OInstallv7[.]7[.]7[.]5[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

OInstallv7.7.7.5.rar
Size

43.0MB
MD5

d9f6e4167ea2e53d182d684de8f43872
SHA1

64281157ee6b1d54673d6c3947babc4bd56d9bf9
SHA256

23631416cd1d76d8b9b1bb014b3f5f96ab7dcb93e60d38fdc1a6896f9245df95
SHA512

e4ae6f6ff657d26562d958683a7cf613c2514f12e186679b80edec3dcae0cb7648a2da0f99edaffb6fa48f19ef0c78e8fdd4e52847e0c738c3ff52ee7f2d8c29
SSDEEP

786432:O4CJOs7kZgnYTLlR0Z0VXw5H7I/eQuZiuSmVZi/Hk1ItznOXTnt:O4CJOs7ki80GVg5H7IeN3iM1IYjt

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Office 2013-2024 C2R Install v7.7.7.5/AAct v4.3.1 Portable/AAct.exe	upx
static1/unpack001/Office 2013-2024 C2R Install v7.7.7.5/AAct v4.3.1 Portable/AAct_x64.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack002/out.upx
unpack003/out.upx

Files

OInstallv7.7.7.5.rar
.rar

Password: mawto
Office 2013-2024 C2R Install v7.7.7.5/AAct v4.3.1 Portable/AAct.exe
.exe windows:4 windows x86 arch:x86

Password: mawto

Code Sign

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

Issuer

CN=WZTeam

Not Before

02-11-2016 18:47

Not After

31-12-2039 23:59

Subject

CN=WZTeam

Extended Key Usages

ExtKeyUsageCodeSigning

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

Issuer

CN=WZTeam

Not Before

02-11-2016 18:47

Not After

31-12-2039 23:59

Subject

CN=WZTeam

Extended Key Usages

ExtKeyUsageCodeSigning

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8d:f6:89:2a:27:2f:36:04:95:cd:b9:7e:8b:3a:6e:fa:f1:ca:4f:48:6b:ab:ca:6b:ba:f5:38:e1:68:5f:fb:38
Signer

Actual PE Digest

8d:f6:89:2a:27:2f:36:04:95:cd:b9:7e:8b:3a:6e:fa:f1:ca:4f:48:6b:ab:ca:6b:ba:f5:38:e1:68:5f:fb:38

Digest Algorithm

sha256

PE Digest Matches

true

66:c2:cb:0d:c8:5d:c5:94:a4:4c:11:b1:de:ba:66:47:f5:6d:0d:29
Signer

Actual PE Digest

66:c2:cb:0d:c8:5d:c5:94:a4:4c:11:b1:de:ba:66:47:f5:6d:0d:29

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 69KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.code
Size: 157KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 489KB - Virtual size: 488KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Office 2013-2024 C2R Install v7.7.7.5/AAct v4.3.1 Portable/AAct_x64.exe
.exe windows:5 windows x64 arch:x64

Password: mawto

Code Sign

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

Issuer

CN=WZTeam

Not Before

02-11-2016 18:47

Not After

31-12-2039 23:59

Subject

CN=WZTeam

Extended Key Usages

ExtKeyUsageCodeSigning

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

Issuer

CN=WZTeam

Not Before

02-11-2016 18:47

Not After

31-12-2039 23:59

Subject

CN=WZTeam

Extended Key Usages

ExtKeyUsageCodeSigning

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

55:f7:7b:12:c0:a2:7a:d8:5f:cd:03:ee:0c:08:94:b0:ae:7d:be:3a:08:a0:cd:40:3a:7a:56:6b:20:53:cd:c8
Signer

Actual PE Digest

55:f7:7b:12:c0:a2:7a:d8:5f:cd:03:ee:0c:08:94:b0:ae:7d:be:3a:08:a0:cd:40:3a:7a:56:6b:20:53:cd:c8

Digest Algorithm

sha256

PE Digest Matches

true

75:c8:f4:bd:17:dd:b4:6a:57:26:55:c1:44:7a:30:73:d6:36:5e:0c
Signer

Actual PE Digest

75:c8:f4:bd:17:dd:b4:6a:57:26:55:c1:44:7a:30:73:d6:36:5e:0c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

UPX0
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 70KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x64 arch:x64

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.code
Size: 260KB - Virtual size: 259KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 578KB - Virtual size: 577KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Office 2013-2024 C2R Install v7.7.7.5/AAct v4.3.1 Portable/MAWTO.url
Office 2013-2024 C2R Install v7.7.7.5/AAct v4.3.1 Portable/readme_en.txt
Office 2013-2024 C2R Install v7.7.7.5/AAct v4.3.1 Portable/readme_ru.txt
Office 2013-2024 C2R Install v7.7.7.5/KMSoffline v2.4.1/KMSoffline.exe
.exe windows:4 windows x86 arch:x86

Password: mawto

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

Issuer

CN=WZTeam

Not Before

02-11-2016 18:47

Not After

31-12-2039 23:59

Subject

CN=WZTeam

Extended Key Usages

ExtKeyUsageCodeSigning

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:25:4b:a9:f7:1c:19:18:e0:57:fc:11:49:44:79:82:49:70:be:c3:b5:c4:b8:8c:fc:84:5b:44:be:1f:4c:cd
Signer

Actual PE Digest

0e:25:4b:a9:f7:1c:19:18:e0:57:fc:11:49:44:79:82:49:70:be:c3:b5:c4:b8:8c:fc:84:5b:44:be:1f:4c:cd

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Office 2013-2024 C2R Install v7.7.7.5/KMSoffline v2.4.1/KMSoffline_x64.exe
.exe windows:4 windows x64 arch:x64

Password: mawto

Code Sign

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

Issuer

CN=WZTeam

Not Before

02-11-2016 18:47

Not After

31-12-2039 23:59

Subject

CN=WZTeam

Extended Key Usages

ExtKeyUsageCodeSigning

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

12:81:b2:d7:06:5d:4a:ba:05:ef:a9:71:db:ff:88:44:4c:30:fc:70:24:79:6a:f7:81:40:95:23:77:81:01:da
Signer

Actual PE Digest

12:81:b2:d7:06:5d:4a:ba:05:ef:a9:71:db:ff:88:44:4c:30:fc:70:24:79:6a:f7:81:40:95:23:77:81:01:da

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Office 2013-2024 C2R Install v7.7.7.5/KMSoffline v2.4.1/MAWTO.url
Office 2013-2024 C2R Install v7.7.7.5/KMSoffline v2.4.1/readme_ru.txt
Office 2013-2024 C2R Install v7.7.7.5/OInstall.exe
.exe windows:4 windows x86 arch:x86

Password: mawto

1df3c70da4aff8702f51a0ad67847b17

Code Sign

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

Issuer

CN=WZTeam

Not Before

02-11-2016 18:47

Not After

31-12-2039 23:59

Subject

CN=WZTeam

Extended Key Usages

ExtKeyUsageCodeSigning

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

dc:e2:6e:2a:5a:56:58:eb:a1:26:98:be:37:1b:35:46:18:b8:dd:7c:b2:7f:57:0c:3d:c6:86:ae:ff:17:ea:fa
Signer

Actual PE Digest

dc:e2:6e:2a:5a:56:58:eb:a1:26:98:be:37:1b:35:46:18:b8:dd:7c:b2:7f:57:0c:3d:c6:86:ae:ff:17:ea:fa

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
setlocale
wcsncpy
wcslen
malloc
free
memmove
memcpy
strncmp
isdigit
wcscmp
wcscpy
wcscat
sprintf
_wstat
_wcsdup
strcmp
??3@YAXPAX@Z
??2@YAPAXI@Z
rand
fwrite
strncpy
floor
_CIcos
_CIsin
log10
_wfopen
fseek
fclose
_CIfmod
fread
longjmp
_setjmp3
_wcsnicmp
_wcsicmp
wcsncmp
_snwprintf
tolower
localtime
mktime
_itow
_wtoi
gmtime
abs
sqrt
fmod
ftell
pow
wcsstr
swscanf
_close
calloc
_lseeki64
_errno
realloc
_snprintf
abort
_wopen
_setmode
exit
wcschr
_open_osfhandle
_strdup
strrchr
wctomb
_get_osfhandle
_open
toupper
mbstowcs
strchr
frexp
modf
_CIpow
fopen
strerror
atof
fflush
_vsnwprintf
_onexit
__dllonexit
cos
sin
ceil

kernel32

GetModuleHandleW
HeapCreate
GetEnvironmentVariableW
GetUserDefaultLangID
CreateSemaphoreW
GetLastError
CloseHandle
HeapDestroy
ExitProcess
GetShortPathNameW
Sleep
GetCurrentThreadId
CreateToolhelp32Snapshot
GetCurrentProcess
CreateProcessW
GetExitCodeThread
GetCurrentProcessId
OpenProcess
Process32FirstW
Process32NextW
LocalFree
SetLastError
TerminateProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
DeleteCriticalSection
TryEnterCriticalSection
CreateThread
TerminateThread
HeapFree
HeapAlloc
MultiByteToWideChar
GetModuleFileNameW
SetEnvironmentVariableW
DuplicateHandle
CreatePipe
GetStdHandle
GetCommandLineW
PeekNamedPipe
GetExitCodeProcess
ReadFile
HeapReAlloc
CreateFileW
GetFileSize
DeleteFileW
WriteFile
GlobalAlloc
GlobalLock
GlobalHandle
GlobalUnlock
GlobalFree
lstrcpyA
lstrcpynA
FreeLibrary
LoadLibraryExW
GetProcAddress
TlsAlloc
TlsSetValue
GetTickCount
TlsGetValue
LoadLibraryW
WideCharToMultiByte
GetVersionExW
SetFileAttributesW
GetDriveTypeW
FindFirstFileW
FindClose
GetFileAttributesW
CopyFileW
GetTempPathW
GetLongPathNameW
FindNextFileW
RemoveDirectoryW
CreateDirectoryW
SetCurrentDirectoryW
GetCurrentDirectoryW
SetFilePointer
MulDiv
GetLocalTime
TlsFree
InterlockedCompareExchange
InterlockedExchange
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
IsValidCodePage
GetACP
GetOEMCP
GetFileType
GetFileInformationByHandle
GetFileAttributesA
CreateFileA
GetFullPathNameW
UnregisterWait
GetCurrentThread
RegisterWaitForSingleObject

user32

SetForegroundWindow
GetKeyState
OemToCharW
GetSysColor
GetDlgCtrlID
CallWindowProcW
SetWindowLongW
GetWindowLongW
GetClientRect
FillRect
GetClassNameW
GetWindow
SetWindowPos
InvalidateRect
FindWindowW
BeginPaint
EndPaint
UpdateWindow
SendMessageW
GetCursorPos
WindowFromPoint
CallNextHookEx
PeekMessageW
TranslateMessage
DispatchMessageW
IsWindowEnabled
RedrawWindow
SetClassLongW
GetClassLongW
GetWindowRect
OffsetRect
IsRectEmpty
MapWindowPoints
SubtractRect
IsWindow
GetParent
GetDC
ReleaseDC
DefWindowProcW
GetAsyncKeyState
KillTimer
ScreenToClient
SetTimer
DrawTextW
FrameRect
InflateRect
SetWindowsHookExW
UnhookWindowsHookEx
FindWindowExW
DrawFrameControl
GetWindowTextW
PostMessageW
MessageBoxW
GetForegroundWindow
GetWindowThreadProcessId
IsWindowVisible
EnableWindow
EnumWindows
wsprintfA
LoadIconW
RegisterClassExW
CreateWindowExW
DestroyWindow
SystemParametersInfoW
ShowWindow
GetWindowTextLengthW
GetSystemMetrics
GetSysColorBrush
SetRect
SetPropW
GetPropW
RemovePropW
SetWindowTextW
GetIconInfo
DrawStateW
GetFocus
DrawFocusRect
ValidateRect
ReleaseCapture
SetCapture
MoveWindow
ClientToScreen
LoadCursorW
IntersectRect
SetFocus
GetUpdateRect
SetScrollPos
GetWindowDC
SetCursor
GetMessagePos
GetScrollPos
EnumPropsExW
SetActiveWindow
DestroyIcon
IsZoomed
IsIconic
RegisterClassW
AdjustWindowRectEx
UnregisterClassW
CreateAcceleratorTableW
MsgWaitForMultipleObjects
GetMessageW
GetActiveWindow
TranslateAcceleratorW
GetMenu
DefFrameProcW
DestroyAcceleratorTable
EnumChildWindows
IsChild
RegisterWindowMessageW
EnumDisplayDevicesW
EnumDisplaySettingsW
DrawIconEx
CopyImage
CreateIconFromResourceEx
CreateIconFromResource
CharLowerW
CharUpperW

gdi32

CreatePen
CreateSolidBrush
SelectObject
DeleteDC
DeleteObject
CreatePatternBrush
CreateRoundRectRgn
GetPixel
CreateCompatibleDC
SelectClipRgn
BitBlt
GetStockObject
RoundRect
SetBkMode
SetTextColor
SetDCBrushColor
SetBrushOrgEx
CreateFontIndirectW
GetTextExtentPoint32W
SetBkColor
CreateRectRgn
GetObjectW
GetObjectType
CreateCompatibleBitmap
OffsetViewportOrgEx
SetViewportOrgEx
ExcludeClipRect
CreateRectRgnIndirect
TextOutW
MoveToEx
LineTo
CreateDCW
CreateDIBSection
GetClipRgn
ExtSelectClipRgn
GetDeviceCaps
SelectPalette
RealizePalette
GetDIBits
SetPixelV
Rectangle
Ellipse
SetStretchBltMode
StretchDIBits
StretchBlt
SetROP2
ExtFloodFill
SetTextAlign
GetTextMetricsW
GdiGetBatchLimit
GdiSetBatchLimit
CreateBitmap
SetPixel
CreateFontW

advapi32

RegOpenKeyExW
RegOpenKeyW
RegConnectRegistryW
RegQueryValueExW
RegCloseKey
RegDeleteKeyW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
GetTokenInformation
LookupAccountSidW
IsValidSid
GetSidSubAuthorityCount
GetSidSubAuthority
CloseServiceHandle
CreateProcessAsUserW
DuplicateTokenEx
GetLengthSid
GetSecurityInfo
ImpersonateLoggedOnUser
OpenSCManagerW
OpenServiceW
QueryServiceStatus
RegSetValueExW
RevertToSelf
SetSecurityInfo
SetTokenInformation
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext

ole32

CoInitialize
CoCreateInstance
CoUninitialize
CoTaskMemFree
RevokeDragDrop

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFolderLocation

shlwapi

PathMatchSpecW

winmm

timeBeginPeriod

msimg32

AlphaBlend

gdiplus

GdipDeleteFont
GdipDeleteGraphics
GdipDeletePath
GdipDeleteMatrix
GdipDeletePen
GdipDeleteStringFormat
GdipFree
GdipGetDpiX
GdipGetDpiY

uxtheme

SetWindowTheme

comctl32

InitCommonControlsEx
ImageList_Replace
ImageList_Add
ImageList_ReplaceIcon
ImageList_Remove
ImageList_AddMasked
ImageList_Destroy
ImageList_Create
ImageList_GetIconSize

Sections

.code
Size: 327KB - Virtual size: 326KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 734KB - Virtual size: 733KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

'.text'
Size: 512B - Virtual size: 21B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16.7MB - Virtual size: 17.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.modplug
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Office 2013-2024 C2R Install v7.7.7.5/OInstallLite.exe
.exe windows:4 windows x86 arch:x86

Password: mawto

198944bea6b79023d598152eae80344b

Code Sign

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

Issuer

CN=WZTeam

Not Before

02-11-2016 18:47

Not After

31-12-2039 23:59

Subject

CN=WZTeam

Extended Key Usages

ExtKeyUsageCodeSigning

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:e1:75:f9:28:23:e8:fb:53:51:6e:b8:69:95:e0:82:6b:d6:07:44:66:dd:41:f4:2e:d2:dd:41:89:c8:cf:f3
Signer

Actual PE Digest

4e:e1:75:f9:28:23:e8:fb:53:51:6e:b8:69:95:e0:82:6b:d6:07:44:66:dd:41:f4:2e:d2:dd:41:89:c8:cf:f3

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

setlocale
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
_controlfp
memset
wcsncpy
wcslen
memmove
memcpy
strncmp
isdigit
malloc
free
wcscpy
wcscat
wcscmp
sprintf
_wstat
_wcsdup
strcmp
??3@YAXPAX@Z
??2@YAPAXI@Z
rand
fwrite
strncpy
floor
_CIcos
_CIsin
log10
_wfopen
fseek
fclose
fread
longjmp
_setjmp3
_wcsnicmp
_wcsicmp
wcsncmp
_snwprintf
tolower
localtime
mktime
_itow
_wtoi
gmtime
abs
sqrt
fmod
ftell
pow
wcsstr
swscanf
_close
calloc
_lseeki64
_errno
realloc
_snprintf
abort
_wopen
_setmode
wcschr
_open_osfhandle
_strdup
strrchr
wctomb
_get_osfhandle
_open
toupper
mbstowcs
strchr
frexp
modf
_CIpow
fopen
strerror
atof
fflush
_vsnwprintf
cos
sin
ceil

kernel32

GetShortPathNameW
GetEnvironmentVariableW
Sleep
GetCurrentThreadId
CreateToolhelp32Snapshot
CloseHandle
GetCurrentProcess
CreateProcessW
GetExitCodeThread
GetCurrentProcessId
OpenProcess
Process32FirstW
Process32NextW
GetModuleHandleW
HeapCreate
GetUserDefaultLangID
CreateSemaphoreW
GetLastError
HeapDestroy
ExitProcess
GetStartupInfoA
GetModuleHandleA
CreateThread
EnterCriticalSection
WaitForSingleObject
LeaveCriticalSection
InitializeCriticalSection
TerminateThread
DeleteCriticalSection
TryEnterCriticalSection
HeapFree
HeapAlloc
MultiByteToWideChar
DuplicateHandle
CreatePipe
GetStdHandle
PeekNamedPipe
GetExitCodeProcess
GetModuleFileNameW
GetCommandLineW
ReadFile
SetEnvironmentVariableW
HeapReAlloc
CreateFileW
GetFileSize
DeleteFileW
WriteFile
GlobalAlloc
GlobalLock
GlobalHandle
GlobalUnlock
GlobalFree
lstrcpyA
lstrcpynA
LoadLibraryExW
GetProcAddress
FreeLibrary
LoadLibraryW
WideCharToMultiByte
GetVersionExW
SetLastError
CreateDirectoryW
FindFirstFileW
FindNextFileW
FindClose
SetFileAttributesW
RemoveDirectoryW
GetDriveTypeW
GetFileAttributesW
SetCurrentDirectoryW
CopyFileW
GetCurrentDirectoryW
GetTempPathW
GetLongPathNameW
SetFilePointer
MulDiv
GetLocalTime
TlsSetValue
TlsGetValue
TlsAlloc
TlsFree
InterlockedCompareExchange
InterlockedExchange
GetTickCount
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
IsValidCodePage
GetACP
GetOEMCP
GetFileType
GetFileInformationByHandle
GetFileAttributesA
CreateFileA
GetFullPathNameW
UnregisterWait
GetCurrentThread
RegisterWaitForSingleObject

user32

OemToCharW
GetSysColor
GetDlgCtrlID
CallWindowProcW
SetWindowLongW
GetWindowLongW
GetClientRect
FillRect
GetClassNameW
GetWindow
SetWindowPos
InvalidateRect
FindWindowW
SetForegroundWindow
GetKeyState
BeginPaint
EndPaint
UpdateWindow
SendMessageW
GetCursorPos
WindowFromPoint
CallNextHookEx
PeekMessageW
TranslateMessage
DispatchMessageW
IsWindowEnabled
RedrawWindow
SetClassLongW
GetClassLongW
GetWindowRect
OffsetRect
IsRectEmpty
MapWindowPoints
SubtractRect
IsWindow
GetParent
GetDC
ReleaseDC
DefWindowProcW
GetAsyncKeyState
KillTimer
ScreenToClient
SetTimer
DrawTextW
FrameRect
InflateRect
SetWindowsHookExW
UnhookWindowsHookEx
FindWindowExW
DrawFrameControl
GetWindowTextW
PostMessageW
MessageBoxW
GetForegroundWindow
GetWindowThreadProcessId
IsWindowVisible
EnableWindow
EnumWindows
wsprintfA
LoadIconW
RegisterClassExW
CreateWindowExW
GetWindowTextLengthW
GetSystemMetrics
GetSysColorBrush
SetRect
SetPropW
GetPropW
RemovePropW
SetWindowTextW
ShowWindow
GetIconInfo
DrawStateW
GetFocus
DrawFocusRect
ValidateRect
DestroyWindow
MoveWindow
ReleaseCapture
SetCapture
ClientToScreen
SystemParametersInfoW
LoadCursorW
IntersectRect
SetFocus
GetUpdateRect
SetScrollPos
GetWindowDC
SetCursor
GetMessagePos
GetScrollPos
EnumPropsExW
RegisterClassW
AdjustWindowRectEx
UnregisterClassW
CreateAcceleratorTableW
SetActiveWindow
IsZoomed
IsIconic
MsgWaitForMultipleObjects
GetMessageW
GetActiveWindow
TranslateAcceleratorW
DestroyIcon
GetMenu
DefFrameProcW
DestroyAcceleratorTable
EnumChildWindows
IsChild
RegisterWindowMessageW
EnumDisplayDevicesW
EnumDisplaySettingsW
DrawIconEx
CopyImage
CreateIconFromResourceEx
CreateIconFromResource
CharUpperW
CharLowerW

gdi32

CreateSolidBrush
SelectObject
DeleteDC
DeleteObject
CreatePatternBrush
CreateRoundRectRgn
GetPixel
CreateCompatibleDC
SelectClipRgn
BitBlt
GetStockObject
RoundRect
SetBkMode
SetTextColor
SetDCBrushColor
SetBrushOrgEx
CreatePen
GetTextExtentPoint32W
SetBkColor
CreateRectRgn
GetObjectW
GetObjectType
CreateCompatibleBitmap
CreateFontIndirectW
OffsetViewportOrgEx
SetViewportOrgEx
ExcludeClipRect
CreateRectRgnIndirect
TextOutW
MoveToEx
LineTo
CreateDCW
CreateDIBSection
GetClipRgn
ExtSelectClipRgn
GetDeviceCaps
SelectPalette
RealizePalette
GetDIBits
SetPixelV
Rectangle
Ellipse
SetStretchBltMode
StretchDIBits
StretchBlt
SetROP2
ExtFloodFill
SetTextAlign
GetTextMetricsW
GdiGetBatchLimit
GdiSetBatchLimit
CreateBitmap
SetPixel
CreateFontW

advapi32

RegOpenKeyExW
RegOpenKeyW
RegConnectRegistryW
RegQueryValueExW
RegCloseKey
RegDeleteKeyW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
GetTokenInformation
LookupAccountSidW
IsValidSid
GetSidSubAuthorityCount
GetSidSubAuthority
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext

ole32

CoInitialize
CoCreateInstance
CoUninitialize
CoTaskMemFree
RevokeDragDrop

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFolderLocation

shlwapi

PathMatchSpecW

winmm

timeBeginPeriod

msimg32

AlphaBlend

gdiplus

GdipDeleteFont
GdipDeleteGraphics
GdipDeletePath
GdipDeleteMatrix
GdipDeletePen
GdipDeleteStringFormat
GdipFree
GdipGetDpiX
GdipGetDpiY

uxtheme

SetWindowTheme

comctl32

InitCommonControlsEx
ImageList_Replace
ImageList_Add
ImageList_ReplaceIcon
ImageList_Remove
ImageList_AddMasked
ImageList_Destroy
ImageList_Create
ImageList_GetIconSize

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12.1MB - Virtual size: 12.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.debug_l
Size: 512B - Virtual size: 119B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_i
Size: 512B - Virtual size: 38B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_a
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_a
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_s
Size: 512B - Virtual size: 153B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_f
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.modplug
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Office 2013-2024 C2R Install v7.7.7.5/OInstallLite_x64.exe
.exe windows:5 windows x64 arch:x64

Password: mawto

475c329e40a79c00306ca485af8d11b6

Code Sign

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

Issuer

CN=WZTeam

Not Before

02-11-2016 18:47

Not After

31-12-2039 23:59

Subject

CN=WZTeam

Extended Key Usages

ExtKeyUsageCodeSigning

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

43:df:93:11:cf:7f:ba:a7:b2:fb:f2:a7:2f:a3:db:8d:6e:cb:78:04:30:d6:ea:fa:33:77:17:18:59:64:72:d8
Signer

Actual PE Digest

43:df:93:11:cf:7f:ba:a7:b2:fb:f2:a7:2f:a3:db:8d:6e:cb:78:04:30:d6:ea:fa:33:77:17:18:59:64:72:d8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

memset
setlocale
__set_app_type
_fmode
_commode
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_cexit
_exit
_c_exit
_XcptFilter
__C_specific_handler
_onexit
__dllonexit
wcsncpy
wcslen
memcmp
memmove
memcpy
strncmp
isdigit
malloc
free
wcscpy
wcscat
wcscmp
sprintf
_wstat
_wcsdup
strcmp
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
log
pow
rand
fwrite
strncpy
powf
floor
cos
sin
log10
_wfopen
fseek
fclose
fread
longjmp
setjmp
_wcsnicmp
_wcsicmp
wcsncmp
_snwprintf
tolower
_localtime64
_mktime64
_itow
_wtoi
_gmtime64
sqrtf
abs
fmodf
ftell
wcsstr
swscanf
_close
calloc
_errno
_lseeki64
realloc
_snprintf
abort
_wopen
_setmode
wcschr
_open_osfhandle
_strdup
strrchr
wctomb
_get_osfhandle
_open
toupper
mbstowcs
strchr
frexp
modf
fopen
strerror
atof
fflush
_vsnwprintf
sinf
cosf
ceil

kernel32

GetShortPathNameW
GetEnvironmentVariableW
Sleep
GetCurrentThreadId
CreateToolhelp32Snapshot
CloseHandle
GetCurrentProcess
CreateProcessW
GetExitCodeThread
GetCurrentProcessId
OpenProcess
Process32FirstW
Process32NextW
GetModuleHandleW
HeapCreate
GetUserDefaultLangID
CreateSemaphoreW
GetLastError
HeapDestroy
ExitProcess
GetStartupInfoA
CreateThread
EnterCriticalSection
WaitForSingleObject
LeaveCriticalSection
InitializeCriticalSection
TerminateThread
DeleteCriticalSection
TryEnterCriticalSection
HeapFree
HeapAlloc
MultiByteToWideChar
DuplicateHandle
CreatePipe
GetStdHandle
PeekNamedPipe
GetExitCodeProcess
GetModuleFileNameW
GetCommandLineW
ReadFile
SetEnvironmentVariableW
HeapReAlloc
CreateFileW
GetFileSize
DeleteFileW
WriteFile
GlobalAlloc
GlobalLock
GlobalHandle
GlobalUnlock
GlobalFree
lstrcpyA
lstrcpynA
LoadLibraryExW
GetProcAddress
FreeLibrary
LoadLibraryW
WideCharToMultiByte
GetVersionExW
SetLastError
CreateDirectoryW
FindFirstFileW
FindNextFileW
FindClose
SetFileAttributesW
RemoveDirectoryW
GetDriveTypeW
GetFileAttributesW
SetCurrentDirectoryW
CopyFileW
GetCurrentDirectoryW
GetTempPathW
GetLongPathNameW
SetFilePointer
MulDiv
GetLocalTime
TlsSetValue
TlsGetValue
TlsAlloc
TlsFree
GetTickCount
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
IsValidCodePage
GetACP
GetOEMCP
GetFileType
GetFileInformationByHandle
GetFileAttributesA
CreateFileA
GetFullPathNameW
UnregisterWait
GetCurrentThread
RegisterWaitForSingleObject

user32

OemToCharW
GetSysColor
GetDlgCtrlID
CallWindowProcW
SetWindowLongPtrW
GetWindowLongPtrW
GetClientRect
FillRect
GetClassNameW
GetWindow
SetWindowPos
InvalidateRect
FindWindowW
SetForegroundWindow
GetKeyState
BeginPaint
EndPaint
UpdateWindow
SendMessageW
GetCursorPos
WindowFromPoint
CallNextHookEx
PeekMessageW
TranslateMessage
DispatchMessageW
IsWindowEnabled
RedrawWindow
SetClassLongPtrW
GetClassLongPtrW
GetWindowRect
OffsetRect
IsRectEmpty
MapWindowPoints
SubtractRect
IsWindow
GetParent
GetDC
ReleaseDC
DefWindowProcW
GetAsyncKeyState
KillTimer
ScreenToClient
SetTimer
DrawTextW
FrameRect
InflateRect
SetWindowsHookExW
UnhookWindowsHookEx
FindWindowExW
DrawFrameControl
GetWindowTextW
PostMessageW
MessageBoxW
GetForegroundWindow
GetWindowThreadProcessId
IsWindowVisible
EnableWindow
EnumWindows
wsprintfA
LoadIconW
RegisterClassExW
CreateWindowExW
GetWindowTextLengthW
GetSystemMetrics
GetSysColorBrush
SetRect
GetWindowLongW
SetPropW
GetPropW
RemovePropW
SetWindowTextW
ShowWindow
GetIconInfo
DrawStateW
GetFocus
DrawFocusRect
ValidateRect
DestroyWindow
MoveWindow
ReleaseCapture
SetCapture
ClientToScreen
LoadCursorW
IntersectRect
SetFocus
GetUpdateRect
SetScrollPos
GetWindowDC
SetCursor
GetMessagePos
SystemParametersInfoW
GetScrollPos
EnumPropsExW
RegisterClassW
AdjustWindowRectEx
UnregisterClassW
CreateAcceleratorTableW
SetActiveWindow
IsZoomed
IsIconic
MsgWaitForMultipleObjects
GetMessageW
GetActiveWindow
TranslateAcceleratorW
DestroyIcon
GetMenu
DefFrameProcW
DestroyAcceleratorTable
EnumChildWindows
IsChild
RegisterWindowMessageW
EnumDisplayDevicesW
EnumDisplaySettingsW
DrawIconEx
CopyImage
CreateIconFromResourceEx
CreateIconFromResource
CharUpperW
CharLowerW

gdi32

CreateSolidBrush
SelectObject
DeleteDC
DeleteObject
CreatePatternBrush
CreateRoundRectRgn
GetPixel
CreateCompatibleDC
SelectClipRgn
BitBlt
GetStockObject
RoundRect
SetBkMode
SetTextColor
SetDCBrushColor
SetBrushOrgEx
CreatePen
GetTextExtentPoint32W
SetBkColor
CreateRectRgn
GetObjectW
GetObjectType
CreateCompatibleBitmap
OffsetViewportOrgEx
SetViewportOrgEx
ExcludeClipRect
CreateRectRgnIndirect
TextOutW
MoveToEx
LineTo
CreateFontIndirectW
CreateDCW
CreateDIBSection
GetClipRgn
ExtSelectClipRgn
GetDeviceCaps
SelectPalette
RealizePalette
GetDIBits
SetPixelV
Rectangle
Ellipse
SetStretchBltMode
StretchDIBits
StretchBlt
SetROP2
ExtFloodFill
SetTextAlign
GetTextMetricsW
GdiGetBatchLimit
GdiSetBatchLimit
CreateBitmap
SetPixel
CreateFontW

advapi32

RegOpenKeyExW
RegOpenKeyW
RegConnectRegistryW
RegQueryValueExW
RegCloseKey
RegDeleteKeyW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
GetTokenInformation
LookupAccountSidW
IsValidSid
GetSidSubAuthorityCount
GetSidSubAuthority
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext

ole32

CoInitialize
CoCreateInstance
CoUninitialize
CoTaskMemFree
RevokeDragDrop

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFolderLocation

shlwapi

PathMatchSpecW

winmm

timeBeginPeriod

msimg32

AlphaBlend

gdiplus

GdipDeleteFont
GdipDeleteGraphics
GdipDeletePath
GdipDeleteMatrix
GdipDeletePen
GdipDeleteStringFormat
GdipFree
GdipGetDpiX
GdipGetDpiY

uxtheme

SetWindowTheme

comctl32

InitCommonControlsEx
ImageList_Replace
ImageList_Add
ImageList_ReplaceIcon
ImageList_Remove
ImageList_AddMasked
ImageList_Destroy
ImageList_Create
ImageList_GetIconSize

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 231KB - Virtual size: 231KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12.1MB - Virtual size: 12.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.debug_l
Size: 512B - Virtual size: 123B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_i
Size: 512B - Virtual size: 46B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_a
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_a
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_s
Size: 512B - Virtual size: 155B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_f
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.modplug
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Office 2013-2024 C2R Install v7.7.7.5/OInstall_x64.exe
.exe windows:5 windows x64 arch:x64

Password: mawto

32e10a07a0a21b800734c8b630e8a320

Code Sign

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

Issuer

CN=WZTeam

Not Before

02-11-2016 18:47

Not After

31-12-2039 23:59

Subject

CN=WZTeam

Extended Key Usages

ExtKeyUsageCodeSigning

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4d:86:93:d4:8b:65:8d:77:66:03:ff:a5:e1:e8:09:50:5a:2d:55:78:ba:56:f7:36:07:4a:8a:86:d7:57:92:b7
Signer

Actual PE Digest

4d:86:93:d4:8b:65:8d:77:66:03:ff:a5:e1:e8:09:50:5a:2d:55:78:ba:56:f7:36:07:4a:8a:86:d7:57:92:b7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

memset
setlocale
__set_app_type
_fmode
_commode
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_cexit
_exit
_c_exit
_XcptFilter
__C_specific_handler
_onexit
__dllonexit
wcsncpy
wcslen
memcmp
memmove
memcpy
strncmp
isdigit
malloc
free
wcscpy
wcscat
wcscmp
sprintf
_wstat
_wcsdup
strcmp
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
log
pow
rand
fwrite
strncpy
powf
floor
cos
sin
log10
_wfopen
fseek
fclose
fread
longjmp
setjmp
_wcsnicmp
_wcsicmp
wcsncmp
_snwprintf
tolower
_localtime64
_mktime64
_itow
_wtoi
_gmtime64
sqrtf
abs
fmodf
ftell
wcsstr
swscanf
_close
calloc
_errno
_lseeki64
realloc
_snprintf
abort
_wopen
_setmode
wcschr
_open_osfhandle
_strdup
strrchr
wctomb
_get_osfhandle
_open
toupper
mbstowcs
strchr
frexp
modf
fopen
strerror
atof
fflush
_vsnwprintf
sinf
cosf
ceil

kernel32

GetShortPathNameW
GetEnvironmentVariableW
Sleep
GetCurrentThreadId
CreateToolhelp32Snapshot
CloseHandle
GetCurrentProcess
CreateProcessW
GetExitCodeThread
GetCurrentProcessId
OpenProcess
Process32FirstW
Process32NextW
GetModuleHandleW
HeapCreate
GetUserDefaultLangID
CreateSemaphoreW
GetLastError
HeapDestroy
ExitProcess
GetStartupInfoA
CreateThread
EnterCriticalSection
WaitForSingleObject
LeaveCriticalSection
InitializeCriticalSection
TerminateThread
DeleteCriticalSection
TryEnterCriticalSection
HeapFree
HeapAlloc
MultiByteToWideChar
DuplicateHandle
CreatePipe
GetStdHandle
PeekNamedPipe
GetExitCodeProcess
GetModuleFileNameW
GetCommandLineW
ReadFile
SetEnvironmentVariableW
HeapReAlloc
CreateFileW
GetFileSize
DeleteFileW
WriteFile
GlobalAlloc
GlobalLock
GlobalHandle
GlobalUnlock
GlobalFree
lstrcpyA
lstrcpynA
LoadLibraryExW
GetProcAddress
FreeLibrary
LoadLibraryW
WideCharToMultiByte
GetVersionExW
SetLastError
CreateDirectoryW
FindFirstFileW
FindNextFileW
FindClose
SetFileAttributesW
RemoveDirectoryW
GetDriveTypeW
GetFileAttributesW
SetCurrentDirectoryW
CopyFileW
GetCurrentDirectoryW
GetTempPathW
GetLongPathNameW
SetFilePointer
MulDiv
GetLocalTime
TlsSetValue
TlsGetValue
TlsAlloc
TlsFree
GetTickCount
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
IsValidCodePage
GetACP
GetOEMCP
GetFileType
GetFileInformationByHandle
GetFileAttributesA
CreateFileA
GetFullPathNameW
UnregisterWait
GetCurrentThread
RegisterWaitForSingleObject

user32

OemToCharW
GetSysColor
GetDlgCtrlID
CallWindowProcW
SetWindowLongPtrW
GetWindowLongPtrW
GetClientRect
FillRect
GetClassNameW
GetWindow
SetWindowPos
InvalidateRect
FindWindowW
SetForegroundWindow
GetKeyState
BeginPaint
EndPaint
UpdateWindow
SendMessageW
GetCursorPos
WindowFromPoint
CallNextHookEx
PeekMessageW
TranslateMessage
DispatchMessageW
IsWindowEnabled
RedrawWindow
SetClassLongPtrW
GetClassLongPtrW
GetWindowRect
OffsetRect
IsRectEmpty
MapWindowPoints
SubtractRect
IsWindow
GetParent
GetDC
ReleaseDC
DefWindowProcW
GetAsyncKeyState
KillTimer
ScreenToClient
SetTimer
DrawTextW
FrameRect
InflateRect
SetWindowsHookExW
UnhookWindowsHookEx
FindWindowExW
DrawFrameControl
GetWindowTextW
PostMessageW
MessageBoxW
GetForegroundWindow
GetWindowThreadProcessId
IsWindowVisible
EnableWindow
EnumWindows
wsprintfA
LoadIconW
RegisterClassExW
CreateWindowExW
GetWindowTextLengthW
GetSystemMetrics
GetSysColorBrush
SetRect
GetWindowLongW
SetPropW
GetPropW
RemovePropW
SetWindowTextW
ShowWindow
GetIconInfo
DrawStateW
GetFocus
DrawFocusRect
ValidateRect
ReleaseCapture
SetCapture
MoveWindow
ClientToScreen
LoadCursorW
IntersectRect
SetFocus
GetUpdateRect
DestroyWindow
SetScrollPos
GetWindowDC
SetCursor
GetMessagePos
SystemParametersInfoW
GetScrollPos
EnumPropsExW
RegisterClassW
AdjustWindowRectEx
UnregisterClassW
CreateAcceleratorTableW
SetActiveWindow
IsZoomed
IsIconic
MsgWaitForMultipleObjects
GetMessageW
GetActiveWindow
TranslateAcceleratorW
DestroyIcon
GetMenu
DefFrameProcW
DestroyAcceleratorTable
EnumChildWindows
IsChild
RegisterWindowMessageW
EnumDisplayDevicesW
EnumDisplaySettingsW
DrawIconEx
CopyImage
CreateIconFromResourceEx
CreateIconFromResource
CharUpperW
CharLowerW

gdi32

CreateSolidBrush
SelectObject
DeleteDC
DeleteObject
CreatePatternBrush
CreateRoundRectRgn
GetPixel
CreateCompatibleDC
SelectClipRgn
BitBlt
GetStockObject
RoundRect
SetBkMode
SetTextColor
SetDCBrushColor
SetBrushOrgEx
CreatePen
GetTextExtentPoint32W
SetBkColor
CreateRectRgn
GetObjectW
GetObjectType
CreateCompatibleBitmap
OffsetViewportOrgEx
SetViewportOrgEx
ExcludeClipRect
CreateRectRgnIndirect
TextOutW
MoveToEx
LineTo
CreateFontIndirectW
CreateDCW
CreateDIBSection
GetClipRgn
ExtSelectClipRgn
GetDeviceCaps
SelectPalette
RealizePalette
GetDIBits
SetPixelV
Rectangle
Ellipse
SetStretchBltMode
StretchDIBits
StretchBlt
SetROP2
ExtFloodFill
SetTextAlign
GetTextMetricsW
GdiGetBatchLimit
GdiSetBatchLimit
CreateBitmap
SetPixel
CreateFontW

advapi32

RegOpenKeyExW
RegOpenKeyW
RegConnectRegistryW
RegQueryValueExW
RegCloseKey
RegDeleteKeyW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
GetTokenInformation
LookupAccountSidW
IsValidSid
GetSidSubAuthorityCount
GetSidSubAuthority
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext

ole32

CoInitialize
CoCreateInstance
CoUninitialize
CoTaskMemFree
RevokeDragDrop

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFolderLocation

shlwapi

PathMatchSpecW

winmm

timeBeginPeriod

msimg32

AlphaBlend

gdiplus

GdipDeleteFont
GdipDeleteGraphics
GdipDeletePath
GdipDeleteMatrix
GdipDeletePen
GdipDeleteStringFormat
GdipFree
GdipGetDpiX
GdipGetDpiY

uxtheme

SetWindowTheme

comctl32

InitCommonControlsEx
ImageList_Replace
ImageList_Add
ImageList_ReplaceIcon
ImageList_Remove
ImageList_AddMasked
ImageList_Destroy
ImageList_Create
ImageList_GetIconSize

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 231KB - Virtual size: 231KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16.9MB - Virtual size: 17.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.debug_l
Size: 512B - Virtual size: 123B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_i
Size: 512B - Virtual size: 46B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_a
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_a
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_s
Size: 512B - Virtual size: 155B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_f
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.modplug
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Office 2013-2024 C2R Install v7.7.7.5/readme_en.txt
Office 2013-2024 C2R Install v7.7.7.5/วิธีติดตั้ง Office 2013-2024.pdf
.pdf
Office 2013-2024 C2R Install v7.7.7.5/อ่านก่อน!.txt

Sharing

General

Malware Config

Signatures

Files

Password: mawto

Password: mawto

Code Sign

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9eCertificate

Extended Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9eCertificate

Extended Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

8d:f6:89:2a:27:2f:36:04:95:cd:b9:7e:8b:3a:6e:fa:f1:ca:4f:48:6b:ab:ca:6b:ba:f5:38:e1:68:5f:fb:38Signer

66:c2:cb:0d:c8:5d:c5:94:a4:4c:11:b1:de:ba:66:47:f5:6d:0d:29Signer

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.4MB

UPX1 Size: 1.5MB - Virtual size: 1.5MB

.rsrc Size: 69KB - Virtual size: 72KB

Headers

File Characteristics

Sections

.code Size: 157KB - Virtual size: 157KB

.text Size: 489KB - Virtual size: 488KB

.rdata Size: 120KB - Virtual size: 120KB

.data Size: 2.1MB - Virtual size: 2.1MB

.rsrc Size: 68KB - Virtual size: 68KB

Password: mawto

Code Sign

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9eCertificate

Extended Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9eCertificate

Extended Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

55:f7:7b:12:c0:a2:7a:d8:5f:cd:03:ee:0c:08:94:b0:ae:7d:be:3a:08:a0:cd:40:3a:7a:56:6b:20:53:cd:c8Signer

75:c8:f4:bd:17:dd:b4:6a:57:26:55:c1:44:7a:30:73:d6:36:5e:0cSigner

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.6MB

UPX1 Size: 1.6MB - Virtual size: 1.6MB

.rsrc Size: 70KB - Virtual size: 72KB

Headers

File Characteristics

Sections

.code Size: 260KB - Virtual size: 259KB

.text Size: 578KB - Virtual size: 577KB

.rdata Size: 160KB - Virtual size: 160KB

.pdata Size: 27KB - Virtual size: 26KB

.data Size: 2.1MB - Virtual size: 2.1MB

.rsrc Size: 68KB - Virtual size: 68KB

Password: mawto

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9eCertificate

Extended Key Usages

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

8d:f6:89:2a:27:2f:36:04:95:cd:b9:7e:8b:3a:6e:fa:f1:ca:4f:48:6b:ab:ca:6b:ba:f5:38:e1:68:5f:fb:38
Signer

66:c2:cb:0d:c8:5d:c5:94:a4:4c:11:b1:de:ba:66:47:f5:6d:0d:29
Signer

UPX0
Size: - Virtual size: 1.4MB

UPX1
Size: 1.5MB - Virtual size: 1.5MB

.rsrc
Size: 69KB - Virtual size: 72KB

.code
Size: 157KB - Virtual size: 157KB

.text
Size: 489KB - Virtual size: 488KB

.rdata
Size: 120KB - Virtual size: 120KB

.data
Size: 2.1MB - Virtual size: 2.1MB

.rsrc
Size: 68KB - Virtual size: 68KB

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

55:f7:7b:12:c0:a2:7a:d8:5f:cd:03:ee:0c:08:94:b0:ae:7d:be:3a:08:a0:cd:40:3a:7a:56:6b:20:53:cd:c8
Signer

75:c8:f4:bd:17:dd:b4:6a:57:26:55:c1:44:7a:30:73:d6:36:5e:0c
Signer

UPX0
Size: - Virtual size: 1.6MB

UPX1
Size: 1.6MB - Virtual size: 1.6MB

.rsrc
Size: 70KB - Virtual size: 72KB

.code
Size: 260KB - Virtual size: 259KB

.text
Size: 578KB - Virtual size: 577KB

.rdata
Size: 160KB - Virtual size: 160KB

.pdata
Size: 27KB - Virtual size: 26KB

.data
Size: 2.1MB - Virtual size: 2.1MB

.rsrc
Size: 68KB - Virtual size: 68KB

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

0e:25:4b:a9:f7:1c:19:18:e0:57:fc:11:49:44:79:82:49:70:be:c3:b5:c4:b8:8c:fc:84:5b:44:be:1f:4c:cd
Signer

.text
Size: 3.6MB - Virtual size: 3.6MB

.sdata
Size: 512B - Virtual size: 488B

.rsrc
Size: 71KB - Virtual size: 71KB

.reloc
Size: 512B - Virtual size: 12B

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

12:81:b2:d7:06:5d:4a:ba:05:ef:a9:71:db:ff:88:44:4c:30:fc:70:24:79:6a:f7:81:40:95:23:77:81:01:da
Signer

.text
Size: 3.6MB - Virtual size: 3.6MB

.sdata
Size: 512B - Virtual size: 488B

.rsrc
Size: 71KB - Virtual size: 71KB

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

dc:e2:6e:2a:5a:56:58:eb:a1:26:98:be:37:1b:35:46:18:b8:dd:7c:b2:7f:57:0c:3d:c6:86:ae:ff:17:ea:fa
Signer

.code
Size: 327KB - Virtual size: 326KB