Telegram Desktop[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

Telegram Desktop.rar
Size

802.5MB
MD5

c27b7a4ff8387a553aa8ece1233f6f70
SHA1

436290ab35fd3e4de206d9a260c249f4ee14b4cc
SHA256

29d1b3fbd0c2615f298de1abbbb110757c4ed6a04b4e3957212e0d8796c37b44
SHA512

4793d7a3c3ed65cab477c75406dd56d416baa952f25b2812b673922bffc8ac76ae4844de21946ac7e281230c4e42ae8f8ab2f37e374de2e0ab5e5309642ff99d
SSDEEP

12582912:fpcYZCKX/IwdHf9eeXZRvu2zVVx3LziQSLoULgG8LfQa6FWQwUyu0VJARhNzVTI:Rc4X/h/1Jdu2zjxLzicU0GoILJnaJks

Score

3^/10

Malware Config

Signatures

Unsigned PE 15 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack002/3301 Ransomware Builder.exe
unpack002/Check_HWID.exe
unpack002/Interop.TaskScheduler.dll
unpack002/SIMPLE_STRING_OBFUSCATION.dll
unpack002/Vestris.ResourceLib.dll
unpack002/dnlib.dll
unpack003/Affiction Crypter/Affliction/Affliction.exe
unpack004/B0SS RAT/BOSS RAT.exe
unpack004/B0SS RAT/QQ.dat
unpack005/BTC Fake Transaction.exe
unpack006/BTC_Fake_Transaction.exe
unpack007/Bitcoin Fake Transacation V3/Bitcoin Fake Transaction V3.exe
unpack008/BitcoinFakeTransaction/BitcoinFakeTransaction.exe
unpack001/ILMerge.exe
unpack001/Luxury Crypter.exe

Files

Telegram Desktop.rar
.rar
3301 Ransomware Builder.zip
.zip
3301 Ransomware Builder.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 17.3MB - Virtual size: 17.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Check_HWID.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.$J?
Size: - Virtual size: 193KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.{(i
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.=d9
Size: 365KB - Virtual size: 364KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Interop.TaskScheduler.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SIMPLE_STRING_OBFUSCATION.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

A:\Csharp\SIMPLE_STRING_OBFUSCATION\SIMPLE_STRING_OBFUSCATION\obj\Debug\SIMPLE_STRING_OBFUSCATION.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SIMPLE_STRING_OBFUSCATION.dll.config
SIMPLE_STRING_OBFUSCATION.pdb
Siticone.Desktop.UI.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

3a:93:0b:19:8f:29:72:9a:49:b0:8b:f3:6d:f8:17:ae
Certificate

Issuer

CN=Siticone Root CA

Not Before

05-02-2020 06:42

Not After

22-10-2030 17:00

Subject

CN=Siticone Technology

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

b1:71:29:25:46:e9:2d:e2:55:d6:f1:cb:f7:85:05:22:d0:ea:41:50
Signer

Actual PE Digest

b1:71:29:25:46:e9:2d:e2:55:d6:f1:cb:f7:85:05:22:d0:ea:41:50

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Siticone.Desktop.UI.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Vestris.ResourceLib.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\projects\resourcelib\Source\ResourceLib\obj\Release\net45\Vestris.ResourceLib.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Vestris.ResourceLib.xml
.xml
dnlib.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

/_/src/obj/Release/net45/dnlib.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dnlib.xml
.xml
mbr.bin
Affiction Crypter.rar
.rar
Affiction Crypter/Affliction/Affliction.exe
.exe windows:4 windows x86 arch:x86

d3a1084394ba49529eecf7a99feef74d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
ord588
__vbaLateIdCall
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
__vbaPut3
_adj_fdiv_m64
__vbaPut4
EVENT_SINK_Invoke
__vbaRaiseEvent
__vbaFreeObjList
ord517
_adj_fprem1
__vbaRecAnsiToUni
__vbaVarSetVarAddref
__vbaCopyBytes
__vbaVarCmpNe
__vbaForEachCollAd
__vbaStrCat
__vbaLsetFixstr
__vbaSetSystemError
__vbaRecDestruct
__vbaHresultCheckObj
_adj_fdiv_m32
Zombie_GetTypeInfo
__vbaAryDestruct
__vbaLateMemSt
ord593
__vbaExitProc
ord594
__vbaOnError
ord595
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
ord599
ord520
__vbaBoolVar
__vbaFpR8
__vbaBoolVarNull
_CIsin
__vbaErase
ord631
ord632
__vbaChkstk
ord526
__vbaFileClose
EVENT_SINK_AddRef
ord528
__vbaGenerateBoundsError
ord529
__vbaStrCmp
__vbaGet3
__vbaAryConstruct2
__vbaVarTstEq
__vbaPutOwner4
__vbaObjVar
__vbaI2I4
DllFunctionCall
__vbaVarOr
__vbaFpUI1
__vbaCastObjVar
__vbaLbound
__vbaRedimPreserve
_adj_fpatan
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaRedim
__vbaStrR8
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
__vbaObjIs
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaUI1I4
__vbaExceptHandler
__vbaStrToUnicode
ord713
_adj_fprem
_adj_fdivr_m64
ord608
__vbaFPException
ord717
ord319
__vbaUbound
__vbaStrVarVal
__vbaGetOwner4
__vbaVarCat
__vbaCheckType
__vbaI2Var
ord537
ord644
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
ord648
__vbaVar2Vec
__vbaNew2
__vbaInStr
ord570
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
ord681
__vbaVarNot
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarTstNe
__vbaI4Var
__vbaVarCmpEq
__vbaAryLock
ord320
__vbaStrToAnsi
__vbaVarDup
ord321
__vbaFpI2
ord616
__vbaFpI4
__vbaVarLateMemCallLd
__vbaLateMemCallLd
__vbaRecDestructAnsi
ord617
_CIatan
__vbaCastObj
__vbaStrMove
__vbaR8IntI4
_allmul
__vbaLateIdSt
_CItan
__vbaNextEachCollAd
__vbaAryUnlock
__vbaUI1Var
_CIexp
__vbaFreeStr
__vbaFreeObj
ord581

Sections

.text
Size: 520KB - Virtual size: 516KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 252KB - Virtual size: 249KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Affiction Crypter/Affliction/READ.ME..txt
Affiction Crypter/READ.ME..txt
B0SS RAT-Fixed (Eng).zip
.zip
B0SS RAT/BOSS RAT.exe
.exe windows:5 windows x86 arch:x86

9222d372923baed7aa9dfa28449a94ea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\DarkCoderSc\Desktop\Celesty Binder\Stub\STATIC\Stub.pdb

Imports

kernel32

CreateFileA
FindResourceA
FreeLibrary
LoadResource
WriteFile
SizeofResource
GetProcAddress
LoadLibraryA
LockResource
EnumResourceNamesA
CloseHandle
FreeResource
GetWindowsDirectoryA
OutputDebugStringA
GetTempPathA
GetModuleHandleW
ExitProcess
DecodePointer
EncodePointer
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
GetLastError
HeapFree
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
LoadLibraryW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetStdHandle
GetModuleFileNameW
Sleep
HeapSize
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
LCMapStringW
MultiByteToWideChar
GetStringTypeW

shell32

ShellExecuteA
SHGetSpecialFolderPathA

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
B0SS RAT/QQ.dat
.exe windows:4 windows x86 arch:x86

ef39d474ee88b9215814d74ee695b02b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
GetProcessHeap
VirtualAlloc
VirtualProtect
VirtualFree
GetProcAddress
LoadLibraryA
IsBadReadPtr
HeapFree
FreeLibrary
HeapReAlloc
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
RtlUnwind
WriteFile
GetCPInfo
GetACP
GetOEMCP
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 344KB - Virtual size: 344KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
B0SS RAT/gdmap.htm
.js
B0SS RAT/kk.dat
B0SS RAT/kk哈.dat
BTC Fake Transaction.rar
.rar
BTC Fake Transaction.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Screenshot.jpg
.jpg
libEGL.dll
.dll windows:5 windows x64 arch:x64

473add2829e325fddbfbed09790ab4d8

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:92:c2:41:54:51:ab:12:07:40:4e:95:55:78:88:13
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30-08-2018 00:00

Not After

07-09-2021 12:00

Subject

CN=Exodus Movement Inc,O=Exodus Movement Inc,L=Wilmington,ST=Delaware,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

62:00:75:e8:38:65:ad:7d:ed:a3:b6:28:7a:f1:82:6d:b1:70:98:8d:05:e2:ff:86:10:cf:19:cd:79:7f:4c:e4
Signer

Actual PE Digest

62:00:75:e8:38:65:ad:7d:ed:a3:b6:28:7a:f1:82:6d:b1:70:98:8d:05:e2:ff:86:10:cf:19:cd:79:7f:4c:e4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

libEGL.dll.pdb

Imports

kernel32

AcquireSRWLockExclusive
CloseHandle
CompareStringW
CreateEventW
CreateFileW
DeleteCriticalSection
EncodePointer
EnterCriticalSection
EnumSystemLocalesW
ExitProcess
FindClose
FindFirstFileExW
FindNextFileW
FlushFileBuffers
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleCP
GetConsoleMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatW
GetEnvironmentStringsW
GetFileSizeEx
GetFileType
GetLastError
GetLocaleInfoW
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemTimeAsFileTime
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLCID
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
InitializeSListHead
InterlockedFlushSList
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadLibraryExW
MultiByteToWideChar
QueryPerformanceCounter
RaiseException
ReadConsoleW
ReadFile
ReleaseSRWLockExclusive
ResetEvent
RtlCaptureContext
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwind
RtlUnwindEx
RtlVirtualUnwind
SetEnvironmentVariableW
SetEvent
SetFilePointerEx
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
SleepConditionVariableSRW
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
WaitForSingleObjectEx
WakeAllConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFile

Exports

Exports

eglBindAPI
eglBindTexImage
eglChooseConfig
eglClientWaitSync
eglCopyBuffers
eglCreateContext
eglCreateDeviceANGLE
eglCreateImage
eglCreateImageKHR
eglCreatePbufferFromClientBuffer
eglCreatePbufferSurface
eglCreatePixmapSurface
eglCreatePlatformPixmapSurface
eglCreatePlatformPixmapSurfaceEXT
eglCreatePlatformWindowSurface
eglCreatePlatformWindowSurfaceEXT
eglCreateStreamKHR
eglCreateStreamProducerD3DTextureANGLE
eglCreateSync
eglCreateWindowSurface
eglDebugMessageControlKHR
eglDestroyContext
eglDestroyImage
eglDestroyImageKHR
eglDestroyStreamKHR
eglDestroySurface
eglDestroySync
eglDupNativeFenceFDANDROID
eglGetConfigAttrib
eglGetConfigs
eglGetCurrentContext
eglGetCurrentDisplay
eglGetCurrentSurface
eglGetDisplay
eglGetError
eglGetNativeClientBufferANDROID
eglGetPlatformDisplay
eglGetPlatformDisplayEXT
eglGetProcAddress
eglGetSyncAttrib
eglGetSyncValuesCHROMIUM
eglInitialize
eglLabelObjectKHR
eglMakeCurrent
eglPostSubBufferNV
eglPresentationTimeANDROID
eglProgramCacheGetAttribANGLE
eglProgramCachePopulateANGLE
eglProgramCacheQueryANGLE
eglProgramCacheResizeANGLE
eglQueryAPI
eglQueryContext
eglQueryDebugKHR
eglQueryDeviceAttribEXT
eglQueryDeviceStringEXT
eglQueryDisplayAttribANGLE
eglQueryDisplayAttribEXT
eglQueryStreamKHR
eglQueryStreamu64KHR
eglQueryString
eglQueryStringiANGLE
eglQuerySurface
eglQuerySurfacePointerANGLE
eglReleaseDeviceANGLE
eglReleaseTexImage
eglReleaseThread
eglSetBlobCacheFuncsANDROID
eglStreamAttribKHR
eglStreamConsumerAcquireKHR
eglStreamConsumerGLTextureExternalAttribsNV
eglStreamConsumerGLTextureExternalKHR
eglStreamConsumerReleaseKHR
eglStreamPostD3DTextureANGLE
eglSurfaceAttrib
eglSwapBuffers
eglSwapBuffersWithDamageKHR
eglSwapInterval
eglTerminate
eglWaitClient
eglWaitGL
eglWaitNative
eglWaitSync

Sections

.text
Size: 249KB - Virtual size: 249KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BTC_Fake_Transaction.rar
.rar
Active address list.txt
BTC_Fake_Transaction.exe
.exe windows:5 windows x86 arch:x86

130312efe8892496180179ce46d20b79

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Projects\WinRAR\SFX\build\sfxrar32\Release\sfxrar.pdb

Imports

kernel32

GetLastError
SetLastError
CloseHandle
GetCurrentProcess
CreateHardLinkW
DeleteFileW
RemoveDirectoryW
DeviceIoControl
CreateDirectoryW
CreateFileW
SetFileTime
MoveFileW
GetShortPathNameW
GetLongPathNameW
WriteFile
GetStdHandle
SetFilePointer
SetEndOfFile
FlushFileBuffers
GetFileType
ReadFile
GetFileAttributesW
SetFileAttributesW
FindClose
FindNextFileW
FindFirstFileW
GetVersionExW
GetCurrentDirectoryW
FoldStringW
GetFullPathNameW
GetModuleFileNameW
FindResourceW
GetModuleHandleW
FreeLibrary
GetProcAddress
GetCurrentProcessId
GetLocaleInfoW
GetNumberFormatW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
WaitForSingleObject
GetDateFormatW
GetTimeFormatW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetExitCodeProcess
GetTempPathW
MoveFileExW
UnmapViewOfFile
Sleep
MapViewOfFile
GetCommandLineW
CreateFileMappingW
GetTickCount
GetLocalTime
OpenFileMappingW
SetThreadExecutionState
LoadLibraryW
GetSystemDirectoryW
ExitProcess
FreeConsole
WriteConsoleW
AttachConsole
AllocConsole
CompareStringW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateThread
GetProcessAffinityMask
CreateEventW
CreateSemaphoreW
ReleaseSemaphore
ResetEvent
SetEvent
SetThreadPriority
SystemTimeToFileTime
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
LocalFileTimeToFileTime
WideCharToMultiByte
MultiByteToWideChar
IsDBCSLeadByte
GetCPInfo
GlobalAlloc
SetCurrentDirectoryW
LocalAlloc
InterlockedExchange
LoadLibraryA
RaiseException
RtlUnwind
HeapFree
HeapReAlloc
HeapAlloc
GetSystemTimeAsFileTime
GetCommandLineA
GetStartupInfoA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
HeapCreate
VirtualFree
VirtualAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapSize
GetModuleFileNameA
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetModuleHandleA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
CreateFileA

Sections

.text
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
RBF Shell Script.js
.js
Bitcoin Fake Transacation V3.rar
.rar
Bitcoin Fake Transacation V3/Bitcoin Fake Transaction V3.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 237KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bitcoin Fake Transacation V3/System.Threading.Tasks.Parallel.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:00:c5:96:40:60:4b:f4:de:ae:2e:00:00:00:00:00:c5
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-09-2016 17:58

Not After

07-09-2018 17:58

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:79:7c:2e:57:4e:52:e1:ca:d6:00:01:00:00:01:79
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11-08-2017 20:11

Not After

11-08-2018 20:11

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:c4:e9:89:f8:7a:81:50:e9:ff:00:00:00:00:00:c4
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11-08-2017 20:20

Not After

11-08-2018 20:20

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b8:af:03:45:50:8b:d0:08:43:ea:47:f1:54:13:23:33:34:2e:94:3e:7c:73:84:08:7c:60:6b:76:42:67:da:0d
Signer

Actual PE Digest

b8:af:03:45:50:8b:d0:08:43:ea:47:f1:54:13:23:33:34:2e:94:3e:7c:73:84:08:7c:60:6b:76:42:67:da:0d

Digest Algorithm

sha256

PE Digest Matches

true

28:3d:d4:05:69:f3:f0:1d:8f:47:a5:ea:cf:d0:29:38:a8:a2:ec:97
Signer

Actual PE Digest

28:3d:d4:05:69:f3:f0:1d:8f:47:a5:ea:cf:d0:29:38:a8:a2:ec:97

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\A\_work\582\s\bin\obj\ref\System.Threading.Tasks.Parallel\4.0.1.0\System.Threading.Tasks.Parallel.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bitcoin Fake Transacation V3/System.Threading.Tasks.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:00:c8:47:22:9d:a3:0d:ca:c0:58:00:00:00:00:00:c8
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-09-2016 17:58

Not After

07-09-2018 17:58

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:98FD-C61E-E641,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:79:7c:2e:57:4e:52:e1:ca:d6:00:01:00:00:01:79
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11-08-2017 20:11

Not After

11-08-2018 20:11

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:c4:e9:89:f8:7a:81:50:e9:ff:00:00:00:00:00:c4
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11-08-2017 20:20

Not After

11-08-2018 20:20

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ea:d3:df:3a:6e:6e:30:5c:84:a9:51:01:f5:e9:a2:b2:84:82:01:62:89:ed:42:6f:fe:0d:8b:cb:74:b9:b3:0e
Signer

Actual PE Digest

ea:d3:df:3a:6e:6e:30:5c:84:a9:51:01:f5:e9:a2:b2:84:82:01:62:89:ed:42:6f:fe:0d:8b:cb:74:b9:b3:0e

Digest Algorithm

sha256

PE Digest Matches

true

33:51:4e:13:b9:14:1c:a9:88:47:a6:c2:9b:89:60:a1:ab:0f:f3:6f
Signer

Actual PE Digest

33:51:4e:13:b9:14:1c:a9:88:47:a6:c2:9b:89:60:a1:ab:0f:f3:6f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\A\_work\582\s\bin\obj\ref\System.Threading.Tasks\4.0.11.0\System.Threading.Tasks.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bitcoin Fake Transacation V3/System.Threading.Thread.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:00:c9:64:4d:16:db:1a:7d:b3:15:00:00:00:00:00:c9
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-09-2016 17:58

Not After

07-09-2018 17:58

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B1B7-F67F-FEC2,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:79:7c:2e:57:4e:52:e1:ca:d6:00:01:00:00:01:79
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11-08-2017 20:11

Not After

11-08-2018 20:11

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:c4:e9:89:f8:7a:81:50:e9:ff:00:00:00:00:00:c4
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11-08-2017 20:20

Not After

11-08-2018 20:20

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a3:e1:48:83:a6:f0:9d:8f:54:56:ea:4d:b0:57:4a:b5:7f:88:b1:b6:d2:23:dc:4e:3e:04:8b:68:8a:3b:b3:d4
Signer

Actual PE Digest

a3:e1:48:83:a6:f0:9d:8f:54:56:ea:4d:b0:57:4a:b5:7f:88:b1:b6:d2:23:dc:4e:3e:04:8b:68:8a:3b:b3:d4

Digest Algorithm

sha256

PE Digest Matches

true

8b:96:7d:11:68:1c:27:9e:b9:db:42:43:01:c3:92:09:39:ab:7c:16
Signer

Actual PE Digest

8b:96:7d:11:68:1c:27:9e:b9:db:42:43:01:c3:92:09:39:ab:7c:16

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\A\_work\582\s\bin\obj\ref\System.Threading.Thread\4.0.2.0\System.Threading.Thread.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bitcoin Fake Transacation V3/System.Threading.ThreadPool.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:00:c9:64:4d:16:db:1a:7d:b3:15:00:00:00:00:00:c9
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-09-2016 17:58

Not After

07-09-2018 17:58

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B1B7-F67F-FEC2,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:79:7c:2e:57:4e:52:e1:ca:d6:00:01:00:00:01:79
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11-08-2017 20:11

Not After

11-08-2018 20:11

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:c4:e9:89:f8:7a:81:50:e9:ff:00:00:00:00:00:c4
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11-08-2017 20:20

Not After

11-08-2018 20:20

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

df:c7:89:43:ac:ce:58:76:19:7e:18:6a:06:f3:ba:d1:22:60:5a:3d:ea:3e:73:02:ad:65:30:d8:48:88:bc:5e
Signer

Actual PE Digest

df:c7:89:43:ac:ce:58:76:19:7e:18:6a:06:f3:ba:d1:22:60:5a:3d:ea:3e:73:02:ad:65:30:d8:48:88:bc:5e

Digest Algorithm

sha256

PE Digest Matches

true

80:b2:45:14:38:5b:6a:c6:24:d8:0c:17:bb:65:cf:d1:13:2b:72:3e
Signer

Actual PE Digest

80:b2:45:14:38:5b:6a:c6:24:d8:0c:17:bb:65:cf:d1:13:2b:72:3e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\A\_work\582\s\bin\obj\ref\System.Threading.ThreadPool\4.0.12.0\System.Threading.ThreadPool.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bitcoin Fake Transacation V3/System.Threading.Timer.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:00:c9:64:4d:16:db:1a:7d:b3:15:00:00:00:00:00:c9
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-09-2016 17:58

Not After

07-09-2018 17:58

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B1B7-F67F-FEC2,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:79:7c:2e:57:4e:52:e1:ca:d6:00:01:00:00:01:79
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11-08-2017 20:11

Not After

11-08-2018 20:11

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:c4:e9:89:f8:7a:81:50:e9:ff:00:00:00:00:00:c4
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11-08-2017 20:20

Not After

11-08-2018 20:20

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ea:64:2d:9f:a4:25:04:c6:3f:a3:aa:b1:9a:31:d1:a3:22:14:7c:fb:26:3b:24:80:eb:2f:2f:80:03:42:3f:dd
Signer

Actual PE Digest

ea:64:2d:9f:a4:25:04:c6:3f:a3:aa:b1:9a:31:d1:a3:22:14:7c:fb:26:3b:24:80:eb:2f:2f:80:03:42:3f:dd

Digest Algorithm

sha256

PE Digest Matches

true

0b:63:8f:db:6a:84:d8:97:7a:26:ce:39:68:f9:0a:eb:97:29:65:f3
Signer

Actual PE Digest

0b:63:8f:db:6a:84:d8:97:7a:26:ce:39:68:f9:0a:eb:97:29:65:f3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\A\_work\582\s\bin\obj\ref\System.Threading.Timer\4.0.1.0\System.Threading.Timer.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bitcoin Fake Transacation V3/System.ValueTuple.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:00:c4:6e:76:d0:4d:3d:fe:a9:65:00:00:00:00:00:c4
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-09-2016 17:58

Not After

07-09-2018 17:58

Subject

CN=Microsoft Time-Stamp Service,OU=AOC+OU=nCipher DSE ESN:2137-37A0-4AAA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:79:7c:2e:57:4e:52:e1:ca:d6:00:01:00:00:01:79
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11-08-2017 20:11

Not After

11-08-2018 20:11

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:c4:e9:89:f8:7a:81:50:e9:ff:00:00:00:00:00:c4
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11-08-2017 20:20

Not After

11-08-2018 20:20

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d5:9c:e6:40:71:a9:b7:cb:bc:68:aa:72:12:31:31:8b:7b:b5:db:8b:73:8d:06:f1:d0:cb:d1:cd:90:ee:23:c9
Signer

Actual PE Digest

d5:9c:e6:40:71:a9:b7:cb:bc:68:aa:72:12:31:31:8b:7b:b5:db:8b:73:8d:06:f1:d0:cb:d1:cd:90:ee:23:c9

Digest Algorithm

sha256

PE Digest Matches

true

7b:56:52:3a:6d:18:44:a6:5b:53:1c:b0:dd:a0:9b:6a:ae:fe:07:e4
Signer

Actual PE Digest

7b:56:52:3a:6d:18:44:a6:5b:53:1c:b0:dd:a0:9b:6a:ae:fe:07:e4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\A\_work\1795\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.ValueTuple\netfx\System.ValueTuple.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bitcoin Fake Transacation V3/System.Xml.ReaderWriter.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:00:c8:47:22:9d:a3:0d:ca:c0:58:00:00:00:00:00:c8
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-09-2016 17:58

Not After

07-09-2018 17:58

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:98FD-C61E-E641,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:79:7c:2e:57:4e:52:e1:ca:d6:00:01:00:00:01:79
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11-08-2017 20:11

Not After

11-08-2018 20:11

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:c4:e9:89:f8:7a:81:50:e9:ff:00:00:00:00:00:c4
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11-08-2017 20:20

Not After

11-08-2018 20:20

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

eb:4b:45:97:31:d8:9b:3c:e1:12:bf:12:14:5f:65:0a:f4:f4:9b:df:f1:81:27:6f:58:81:a4:8c:c0:2b:7a:00
Signer

Actual PE Digest

eb:4b:45:97:31:d8:9b:3c:e1:12:bf:12:14:5f:65:0a:f4:f4:9b:df:f1:81:27:6f:58:81:a4:8c:c0:2b:7a:00

Digest Algorithm

sha256

PE Digest Matches

true

6a:4f:78:5c:6c:c4:e1:57:11:83:23:cb:13:90:b3:79:56:8c:43:48
Signer

Actual PE Digest

6a:4f:78:5c:6c:c4:e1:57:11:83:23:cb:13:90:b3:79:56:8c:43:48

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\A\_work\582\s\bin\obj\ref\System.Xml.ReaderWriter\4.1.1.0\System.Xml.ReaderWriter.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bitcoin Fake Transacation V3/System.Xml.XDocument.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:00:c9:64:4d:16:db:1a:7d:b3:15:00:00:00:00:00:c9
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-09-2016 17:58

Not After

07-09-2018 17:58

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B1B7-F67F-FEC2,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:79:7c:2e:57:4e:52:e1:ca:d6:00:01:00:00:01:79
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11-08-2017 20:11

Not After

11-08-2018 20:11

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:c4:e9:89:f8:7a:81:50:e9:ff:00:00:00:00:00:c4
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11-08-2017 20:20

Not After

11-08-2018 20:20

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e7:18:19:cf:39:25:cf:83:ca:d1:18:59:9a:d6:4f:5e:99:db:6b:b9:7d:ef:35:c5:cf:23:d0:47:44:1e:20:80
Signer

Actual PE Digest

e7:18:19:cf:39:25:cf:83:ca:d1:18:59:9a:d6:4f:5e:99:db:6b:b9:7d:ef:35:c5:cf:23:d0:47:44:1e:20:80

Digest Algorithm

sha256

PE Digest Matches

true

01:3d:85:ea:61:50:ef:b8:17:7c:7b:01:32:3a:33:57:56:25:bd:64
Signer

Actual PE Digest

01:3d:85:ea:61:50:ef:b8:17:7c:7b:01:32:3a:33:57:56:25:bd:64

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\A\_work\582\s\bin\obj\ref\System.Xml.XDocument\4.0.11.0\System.Xml.XDocument.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bitcoin Fake Transacation V3/System.Xml.XPath.XDocument.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:00:c0:de:2c:3d:07:94:e4:49:79:00:00:00:00:00:c0
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-09-2016 17:58

Not After

07-09-2018 17:58

Subject

CN=Microsoft Time-Stamp Service,OU=AOC+OU=nCipher DSE ESN:7AB5-2DF2-DA3F,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:79:7c:2e:57:4e:52:e1:ca:d6:00:01:00:00:01:79
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11-08-2017 20:11

Not After

11-08-2018 20:11

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:c4:e9:89:f8:7a:81:50:e9:ff:00:00:00:00:00:c4
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11-08-2017 20:20

Not After

11-08-2018 20:20

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

43:fd:3a:3e:20:15:28:12:02:7d:e8:df:e4:98:7b:ac:e9:0b:fe:73:04:7f:9a:53:00:4e:6f:4c:cf:26:75:b1
Signer

Actual PE Digest

43:fd:3a:3e:20:15:28:12:02:7d:e8:df:e4:98:7b:ac:e9:0b:fe:73:04:7f:9a:53:00:4e:6f:4c:cf:26:75:b1

Digest Algorithm

sha256

PE Digest Matches

true

a4:cd:07:1f:8b:9c:06:d9:eb:a6:4e:ea:f6:33:ca:91:46:d2:e5:61
Signer

Actual PE Digest

a4:cd:07:1f:8b:9c:06:d9:eb:a6:4e:ea:f6:33:ca:91:46:d2:e5:61

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\A\_work\1795\s\corefx\bin/obj/AnyOS.AnyCPU.Release/System.Xml.XPath.XDocument/netfx\System.Xml.XPath.XDocument.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bitcoin Fake Transacation V3/System.Xml.XPath.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:00:c9:64:4d:16:db:1a:7d:b3:15:00:00:00:00:00:c9
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-09-2016 17:58

Not After

07-09-2018 17:58

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B1B7-F67F-FEC2,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:79:7c:2e:57:4e:52:e1:ca:d6:00:01:00:00:01:79
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11-08-2017 20:11

Not After

11-08-2018 20:11

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:c4:e9:89:f8:7a:81:50:e9:ff:00:00:00:00:00:c4
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11-08-2017 20:20

Not After

11-08-2018 20:20

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ff:62:6f:69:47:2f:fe:25:5c:5c:6b:4e:6c:8c:fd:9b:55:dc:52:6e:ed:d4:7f:14:7d:1f:07:68:13:e3:c9:54
Signer

Actual PE Digest

ff:62:6f:69:47:2f:fe:25:5c:5c:6b:4e:6c:8c:fd:9b:55:dc:52:6e:ed:d4:7f:14:7d:1f:07:68:13:e3:c9:54

Digest Algorithm

sha256

PE Digest Matches

true

85:b0:3f:76:de:5d:1e:99:d0:b1:fc:58:7d:44:6a:27:09:2d:34:a6
Signer

Actual PE Digest

85:b0:3f:76:de:5d:1e:99:d0:b1:fc:58:7d:44:6a:27:09:2d:34:a6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\A\_work\582\s\bin\obj\ref\System.Xml.XPath\4.0.3.0\System.Xml.XPath.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bitcoin Fake Transacation V3/System.Xml.XmlDocument.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:00:c9:64:4d:16:db:1a:7d:b3:15:00:00:00:00:00:c9
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-09-2016 17:58

Not After

07-09-2018 17:58

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B1B7-F67F-FEC2,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:79:7c:2e:57:4e:52:e1:ca:d6:00:01:00:00:01:79
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11-08-2017 20:11

Not After

11-08-2018 20:11

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:c4:e9:89:f8:7a:81:50:e9:ff:00:00:00:00:00:c4
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11-08-2017 20:20

Not After

11-08-2018 20:20

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2b:56:dc:a9:8f:3a:d9:4f:f1:ed:20:0c:80:95:60:d5:63:66:cb:4f:dd:aa:19:97:83:43:fe:30:da:da:af:89
Signer

Actual PE Digest

2b:56:dc:a9:8f:3a:d9:4f:f1:ed:20:0c:80:95:60:d5:63:66:cb:4f:dd:aa:19:97:83:43:fe:30:da:da:af:89

Digest Algorithm

sha256

PE Digest Matches

true

87:3d:70:48:c1:87:72:e6:f1:6f:4e:5f:4c:1a:22:7b:5d:ad:0c:0e
Signer

Actual PE Digest

87:3d:70:48:c1:87:72:e6:f1:6f:4e:5f:4c:1a:22:7b:5d:ad:0c:0e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\A\_work\582\s\bin\obj\ref\System.Xml.XmlDocument\4.0.3.0\System.Xml.XmlDocument.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bitcoin Fake Transacation V3/System.Xml.XmlSerializer.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:00:c9:64:4d:16:db:1a:7d:b3:15:00:00:00:00:00:c9
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-09-2016 17:58

Not After

07-09-2018 17:58

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B1B7-F67F-FEC2,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:79:7c:2e:57:4e:52:e1:ca:d6:00:01:00:00:01:79
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11-08-2017 20:11

Not After

11-08-2018 20:11

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:c4:e9:89:f8:7a:81:50:e9:ff:00:00:00:00:00:c4
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11-08-2017 20:20

Not After

11-08-2018 20:20

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c8:29:2b:e3:0b:4b:d1:48:9e:50:a1:cc:4e:04:8c:f5:01:15:9e:b7:20:16:9e:51:d1:6a:cd:8b:ac:0a:77:7a
Signer

Actual PE Digest

c8:29:2b:e3:0b:4b:d1:48:9e:50:a1:cc:4e:04:8c:f5:01:15:9e:b7:20:16:9e:51:d1:6a:cd:8b:ac:0a:77:7a

Digest Algorithm

sha256

PE Digest Matches

true

72:de:a6:b8:e2:81:4e:04:02:dc:24:7d:e6:ff:71:6a:4e:34:f2:e6
Signer

Actual PE Digest

72:de:a6:b8:e2:81:4e:04:02:dc:24:7d:e6:ff:71:6a:4e:34:f2:e6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\A\_work\582\s\bin\obj\ref\System.Xml.XmlSerializer\4.0.11.0\System.Xml.XmlSerializer.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bitcoin Fake Transacation V3/WindowsFormsApp3.exe.config
.xml
Bitcoin Fake Transacation V3/WindowsFormsApp3.pdb
BitcoinFakeTransaction.zip
.zip
BitcoinFakeTransaction/00-Bonus.txt
BitcoinFakeTransaction/BitcoinFakeTransaction.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 240KB - Virtual size: 240KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 363KB - Virtual size: 363KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BitcoinFakeTransaction/ffmpeg.dll
.dll windows:5 windows x64 arch:x64

b8f7d0e0f83de4cae7f7fece4a2f750e

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:92:c2:41:54:51:ab:12:07:40:4e:95:55:78:88:13
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30-08-2018 00:00

Not After

07-09-2021 12:00

Subject

CN=Exodus Movement Inc,O=Exodus Movement Inc,L=Wilmington,ST=Delaware,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

12:a0:46:05:99:03:01:8e:40:c5:96:bc:0f:85:41:90:d3:f3:44:6b:d3:e9:51:58:3d:f4:95:86:b5:b3:8a:76
Signer

Actual PE Digest

12:a0:46:05:99:03:01:8e:40:c5:96:bc:0f:85:41:90:d3:f3:44:6b:d3:e9:51:58:3d:f4:95:86:b5:b3:8a:76

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ffmpeg.dll.pdb

Imports

kernel32

AcquireSRWLockExclusive
CloseHandle
CompareStringW
CreateEventW
CreateFileW
CreateThread
DeleteCriticalSection
EncodePointer
EnterCriticalSection
EnumSystemLocalesW
ExitProcess
ExitThread
FindClose
FindFirstFileExW
FindNextFileW
FlushFileBuffers
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryAndExitThread
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleCP
GetConsoleMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatW
GetEnvironmentStringsW
GetFileSizeEx
GetFileType
GetLastError
GetLocaleInfoW
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessAffinityMask
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemTimeAsFileTime
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLCID
HeapAlloc
HeapFree
HeapQueryInformation
HeapReAlloc
HeapSize
InitOnceBeginInitialize
InitOnceComplete
InitializeConditionVariable
InitializeCriticalSectionAndSpinCount
InitializeSListHead
InitializeSRWLock
InterlockedFlushSList
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
LCMapStringW
LeaveCriticalSection
LoadLibraryExW
MultiByteToWideChar
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadConsoleW
ReadFile
ReleaseSRWLockExclusive
ResetEvent
RtlCaptureContext
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwind
RtlUnwindEx
RtlVirtualUnwind
SetEnvironmentVariableW
SetEvent
SetFilePointerEx
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
Sleep
SleepConditionVariableSRW
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
WaitForSingleObjectEx
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFile

Exports

Exports

av_buffer_create
av_buffer_get_opaque
av_dict_count
av_dict_free
av_dict_get
av_dict_set
av_force_cpu_flags
av_frame_alloc
av_frame_clone
av_frame_free
av_frame_unref
av_free
av_get_bytes_per_sample
av_get_cpu_flags
av_image_check_size
av_init_packet
av_log_set_level
av_malloc
av_max_alloc
av_new_packet
av_packet_copy_props
av_packet_get_side_data
av_packet_unref
av_rdft_calc
av_rdft_end
av_rdft_init
av_read_frame
av_rescale_q
av_samples_get_buffer_size
av_seek_frame
av_strerror
avcodec_align_dimensions
avcodec_alloc_context3
avcodec_decode_video2
avcodec_descriptor_get
avcodec_descriptor_next
avcodec_find_decoder
avcodec_flush_buffers
avcodec_free_context
avcodec_get_name
avcodec_open2
avcodec_parameters_to_context
avcodec_receive_frame
avcodec_send_packet
avformat_alloc_context
avformat_close_input
avformat_find_stream_info
avformat_free_context
avformat_open_input
avio_alloc_context
avio_close

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 446KB - Virtual size: 445KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BitcoinFakeTransaction/libEGL.dll
.dll windows:5 windows x64 arch:x64

473add2829e325fddbfbed09790ab4d8

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:92:c2:41:54:51:ab:12:07:40:4e:95:55:78:88:13
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30-08-2018 00:00

Not After

07-09-2021 12:00

Subject

CN=Exodus Movement Inc,O=Exodus Movement Inc,L=Wilmington,ST=Delaware,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

62:00:75:e8:38:65:ad:7d:ed:a3:b6:28:7a:f1:82:6d:b1:70:98:8d:05:e2:ff:86:10:cf:19:cd:79:7f:4c:e4
Signer

Actual PE Digest

62:00:75:e8:38:65:ad:7d:ed:a3:b6:28:7a:f1:82:6d:b1:70:98:8d:05:e2:ff:86:10:cf:19:cd:79:7f:4c:e4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

libEGL.dll.pdb

Imports

kernel32

AcquireSRWLockExclusive
CloseHandle
CompareStringW
CreateEventW
CreateFileW
DeleteCriticalSection
EncodePointer
EnterCriticalSection
EnumSystemLocalesW
ExitProcess
FindClose
FindFirstFileExW
FindNextFileW
FlushFileBuffers
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleCP
GetConsoleMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatW
GetEnvironmentStringsW
GetFileSizeEx
GetFileType
GetLastError
GetLocaleInfoW
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemTimeAsFileTime
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLCID
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
InitializeSListHead
InterlockedFlushSList
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadLibraryExW
MultiByteToWideChar
QueryPerformanceCounter
RaiseException
ReadConsoleW
ReadFile
ReleaseSRWLockExclusive
ResetEvent
RtlCaptureContext
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwind
RtlUnwindEx
RtlVirtualUnwind
SetEnvironmentVariableW
SetEvent
SetFilePointerEx
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
SleepConditionVariableSRW
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
WaitForSingleObjectEx
WakeAllConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFile

Exports

Exports

eglBindAPI
eglBindTexImage
eglChooseConfig
eglClientWaitSync
eglCopyBuffers
eglCreateContext
eglCreateDeviceANGLE
eglCreateImage
eglCreateImageKHR
eglCreatePbufferFromClientBuffer
eglCreatePbufferSurface
eglCreatePixmapSurface
eglCreatePlatformPixmapSurface
eglCreatePlatformPixmapSurfaceEXT
eglCreatePlatformWindowSurface
eglCreatePlatformWindowSurfaceEXT
eglCreateStreamKHR
eglCreateStreamProducerD3DTextureANGLE
eglCreateSync
eglCreateWindowSurface
eglDebugMessageControlKHR
eglDestroyContext
eglDestroyImage
eglDestroyImageKHR
eglDestroyStreamKHR
eglDestroySurface
eglDestroySync
eglDupNativeFenceFDANDROID
eglGetConfigAttrib
eglGetConfigs
eglGetCurrentContext
eglGetCurrentDisplay
eglGetCurrentSurface
eglGetDisplay
eglGetError
eglGetNativeClientBufferANDROID
eglGetPlatformDisplay
eglGetPlatformDisplayEXT
eglGetProcAddress
eglGetSyncAttrib
eglGetSyncValuesCHROMIUM
eglInitialize
eglLabelObjectKHR
eglMakeCurrent
eglPostSubBufferNV
eglPresentationTimeANDROID
eglProgramCacheGetAttribANGLE
eglProgramCachePopulateANGLE
eglProgramCacheQueryANGLE
eglProgramCacheResizeANGLE
eglQueryAPI
eglQueryContext
eglQueryDebugKHR
eglQueryDeviceAttribEXT
eglQueryDeviceStringEXT
eglQueryDisplayAttribANGLE
eglQueryDisplayAttribEXT
eglQueryStreamKHR
eglQueryStreamu64KHR
eglQueryString
eglQueryStringiANGLE
eglQuerySurface
eglQuerySurfacePointerANGLE
eglReleaseDeviceANGLE
eglReleaseTexImage
eglReleaseThread
eglSetBlobCacheFuncsANDROID
eglStreamAttribKHR
eglStreamConsumerAcquireKHR
eglStreamConsumerGLTextureExternalAttribsNV
eglStreamConsumerGLTextureExternalKHR
eglStreamConsumerReleaseKHR
eglStreamPostD3DTextureANGLE
eglSurfaceAttrib
eglSwapBuffers
eglSwapBuffersWithDamageKHR
eglSwapInterval
eglTerminate
eglWaitClient
eglWaitGL
eglWaitNative
eglWaitSync

Sections

.text
Size: 249KB - Virtual size: 249KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DedSec Latest FUD Ransomware.zip
.zip
Dedsec Cracking.rar
.rar
Fake btc.rar
.rar
ILMerge.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 664KB - Virtual size: 663KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Luxury Crypter.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RAT.zip
.zip
S500 G3 RAT.zip
.zip
Steam Gift Generator 2023.rar
.rar
Valorant Checker by Xinax.rar
.rar
fake btc sender.rar
.rar

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 17.3MB - Virtual size: 17.3MB

.rsrc Size: 21KB - Virtual size: 21KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: - Virtual size: 4KB

.$J? Size: - Virtual size: 193KB

.{(i Size: 512B - Virtual size: 8B

.=d9 Size: 365KB - Virtual size: 364KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 37KB - Virtual size: 36KB

.rsrc Size: 1024B - Virtual size: 920B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 14KB - Virtual size: 14KB

.rsrc Size: 1024B - Virtual size: 1016B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Code Sign

3a:93:0b:19:8f:29:72:9a:49:b0:8b:f3:6d:f8:17:aeCertificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

b1:71:29:25:46:e9:2d:e2:55:d6:f1:cb:f7:85:05:22:d0:ea:41:50Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 4.0MB - Virtual size: 4.0MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 73KB - Virtual size: 73KB

.text
Size: 17.3MB - Virtual size: 17.3MB

.rsrc
Size: 21KB - Virtual size: 21KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: - Virtual size: 4KB

.$J?
Size: - Virtual size: 193KB

.{(i
Size: 512B - Virtual size: 8B

.=d9
Size: 365KB - Virtual size: 364KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 37KB - Virtual size: 36KB

.rsrc
Size: 1024B - Virtual size: 920B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 14KB - Virtual size: 14KB

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 512B - Virtual size: 12B

3a:93:0b:19:8f:29:72:9a:49:b0:8b:f3:6d:f8:17:ae
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

b1:71:29:25:46:e9:2d:e2:55:d6:f1:cb:f7:85:05:22:d0:ea:41:50
Signer

.text
Size: 4.0MB - Virtual size: 4.0MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 73KB - Virtual size: 73KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 1.1MB - Virtual size: 1.1MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 520KB - Virtual size: 516KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 252KB - Virtual size: 249KB

.text
Size: 30KB - Virtual size: 30KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

.reloc
Size: 5KB - Virtual size: 4KB

.text
Size: 20KB - Virtual size: 17KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 344KB - Virtual size: 344KB

.rsrc
Size: 12KB - Virtual size: 10KB

.text
Size: 15KB - Virtual size: 14KB

.reloc
Size: 512B - Virtual size: 12B

.rsrc
Size: 67KB - Virtual size: 66KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0f:92:c2:41:54:51:ab:12:07:40:4e:95:55:78:88:13
Certificate

62:00:75:e8:38:65:ad:7d:ed:a3:b6:28:7a:f1:82:6d:b1:70:98:8d:05:e2:ff:86:10:cf:19:cd:79:7f:4c:e4
Signer