55f579696f6db58f9d5d824fb78e0370

Sharing

Copy URL

Twitter E-mail

General

Target

55f579696f6db58f9d5d824fb78e0370
Size

2.6MB
MD5

55f579696f6db58f9d5d824fb78e0370
SHA1

a6c2e984472f750be0729bb4fd5bcda00263fba3
SHA256

debf351be78e09aba6a74dd649077d4b7ed011f244b6e0e0ab3c75577828862f
SHA512

44cffee4b22eb910c5deccb92398dd20f37b56519b749b30814153cd3babe2ed32593fe5b8c0fe6471cb76a6606622ebd7d1e6eb0f38811f4666cdf4f420087c
SSDEEP

49152:mN4/XczM/DOFk+uiLHsP762q56l2A7R7CjXBdXExt1QhSEt:mN4EsDOF3MOD5poJC7BhHhrt

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/DeskSpaceTrialSetup.exe	upx

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/$PLUGINSDIR/UAC.dll
unpack002/out.upx
unpack003/$PLUGINSDIR/UAC.dll

NSIS installer 3 IoCs

installer

resource	yara_rule
static1/unpack002/out.upx	nsis_installer_2
static1/unpack002/uninstaller.exe	nsis_installer_1
static1/unpack002/uninstaller.exe	nsis_installer_2

Files

55f579696f6db58f9d5d824fb78e0370
.rar
DeskSpaceTrialSetup.exe
.exe windows:4 windows x86 arch:x86

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17-05-2005 00:00

Not After

16-05-2010 23:59

Subject

CN=Comodo Time Stamping Signer,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

1d:0c:a5:94:c6:30:8f:92:f5:38:61:a3:26:96:8c:8a
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

19-03-2008 00:00

Not After

19-03-2009 23:59

Subject

CN=Otaku Software,O=Otaku Software,POSTALCODE=6004,STREET=14 Little Saunders Street East Perth,L=Perth,ST=Western Australia,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7e:da:b3:db:81:d2:dd:bb:45:69:5a:92:87:04:0e:d8:2e:58:1b:7c
Signer

Actual PE Digest

7e:da:b3:db:81:d2:dd:bb:45:69:5a:92:87:04:0e:d8:2e:58:1b:7c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 576KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 405KB - Virtual size: 408KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UAC.dll
.dll windows:4 windows x86 arch:x86

2457671c10c5aa708d9619798ec0139c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
SetLastError
CloseHandle
GlobalFree
LocalFree
FormatMessageA
MultiByteToWideChar
GetLastError
CreateProcessA
GlobalAlloc
lstrlenA
GetVersionExA
LoadLibraryA
lstrcatA
GetProcAddress
lstrcpynA
GetExitCodeProcess
WaitForSingleObject
lstrcmpiA
lstrcpyA
GetCurrentProcess
GetCurrentThread
GetCurrentProcessId
Sleep
CreateThread
GetStartupInfoA
GetCommandLineA
GetPrivateProfileIntA
GetPrivateProfileStringA
FreeLibrary
GetModuleHandleA

user32

EnableWindow
GetWindowLongA
DestroyWindow
LoadImageA
SetWindowLongA
EndDialog
MessageBoxA
SendMessageW
DialogBoxParamA
CharNextA
SendMessageTimeoutA
WaitForInputIdle
DefWindowProcA
PostMessageA
GetLastActivePopup
PostQuitMessage
SetForegroundWindow
DispatchMessageA
GetMessageA
CreateWindowExA
RegisterClassA
UnregisterClassA
GetWindowTextA
TranslateMessage
IsDialogMessageA
PeekMessageA
MsgWaitForMultipleObjects
IsWindow
ShowWindow
wsprintfA
GetDlgItem
SendMessageA
LoadStringA
SetWindowTextA

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shell32

ShellExecuteExA

ole32

CoInitialize
CoUninitialize

Exports

Exports

Exec
ExecCodeSegment
ExecWait
GetElevationType
GetOuterHwnd
IsAdmin
RunElevated
ShellExec
ShellExecWait
StackPush
SupportsUAC
Unload

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/install_shortcut_options.ini
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
English.lng
backgrounds/Blue Gradient/back.jpg
.jpg
backgrounds/Blue Gradient/bottom.jpg
.jpg
backgrounds/Blue Gradient/front.jpg
.jpg
backgrounds/Blue Gradient/left.jpg
.jpg
backgrounds/Blue Gradient/right.jpg
.jpg
backgrounds/Blue Gradient/top.jpg
.jpg
backgrounds/Blue Sky Mountain (Hi-Res)/back.jpg
.jpg
backgrounds/Blue Sky Mountain (Hi-Res)/bottom.jpg
.jpg
backgrounds/Blue Sky Mountain (Hi-Res)/front.jpg
.jpg
backgrounds/Blue Sky Mountain (Hi-Res)/left.jpg
.jpg
backgrounds/Blue Sky Mountain (Hi-Res)/right.jpg
.jpg
backgrounds/Blue Sky Mountain (Hi-Res)/top.jpg
.jpg
backgrounds/Green Beach/back.jpg
.jpg
backgrounds/Green Beach/bottom.jpg
.jpg
backgrounds/Green Beach/front.jpg
.jpg
backgrounds/Green Beach/left.jpg
.jpg
backgrounds/Green Beach/right.jpg
.jpg
backgrounds/Green Beach/top.jpg
.jpg
backgrounds/Orange Gradient/back.jpg
.jpg
backgrounds/Orange Gradient/bottom.jpg
.jpg
backgrounds/Orange Gradient/front.jpg
.jpg
backgrounds/Orange Gradient/left.jpg
.jpg
backgrounds/Orange Gradient/right.jpg
.jpg
backgrounds/Orange Gradient/top.jpg
.jpg
backgrounds/Red Sky, Black Earth/back.jpg
.jpg
backgrounds/Red Sky, Black Earth/bottom.jpg
.jpg
backgrounds/Red Sky, Black Earth/front.jpg
.jpg
backgrounds/Red Sky, Black Earth/left.jpg
.jpg
backgrounds/Red Sky, Black Earth/right.jpg
.jpg
backgrounds/Red Sky, Black Earth/top.jpg
.jpg
backgrounds/Tranquil/back.jpg
.jpg
backgrounds/Tranquil/bottom.jpg
.jpg
backgrounds/Tranquil/front.jpg
.jpg
backgrounds/Tranquil/left.jpg
.jpg
backgrounds/Tranquil/right.jpg
.jpg
backgrounds/Tranquil/top.jpg
.jpg
backgrounds/White/back.jpg
.jpg
backgrounds/White/bottom.jpg
.jpg
backgrounds/White/front.jpg
.jpg
backgrounds/White/left.jpg
.jpg
backgrounds/White/top.jpg
.jpg
deskspace.exe
.exe windows:5 windows x86 arch:x86

f433e7fcc51e68080022754836705744

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17-05-2005 00:00

Not After

16-05-2010 23:59

Subject

CN=Comodo Time Stamping Signer,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

1d:0c:a5:94:c6:30:8f:92:f5:38:61:a3:26:96:8c:8a
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

19-03-2008 00:00

Not After

19-03-2009 23:59

Subject

CN=Otaku Software,O=Otaku Software,POSTALCODE=6004,STREET=14 Little Saunders Street East Perth,L=Perth,ST=Western Australia,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4e:31:59:21:86:6d:c1:95:0f:64:11:4a:72:b3:42:94:b0:2e:ff:48
Signer

Actual PE Digest

4e:31:59:21:86:6d:c1:95:0f:64:11:4a:72:b3:42:94:b0:2e:ff:48

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
LoadLibraryA
GetProcAddress
ExitProcess
VirtualAlloc
VirtualFree

user32

MessageBoxA

Sections

.text
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

y86g2meb
Size: 221KB - Virtual size: 224KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 554KB - Virtual size: 556KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

afhwdjc8
Size: - Virtual size: 340KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

v.t3lb8v
Size: 802KB - Virtual size: 804KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

vm83lyzo
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
deskspace1554.dll
.dll windows:5 windows x86 arch:x86

851508d26c5f2aacbb0937adc4fc6573

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17-05-2005 00:00

Not After

16-05-2010 23:59

Subject

CN=Comodo Time Stamping Signer,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

1d:0c:a5:94:c6:30:8f:92:f5:38:61:a3:26:96:8c:8a
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

19-03-2008 00:00

Not After

19-03-2009 23:59

Subject

CN=Otaku Software,O=Otaku Software,POSTALCODE=6004,STREET=14 Little Saunders Street East Perth,L=Perth,ST=Western Australia,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

15:4a:18:67:dc:64:02:a6:a2:d5:ba:63:8f:7a:a9:fd:6a:65:3c:41
Signer

Actual PE Digest

15:4a:18:67:dc:64:02:a6:a2:d5:ba:63:8f:7a:a9:fd:6a:65:3c:41

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
CloseHandle
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
HeapSize
GetConsoleMode
GetConsoleCP
SetFilePointer
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
LoadLibraryA
HeapReAlloc
VirtualAlloc
RtlUnwind
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
VirtualFree
HeapDestroy
HeapCreate
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentThreadId
GetCommandLineA
HeapFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
Sleep
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA

user32

PostMessageW
CallNextHookEx
GetClassNameW
IsWindow
SetWinEventHook
SetWindowsHookExW
UnhookWindowsHookEx
UnhookWinEvent
IsWindowVisible
SendMessageTimeoutW

shlwapi

PathRemoveExtensionW
PathAppendW
PathStripPathW
PathFindExtensionW
PathRemoveFileSpecW

Exports

Exports

?Register@NDeskSpaceDLL@@YA?AW4RESULT@NLibrary@@PAUHWND__@@@Z
?Unregister@NDeskSpaceDLL@@YAXXZ

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.DESKSPA
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
deskspace1554_x64.dll
.dll windows:5 windows x64 arch:x64

ab6e882999488faad92cb5a5e9d44379

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17-05-2005 00:00

Not After

16-05-2010 23:59

Subject

CN=Comodo Time Stamping Signer,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

1d:0c:a5:94:c6:30:8f:92:f5:38:61:a3:26:96:8c:8a
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

19-03-2008 00:00

Not After

19-03-2009 23:59

Subject

CN=Otaku Software,O=Otaku Software,POSTALCODE=6004,STREET=14 Little Saunders Street East Perth,L=Perth,ST=Western Australia,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

aa:0a:67:74:d9:2b:67:c0:f4:b4:e8:28:4c:74:f0:96:fe:7c:d7:07
Signer

Actual PE Digest

aa:0a:67:74:d9:2b:67:c0:f4:b4:e8:28:4c:74:f0:96:fe:7c:d7:07

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

user32

SetWindowsHookExW
UnhookWindowsHookEx
PostMessageW
CallNextHookEx

kernel32

GetSystemTimeAsFileTime
GetCurrentThreadId
FlsSetValue
GetCommandLineA
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
GetLastError
FlsAlloc
HeapFree
Sleep
GetModuleHandleW
GetProcAddress
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
RtlUnwindEx
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
HeapReAlloc
WriteFile
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
HeapSize

Exports

Exports

?Register@NDeskSpaceDLL_x64@@YA?AW4RESULT@NLibrary@@PEAUHWND__@@@Z
?Unregister@NDeskSpaceDLL_x64@@YAXXZ

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.DESKSPA
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 574B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
deskspace_x64.exe
.exe windows:5 windows x64 arch:x64

823e97878e3e5fc80266e8040931d557

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17-05-2005 00:00

Not After

16-05-2010 23:59

Subject

CN=Comodo Time Stamping Signer,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

1d:0c:a5:94:c6:30:8f:92:f5:38:61:a3:26:96:8c:8a
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

19-03-2008 00:00

Not After

19-03-2009 23:59

Subject

CN=Otaku Software,O=Otaku Software,POSTALCODE=6004,STREET=14 Little Saunders Street East Perth,L=Perth,ST=Western Australia,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

47:42:6f:16:7d:66:35:54:d2:32:87:3d:1d:00:db:24:eb:77:11:bd
Signer

Actual PE Digest

47:42:6f:16:7d:66:35:54:d2:32:87:3d:1d:00:db:24:eb:77:11:bd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

deskspace1554_x64

?Register@NDeskSpaceDLL_x64@@YA?AW4RESULT@NLibrary@@PEAUHWND__@@@Z
?Unregister@NDeskSpaceDLL_x64@@YAXXZ

kernel32

GetProcAddress
WaitForSingleObject
OpenMutexW
GetLastError
CloseHandle
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
HeapReAlloc
HeapSize
GetConsoleMode
GetConsoleCP
SetFilePointer
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
HeapAlloc
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
LoadLibraryA
EnterCriticalSection
LeaveCriticalSection
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapFree
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapCreate
HeapSetInformation
FlsAlloc
GetCurrentThreadId
SetLastError
FlsFree
GetCommandLineA
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetModuleHandleW
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
RtlUnwindEx
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue

user32

FindWindowW

shlwapi

PathFindExtensionW
PathRemoveExtensionW
PathRemoveFileSpecW
PathAppendW
PathStripPathW

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 418KB - Virtual size: 417KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
help/html/configuring_deskspace.html
.html
help/html/getting_started.html
.html
help/html/using_deskspace.html
.html
help/images/menu.gif
.gif
help/images/options_activation.gif
.gif
help/images/options_desktop.gif
.gif
help/images/options_display.gif
.gif
help/images/options_language.gif
.gif
help/images/options_mouse.gif
.gif
help/images/options_zoom.gif
.gif
help/images/screen_activation.jpg
.jpg
help/images/screen_manage_desktop_application_rules.gif
.gif
help/images/screen_manage_desktop_icons.gif
.gif
help/images/screen_manage_desktop_wallpaper.gif
.gif
help/images/screen_manage_desktop_windows.gif
.gif
help/images/screen_window_dragging.jpg
.jpg
help/images/systray.gif
.gif
help/images/title.gif
.gif
help/index.html
.html
help/style/body.css
help/style/default.css
help/style/footer.css
help/style/header.css
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 406KB - Virtual size: 406KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
uninstaller.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17-05-2005 00:00

Not After

16-05-2010 23:59

Subject

CN=Comodo Time Stamping Signer,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

1d:0c:a5:94:c6:30:8f:92:f5:38:61:a3:26:96:8c:8a
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

19-03-2008 00:00

Not After

19-03-2009 23:59

Subject

CN=Otaku Software,O=Otaku Software,POSTALCODE=6004,STREET=14 Little Saunders Street East Perth,L=Perth,ST=Western Australia,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

43:6d:60:ae:7d:9b:06:62:a8:28:23:87:2f:17:f9:ab:ed:4f:56:5f
Signer

Actual PE Digest

43:6d:60:ae:7d:9b:06:62:a8:28:23:87:2f:17:f9:ab:ed:4f:56:5f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 406KB - Virtual size: 406KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UAC.dll
.dll windows:4 windows x86 arch:x86

2457671c10c5aa708d9619798ec0139c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
SetLastError
CloseHandle
GlobalFree
LocalFree
FormatMessageA
MultiByteToWideChar
GetLastError
CreateProcessA
GlobalAlloc
lstrlenA
GetVersionExA
LoadLibraryA
lstrcatA
GetProcAddress
lstrcpynA
GetExitCodeProcess
WaitForSingleObject
lstrcmpiA
lstrcpyA
GetCurrentProcess
GetCurrentThread
GetCurrentProcessId
Sleep
CreateThread
GetStartupInfoA
GetCommandLineA
GetPrivateProfileIntA
GetPrivateProfileStringA
FreeLibrary
GetModuleHandleA

user32

EnableWindow
GetWindowLongA
DestroyWindow
LoadImageA
SetWindowLongA
EndDialog
MessageBoxA
SendMessageW
DialogBoxParamA
CharNextA
SendMessageTimeoutA
WaitForInputIdle
DefWindowProcA
PostMessageA
GetLastActivePopup
PostQuitMessage
SetForegroundWindow
DispatchMessageA
GetMessageA
CreateWindowExA
RegisterClassA
UnregisterClassA
GetWindowTextA
TranslateMessage
IsDialogMessageA
PeekMessageA
MsgWaitForMultipleObjects
IsWindow
ShowWindow
wsprintfA
GetDlgItem
SendMessageA
LoadStringA
SetWindowTextA

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shell32

ShellExecuteExA

ole32

CoInitialize
CoUninitialize

Exports

Exports

Exec
ExecCodeSegment
ExecWait
GetElevationType
GetOuterHwnd
IsAdmin
RunElevated
ShellExec
ShellExecWait
StackPush
SupportsUAC
Unload

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89Certificate

Extended Key Usages

Key Usages

1d:0c:a5:94:c6:30:8f:92:f5:38:61:a3:26:96:8c:8aCertificate

Extended Key Usages

Key Usages

7e:da:b3:db:81:d2:dd:bb:45:69:5a:92:87:04:0e:d8:2e:58:1b:7cSigner

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 576KB

UPX1 Size: 17KB - Virtual size: 20KB

.rsrc Size: 405KB - Virtual size: 408KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 1012B

2457671c10c5aa708d9619798ec0139c

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 11KB

.data Size: 1024B - Virtual size: 1008B

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 1KB - Virtual size: 1KB

f433e7fcc51e68080022754836705744

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89Certificate

Extended Key Usages

Key Usages

1d:0c:a5:94:c6:30:8f:92:f5:38:61:a3:26:96:8c:8aCertificate

Extended Key Usages

Key Usages

4e:31:59:21:86:6d:c1:95:0f:64:11:4a:72:b3:42:94:b0:2e:ff:48Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Sections

.text Size: - Virtual size: 1.1MB

y86g2meb Size: 221KB - Virtual size: 224KB

.data Size: - Virtual size: 112KB

.data1 Size: - Virtual size: 4KB

.rsrc Size: 554KB - Virtual size: 556KB

afhwdjc8 Size: - Virtual size: 340KB

v.t3lb8v Size: 802KB - Virtual size: 804KB

vm83lyzo Size: 512B - Virtual size: 4KB

851508d26c5f2aacbb0937adc4fc6573

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89Certificate

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

1d:0c:a5:94:c6:30:8f:92:f5:38:61:a3:26:96:8c:8a
Certificate

7e:da:b3:db:81:d2:dd:bb:45:69:5a:92:87:04:0e:d8:2e:58:1b:7c
Signer

UPX0
Size: - Virtual size: 576KB

UPX1
Size: 17KB - Virtual size: 20KB

.rsrc
Size: 405KB - Virtual size: 408KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 1012B

.text
Size: 12KB - Virtual size: 11KB

.data
Size: 1024B - Virtual size: 1008B

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 1KB - Virtual size: 1KB

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

1d:0c:a5:94:c6:30:8f:92:f5:38:61:a3:26:96:8c:8a
Certificate

4e:31:59:21:86:6d:c1:95:0f:64:11:4a:72:b3:42:94:b0:2e:ff:48
Signer

.text
Size: - Virtual size: 1.1MB

y86g2meb
Size: 221KB - Virtual size: 224KB

.data
Size: - Virtual size: 112KB

.data1
Size: - Virtual size: 4KB

.rsrc
Size: 554KB - Virtual size: 556KB

afhwdjc8
Size: - Virtual size: 340KB

v.t3lb8v
Size: 802KB - Virtual size: 804KB

vm83lyzo
Size: 512B - Virtual size: 4KB

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

1d:0c:a5:94:c6:30:8f:92:f5:38:61:a3:26:96:8c:8a
Certificate

15:4a:18:67:dc:64:02:a6:a2:d5:ba:63:8f:7a:a9:fd:6a:65:3c:41
Signer

.text
Size: 36KB - Virtual size: 35KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 11KB

.DESKSPA
Size: 512B - Virtual size: 20B

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 6KB - Virtual size: 6KB

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

1d:0c:a5:94:c6:30:8f:92:f5:38:61:a3:26:96:8c:8a
Certificate

aa:0a:67:74:d9:2b:67:c0:f4:b4:e8:28:4c:74:f0:96:fe:7c:d7:07
Signer

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 8KB

.pdata
Size: 1KB - Virtual size: 1KB

.DESKSPA
Size: 512B - Virtual size: 16B

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 1024B - Virtual size: 574B

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

1d:0c:a5:94:c6:30:8f:92:f5:38:61:a3:26:96:8c:8a
Certificate

47:42:6f:16:7d:66:35:54:d2:32:87:3d:1d:00:db:24:eb:77:11:bd
Signer

.text
Size: 35KB - Virtual size: 34KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 6KB - Virtual size: 14KB

.pdata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 418KB - Virtual size: 417KB