c4b124edb6ba93da0cfe079db0cfbef1

Sharing

Copy URL Twitter E-mail

General

Target

c4b124edb6ba93da0cfe079db0cfbef1
Size

2.7MB
MD5

c4b124edb6ba93da0cfe079db0cfbef1
SHA1

3590d687b77eb71ff447591ffe804466dae322e3
SHA256

d3135a740bc1133055df1b9ccc80522ef6c9b74bdb43e60dfb1f2c990457968b
SHA512

93be7eb0bf04393c89a80cee8657a33eb3c755ab55b61d0a9686f0099ade00498684fb83c18608b240bb3bda1ff928ccc88b5c116b35433d59f7b6e656e28067
SSDEEP

49152:9Fw3gp9XLb+H9qYrkBzGtp2usNFRMs4RU39/zS9ynf/OHv7md:jXXLbSJkBzGt+6sQU39z/OPKd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/屏幕录像精灵/屏幕录像精灵.exe

Files

c4b124edb6ba93da0cfe079db0cfbef1
.rar
屏幕录像精灵/bass.dll
.dll windows:4 windows x86 arch:x86

Code Sign

01:00:00:00:00:01:13:fe:0e:ee:04
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

25/07/2007, 15:46

Not After

25/07/2008, 15:46

Subject

CN=Un4seen Developments Ltd,O=Un4seen Developments Ltd,C=GB,1.2.840.113549.1.9.1=#0c106365727440756e347365656e2e636f6d

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageKeyEncipherment
KeyUsageDataEncipherment

04:00:00:00:00:00:f9:7f:aa:2e:1e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

16/12/2003, 13:00

Not After

27/01/2014, 11:00

Subject

CN=GlobalSign RootSign Partners CA,OU=RootSign Partners CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 12:00

Not After

27/01/2014, 11:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:10:92:eb:82:95
Certificate

Issuer

CN=GlobalSign RootSign Partners CA,OU=RootSign Partners CA,O=GlobalSign nv-sa,C=BE

Not Before

05/02/2007, 09:00

Not After

27/01/2014, 09:00

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign,1.2.840.113549.1.9.1=#0c1c74696d657374616d70696e666f40676c6f62616c7369676e2e636f6d

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:08:d9:61:24:48
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 09:00

Not After

27/01/2014, 10:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

cb:2a:a0:38:b3:59:bb:d6:d6:98:31:10:3d:74:ce:0a:db:86:5a:d4
Signer

Actual PE Digest

cb:2a:a0:38:b3:59:bb:d6:d6:98:31:10:3d:74:ce:0a:db:86:5a:d4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

BASS_Apply3D
BASS_ChannelBytes2Seconds
BASS_ChannelGet3DAttributes
BASS_ChannelGet3DPosition
BASS_ChannelGetAttributes
BASS_ChannelGetData
BASS_ChannelGetDevice
BASS_ChannelGetEAXMix
BASS_ChannelGetInfo
BASS_ChannelGetLength
BASS_ChannelGetLevel
BASS_ChannelGetPosition
BASS_ChannelGetTags
BASS_ChannelIsActive
BASS_ChannelIsSliding
BASS_ChannelPause
BASS_ChannelPlay
BASS_ChannelPreBuf
BASS_ChannelRemoveDSP
BASS_ChannelRemoveFX
BASS_ChannelRemoveLink
BASS_ChannelRemoveSync
BASS_ChannelSeconds2Bytes
BASS_ChannelSet3DAttributes
BASS_ChannelSet3DPosition
BASS_ChannelSetAttributes
BASS_ChannelSetDSP
BASS_ChannelSetDevice
BASS_ChannelSetEAXMix
BASS_ChannelSetFX
BASS_ChannelSetFlags
BASS_ChannelSetLink
BASS_ChannelSetPosition
BASS_ChannelSetSync
BASS_ChannelSlideAttributes
BASS_ChannelStop
BASS_ErrorGetCode
BASS_FXGetParameters
BASS_FXReset
BASS_FXSetParameters
BASS_Free
BASS_Get3DFactors
BASS_Get3DPosition
BASS_GetCPU
BASS_GetConfig
BASS_GetDSoundObject
BASS_GetDevice
BASS_GetDeviceDescription
BASS_GetEAXParameters
BASS_GetInfo
BASS_GetVersion
BASS_GetVolume
BASS_Init
BASS_MusicFree
BASS_MusicGetAttribute
BASS_MusicGetOrderPosition
BASS_MusicGetOrders
BASS_MusicLoad
BASS_MusicSetAttribute
BASS_Pause
BASS_PluginFree
BASS_PluginGetInfo
BASS_PluginLoad
BASS_RecordFree
BASS_RecordGetDevice
BASS_RecordGetDeviceDescription
BASS_RecordGetInfo
BASS_RecordGetInput
BASS_RecordGetInputName
BASS_RecordInit
BASS_RecordSetDevice
BASS_RecordSetInput
BASS_RecordStart
BASS_SampleCreate
BASS_SampleCreateDone
BASS_SampleFree
BASS_SampleGetChannel
BASS_SampleGetChannels
BASS_SampleGetInfo
BASS_SampleLoad
BASS_SampleSetInfo
BASS_SampleStop
BASS_Set3DFactors
BASS_Set3DPosition
BASS_SetConfig
BASS_SetDevice
BASS_SetEAXParameters
BASS_SetVolume
BASS_Start
BASS_Stop
BASS_StreamCreate
BASS_StreamCreateFile
BASS_StreamCreateFileUser
BASS_StreamCreateURL
BASS_StreamFree
BASS_StreamGetFilePosition
BASS_Update
_

Sections

Size: 78KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 568B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
屏幕录像精灵/demo.dll
.dll windows:4 windows x86 arch:x86

8bff40e1c09a5781a2737dbc5706afa7

Code Sign

ca:d2:9f:7d:38:78:88:a5:42:b6:5e:97:cb:0f:1c:46
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

15/06/2006, 00:00

Not After

14/06/2008, 23:59

Subject

CN=NetPlay Software,O=NetPlay Software,POSTALCODE=2526,STREET=47 Tamarind Drive,L=Unanderra,ST=NSW,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17/05/2005, 00:00

Not After

16/05/2010, 23:59

Subject

CN=Comodo Time Stamping Signer,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

7c:68:85:34:11:2c:2a:83:7a:c7:c8:5d:fc:44:0e:94:73:16:13:3a
Signer

Actual PE Digest

7c:68:85:34:11:2c:2a:83:7a:c7:c8:5d:fc:44:0e:94:73:16:13:3a

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateEventA
SetEvent
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
RtlUnwind
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

user32

UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx

Exports

Exports

InstallMyHook
UninstallMyHook

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHARE
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
屏幕录像精灵/enc.dll
.dll windows:4 windows x86 arch:x86

a5f12ee722d3bff47e96e2a88e2b1d13

Code Sign

ca:d2:9f:7d:38:78:88:a5:42:b6:5e:97:cb:0f:1c:46
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

15/06/2006, 00:00

Not After

14/06/2008, 23:59

Subject

CN=NetPlay Software,O=NetPlay Software,POSTALCODE=2526,STREET=47 Tamarind Drive,L=Unanderra,ST=NSW,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17/05/2005, 00:00

Not After

16/05/2010, 23:59

Subject

CN=Comodo Time Stamping Signer,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

be:b9:02:15:da:34:b6:d2:f7:48:94:1c:76:05:22:06:7d:f8:14:5f
Signer

Actual PE Digest

be:b9:02:15:da:34:b6:d2:f7:48:94:1c:76:05:22:06:7d:f8:14:5f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WideCharToMultiByte
GetModuleFileNameA
GetPrivateProfileIntA
GetCommandLineA
GetVersion
HeapAlloc
HeapFree
GetProcAddress
GetModuleHandleA
GetLastError
CloseHandle
ExitProcess
TerminateProcess
GetCurrentProcess
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
OutputDebugStringA
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
VirtualAlloc
HeapReAlloc
SetFilePointer
RaiseException
FlushFileBuffers
ReadFile
MultiByteToWideChar
LCMapStringA
LCMapStringW
SetStdHandle
CreateFileA
GetStringTypeA
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
RtlUnwind
SetEndOfFile

Exports

Exports

beCloseStream
beDeinitStream
beEncodeChunk
beEncodeChunkFloatS16NI
beFlushNoGap
beInitStream
beVersion
beWriteInfoTag
beWriteVBRHeader
lame_close
lame_encode_buffer_interleaved
lame_encode_flush
lame_get_in_samplerate
lame_get_num_channels
lame_get_num_samples
lame_get_out_samplerate
lame_get_scale
lame_get_scale_left
lame_get_scale_right
lame_init
lame_init_params
lame_mp3_tags_fid
lame_set_in_samplerate
lame_set_num_channels
lame_set_num_samples
lame_set_out_samplerate
lame_set_scale
lame_set_scale_left
lame_set_scale_right

Sections

.text
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 225KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
屏幕录像精灵/vgrabdll.dll
.dll windows:4 windows x86 arch:x86

48f10ec2993dac12339521f1809131e6

Code Sign

ca:d2:9f:7d:38:78:88:a5:42:b6:5e:97:cb:0f:1c:46
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

15/06/2006, 00:00

Not After

14/06/2008, 23:59

Subject

CN=NetPlay Software,O=NetPlay Software,POSTALCODE=2526,STREET=47 Tamarind Drive,L=Unanderra,ST=NSW,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17/05/2005, 00:00

Not After

16/05/2010, 23:59

Subject

CN=Comodo Time Stamping Signer,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

bc:ec:90:a9:7f:9c:90:67:36:c6:39:5e:7b:e1:94:86:6c:59:0f:12
Signer

Actual PE Digest

bc:ec:90:a9:7f:9c:90:67:36:c6:39:5e:7b:e1:94:86:6c:59:0f:12

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

\\netplaylt1\vgrabdll\Release\vgrabdll.pdb

Imports

kernel32

GetVersionExA
InterlockedExchange
GetACP
GetLocaleInfoA
InitializeCriticalSection
DeleteCriticalSection
SetEvent
EnterCriticalSection
LeaveCriticalSection
ResetEvent
WaitForMultipleObjects
GetCurrentThreadId
Sleep
MulDiv
InterlockedIncrement
InterlockedDecrement
CloseHandle
CreateEventA
DuplicateHandle
GetCurrentProcess
WaitForSingleObject
CreateSemaphoreA
ReleaseSemaphore
GetSystemInfo
VirtualAlloc
VirtualFree
FreeLibrary
LoadLibraryA
CreateThread
GetProcAddress
GetModuleHandleA
MultiByteToWideChar
SetThreadPriority
GetThreadPriority
GetCurrentThread
GetTickCount
GetLastError
FlushFileBuffers
VirtualProtect
SetStdHandle
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
SetFilePointer
GetCPInfo
GetOEMCP
IsBadCodePtr
IsBadReadPtr
ExitProcess
RtlUnwind
HeapFree
GetCommandLineA
HeapReAlloc
HeapAlloc
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TerminateProcess
HeapSize
VirtualQuery
HeapDestroy
HeapCreate
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
UnhandledExceptionFilter
WriteFile
SetUnhandledExceptionFilter

user32

PeekMessageA
MsgWaitForMultipleObjects
RegisterWindowMessageA
DispatchMessageA
PostThreadMessageA
GetQueueStatus

ole32

CoInitialize
CoUninitialize
CoFreeUnusedLibraries
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance

oleaut32

SysFreeString
SysAllocString

winmm

timeGetTime
timeBeginPeriod
timeEndPeriod
timeSetEvent
timeKillEvent

Exports

Exports

GrabVideo

Sections

.text
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
屏幕录像精灵/屏幕录像精灵.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 596KB - Virtual size: 596KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

jingling
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
屏幕录像精灵/新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

Code Sign

01:00:00:00:00:01:13:fe:0e:ee:04Certificate

Key Usages

04:00:00:00:00:00:f9:7f:aa:2e:1eCertificate

Key Usages

04:00:00:00:00:01:08:d9:61:1c:d6Certificate

Key Usages

04:00:00:00:00:01:10:92:eb:82:95Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:08:d9:61:24:48Certificate

Key Usages

cb:2a:a0:38:b3:59:bb:d6:d6:98:31:10:3d:74:ce:0a:db:86:5a:d4Signer

Headers

File Characteristics

Exports

Exports

Sections

Size: 78KB - Virtual size: 192KB

.rsrc Size: 568B - Virtual size: 4KB

Size: - Virtual size: 4KB

Size: 4KB - Virtual size: 3KB

8bff40e1c09a5781a2737dbc5706afa7

Code Sign

ca:d2:9f:7d:38:78:88:a5:42:b6:5e:97:cb:0f:1c:46Certificate

Extended Key Usages

Key Usages

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89Certificate

Extended Key Usages

Key Usages

7c:68:85:34:11:2c:2a:83:7a:c7:c8:5d:fc:44:0e:94:73:16:13:3aSigner

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 16KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 12KB - Virtual size: 12KB

.SHARE Size: 4KB - Virtual size: 12B

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 3KB

a5f12ee722d3bff47e96e2a88e2b1d13

Code Sign

ca:d2:9f:7d:38:78:88:a5:42:b6:5e:97:cb:0f:1c:46Certificate

Extended Key Usages

Key Usages

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89Certificate

Extended Key Usages

Key Usages

be:b9:02:15:da:34:b6:d2:f7:48:94:1c:76:05:22:06:7d:f8:14:5fSigner

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 144KB - Virtual size: 143KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 20KB - Virtual size: 225KB

.rsrc Size: 4KB - Virtual size: 832B

.reloc Size: 8KB - Virtual size: 7KB

48f10ec2993dac12339521f1809131e6

Code Sign

ca:d2:9f:7d:38:78:88:a5:42:b6:5e:97:cb:0f:1c:46Certificate

Extended Key Usages

Key Usages

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89Certificate

Extended Key Usages

Key Usages

bc:ec:90:a9:7f:9c:90:67:36:c6:39:5e:7b:e1:94:86:6c:59:0f:12Signer

01:00:00:00:00:01:13:fe:0e:ee:04
Certificate

04:00:00:00:00:00:f9:7f:aa:2e:1e
Certificate

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

04:00:00:00:00:01:10:92:eb:82:95
Certificate

04:00:00:00:00:01:08:d9:61:24:48
Certificate

cb:2a:a0:38:b3:59:bb:d6:d6:98:31:10:3d:74:ce:0a:db:86:5a:d4
Signer

.rsrc
Size: 568B - Virtual size: 4KB

ca:d2:9f:7d:38:78:88:a5:42:b6:5e:97:cb:0f:1c:46
Certificate

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

7c:68:85:34:11:2c:2a:83:7a:c7:c8:5d:fc:44:0e:94:73:16:13:3a
Signer

.text
Size: 20KB - Virtual size: 16KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 12KB - Virtual size: 12KB

.SHARE
Size: 4KB - Virtual size: 12B

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 3KB

ca:d2:9f:7d:38:78:88:a5:42:b6:5e:97:cb:0f:1c:46
Certificate

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

be:b9:02:15:da:34:b6:d2:f7:48:94:1c:76:05:22:06:7d:f8:14:5f
Signer

.text
Size: 144KB - Virtual size: 143KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 20KB - Virtual size: 225KB

.rsrc
Size: 4KB - Virtual size: 832B

.reloc
Size: 8KB - Virtual size: 7KB

ca:d2:9f:7d:38:78:88:a5:42:b6:5e:97:cb:0f:1c:46
Certificate

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

bc:ec:90:a9:7f:9c:90:67:36:c6:39:5e:7b:e1:94:86:6c:59:0f:12
Signer

.text
Size: 112KB - Virtual size: 111KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 4KB - Virtual size: 9KB

.rsrc
Size: 4KB - Virtual size: 832B

.reloc
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 596KB - Virtual size: 596KB

.idata
Size: 4KB - Virtual size: 4KB

jingling
Size: 1.8MB - Virtual size: 1.8MB