:2d:ba:a0:52:13:f6:ea:e3:56:65:03:d3:5c:05:ad
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

28-03-2023 00:00

Not After

27-03-2026 23:59

Subject

CN=Bandisoft International Inc.,O=Bandisoft International Inc.,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

a9:c8:ae:0d:7b:63:c1:bc:e1:43:cf:90:41:f1:e1:45:27:58:b0:51:4e:ee:fa:81:fd:ef:9d:d3:bd:b1:e2:a4
Signer

Actual PE Digest

a9:c8:ae:0d:7b:63:c1:bc:e1:43:cf:90:41:f1:e1:45:27:58:b0:51:4e:ee:fa:81:fd:ef:9d:d3:bd:b1:e2:a4

Digest Algorithm

sha256

PE Digest Matches

true

f1:c7:36:ba:cb:c8:5f:45:80:ff:21:14:2f:88:48:ae:3a:df:6c:2e
Signer

Actual PE Digest

f1:c7:36:ba:cb:c8:5f:45:80:ff:21:14:2f:88:48:ae:3a:df:6c:2e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

RaiseException
EnterCriticalSection
LeaveCriticalSection
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
lstrlenW
GetModuleFileNameW
lstrcatW
WideCharToMultiByte
lstrcpyW
SetFileAttributesW
GetFileSizeEx
CreateFileW
CloseHandle
GetFileAttributesW
GetCurrentThread
FileTimeToSystemTime
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
GetFileAttributesExW
Sleep
IsNormalizedString
NormalizeString
GetSystemInfo
GlobalMemoryStatusEx
lstrcpynW
MultiByteToWideChar
InitializeCriticalSectionEx
lstrlenA
GetFullPathNameW
CreateDirectoryW
lstrcpyA
GetCurrentDirectoryW
SetCurrentDirectoryW
CreateHardLinkW
DeleteFileW
RemoveDirectoryW
CreateSymbolicLinkW
GetTickCount
FindFirstFileW
FindClose
GetFileInformationByHandle
FlushFileBuffers
CreateFileA
GetDriveTypeW
GetFileTime
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
CompareStringW
lstrcpynA
FreeLibrary
LoadLibraryW
GetProcAddress
SetFileTime
WriteFile
ReadFile
WaitForSingleObject
SetFilePointerEx
LocalFileTimeToFileTime
MoveFileW
DeviceIoControl
GetFileInformationByHandleEx
lstrcmpW
InitializeCriticalSection
CreateEventW
SetEvent
ResetEvent
VirtualAlloc
VirtualFree
SetEndOfFile
SetFileInformationByHandle
SetLastError
GetTickCount64
GetFileType
SetFilePointer
CreateMutexW
IsDebuggerPresent
CreateSemaphoreW
ReleaseSemaphore
GetThreadId
SetThreadPriority
SetThreadAffinityMask
ResumeThread
GetSystemDirectoryW
GetLocaleInfoW
GetCPInfo
IsDBCSLeadByte
CreateThread
GetProcessAffinityMask
RtlUnwindEx
RtlPcToFileHeader
InterlockedFlushSList
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
PeekNamedPipe
ExitThread
FreeLibraryAndExitThread
SetStdHandle
QueryPerformanceFrequency
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetConsoleMode
ReadConsoleW
GetStringTypeW
GetConsoleOutputCP
WriteConsoleW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
WaitForSingleObjectEx
GetExitCodeThread
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
LCMapStringEx
OutputDebugStringW
DeleteCriticalSection
DecodePointer
GetLastError
InitializeCriticalSectionAndSpinCount
GetCurrentProcessId
SetConsoleTextAttribute
ReleaseMutex
GetStdHandle

user32

SendMessageW
FindWindowW
MessageBoxW

advapi32

AccessCheck
RevertToSelf
ImpersonateSelf
GetFileSecurityW
AreAllAccessesGranted
SystemFunction036
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
OpenThreadToken

oleaut32

SysFreeString
SysAllocStringLen
SysStringLen
SysAllocString
VariantClear

shlwapi

PathIsDirectoryW
PathCanonicalizeW

Exports

Exports

CreateArk
CreateArkCompressor

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 499KB - Virtual size: 498KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ark.x64.lgpl.dll
.dll windows:6 windows x64 arch:x64

b02969bc5c023cddb8525ae357478a46

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:2d:ba:a0:52:13:f6:ea:e3:56:65:03:d3:5c:05:ad
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

28-03-2023 00:00

Not After

27-03-2026 23:59

Subject

CN=Bandisoft International Inc.,O=Bandisoft International Inc.,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:2d:ba:a0:52:13:f6:ea:e3:56:65:03:d3:5c:05:ad
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

28-03-2023 00:00

Not After

27-03-2026 23:59

Subject

CN=Bandisoft International Inc.,O=Bandisoft International Inc.,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

ac:d2:82:64:4b:7b:83:f0:4b:63:62:99:43:20:c5:ed:d1:55:a5:f8:d6:d9:65:7d:5d:ce:81:f8:1d:52:9c:7b
Signer

Actual PE Digest

ac:d2:82:64:4b:7b:83:f0:4b:63:62:99:43:20:c5:ed:d1:55:a5:f8:d6:d9:65:7d:5d:ce:81:f8:1d:52:9c:7b

Digest Algorithm

sha256

PE Digest Matches

true

9f:52:b8:ef:03:ce:c9:2e:c7:a0:92:d9:6c:9f:bf:76:2c:ce:27:5b
Signer

Actual PE Digest

9f:52:b8:ef:03:ce:c9:2e:c7:a0:92:d9:6c:9f:bf:76:2c:ce:27:5b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemTimeAsFileTime
CompareFileTime
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
GetTickCount
MultiByteToWideChar
GetLastError
WideCharToMultiByte
GetCurrentProcess
GetProcessAffinityMask
GetSystemInfo
GlobalMemoryStatusEx
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
WaitForSingleObject
CreateEventW
SetEvent
ResetEvent
CreateSemaphoreW
ReleaseSemaphore
InitializeCriticalSection
HeapFree
InitializeCriticalSectionEx
HeapSize
HeapReAlloc
HeapAlloc
GetProcessHeap
WriteConsoleW
SetEndOfFile
SetStdHandle
CreateFileW
GetStringTypeW
CloseHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsDebuggerPresent
OutputDebugStringW
RaiseException
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
GetModuleHandleW
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
InterlockedFlushSList
SetLastError
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
CreateThread
ExitThread
FreeLibraryAndExitThread
ReadFile
GetModuleFileNameW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
GetConsoleMode
ReadConsoleW
WriteFile
GetConsoleOutputCP
GetFileSizeEx
SetFilePointerEx
GetStdHandle
GetFileType
FlushFileBuffers
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
RtlUnwind

user32

CharUpperW

advapi32

SystemFunction036

oleaut32

VariantClear
SysStringLen
SysFreeString
SysAllocStringLen

Exports

Exports

AllocWinZipJPEGDecompressor
AreMoreWinZipJPEGBytesAvailable
AreMoreWinZipJPEGSlicesAvailable
Create7zArc
CreatePackMP3
EncodeWinZipJPEGBlocksToBuffer
FreeWinZipJPEGDecompressor
GetArkLPGLVersion
IsFinalWinZipJPEGBundle
ReadNextWinZipJPEGBundle
ReadNextWinZipJPEGSlice
ReadWinZipJPEGHeader
WinZipJPEGBundleMetadataBytes
WinZipJPEGBundleMetadataLength
lzxd_decompress
lzxd_free
lzxd_init
lzxd_set_output_length
qtmd_decompress
qtmd_free
qtmd_init

Sections

.text
Size: 458KB - Virtual size: 457KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 98KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ark.x86.dll
.dll windows:6 windows x86 arch:x86

3eb40eb50544c6b68429de942caf7eee

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:2d:ba:a0:52:13:f6:ea:e3:56:65:03:d3:5c:05:ad
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

28-03-2023 00:00

Not After

27-03-2026 23:59

Subject

CN=Bandisoft International Inc.,O=Bandisoft International Inc.,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:2d:ba:a0:52:13:f6:ea:e3:56:65:03:d3:5c:05:ad
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

28-03-2023 00:00

Not After

27-03-2026 23:59

Subject

CN=Bandisoft International Inc.,O=Bandisoft International Inc.,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7c:1c:03:c1:e2:af:22:45:0f:ff:cb:88:ed:ec:34:04:36:1a:16:cc:b1:a0:f3:18:44:f2:77:1e:0d:ee:12:23
Signer

Actual PE Digest

7c:1c:03:c1:e2:af:22:45:0f:ff:cb:88:ed:ec:34:04:36:1a:16:cc:b1:a0:f3:18:44:f2:77:1e:0d:ee:12:23

Digest Algorithm

sha256

PE Digest Matches

true

e7:f0:35:b4:1b:18:4b:08:8c:ed:64:15:d9:f7:55:e7:cf:ac:24:90
Signer

Actual PE Digest

e7:f0:35:b4:1b:18:4b:08:8c:ed:64:15:d9:f7:55:e7:cf:ac:24:90

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

RaiseException
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
lstrlenW
GetModuleFileNameW
lstrcatW
WideCharToMultiByte
lstrcpyW
SetFileAttributesW
GetFileSizeEx
CreateFileW
CloseHandle
GetFileAttributesW
GetCurrentThread
FileTimeToSystemTime
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
GetFileAttributesExW
Sleep
IsNormalizedString
NormalizeString
GetSystemInfo
GlobalMemoryStatusEx
lstrcpynW
MultiByteToWideChar
InitializeCriticalSectionEx
lstrlenA
GetFullPathNameW
CreateDirectoryW
lstrcpyA
GetCurrentDirectoryW
SetCurrentDirectoryW
CreateHardLinkW
DeleteFileW
RemoveDirectoryW
CreateSymbolicLinkW
GetTickCount
FindFirstFileW
FindClose
GetFileInformationByHandle
FlushFileBuffers
CreateFileA
GetDriveTypeW
GetFileTime
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
CompareStringW
lstrcpynA
FreeLibrary
LoadLibraryW
GetProcAddress
SetFileTime
WriteFile
ReadFile
WaitForSingleObject
SetFilePointerEx
LocalFileTimeToFileTime
MoveFileW
DeviceIoControl
GetFileInformationByHandleEx
lstrcmpW
InitializeCriticalSection
CreateEventW
SetEvent
ResetEvent
VirtualAlloc
VirtualFree
SetEndOfFile
SetFileInformationByHandle
SetLastError
GetTickCount64
GetFileType
SetFilePointer
CreateMutexW
ReleaseMutex
CreateSemaphoreW
ReleaseSemaphore
IsDebuggerPresent
SetThreadPriority
SetThreadAffinityMask
ResumeThread
GetSystemDirectoryW
GetLocaleInfoW
GetCPInfo
IsDBCSLeadByte
CreateThread
GetProcessAffinityMask
GetModuleHandleA
GlobalMemoryStatus
GetVersion
RtlUnwind
InterlockedFlushSList
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
PeekNamedPipe
ExitThread
FreeLibraryAndExitThread
SetStdHandle
QueryPerformanceFrequency
LCMapStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetConsoleMode
ReadConsoleW
GetStringTypeW
GetConsoleOutputCP
WriteConsoleW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
WaitForSingleObjectEx
GetExitCodeThread
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
LCMapStringEx
OutputDebugStringW
DeleteCriticalSection
DecodePointer
GetLastError
InitializeCriticalSectionAndSpinCount
GetCurrentProcessId
SetConsoleTextAttribute
GetThreadId
GetStdHandle

user32

FindWindowW
SendMessageW
MessageBoxW

advapi32

AccessCheck
RevertToSelf
ImpersonateSelf
GetFileSecurityW
AreAllAccessesGranted
SystemFunction036
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
OpenThreadToken

oleaut32

SysStringLen
SysAllocString
VariantClear
SysAllocStringLen
SysFreeString

shlwapi

PathIsDirectoryW
PathCanonicalizeW

Exports

Exports

CreateArk
CreateArkCompressor

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 386KB - Virtual size: 385KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ark.x86.lgpl.dll
.dll windows:6 windows x86 arch:x86

6a9e7d33ad8fb59db61d1969e2a539b1

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:2d:ba:a0:52:13:f6:ea:e3:56:65:03:d3:5c:05:ad
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

28-03-2023 00:00

Not After

27-03-2026 23:59

Subject

CN=Bandisoft International Inc.,O=Bandisoft International Inc.,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:2d:ba:a0:52:13:f6:ea:e3:56:65:03:d3:5c:05:ad
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

28-03-2023 00:00

Not After

27-03-2026 23:59

Subject

CN=Bandisoft International Inc.,O=Bandisoft International Inc.,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

39:ee:f8:b5:df:d4:fc:24:f8:cf:25:f4:cc:41:64:50:2c:cb:06:69:87:dd:09:7f:50:39:77:33:dd:7b:64:3b
Signer

Actual PE Digest

39:ee:f8:b5:df:d4:fc:24:f8:cf:25:f4:cc:41:64:50:2c:cb:06:69:87:dd:09:7f:50:39:77:33:dd:7b:64:3b

Digest Algorithm

sha256

PE Digest Matches

true

45:02:90:1e:a6:4f:90:d2:b5:4e:a4:b0:75:93:49:0b:6e:c9:04:42
Signer

Actual PE Digest

45:02:90:1e:a6:4f:90:d2:b5:4e:a4:b0:75:93:49:0b:6e:c9:04:42

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemTimeAsFileTime
CompareFileTime
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcessId
GetCurrentThreadId
LoadLibraryW
GetProcAddress
FreeLibrary
QueryPerformanceCounter
GetTickCount
MultiByteToWideChar
GetLastError
WideCharToMultiByte
GetCurrentProcess
GetProcessAffinityMask
GetSystemInfo
GetModuleHandleA
GlobalMemoryStatus
VirtualAlloc
VirtualFree
GetVersion
IsProcessorFeaturePresent
CloseHandle
WaitForSingleObject
CreateEventW
SetEvent
ResetEvent
CreateSemaphoreW
ReleaseSemaphore
InitializeCriticalSection
HeapFree
InitializeCriticalSectionEx
HeapSize
HeapReAlloc
HeapAlloc
DecodePointer
GetProcessHeap
SetEndOfFile
SetStdHandle
CreateFileW
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsDebuggerPresent
OutputDebugStringW
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
GetModuleHandleW
InitializeSListHead
RtlUnwind
InterlockedFlushSList
SetLastError
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
CreateThread
ExitThread
FreeLibraryAndExitThread
ReadFile
GetModuleFileNameW
LCMapStringW
GetConsoleMode
ReadConsoleW
WriteFile
GetConsoleOutputCP
GetFileSizeEx
SetFilePointerEx
GetStdHandle
GetFileType
FlushFileBuffers
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
WriteConsoleW

user32

CharUpperW

oleaut32

VariantClear
SysStringLen
SysFreeString
SysAllocStringLen

Exports

Exports

AllocWinZipJPEGDecompressor
AreMoreWinZipJPEGBytesAvailable
AreMoreWinZipJPEGSlicesAvailable
Create7zArc
CreatePackMP3
EncodeWinZipJPEGBlocksToBuffer
FreeWinZipJPEGDecompressor
GetArkLPGLVersion
IsFinalWinZipJPEGBundle
ReadNextWinZipJPEGBundle
ReadNextWinZipJPEGSlice
ReadWinZipJPEGHeader
WinZipJPEGBundleMetadataBytes
WinZipJPEGBundleMetadataLength
lzxd_decompress
lzxd_free
lzxd_init
lzxd_set_output_length
qtmd_decompress
qtmd_free
qtmd_init

Sections

.text
Size: 409KB - Virtual size: 408KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 94KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bdzsfx.x86.sfx
.exe windows:6 windows x86 arch:x86

366665a8afe76046e7aff35b7aaab5de

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpW
MulDiv
SetFilePointerEx
GetFileSizeEx
SetFileAttributesW
DeleteFileW
SetFileTime
SetEndOfFile
WriteFile
lstrcpyW
GetVersion
SetFileInformationByHandle
DeviceIoControl
SetLastError
lstrlenW
GetFullPathNameW
lstrcatW
WaitForSingleObject
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateEventW
SetEvent
ResetEvent
CreateDirectoryW
GetCurrentDirectoryW
SetCurrentDirectoryW
CreateHardLinkW
RemoveDirectoryW
CreateSymbolicLinkW
VirtualAlloc
VirtualFree
GetModuleFileNameW
GetFileAttributesW
GetCurrentThread
FileTimeToSystemTime
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
Sleep
IsNormalizedString
NormalizeString
GlobalMemoryStatusEx
CompareStringW
CreateFileA
GetDriveTypeW
FlushFileBuffers
GetTickCount
FindClose
GlobalFree
GetSystemDirectoryW
LoadLibraryW
LocalFree
MultiByteToWideChar
lstrcmpiW
InitializeCriticalSectionEx
RaiseException
GetCurrentThreadId
GetUserDefaultLangID
DecodePointer
GetConsoleOutputCP
GetStringTypeW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
SetStdHandle
GetConsoleMode
LCMapStringW
GetStdHandle
GetCommandLineW
GetCommandLineA
ExitProcess
GetFileType
FreeLibraryAndExitThread
ExitThread
CreateThread
TlsFree
WriteConsoleW
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
LoadLibraryExA
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
WideCharToMultiByte
ReadFile
CreateFileW
FindResourceExW
LoadResource
FindResourceW
LockResource
SizeofResource
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
GetLastError
FreeLibrary
lstrcpynW
GetModuleHandleExW
CloseHandle
GetCurrentProcess
GetModuleHandleW
LoadLibraryExW
GetProcAddress
EncodePointer
OutputDebugStringW
IsDebuggerPresent

user32

SendMessageW
RegisterWindowMessageW
GetDC
SetFocus
EndDialog
KillTimer
EnableWindow
SetTimer
SetDlgItemTextW
PostMessageW
MessageBoxW
GetWindow
MonitorFromWindow
GetMonitorInfoW
GetClientRect
LoadIconW
GetWindowTextW
DialogBoxParamW
UnregisterClassW
GetActiveWindow
CharNextW
DispatchMessageW
TranslateMessage
PostQuitMessage
PeekMessageW
InvalidateRect
ScreenToClient
GetDlgItem
CreateWindowExW
DestroyWindow
MoveWindow
EnumChildWindows
SetWindowLongW
GetWindowLongW
FindWindowExW
GetClassNameW
MapWindowPoints
SetWindowTextW
GetDlgCtrlID
GetParent
SetWindowPos
SystemParametersInfoW
MonitorFromPoint
SetProcessDPIAware
GetWindowRect
ReleaseDC
GetWindowTextLengthW

gdi32

CreateFontW
DeleteObject
GetStockObject
GetDeviceCaps
GetObjectW

advapi32

RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
AreAllAccessesGranted
AccessCheck
OpenThreadToken
RevertToSelf
ImpersonateSelf
GetFileSecurityW
GetTokenInformation
OpenProcessToken

shell32

CommandLineToArgvW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW

ole32

CoInitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
CoUninitialize

oleaut32

VarUI4FromStr

shlwapi

PathCanonicalizeW
PathIsDirectoryW

Sections

.text
Size: 233KB - Virtual size: 233KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ve_share
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bz.x64.exe
.exe windows:6 windows x64 arch:x64

ca4a8be53a7b4109fdd0fde391cd514c

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:2d:ba:a0:52:13:f6:ea:e3:56:65:03:d3:5c:05:ad
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

28-03-2023 00:00

Not After

27-03-2026 23:59

Subject

CN=Bandisoft International Inc.,O=Bandisoft International Inc.,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:2d:ba:a0:52:13:f6:ea:e3:56:65:03:d3:5c:05:ad
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

28-03-2023 00:00

Not After

27-03-2026 23:59

Subject

CN=Bandisoft International Inc.,O=Bandisoft International Inc.,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

df:3c:2f:ed:2a:4e:22:42:01:69:59:dd:09:12:a3:f2:e8:94:ae:18:56:81:6f:b4:f1:4b:05:82:9d:29:f0:dd
Signer

Actual PE Digest

df:3c:2f:ed:2a:4e:22:42:01:69:59:dd:09:12:a3:f2:e8:94:ae:18:56:81:6f:b4:f1:4b:05:82:9d:29:f0:dd

Digest Algorithm

sha256

PE Digest Matches

true

48:41:a3:ef:88:3c:3a:68:ae:a5:61:16:e8:0c:3f:c6:ff:98:f6:b9
Signer

Actual PE Digest

48:41:a3:ef:88:3c:3a:68:ae:a5:61:16:e8:0c:3f:c6:ff:98:f6:b9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

lstrlenW
GetFileAttributesW
FindFirstFileW
FindClose
GetFileSizeEx
LocalFree
GetFullPathNameW
FindNextFileW
RemoveDirectoryW
SetFileAttributesW
LoadLibraryExW
GetSystemDirectoryW
LoadLibraryW
WideCharToMultiByte
MultiByteToWideChar
IsDBCSLeadByteEx
WaitForSingleObject
GetCurrentProcessId
OpenProcess
TerminateProcess
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
SizeofResource
LockResource
LoadResource
FindResourceExW
FindResourceW
FormatMessageW
SetFilePointerEx
WriteFile
lstrlenA
RtlCaptureContext
GlobalMemoryStatusEx
CreateThread
ExitProcess
SetUnhandledExceptionFilter
GetCurrentThreadId
Sleep
GetFileInformationByHandle
GetFileInformationByHandleEx
DeleteFileW
GetStdHandle
GetConsoleScreenBufferInfo
FillConsoleOutputCharacterW
MoveFileW
SetConsoleCtrlHandler
FlushFileBuffers
InitializeCriticalSectionEx
DeleteCriticalSection
GetPrivateProfileIntW
WriteConsoleW
ReadConsoleW
GetStringTypeW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
FindFirstFileExW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetConsoleMode
GetConsoleOutputCP
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetCommandLineW
GetCommandLineA
PeekNamedPipe
GetFileType
GetDriveTypeW
GetModuleHandleExW
TlsFree
RtlUnwind
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
EncodePointer
SetLastError
GetTempFileNameW
GetTempPathW
GetCurrentDirectoryW
GetModuleFileNameW
GetCurrentProcess
GetCurrentThread
FreeLibrary
GetProcAddress
GetModuleHandleW
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
FileTimeToSystemTime
GetSystemTimeAsFileTime
GetFileTime
ReadFile
CreateFileW
GetTickCount64
OutputDebugStringW
CloseHandle
GetLastError
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
LeaveCriticalSection
EnterCriticalSection
RaiseException
IsDebuggerPresent

user32

SendMessageW
FindWindowW
wsprintfW
MessageBoxW
RegisterWindowMessageW
CharNextExA

advapi32

IsTextUnicode
GetTokenInformation
OpenProcessToken

shlwapi

PathCanonicalizeW
PathIsDirectoryW
PathFileExistsW
PathMatchSpecW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wininet

HttpOpenRequestA
HttpEndRequestW
InternetWriteFile
HttpSendRequestExW
HttpSendRequestW
InternetErrorDlg
InternetQueryDataAvailable
HttpAddRequestHeadersW
InternetConnectA
InternetSetOptionW
InternetOpenW
InternetCrackUrlA
InternetCloseHandle
InternetQueryOptionW
InternetReadFile
HttpQueryInfoW

Sections

.text
Size: 376KB - Virtual size: 375KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bz.x86.exe
.exe windows:6 windows x86 arch:x86

bbb3f184ba5d2f1294c85719e89a01c4

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:2d:ba:a0:52:13:f6:ea:e3:56:65:03:d3:5c:05:ad
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

28-03-2023 00:00

Not After

27-03-2026 23:59

Subject

CN=Bandisoft International Inc.,O=Bandisoft International Inc.,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:2d:ba:a0:52:13:f6:ea:e3:56:65:03:d3:5c:05:ad
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

28-03-2023 00:00

Not After

27-03-2026 23:59

Subject

CN=Bandisoft International Inc.,O=Bandisoft International Inc.,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

43:a1:c6:ca:1a:a0:b6:88:44:1e:50:6a:aa:26:f0:cc:26:60:54:25:e9:19:ec:c6:0d:10:0b:54:86:1d:37:8f
Signer

Actual PE Digest

43:a1:c6:ca:1a:a0:b6:88:44:1e:50:6a:aa:26:f0:cc:26:60:54:25:e9:19:ec:c6:0d:10:0b:54:86:1d:37:8f

Digest Algorithm

sha256

PE Digest Matches

true

27:27:a3:d0:96:f5:f6:45:be:05:15:91:ef:6f:29:34:cc:54:78:70
Signer

Actual PE Digest

27:27:a3:d0:96:f5:f6:45:be:05:15:91:ef:6f:29:34:cc:54:78:70

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenW
GetFileAttributesW
FindFirstFileW
FindClose
GetFileSizeEx
LocalFree
GetFullPathNameW
FindNextFileW
RemoveDirectoryW
SetFileAttributesW
LoadLibraryExW
GetSystemDirectoryW
LoadLibraryW
WideCharToMultiByte
MultiByteToWideChar
IsDBCSLeadByteEx
WaitForSingleObject
GetCurrentProcessId
TerminateProcess
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
SizeofResource
LockResource
LoadResource
FindResourceExW
FindResourceW
FormatMessageW
SetFilePointerEx
WriteFile
lstrlenA
CreateThread
ExitProcess
SetUnhandledExceptionFilter
GetCurrentThreadId
Sleep
GetFileInformationByHandle
GetFileInformationByHandleEx
DeleteFileW
GetStdHandle
GetConsoleScreenBufferInfo
FillConsoleOutputCharacterW
MoveFileW
SetConsoleCtrlHandler
FlushFileBuffers
InitializeCriticalSectionEx
DecodePointer
DeleteCriticalSection
GetPrivateProfileIntW
ReadConsoleW
GetStringTypeW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
FindFirstFileExW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetConsoleMode
GetConsoleOutputCP
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetCommandLineW
GetCommandLineA
PeekNamedPipe
GetFileType
GetDriveTypeW
GetModuleHandleExW
TlsFree
TlsSetValue
TlsGetValue
WriteConsoleW
TlsAlloc
InitializeCriticalSectionAndSpinCount
EncodePointer
SetLastError
RtlUnwind
InitializeSListHead
QueryPerformanceCounter
GetStartupInfoW
GetTempFileNameW
GetTempPathW
GetCurrentDirectoryW
GetModuleFileNameW
GetCurrentProcess
FreeLibrary
GetProcAddress
GetModuleHandleW
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
FileTimeToSystemTime
GetSystemTimeAsFileTime
GetFileTime
ReadFile
CreateFileW
GetTickCount64
OutputDebugStringW
CloseHandle
GetLastError
IsProcessorFeaturePresent
UnhandledExceptionFilter
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
LeaveCriticalSection
EnterCriticalSection
RaiseException
IsDebuggerPresent

user32

SendMessageW
FindWindowW
MessageBoxW
wsprintfW
RegisterWindowMessageW
CharNextExA

advapi32

IsTextUnicode
GetTokenInformation
OpenProcessToken

shlwapi

PathMatchSpecW
PathFileExistsW
PathCanonicalizeW
PathIsDirectoryW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

wininet

HttpEndRequestW
InternetWriteFile
HttpSendRequestExW
HttpSendRequestW
InternetErrorDlg
InternetQueryOptionW
HttpAddRequestHeadersW
InternetConnectA
InternetSetOptionW
InternetOpenW
InternetCrackUrlA
InternetCloseHandle
HttpOpenRequestA
InternetQueryDataAvailable
InternetReadFile
HttpQueryInfoW

Sections

.text
Size: 341KB - Virtual size: 341KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
config.ini
data/Amsiman.x64.exe
.exe windows:6 windows x64 arch:x64

bf340459e18b5ef8b174f0ceb88f804e

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:2d:ba:a0:52:13:f6:ea:e3:56:65:03:d3:5c:05:ad
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

28-03-2023 00:00

Not After

27-03-2026 23:59

Subject

CN=Bandisoft International Inc.,O=Bandisoft International Inc.,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:2d:ba:a0:52:13:f6:ea:e3:56:65:03:d3:5c:05:ad
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

28-03-2023 00:00

Not After

27-03-2026 23:59

Subject

CN=Bandisoft International Inc.,O=Bandisoft International Inc.,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

40:97:d9:fb:43:84:18:20:f0:82:41:16:75:2e:6b:44:9a:04:02:b0:88:d4:78:12:1c:f2:6e:32:66:73:33:07
Signer

Actual PE Digest

40:97:d9:fb:43:84:18:20:f0:82:41:16:75:2e:6b:44:9a:04:02:b0:88:d4:78:12:1c:f2:6e:32:66:73:33:07

Digest Algorithm

sha256

PE Digest Matches

true

b8:df:c3:f0:13:9f:e7:11:96:e5:82:bb:07:20:ed:0f:bb:c4:1b:d6
Signer

Actual PE Digest

b8:df:c3:f0:13:9f:e7:11:96:e5:82:bb:07:20:ed:0f:bb:c4:1b:d6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

FindResourceW
FindResourceExW
CloseHandle
GetLastError
SetFilePointerEx
GetFileSizeEx
CreateFileW
WriteFile
ReadFile
MapViewOfFile
OpenFileMappingW
UnmapViewOfFile
VirtualQueryEx
GetCurrentProcess
FreeLibrary
GetProcAddress
GetModuleHandleW
lstrcmpiW
LeaveCriticalSection
EnterCriticalSection
MultiByteToWideChar
LoadLibraryExW
GetModuleFileNameW
InitializeCriticalSectionEx
DeleteCriticalSection
LoadResource
GetCommandLineW
DecodePointer
SetErrorMode
GetCurrentProcessId
OpenProcess
WaitForSingleObject
GetCurrentThreadId
SetLastError
WriteConsoleW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
GetStringTypeW
SetStdHandle
LCMapStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
FreeEnvironmentStringsW
GetEnvironmentStringsW
LockResource
SizeofResource
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
RaiseException
HeapDestroy
WideCharToMultiByte
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetFileType
IsDebuggerPresent
OutputDebugStringW
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
VirtualAlloc
VirtualFree
LoadLibraryExA
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
RtlUnwindEx
RtlPcToFileHeader
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCommandLineA
ExitProcess
GetModuleHandleExW
GetStdHandle

user32

PostQuitMessage
RegisterWindowMessageW
MessageBoxW
FindWindowW
SendMessageW
CharNextW
CallWindowProcW
GetWindowLongPtrW
SetWindowLongPtrW
CreateWindowExW
LoadCursorW
GetClassInfoExW
LoadAcceleratorsW
UnregisterClassW
PostMessageW
RegisterClassExW
SetTimer
DefWindowProcW
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
GetMessageW

advapi32

RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW

ole32

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoInitializeEx
CoUninitialize

oleaut32

VarUI4FromStr

Sections

.text
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/Amsiman.x86.exe
.exe windows:6 windows x86 arch:x86

6f181ff70bef8035fb5dd20cf6850026

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:2d:ba:a0:52:13:f6:ea:e3:56:65:03:d3:5c:05:ad
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

28-03-2023 00:00

Not After

27-03-2026 23:59

Subject

CN=Bandisoft International Inc.,O=Bandisoft International Inc.,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:2d:ba:a0:52:13:f6:ea:e3:56:65:03:d3:5c:05:ad
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

28-03-2023 00:00

Not After

27-03-2026 23:59

Subject

CN=Bandisoft International Inc.,O=Bandisoft International Inc.,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

13:0b:a9:b0:82:f1:b0:9d:30:9c:99:a5:c1:e4:9c:f3:d0:68:fd:fa:8e:cc:61:80:28:71:fb:84:4d:67:94:ee
Signer

Actual PE Digest

13:0b:a9:b0:82:f1:b0:9d:30:9c:99:a5:c1:e4:9c:f3:d0:68:fd:fa:8e:cc:61:80:28:71:fb:84:4d:67:94:ee

Digest Algorithm

sha256

PE Digest Matches

true

03:44:be:f0:43:46:3c:be:97:05:0e:48:52:69:d1:97:61:a6:07:fb
Signer

Actual PE Digest

03:44:be:f0:43:46:3c:be:97:05:0e:48:52:69:d1:97:61:a6:07:fb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindResourceW
FindResourceExW
CloseHandle
GetLastError
SetFilePointerEx
GetFileSizeEx
CreateFileW
WriteFile
ReadFile
MapViewOfFile
OpenFileMappingW
UnmapViewOfFile
VirtualQueryEx
GetCurrentProcess
FreeLibrary
GetProcAddress
GetModuleHandleW
lstrcmpiW
LeaveCriticalSection
EnterCriticalSection
MultiByteToWideChar
LoadLibraryExW
GetModuleFileNameW
InitializeCriticalSectionEx
DeleteCriticalSection
LoadResource
GetCommandLineW
DecodePointer
SetErrorMode
GetCurrentProcessId
OpenProcess
WaitForSingleObject
GetCurrentThreadId
SetLastError
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
GetStringTypeW
SetStdHandle
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
LockResource
SizeofResource
GetProcessHeap
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
RaiseException
FindNextFileW
FindFirstFileExW
FindClose
GetFileType
GetStdHandle
GetModuleHandleExW
ExitProcess
GetCommandLineA
TlsFree
IsDebuggerPresent
OutputDebugStringW
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
LoadLibraryExA
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
WriteConsoleW

user32

PostQuitMessage
RegisterWindowMessageW
MessageBoxW
FindWindowW
SendMessageW
CharNextW
CallWindowProcW
GetWindowLongW
SetWindowLongW
CreateWindowExW
LoadCursorW
GetClassInfoExW
LoadAcceleratorsW
UnregisterClassW
PostMessageW
RegisterClassExW
SetTimer
DefWindowProcW
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
GetMessageW

advapi32

RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
RegEnumKeyExW

ole32

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoInitializeEx
CoUninitialize

oleaut32

VarUI4FromStr

Sections

.text
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/RegDll.x64.exe
.exe windows:6 windows x64 arch:x64

696507321e845ebb7b9e55428619a1f3

Code Sign

1f:f4:a4:9d:4c:ac:03:27:a3:fe:9c:d7:1e:31:cb:4a
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29-01-2020 00:00

Not After

26-03-2023 23:59

Subject

CN=Bandisoft,O=Bandisoft,L=Yeongdeungpo-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23-10-2020 00:00

Not After

22-01-2032 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

1f:f4:a4:9d:4c:ac:03:27:a3:fe:9c:d7:1e:31:cb:4a
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29-01-2020 00:00

Not After

26-03-2023 23:59

Subject

CN=Bandisoft,O=Bandisoft,L=Yeongdeungpo-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

54:bb:2d:e3:7c:a0:68:f1:f0:e5:76:fe:75:25:f9:e7:06:47:62:0a:4d:a7:9a:64:08:26:1f:07:ae:ec:31:e7
Signer

Actual PE Digest

54:bb:2d:e3:7c:a0:68:f1:f0:e5:76:fe:75:25:f9:e7:06:47:62:0a:4d:a7:9a:64:08:26:1f:07:ae:ec:31:e7

Digest Algorithm

sha256

PE Digest Matches

true

f1:78:30:06:68:df:56:f9:25:91:09:c7:d0:6b:50:d3:9c:3f:69:3a
Signer

Actual PE Digest

f1:78:30:06:68:df:56:f9:25:91:09:c7:d0:6b:50:d3:9c:3f:69:3a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LoadLibraryW
GetModuleHandleW
GetProcAddress
GetCurrentProcess
LocalFree
CloseHandle
GetLastError
FreeLibrary
CreateToolhelp32Snapshot
Process32FirstW
GetCurrentProcessId
OpenProcess
TerminateProcess
lstrcatW
Sleep
WideCharToMultiByte
InitializeCriticalSectionEx
RaiseException
DeleteCriticalSection
WriteConsoleW
CreateFileW
SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
lstrcpyW
lstrcmpW
GetCommandLineW
FindResourceW
FindResourceExW
LoadResource
LockResource
SizeofResource
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
Process32NextW
lstrlenW
GetStringTypeW
SetStdHandle
GetFileType
LCMapStringW
FlsFree
FlsSetValue
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
SetLastError
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
WriteFile
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
MultiByteToWideChar
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlsAlloc
FlsGetValue

user32

wsprintfW
MessageBoxW
SendMessageTimeoutW
FindWindowW
PostMessageW

advapi32

CreateProcessAsUserW
GetLengthSid
SetTokenInformation
ConvertStringSidToSidW
DuplicateTokenEx
OpenProcessToken
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW

shell32

ord155
SHCreateItemFromParsingName
ShellExecuteW
ord190

ole32

CoCreateInstance
CoInitializeEx
CoUninitialize
CoInitialize

Sections

.text
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/RegDll.x86.exe
.exe windows:6 windows x86 arch:x86

a1a77b5b7bb51cd59e0f30c7971133a2

Code Sign

1f:f4:a4:9d:4c:ac:03:27:a3:fe:9c:d7:1e:31:cb:4a
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29-01-2020 00:00

Not After

26-03-2023 23:59

Subject

CN=Bandisoft,O=Bandisoft,L=Yeongdeungpo-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23-10-2020 00:00

Not After

22-01-2032 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

1f:f4:a4:9d:4c:ac:03:27:a3:fe:9c:d7:1e:31:cb:4a
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29-01-2020 00:00

Not After

26-03-2023 23:59

Subject

CN=Bandisoft,O=Bandisoft,L=Yeongdeungpo-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4d:1e:60:23:d5:53:7a:ba:3a:82:8b:49:7c:af:9c:49:bb:8a:bb:ae:04:d9:11:f3:f5:d8:64:cd:f7:a1:e4:50
Signer

Actual PE Digest

4d:1e:60:23:d5:53:7a:ba:3a:82:8b:49:7c:af:9c:49:bb:8a:bb:ae:04:d9:11:f3:f5:d8:64:cd:f7:a1:e4:50

Digest Algorithm

sha256

PE Digest Matches

true

65:a7:93:1b:65:fa:92:ff:6d:c0:ec:c5:e1:cd:cd:ec:1a:e3:84:be
Signer

Actual PE Digest

65:a7:93:1b:65:fa:92:ff:6d:c0:ec:c5:e1:cd:cd:ec:1a:e3:84:be

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryW
GetModuleHandleW
GetProcAddress
GetCurrentProcess
LocalFree
CloseHandle
GetLastError
FreeLibrary
CreateToolhelp32Snapshot
Process32FirstW
GetCurrentProcessId
OpenProcess
TerminateProcess
lstrcatW
Sleep
WideCharToMultiByte
InitializeCriticalSectionEx
RaiseException
DecodePointer
DeleteCriticalSection
LCMapStringW
WriteConsoleW
CreateFileW
lstrcpyW
lstrcmpW
GetCommandLineW
FindResourceW
FindResourceExW
LoadResource
LockResource
SizeofResource
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
Process32NextW
lstrlenW
SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
GetStringTypeW
SetStdHandle
GetFileType
FreeEnvironmentStringsW
GetEnvironmentStringsW
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
SetLastError
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
WriteFile
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
MultiByteToWideChar

user32

wsprintfW
MessageBoxW
SendMessageTimeoutW
PostMessageW
FindWindowW

advapi32

CreateProcessAsUserW
GetLengthSid
SetTokenInformation
ConvertStringSidToSidW
DuplicateTokenEx
OpenProcessToken
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW

shell32

SHCreateItemFromParsingName
ord155
ord190
ShellExecuteW

ole32

CoInitialize
CoUninitialize
CoCreateInstance
CoInitializeEx

Sections

.text
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/RegPackage.x86.exe
.exe windows:6 windows x86 arch:x86

d1c9d98e626ef14b1d024dcaaf6de5e0

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:2d:ba:a0:52:13:f6:ea:e3:56:65:03:d3:5c:05:ad
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

28-03-2023 00:00

Not After

27-03-2026 23:59

Subject

CN=Bandisoft International Inc.,O=Bandisoft International Inc.,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:2d:ba:a0:52:13:f6:ea:e3:56:65:03:d3:5c:05:ad
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

28-03-2023 00:00

Not After

27-03-2026 23:59

Subject

CN=Bandisoft International Inc.,O=Bandisoft International Inc.,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

c4:87:1c:b4:7c:7a:50:00:16:83:49:d5:cb:24:1f:93:9e:1b:56:51:d1:21:a8:97:c7:2c:fe:a6:41:64:6e:4b
Signer

Actual PE Digest

c4:87:1c:b4:7c:7a:50:00:16:83:49:d5:cb:24:1f:93:9e:1b:56:51:d1:21:a8:97:c7:2c:fe:a6:41:64:6e:4b

Digest Algorithm

sha256

PE Digest Matches

true

f4:19:c3:c8:07:fd:f0:66:6d:70:6a:0a:22:6c:80:bf:02:6e:68:a7
Signer

Actual PE Digest

f4:19:c3:c8:07:fd:f0:66:6d:70:6a:0a:22:6c:80:bf:02:6e:68:a7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFullPathNameW
FreeConsole
AllocConsole
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
SizeofResource
LockResource
LoadResource
FindResourceExW
FindResourceW
InitializeCriticalSectionEx
GetLastError
DecodePointer
DeleteCriticalSection
LoadLibraryW
CreateEventW
SetEvent
FormatMessageW
WriteConsoleW
SetEndOfFile
ReadConsoleW
ReadFile
CreateFileW
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
GetStringTypeW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetFileAttributesExW
CreateProcessW
GetExitCodeProcess
WaitForSingleObject
CloseHandle
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
RtlUnwind
InterlockedPushEntrySList
SetLastError
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetCommandLineA
GetCommandLineW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
WriteFile
CompareStringW

user32

FindWindowW
SendMessageW
MessageBoxW
GetForegroundWindow

shell32

ShellExecuteW
SHChangeNotify

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
LeaveCriticalSection
EnterCriticalSection
AcquireSRWLockExclusive

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
WakeAllConditionVariable

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
GetCurrentProcessId
GetCurrentProcess
TerminateProcess
GetCurrentThreadId

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

ole32

CoCreateFreeThreadedMarshaler

oleaut32

SysStringLen
GetErrorInfo
SysAllocString
SetErrorInfo
SysFreeString

Sections

.text
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/lm.x64.dll
.dll windows:6 windows x64 arch:x64

c312c39b72578234442613eb438a8797

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:2d:ba:a0:52:13:f6:ea:e3:56:65:03:d3:5c:05:ad
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

28-03-2023 00:00

Not After

27-03-2026 23:59

Subject

CN=Bandisoft International Inc.,O=Bandisoft International Inc.,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:2d:ba:a0:52:13:f6:ea:e3:56:65:03:d3:5c:05:ad
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

28-03-2023 00:00

Not After

27-03-2026 23:59

Subject

CN=Bandisoft International Inc.,O=Bandisoft International Inc.,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

fe:db:af:88:cd:52:58:26:fd:0a:47:9a:70:04:29:0e:df:53:c3:dd:89:c1:69:41:7a:1c:9e:91:fe:b1:5d:c3
Signer

Actual PE Digest

fe:db:af:88:cd:52:58:26:fd:0a:47:9a:70:04:29:0e:df:53:c3:dd:89:c1:69:41:7a:1c:9e:91:fe:b1:5d:c3

Digest Algorithm

sha256

PE Digest Matches

true

da:89:0b:a4:5b:c3:7a:e9:fe:4c:0e:cc:1f:c4:2f:62:bd:4e:5b:39
Signer

Actual PE Digest

da:89:0b:a4:5b:c3:7a:e9:fe:4c:0e:cc:1f:c4:2f:62:bd:4e:5b:39

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

FindResourceW
WideCharToMultiByte
CreateFileW
CloseHandle
DeviceIoControl
GetVolumeInformationW
GetComputerNameA
GetSystemDirectoryW
GetLastError
SetFilePointerEx
FindResourceExW
WriteFile
lstrlenW
lstrcpyA
MultiByteToWideChar
GetCurrentProcessId
GetComputerNameW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
WriteConsoleW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
LoadResource
LockResource
SizeofResource
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
IsDebuggerPresent
OutputDebugStringW
RaiseException
EnterCriticalSection
LeaveCriticalSection
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
InterlockedFlushSList
SetLastError
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
GetFileType
GetStringTypeW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetTimeZoneInformation
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

PostMessageW
wsprintfW

advapi32

RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW

ole32

CoCreateGuid

wininet

InternetCheckConnectionW

Exports

Exports

lm
qqq
t��P� {��,,��֒�4�5x|�̇!�Q肼��M��Ȯz�4��Ѩz�p`�Nhؔ��d�:�;�Dg �͇H�j��n�9qd��$�I�A�_�NP��d��H58w;+bכ��$1V��i&J��|��?�C�7 ��a5ù�C=�B,��wf��j��VÝ'>��L�>f��%U"�Fe�l�c��j'V\tv��nw,��?*mU*��+��:�F(��]8+�� 1K|��Xݿ�'��3] P?�s>�dNY/9�P��&��q�Y��Zl�}D0�#>��yO� Z��~�5j��e~v�/N��a&Dm@�u�t{+L�!��/�,<��!��u�*�H��/��7Y�L ��t��C<��I!�#}��7��<��^��Fݐ�d#�9g�<B��A��w�*�lJcs9 �*�1-J��h�$��Ք�FY��.Ƶn7��i�`��z��b�"&d�-��ګy�﷞�>� %&�:d"Y�_\�}��J�mƇ�J��!�1�p35��~ol��F9:G�j�GNHy��!��-w��L6��j��I�R��I[�?}΁z�� |6�YU�b��{��Z[�0��o�ʩ�f��O�va��L�|0h�"h�$��KB�.��-��N5��U��R�>䃔�PW,��`�h��hmDi��Ϧ�M<|� ��3Ȅ�7�z#ZQ��~ �t�C�zH��1*��i��|i�?�f8i��u�c��5��O��ʃ�Y� ��wT��&�%Z�97�yuZ9��i�N��u"��U��pgf��9�r1čHdm5X��i�с)�s��9�B�F_�s,Ce�KC�p/.��'4pt£y5�#0Ri��5�C��j��h� ��H9��s�rI�İ�& $�峈><�2g&/~�Vk�${lI9ٗ��=��֜�݀��M� ��Ż��em��/w��Ф;��3�X��8��%(�Oԕ��o<��ۨLW�;�/��5��A��T<Z�O��?�J�/��*��WR]^��FZ�y [��߈�#-��DE�9��#0�9��T�� w�Ӗ{[�u.4��K��"@�]B��p��Iw�H X�F�^i��<��6ܬPLW�a*ŊXkU��E�c��Ֆ��ӨZb0-uﱒ+��v�`>�!FI9��=al{�ZÄ��]�)�ZE��'�ё=%[��xc��4�R�jc�Yj�(7�M?f�C��_�'��u;kß� �� (��辵ܙ��D�(躁�_��d%�M��i��'g��[o��G�i��|�_[��x'�1�A��r ��-wu��8g��'%�؏}��WT�G��'=ڨ��`u��?��@�F�y�n��;u�� Q� A��}5^߃(�M]�4�?&8�%�y�+!ě��V+�:�*t�Ҷ��I�c�cN�^0��'��%9��c�� up�}�U$��nދ��*��5a��p�p�SrB0��u�y�P_�y5�I��c�4�փ|��;�'Ql��=(�Kj�*W��jM��|�_��Ռǻ�s:�3��L��Kp��`� ��m��U,ۍwD��h,gY�ޣ��=t1�G/�9A�hؒ��r��YE�܀�Z��A�^��tbp�l 'Dk�lt`�}x�P"ͧԩk��TP8�5]A��<��\��5�iǽ$Ef5��#>� {�;��\��o�؍�Tf��k�مB��7�k(L��˭��&؀@;T��Lq��~$h� s��[��\�_t�E��m�1X}_c��8�L�CWYo V��-܀-�/�x-��Ŏ�z�Wun��e��=�6@��ab��1b�N�Y��V��'ROu��h��ѱ��ˢ_�ߙ�ل@$p�-v�/��5¨��Qp�$�=�ݓ�A��.�6�vH�ڇw��1��E��㜝�&X!u��*([�� x��a��V��fUOK��E~� �x�+)��P��w|�� A�(�ҺZly�Q�N��y�b�A��w��5u�J�xy��5K��E�goƅ��>묇��7��j�N��j:��+ǃm��s]��>."�q�mY�GT��\��2{.�ӮI��ɣ�7�~�WiTY��WWc��*#�i�lˊJ8`yl��_��DA�b1�!�J��v�0=p.��r��\&�QrGi��%��oD,΢ՠ�F�� `0��͖4��2��^5�!�K��p�ř��0$��U-^\X�FI��l��M��)�f~��)�D{�"� ��4��D��0��%q��<>�p},��?3��fU��3�A%�=��n��Qa�-��;��.{�F�e_N5g�;=�=��'�D�I-�m�/r�nNⴚݨHJ/�"',�+CeXx��Wϐ�my�� q�gC�i��եs��gۙ��w�3k܅AS"�@��ɠ�{0vPK��̉��aw�HUafj��Ӥ�F��H�Ȳ�ÉQaA��4�yc1P��jt�s�[�g3�S�p�)kh�z%S\�@2 �/ ��D�#�12�aʼK�,v�LO�)X��>�&�;�f�Ǵ�ci$�)5v��U�i�Y� ��6Ỹ-7��a�o��W�S�1�� % ��'��|�� m�pK��6A��}[�`��|m�.94.�H9I��H;��Լ�>AƔm �lW��?�JZK��EV�X6ݡ��+�$<�9t�aP��zd�g��.�_'O��c� ��N�|�Y��H5o�Ч(�cG�-��,C6�g�3��*��6V�C/6J�H��T^��o��Ҙ*�w��
xyz

Sections

.text
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xyz0
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.xyz1
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
data/lm.x86.dll
.dll windows:6 windows x86 arch:x86

bc96291391084d7652b5ea14ee741a18

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:2d:ba:a0:52:13:f6:ea:e3:56:65:03:d3:5c:05:ad
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

28-03-2023 00:00

Not After

27-03-2026 23:59

Subject

CN=Bandisoft International Inc.,O=Bandisoft International Inc.,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:2d:ba:a0:52:13:f6:ea:e3:56:65:03:d3:5c:05:ad
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

28-03-2023 00:00

Not After

27-03-2026 23:59

Subject

CN=Bandisoft International Inc.,O=Bandisoft International Inc.,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0e:97:33:ec:5a:de:42:54:6a:a4:f6:aa:33:71:1a:e8:00:88:47:2b:3d:32:a1:ff:8f:c9:4e:3b:db:cc:03:2f
Signer

Actual PE Digest

0e:97:33:ec:5a:de:42:54:6a:a4:f6:aa:33:71:1a:e8:00:88:47:2b:3d:32:a1:ff:8f:c9:4e:3b:db:cc:03:2f

Digest Algorithm

sha256

PE Digest Matches

true

9f:bc:e1:f6:a7:7a:d3:22:a8:f7:3a:d7:63:46:f2:52:ec:00:3f:3d
Signer

Actual PE Digest

9f:bc:e1:f6:a7:7a:d3:22:a8:f7:3a:d7:63:46:f2:52:ec:00:3f:3d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FindResourceW
WideCharToMultiByte
CreateFileW
CloseHandle
DeviceIoControl
GetVolumeInformationW
GetComputerNameA
GetSystemDirectoryW
GetLastError
SetFilePointerEx
FindResourceExW
WriteFile
lstrlenW
lstrcpyA
MultiByteToWideChar
GetCurrentProcessId
GetComputerNameW
InitializeCriticalSectionAndSpinCount
DecodePointer
DeleteCriticalSection
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
SetStdHandle
LoadResource
LockResource
SizeofResource
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
IsDebuggerPresent
OutputDebugStringW
RaiseException
EnterCriticalSection
LeaveCriticalSection
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
InterlockedFlushSList
SetLastError
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
GetFileType
GetStringTypeW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetTimeZoneInformation
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
WriteConsoleW
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

PostMessageW
wsprintfW

advapi32

RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW

ole32

CoCreateGuid

wininet

InternetCheckConnectionW

Exports

Exports

�T��'%��_��m^��Ë0 �r�r�t�C��ϹaV�ܠ��I�!Z��g��:]�'��RW�."Nʌ��5��=»>J��0��޾�Ղ�:e�ߦϽ-=�J�� AjA��A}A�5G+wqS�/�͟7�x(|�V�%G�U&b�w�s�JͦgQ�vg�J��h��D.w>Z��@��#��0j��sK��!)��K�Ŵ.kiB.f*_|[_��(�P�x��$�(nC��i��i��̼��M�į��w��,��J�Cp_��=��#�-p��7jD��R�R�^��s8��.C)��H4��^�� J_��$��@\��3��ҟ�3� \��b#hjj�MCB�c�(��:x�G�0�0�,$YiM��=f��7Ή�`�<�S�W��)!�*�p�b��?^��e,,��m@~`��nK�;�]��j�it��K�?7`@9�(��:�6��+��wx�񎼜�$�e��?�X@�0A�겍�*�V�,b�'�F�*�4ҳ��\�xFi��s6�W��r��Qu?��E��H��M4��w�Z#��h�,P��*��īk!�r��v��$1DE�5��S|�Ps��}��Z:h��"@5�Jiû>�g~|��vT��/[;O��8�:�i`��e�d��B�f�Z`8�D �gW�Zs}��H?��Ez�_��E��+��K?i�\3J��1҃��:�Pd�=�k ܫ}t��H��X@��'��[!�0��n��&�D)7�K��2�o'S��Z��F��B��A��5�fr|��u�ό��d��ti�p*��x6c�J�i|'H�[�oԭ�.�.�ij�mϚ<�D��ڽ�v^nI0�GL[V_�I��p>�fd:d�j.=�X�>]r�[��yy��)hk]o�� N�Q��(ۿ��lz��1��ќA��VtϏ�[xY�St�˵C��@�T��ԆyY��徯$~7��x��ҫ�V(8X)Ck�ܭhU]�w��<�'�C8�Tv��3r�/YM��+�Db)N��i��J�~��B��%�O{p��zڷ��d�,�*��*�+ykJ��4�^NA�d7�lh:�qx�,��M~��Χ�@D�,4<��ysR��v<��H�G�ho��h7�򔚤�T"�)Y? ��̾Ro~�4��}l��_'�<\��@�{��]X��W�\}� ��k-��n)�=ı4��ƚ��k ��C�kڎ�Bt��1w�y�)z��Bm��N�i�� vk�B��g)V�s�`��-��k�X��~@]O�1Ȍ��f�_zM�:#��`C��7.M�M%صrg�R:�׺O��]��8��+A�;:�#�-iʩ�&�_5��a�ǂ��I��9�>��:>c��cEkY�T�(P=#V��p��A~P��" �h�q��Im�J��**�w��0�\�#Ǫ�}�Bޡ��<��g��~B�a>|�d��sVsi��f��.�>�X��\4�M��s��>A1��'�v��)($�H!�'�K��?��1Z�6�J��f;9z�g��֘镛��`4g4��h�d��-�H�PQ��>�YV�]��`ܡ�Dc9��E��]@�?�!m��_ᡎ, ��C��t�c-�:U%��o�� j�:h\R�/�sV.i��4��1p�3��ܮ�Hۦd��4�s�GC�Är�� Z�;{��W��v��&��NlFK��i �?�O�aa��P~�> ? 3�U(X~��H�vȉqP��+U��8�i� ��K/p��я3��2��D��F�H���YYjW&�{c��\q�0�0�M۽ϜeǬ��㬫�� (]ݬ� U��3�ٗ��D�L]��eO�꩛��"]��O{L�&��&R�O�RV�1w��&�{g�G <��o�;k��G�i��Q�X�"�'�Dbڅ�Oб��vtލP�fm��pS��nB,��{X�t2�V��"N�:~�� S��t܄�5�Wb�Q��%s�C�r��dZ��H��@��*v��x])�s1�7�B�]��n��n��8eA�u�hV��4�D/o��# G7��C��T}y#}\�l&qYP�|� ��Qc`�z�}��(t8w��]f=1X?�Z��48NH��m��"�b�'��F�5FT�?��$�XeR�7��T��d`��ti��m��Ī+�?��yUW��⮇�@ ��;@d�Hy� ��#s��hmB�8 d��0,��&*j\?)�M��<��րy�e��(�m��¯J�YV8��W��k\S�soK��_�w� q/�{��A��F�*\��2�eru*��9�x�Ɏ��R��Qe�E�n��,�D"�N;]�MwJ��$S�t��]h�S\�?��[)�n�,�,>�4�5�![��a�x�?M"9��T��< �p�h/q'��)��(��u�..^i.=,"�p8�<2��i�l�5�R��:z�!(��)��Z)��\��#@ܡ��zݗm΋,�E�/̊ �I,u��ӑ<�8F� ��wSh��v=�8�1�� :��g��3luX� ?� 3��y��x)�4@aJ;؋��6��F ��|('�}7;$h��DA��MX�S%�Y�F��ύ?a��J�f��օO��RȲ��f�.%� ��k�>�|��8 G��ȗo�,>\�i��zp�#�a�Vtm��<��a��+s�UD�QJ�"="�ދ��ӎ}�y��Q�Z�n?;v�V��٤z;�4��Ճ�H�SeYA��Y��e��*�p��.O��fU�b1�qi8��
lm
qqq
xyz

Sections

.text
Size: 155KB - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xyz0
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.xyz1
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
data/resource.data
data/skin.data
.zip
aiview_btn_next.png
.png
aiview_btn_prev.png
.png
app_bandicam.png
.png
app_bandicut.png
.png
app_bg.png
.png
app_bg2.png
.png
app_btn.png
.png
app_camera.png
.png
app_honeycam.png
.png
app_honeyview.png
.png
appbkgnd_camera.png
.png
appbkgnd_honeycam.png
.png
appbkgnd_honeyview.png
.png
big_btn_close_check_off.png
.png
big_btn_close_check_on.png
.png
big_btn_folder.png
.png
big_btn_folder_check_off.png
.png
big_btn_folder_check_on.png
.png
big_btn_menu.png
.png
big_btn_minimize_to_tray.png
.png
big_btn_zipfolder.png
.png
btn_ad.png
.png
btn_close.png
.png
btn_close_black.png
.png
btn_close_comment.png
.png
btn_frame.png
.png
btn_mini_toolbar_rd.png
.png
btn_mini_toolbar_rd_b.png
.png
btn_regist.png
.png
btn_small_toggle.png
.png
btn_small_toggle_b.png
.png
btn_toggle_appbtn.png
.png
btn_toggle_appbtn2.png
.png
btn_toggle_appbtn2_rtl.png
.png
btn_toggle_appbtn_rtl.png
.png
btn_toolbar.png
.png
btn_toolbar_l.png
.png
btn_toolbar_rd.png
.png
btn_toolbar_rd_b.png
.png
dashboard_bg.png
.png
dashboard_btn.png
.png
dashboard_btn_rd.png
.png
dashboard_img.png
.png
help_about.png
.png
license_guide/bkgnd.png
.png
ligt_bg.png
.png
notice_close.png
.png
old/btn_toolbar.png
.png
old/btn_toolbar_l.png
.png
old/btn_toolbar_l_rtl.png
.png
old/btn_toolbar_rd.png
.png
old/btn_toolbar_rd_rtl.png
.png
old/tb_btn_add.png
.png
old/tb_btn_bugreporter.png
.png
old/tb_btn_codepage.png
.png
old/tb_btn_create.png
.png
old/tb_btn_delete.png
.png
old/tb_btn_extract.png
.png
old/tb_btn_open.png
.png
old/tb_btn_test.png
.png
old/tb_btn_view.png
.png
progress_front.png
.png
recommand_bg.png
.png
resizer.png
.png
resizer_l.png
.png
resource.h
setting_arrow.png
.png
setting_bg.png
.png
setting_tab_0.png
.png
setting_tab_0_b.png
.png
setting_tab_1.png
.png
setting_tab_1_b.png
.png
sf_btn_frame.png
.png
sf_btn_frame_10.png
.png
sf_computer.png
.png
sf_computer_10.png
.png
sf_desktop.png
.png
sf_desktop_10.png
.png
sf_document.png
.png
sf_document_10.png
.png
sf_picture.png
.png
sf_picture_10.png
.png
skin.xs
skin_aiview.xml
skin_aiview_child.xml
skin_ask_appinstall.xml
skin_ask_uninstall.xml
skin_compress_dlg.xml
skin_edit_script.xml
skin_extract_dlg.xml
skin_license_guide.xml
.xml
skin_main.xml
.xml
skin_select_folder.xml
skin_select_folder_10.xml
skin_setting_shell.xml
skin_setting_tab.xml
small_btn_check_off.png
.png
small_btn_check_on.png
.png
small_btn_folder.png
.png
small_btn_minimize_to_tray.png
.png
small_btn_open.png
.png
small_btn_zipfolder.png
.png
static_ad.png
.png
static_balloon.png
.png
static_balloon_rtl.png
.png
static_bullet.png
.png
static_frame_sunken.png
.png
static_main_frame.png
.png
static_main_frame2.png
.png
static_pro_frame.png
.png
statusbar_btn.png
.png
statusbar_btn2.png
.png
statusbar_static_preview.png
.png
statusbar_static_report.png
.png
tb_btn_add.png
.png
tb_btn_add_b.png
.png
tb_btn_bugreporter.png
.png
tb_btn_codepage.png
.png
tb_btn_codepage_b.png
.png
tb_btn_create.png
.png
tb_btn_create_b.png
.png
tb_btn_delete.png
.png
tb_btn_delete_b.png
.png
tb_btn_extract.png
.png
tb_btn_extract_b.png
.png
tb_btn_mini_add.png
.png
tb_btn_mini_add_b.png
.png
tb_btn_mini_codepage.png
.png
tb_btn_mini_codepage_b.png
.png
tb_btn_mini_create.png
.png
tb_btn_mini_create_b.png
.png
tb_btn_mini_delete.png
.png
tb_btn_mini_delete_b.png
.png
tb_btn_mini_extract.png
.png
tb_btn_mini_extract_b.png
.png
tb_btn_mini_open.png
.png
tb_btn_mini_open_b.png
.png
tb_btn_mini_scan.png
.png
tb_btn_mini_scan_b.png
.png
tb_btn_mini_test.png
.png
tb_btn_mini_test_b.png
.png
tb_btn_mini_view.png
.png
tb_btn_mini_view_b.png
.png
tb_btn_open.png
.png
tb_btn_open_b.png
.png
tb_btn_test.png
.png
tb_btn_test_b.png
.png
tb_btn_view.png
.png
tb_btn_view_b.png
.png
tb_btn_virus.png
.png
tb_btn_virus_b.png
.png
uninstall.bkgnd.png
.png
update_notify.png
.png
data/skin.recovery.data
.zip
btn_button.png
.png
btn_buy.png
.png
btn_close.png
.png
btn_faq.png
.png
btn_logo.png
.png
btn_minimize.png
.png
btn_open.png
.png
btn_pause.png
.png
btn_pay.png
.png
btn_setting.png
.png
btn_start.png
.png
btn_stop.png
.png
bullet.png
.png
icon.png
.png
main.xml
main.xs
slider_bkgnd_tile.png
.png
slider_var_knob.png
.png
static_body2_bg.png
.png
static_body_bg.png
.png
static_btn_mask.png
.png
static_file_bg.png
.png
static_index_bg.png
.png
static_main_bg_0.png
.png
static_main_bg_1.png
.png
step_ball.png
.png
step_bg.png
.png
step_fg.png
.png
data/web32.exe
.exe windows:6 windows x86 arch:x86

f47de1bac695abc302a7c3c3d677d15d

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:2d:ba:a0:52:13:f6:ea:e3:56:65:03:d3:5c:05:ad
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

28-03-2023 00:00

Not After

27-03-2026 23:59

Subject

CN=Bandisoft International Inc.,O=Bandisoft International Inc.,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:2d:ba:a0:52:13:f6:ea:e3:56:65:03:d3:5c:05:ad
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

28-03-2023 00:00

Not After

27-03-2026 23:59

Subject

CN=Bandisoft International Inc.,O=Bandisoft International Inc.,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5e:e8:85:2b:1a:c6:0d:22:94:7f:58:b9:91:38:84:82:dd:14:9e:13:30:fa:b4:ed:32:0a:7a:e4:17:b9:15:48
Signer

Actual PE Digest

5e:e8:85:2b:1a:c6:0d:22:94:7f:58:b9:91:38:84:82:dd:14:9e:13:30:fa:b4:ed:32:0a:7a:e4:17:b9:15:48

Digest Algorithm

sha256

PE Digest Matches

true

59:60:b6:ba:4e:66:49:22:68:64:a4:a3:ed:48:6d:d3:25:b5:21:f8
Signer

Actual PE Digest

59:60:b6:ba:4e:66:49:22:68:64:a4:a3:ed:48:6d:d3:25:b5:21:f8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileW
WriteFile
Sleep
GetTickCount64
WideCharToMultiByte
LoadLibraryW
lstrcmpiW
LeaveCriticalSection
EnterCriticalSection
MultiByteToWideChar
LoadLibraryExW
GetModuleFileNameW
InitializeCriticalSectionEx
DeleteCriticalSection
RaiseException
DecodePointer
SetErrorMode
GetCurrentThreadId
SetLastError
GetSystemDirectoryW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
GetStringTypeW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetFilePointerEx
LoadResource
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
LCMapStringW
GetFileType
GetStdHandle
ExitProcess
GetCommandLineW
GetCommandLineA
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
GetLastError
FreeLibrary
FindResourceExW
GetCPInfo
FindResourceW
LockResource
SizeofResource
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
GetProcAddress
HeapSize
HeapDestroy
GetModuleHandleExW
CloseHandle
GetCurrentProcess
GetModuleHandleW
GetOEMCP
ReleaseSRWLockExclusive
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
OutputDebugStringW
IsDebuggerPresent
WriteConsoleW

user32

GetDC
ReleaseDC
RegisterWindowMessageW
SetProcessDPIAware
SetWindowPos
PostMessageW
GetClientRect
SetWindowLongW
SetPropW
MoveWindow
GetPropW
IsWindowVisible
RemovePropW
CallWindowProcW
GetParent
GetWindowRect
PeekMessageW
GetWindowLongW
CreateWindowExW
LoadCursorW
GetClassInfoExW
RegisterClassExW
UnregisterClassW
SetFocus
GetFocus
GetKeyState
EqualRect
KillTimer
SetTimer
LoadIconW
DefWindowProcW
ShowWindow
DestroyWindow
IsWindow
MsgWaitForMultipleObjects
TranslateMessage
CharNextW
DispatchMessageW
PostQuitMessage

gdi32

GetStockObject
GetDeviceCaps

advapi32

RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
RegCloseKey
RegEnumKeyExW
RegQueryInfoKeyW
RegOpenKeyExW

shell32

ShellExecuteW

ole32

CoUninitialize
OleInitialize
CoInitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
OleCreate
OleSetContainedObject
OleUninitialize

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString
VarUI4FromStr

wininet

InternetCloseHandle
InternetCrackUrlA
InternetOpenW
InternetSetOptionW
InternetConnectA
HttpAddRequestHeadersW
HttpQueryInfoW
InternetErrorDlg
HttpSendRequestW
InternetReadFile
InternetQueryDataAvailable
InternetQueryOptionW
HttpOpenRequestA

Sections

.text
Size: 142KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ve_share
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/webview.x86.dll
.dll windows:6 windows x86 arch:x86

6b13246cdd952fec92b15246ea9e3bc8

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:2d:ba:a0:52:13:f6:ea:e3:56:65:03:d3:5c:05:ad
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

28-03-2023 00:00

Not After

27-03-2026 23:59

Subject

CN=Bandisoft International Inc.,O=Bandisoft International Inc.,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:2d:ba:a0:52:13:f6:ea:e3:56:65:03:d3:5c:05:ad
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

28-03-2023 00:00

Not After

27-03-2026 23:59

Subject

CN=Bandisoft International Inc.,O=Bandisoft International Inc.,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

f4:00:16:fd:06:8f:a8:a5:e0:ec:ff:65:66:54:32:57:d5:5a:5a:ce:83:60:17:0c:36:6c:e7:91:a1:53:24:8f
Signer

Actual PE Digest

f4:00:16:fd:06:8f:a8:a5:e0:ec:ff:65:66:54:32:57:d5:5a:5a:ce:83:60:17:0c:36:6c:e7:91:a1:53:24:8f

Digest Algorithm

sha256

PE Digest Matches

true

e8:f1:6e:ff:44:0b:60:a7:8b:fb:18:c0:15:94:b2:dd:cb:b3:3f:bb
Signer

Actual PE Digest

e8:f1:6e:ff:44:0b:60:a7:8b:fb:18:c0:15:94:b2:dd:cb:b3:3f:bb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
DeleteCriticalSection
InitializeCriticalSectionEx
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
RaiseException
SetLastError
FreeLibrary
GetProcAddress
GetModuleHandleW
lstrcmpiW
MultiByteToWideChar
LoadLibraryExW
GetModuleFileNameW
GetCurrentProcessId
DecodePointer
RtlUnwind
InterlockedFlushSList
InitializeCriticalSectionAndSpinCount
TlsAlloc
FormatMessageW
WriteConsoleW
CreateFileW
CloseHandle
GetConsoleMode
FindResourceW
WriteFile
FlushFileBuffers
SetStdHandle
SetFilePointerEx
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindResourceExW
LoadResource
LockResource
SizeofResource
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
FindFirstFileExW
FindClose
LCMapStringW
TlsGetValue
TlsSetValue
GetConsoleOutputCP
GetFileType
GetStdHandle
GetModuleHandleExW
ExitProcess
TlsFree
HeapDestroy

user32

ShowWindow
CopyRect
DefWindowProcW
FindWindowW
SetTimer
MoveWindow
GetClientRect
LoadCursorW
SetClassLongW
KillTimer
DestroyWindow
UnregisterClassW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
SetWindowLongW
GetWindowLongW
CharNextW
GetCursorPos
CallWindowProcW
ScreenToClient
PtInRect
TrackMouseEvent
GetCapture
SetCapture
ReleaseCapture
SendMessageW

advapi32

RegOpenKeyExW
RegCloseKey
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegDeleteKeyW
RegEnumKeyExW
RegQueryInfoKeyW

shell32

GetCurrentProcessExplicitAppUserModelID
ShellExecuteW

ole32

CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc
CoInitializeEx
CoUninitialize
CoTaskMemAlloc

oleaut32

SetErrorInfo
SysStringLen
SysAllocString
GetErrorInfo
VarUI4FromStr
SysFreeString

coremessaging

CreateDispatcherQueueController

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-util-l1-1-0

EncodePointer

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetStartupInfoW
GetCurrentProcess

api-ms-win-core-processthreads-l1-1-1

FlushInstructionCache
IsProcessorFeaturePresent

api-ms-win-core-memory-l1-1-0

VirtualFree
VirtualAlloc

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExA

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
ReleaseSRWLockExclusive

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
SleepConditionVariableSRW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-file-l1-1-0

GetFileAttributesW

api-ms-win-core-version-l1-1-1

GetFileVersionInfoW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegGetValueW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW

version

GetFileVersionInfoSizeW

Exports

Exports

CreateWebView
WebViewInstalled

Sections

.text
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
icons/default/001.ico
icons/default/7z.ico
icons/default/Bandizip.ico
icons/default/_desc.ini
icons/default/alz.ico
icons/default/bz2.ico
icons/default/cab.ico
icons/default/egg.ico
icons/default/gz.ico
icons/default/iso.ico
icons/default/lha.ico
icons/default/lzh.ico
icons/default/rar.ico
icons/default/tar.ico
icons/default/tbz.ico
icons/default/tbz2.ico
icons/default/tgz.ico
icons/default/xz.ico
icons/default/zip.ico
icons/default/zipx.ico
icons/default/zpaq.ico
langs/English.lang
.ps1
langs/Russian.lang
langs/SimpChinese.lang
.ps1
shellicons/bandizip.ico
shellicons/cmd.ico
shellicons/uac.ico

Sharing

General

Malware Config

Signatures

Files

1a8b4ffbf9f2ebe357383289b60f9d3b

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

45:2d:ba:a0:52:13:f6:ea:e3:56:65:03:d3:5c:05:adCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

45:2d:ba:a0:52:13:f6:ea:e3:56:65:03:d3:5c:05:adCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

bb:6b:ab:53:db:a7:2f:c2:60:a1:62:d5:6a:7e:5c:e3:ad:40:7e:bd:7f:83:21:79:a8:38:2a:70:16:25:08:dcSigner

55:a0:9d:08:0d:6c:61:d5:e5:52:d9:c1:4f:b0:95:c1:71:ce:a4:b3Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

uxtheme

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 726KB - Virtual size: 726KB

.data Size: 30KB - Virtual size: 40KB

.pdata Size: 75KB - Virtual size: 74KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 34KB - Virtual size: 33KB

.reloc Size: 9KB - Virtual size: 8KB

e80cfee3245298c5ba73d0985ebae8a1

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

45:2d:ba:a0:52:13:f6:ea:e3:56:65:03:d3:5c:05:adCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

45:2d:ba:a0:52:13:f6:ea:e3:56:65:03:d3:5c:05:ad
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

45:2d:ba:a0:52:13:f6:ea:e3:56:65:03:d3:5c:05:ad
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

bb:6b:ab:53:db:a7:2f:c2:60:a1:62:d5:6a:7e:5c:e3:ad:40:7e:bd:7f:83:21:79:a8:38:2a:70:16:25:08:dc
Signer

55:a0:9d:08:0d:6c:61:d5:e5:52:d9:c1:4f:b0:95:c1:71:ce:a4:b3
Signer

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 726KB - Virtual size: 726KB

.data
Size: 30KB - Virtual size: 40KB

.pdata
Size: 75KB - Virtual size: 74KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 34KB - Virtual size: 33KB

.reloc
Size: 9KB - Virtual size: 8KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

45:2d:ba:a0:52:13:f6:ea:e3:56:65:03:d3:5c:05:ad
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

45:2d:ba:a0:52:13:f6:ea:e3:56:65:03:d3:5c:05:ad
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

49:7d:34:e6:8f:a4:2e:c8:29:21:d2:e4:78:63:ec:7c:3d:ec:a7:f0:a7:93:75:59:b9:c4:12:a8:04:3f:dc:08
Signer

9a:80:39:ee:24:ac:a3:f3:68:f6:3f:7a:66:fa:e8:8c:43:9a:02:e6
Signer

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 561KB - Virtual size: 561KB

.data
Size: 24KB - Virtual size: 31KB

.rsrc
Size: 34KB - Virtual size: 33KB

.reloc
Size: 62KB - Virtual size: 62KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

45:2d:ba:a0:52:13:f6:ea:e3:56:65:03:d3:5c:05:ad
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

45:2d:ba:a0:52:13:f6:ea:e3:56:65:03:d3:5c:05:ad
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

c9:bc:01:74:59:ff:dc:18:a4:c2:07:e6:a9:49:71:6d:47:0c:8f:36:1f:98:92:50:b4:8c:14:a5:ef:32:f1:c2
Signer

42:b8:4b:56:2c:76:90:9f:c8:04:1f:ab:9b:40:6c:bd:8e:01:2d:f9
Signer