310faf3eef2180dd6cb278e88c6f22229a3493904fcddadff286b59378aa903f

Sharing

Copy URL Twitter E-mail

General

Target

310faf3eef2180dd6cb278e88c6f22229a3493904fcddadff286b59378aa903f
Size

3.6MB
MD5

6265b18fdf3873c3f7eef606ac9d7c89
SHA1

9eccfb0437c8575858a0065aae6d75406c32046d
SHA256

310faf3eef2180dd6cb278e88c6f22229a3493904fcddadff286b59378aa903f
SHA512

748c6fa1af160336d7814d378168b2fb2a36ce7367f6979df300a182e31b325781bca041b47385ec7df9c46570be352870f52ccee68827a269ba1960955041e5
SSDEEP

49152:tN/v5nIvh0Dxmy5zvDz3doh6LgP7AJSIO9fks4VM9t3qwz6eb+0M1:X/v5IhAxfl3Gh0KAJ6fk83qKy

Score

10^/10

Malware Config

Signatures

Detects executables packed with VMProtect. 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_VMProtect

Files

310faf3eef2180dd6cb278e88c6f22229a3493904fcddadff286b59378aa903f
.exe windows:5 windows x86 arch:x86

ac25368a2fd62e91e59a38ebf0b4e9ed

Code Sign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

02/11/2023, 08:32

Not After

30/10/2034, 08:32

Subject

CN=Certum Timestamp 2023,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:6a:73:d0:15:d3:84:9c:e5:43:01:d1:77:5c:08:f4
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

20/10/2023, 00:00

Not After

22/10/2026, 23:59

Subject

CN=Beijing Duyou Science and Technology Co.\,Ltd.,O=Beijing Duyou Science and Technology Co.\,Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:6a:73:d0:15:d3:84:9c:e5:43:01:d1:77:5c:08:f4
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

20/10/2023, 00:00

Not After

22/10/2026, 23:59

Subject

CN=Beijing Duyou Science and Technology Co.\,Ltd.,O=Beijing Duyou Science and Technology Co.\,Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f7:72:04:60:70:61:6d:8d:02:f3:83:8b:1d:29:16:8c:05:6d:bb:c1:a6:43:f7:5f:87:1d:e8:e6:59:71:45:79
Signer

Actual PE Digest

f7:72:04:60:70:61:6d:8d:02:f3:83:8b:1d:29:16:8c:05:6d:bb:c1:a6:43:f7:5f:87:1d:e8:e6:59:71:45:79

Digest Algorithm

sha256

PE Digest Matches

false

ef:7a:1d:0d:85:ce:3e:e2:9f:14:6b:9f:99:13:cb:ed:aa:6f:ba:03
Signer

Actual PE Digest

ef:7a:1d:0d:85:ce:3e:e2:9f:14:6b:9f:99:13:cb:ed:aa:6f:ba:03

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

H:\baidu\netdisk\pc-yunbrowser\output\YunDetectService.pdb

Imports

kernel32

InterlockedCompareExchange
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
GetFileAttributesW
GetVersionExW
UnmapViewOfFile
HeapValidate
Sleep
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
CreateFileA
LoadLibraryA
WaitForSingleObjectEx
GetVersionExA
DeleteFileA
GetSystemInfo
LoadLibraryW
HeapCompact
UnlockFile
GetProcAddress
CreateFileMappingA
LocalFree
LockFileEx
GetCurrentProcessId
SystemTimeToFileTime
FreeLibrary
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
OpenMutexW
ReleaseMutex
OpenFileMappingW
GetTempFileNameW
VirtualQuery
GetModuleHandleW
CreateProcessW
GlobalAlloc
GetVolumeInformationA
GlobalFree
DeviceIoControl
CreateEventA
CreateSemaphoreA
ReleaseSemaphore
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
InterlockedExchangeAdd
TlsAlloc
WaitForMultipleObjects
TerminateThread
QueueUserAPC
CreateEventW
SetEvent
SleepEx
PostQueuedCompletionStatus
CreateIoCompletionPort
SetWaitableTimer
GetQueuedCompletionStatus
VerSetConditionMask
VerifyVersionInfoW
CreateWaitableTimerW
WaitForMultipleObjectsEx
ResetEvent
TlsGetValue
TlsSetValue
TlsFree
DecodePointer
OpenEventW
OpenProcess
TerminateProcess
GetPrivateProfileIntW
WriteConsoleW
SetConsoleTextAttribute
FreeConsole
GetConsoleScreenBufferInfo
GetStdHandle
AllocConsole
GetFullPathNameW
HeapCreate
TryEnterCriticalSection
AreFileApisANSI
WriteFile
CreateDirectoryW
ReadFile
GetFileSize
CreateFileW
WideCharToMultiByte
WaitForSingleObject
DeleteFileW
CloseHandle
MultiByteToWideChar
SetLastError
RaiseException
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetModuleFileNameW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
CreateWaitableTimerA
GetModuleHandleA
ResumeThread
OpenEventA
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
GetEnvironmentVariableW
ConvertThreadToFiber
ConvertFiberToThread
GetFileType
GetModuleHandleExW
FindNextFileW
FindFirstFileW
FindClose
CreateFiber
DeleteFiber
SwitchToFiber
HeapSize
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
GetCurrentProcess
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
LoadLibraryExA
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
HeapDestroy

user32

GetProcessWindowStation
GetUserObjectInformationW
CallWindowProcW
SendMessageTimeoutW
MessageBoxW
LoadCursorW
CreateWindowExW
SetWindowLongW
PostMessageW
GetMessageW
TranslateMessage
DispatchMessageW
DestroyWindow
GetClassInfoExW
RegisterClassExW
UnregisterClassW
IsWindow
GetWindowLongW
KillTimer
SetTimer
DefWindowProcW

advapi32

CryptGetUserKey
CryptEnumProvidersW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExA
RegOpenKeyExA
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
ConvertStringSecurityDescriptorToSecurityDescriptorW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptSignHashW
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash

shell32

SHGetFolderPathW
SHGetSpecialFolderPathW

ole32

StringFromCLSID
CoLoadLibrary
CoFreeLibrary
CoUninitialize
CoInitializeEx
CoCreateInstance
CoCreateGuid

oleaut32

SysAllocStringByteLen
SysAllocString
VariantInit
SysStringByteLen
VariantClear
SysAllocStringLen
VarBstrCmp
SysStringLen
SysFreeString

shlwapi

SHDeleteKeyW

msvcp140

??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??Bid@locale@std@@QAEIXZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?id@?$ctype@D@std@@2V0locale@2@A
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHH@Z
?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE?AV?$fpos@U_Mbstatet@@@2@_JHH@Z
?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE?AV?$fpos@U_Mbstatet@@@2@V32@H@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??0facet@locale@std@@IAE@I@Z
??1facet@locale@std@@MAE@XZ
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
?classic@locale@std@@SAABV12@XZ
??1_Locinfo@std@@QAE@XZ
??0_Locinfo@std@@QAE@PBD@Z
?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ
?_Gettrue@_Locinfo@std@@QBEPBDXZ
?_Getfalse@_Locinfo@std@@QBEPBDXZ
?_Getlconv@_Locinfo@std@@QBEPBUlconv@@XZ
?id@?$numpunct@D@std@@2V0locale@2@A
??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?toupper@?$ctype@D@std@@QBEDD@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_BADOFF@std@@3_JB
?uncaught_exception@std@@YA_NXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z

wininet

HttpQueryInfoA
InternetReadFile
InternetCloseHandle
InternetOpenW
InternetOpenUrlW
InternetConnectA
HttpEndRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetOpenA
InternetWriteFile
InternetSetOptionA
HttpSendRequestExA
InternetQueryDataAvailable

ws2_32

recv
send
WSASetLastError
getpeername
getsockopt
bind
ntohs
htonl
ntohl
freeaddrinfo
getaddrinfo
WSAGetLastError
WSAAddressToStringW
setsockopt
WSASocketW
WSASend
WSARecv
listen
select
shutdown
ioctlsocket
closesocket
WSACleanup
WSAStartup

psapi

EnumProcesses
GetModuleBaseNameW

iphlpapi

GetAdaptersInfo

mswsock

AcceptEx
GetAcceptExSockaddrs

vcruntime140

memset
__CxxFrameHandler3
__vcrt_InitializeCriticalSectionEx
_except_handler4_common
_CxxThrowException
memcpy
__std_type_info_compare
memchr
_purecall
__std_terminate
memmove
wcsrchr
strchr
strstr
wcsstr
__std_exception_copy
__std_exception_destroy
wcschr
strrchr

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf
ferror
__stdio_common_vswscanf
fread
fseek
fputs
__stdio_common_vfprintf
__acrt_iob_func
fopen
_wfopen
ftell
__stdio_common_vsscanf
__stdio_common_vsprintf
__stdio_common_vsprintf_s
fgets
_wfsopen
fclose
__stdio_common_vfwprintf
fflush
feof
__p__commode
__stdio_common_vswprintf_s
_set_fmode
fwrite
__stdio_common_vsnwprintf_s
_setmode
_fileno

api-ms-win-crt-runtime-l1-1-0

terminate
_endthreadex
_invalid_parameter_noinfo_noreturn
_c_exit
_errno
abort
signal
strerror_s
raise
_controlfp_s
_invalid_parameter_noinfo
_exit
_register_thread_local_exe_atexit_callback
_initialize_onexit_table
_register_onexit_function
exit
strerror
_crt_atexit
_initterm_e
_initterm
_get_wide_winmain_command_line
_cexit
_beginthreadex
_seh_filter_exe
_initialize_wide_environment
_configure_wide_argv
_set_app_type

api-ms-win-crt-string-l1-1-0

isalnum
strcmp
wcsnlen
wmemcpy_s
ispunct
_stricmp
_strnicmp
strncpy
wcscspn
wcsspn
isxdigit
wcsncpy_s
isspace
strnlen
_wcslwr_s
iswspace
wcscat_s
wcscpy_s
_wcsicmp
strncmp
strcspn
strspn

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
free
malloc
realloc
_recalloc
_msize
_callnewh

api-ms-win-crt-filesystem-l1-1-0

_waccess
_stat64i32

api-ms-win-crt-convert-l1-1-0

_atoi64
strtol
_wtoi64
_wtoi
atoi
strtoul

api-ms-win-crt-time-l1-1-0

_localtime64_s
_gmtime64
_time64
_gmtime64_s
wcsftime

api-ms-win-crt-multibyte-l1-1-0

_mbsicmp
_mbsstr
_mbslwr_s
_mbscmp
_mbsinc
_mbschr

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-math-l1-1-0

__setusermatherr
_except1

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-environment-l1-1-0

getenv

bcrypt

BCryptGenRandom

crypt32

CertFindCertificateInStore
CertGetCertificateContextProperty
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertFreeCertificateContext

Exports

Exports

?$TSS0@?1??get_instance@?$singleton@VCRequestHandlerFactory@@@serialization@boost@@CAAAVCRequestHandlerFactory@@XZ@4HA
?get_instance@?$singleton@VCRequestHandlerFactory@@@serialization@boost@@CAAAVCRequestHandlerFactory@@XZ
?get_mutable_instance@?$singleton@VCRequestHandlerFactory@@@serialization@boost@@SAAAVCRequestHandlerFactory@@XZ
?instance@?$singleton@VCRequestHandlerFactory@@@serialization@boost@@0AAVCRequestHandlerFactory@@A
?t@?1??get_instance@?$singleton@VCRequestHandlerFactory@@@serialization@boost@@CAAAVCRequestHandlerFactory@@XZ@4V?$singleton_wrapper@VCRequestHandlerFactory@@@detail@34@A

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 614KB - Virtual size: 613KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 698KB - Virtual size: 698KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ac25368a2fd62e91e59a38ebf0b4e9ed

Code Sign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27Certificate

Key Usages

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87Certificate

Extended Key Usages

Key Usages

0d:6a:73:d0:15:d3:84:9c:e5:43:01:d1:77:5c:08:f4Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0d:6a:73:d0:15:d3:84:9c:e5:43:01:d1:77:5c:08:f4Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

f7:72:04:60:70:61:6d:8d:02:f3:83:8b:1d:29:16:8c:05:6d:bb:c1:a6:43:f7:5f:87:1d:e8:e6:59:71:45:79Signer

ef:7a:1d:0d:85:ce:3e:e2:9f:14:6b:9f:99:13:cb:ed:aa:6f:ba:03Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

msvcp140

wininet

ws2_32

psapi

iphlpapi

mswsock

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-environment-l1-1-0

bcrypt

crypt32

Exports

Exports

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 614KB - Virtual size: 613KB

.data Size: 43KB - Virtual size: 59KB

.gfids Size: 512B - Virtual size: 88B

.tls Size: 512B - Virtual size: 9B

.vmp0 Size: 698KB - Virtual size: 698KB

.reloc Size: 101KB - Virtual size: 100KB

.rsrc Size: 32KB - Virtual size: 31KB

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

0d:6a:73:d0:15:d3:84:9c:e5:43:01:d1:77:5c:08:f4
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0d:6a:73:d0:15:d3:84:9c:e5:43:01:d1:77:5c:08:f4
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

f7:72:04:60:70:61:6d:8d:02:f3:83:8b:1d:29:16:8c:05:6d:bb:c1:a6:43:f7:5f:87:1d:e8:e6:59:71:45:79
Signer

ef:7a:1d:0d:85:ce:3e:e2:9f:14:6b:9f:99:13:cb:ed:aa:6f:ba:03
Signer

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 614KB - Virtual size: 613KB

.data
Size: 43KB - Virtual size: 59KB

.gfids
Size: 512B - Virtual size: 88B

.tls
Size: 512B - Virtual size: 9B

.vmp0
Size: 698KB - Virtual size: 698KB

.reloc
Size: 101KB - Virtual size: 100KB

.rsrc
Size: 32KB - Virtual size: 31KB