c9fd30e80e19782a183a0c587e0324b2

Sharing

Copy URL Twitter E-mail

General

Target

c9fd30e80e19782a183a0c587e0324b2
Size

784KB
MD5

c9fd30e80e19782a183a0c587e0324b2
SHA1

0bca55b93ab3e22023b26781bfebdb8eafe35f08
SHA256

446a9426689b170e023abdf47d8f466df597b7d101c230d621a6454bdeb88712
SHA512

78d55ffd933e6f83d43dd006550b8dd2e849ebadab4643dcbf69d7d836e1095a194973d819a5993264e8f288ddd70c4e27ad6a999d6b4eec96ee5d6cb4ea8843
SSDEEP

24576:aTNfsN54Q8upxhW7j4iLuvGdZHotP36TFQQsjfDV:aTNU54GE7saXNod36TFQl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/$PLUGINSDIR/InstallOptions.dll

Files

c9fd30e80e19782a183a0c587e0324b2
.rar
Vpn123Installer_2.1.0.0.exe
.exe windows:5 windows x86 arch:x86

bf95d1fc1d10de18b32654b123ad5e1f

Code Sign

04:00:00:00:00:01:23:9e:0f:ac:b3
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:26:91:b1:e0:39
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

03/02/2010, 02:06

Not After

03/02/2012, 02:06

Subject

CN=Shanghai Exun Information Technology Co.\, Ltd.,O=Shanghai Exun Information Technology Co.\, Ltd.,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:23:9e:0f:af:24
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 10:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6a:04:6a:0d:55:74:db:e1:66:16:04:54:1d:3d:d0:4e:52:b7:3a:5d
Signer

Actual PE Digest

6a:04:6a:0d:55:74:db:e1:66:16:04:54:1d:3d:d0:4e:52:b7:3a:5d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
CloseHandle
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
CreateFileW
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrlenW

user32

ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 452KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 564KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:5 windows x86 arch:x86

cd90e33ffbc335413a25300c682c83df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiW
GetModuleHandleW
GlobalLock
GlobalUnlock
GetCurrentDirectoryW
SetCurrentDirectoryW
GetPrivateProfileIntW
GetPrivateProfileStringW
lstrcatW
WritePrivateProfileStringW
lstrcpynW
lstrlenW
lstrcpyW
GlobalFree
GlobalAlloc

user32

OpenClipboard
DestroyIcon
LoadCursorW
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
SetWindowLongW
GetClientRect
SetWindowRgn
LoadIconW
LoadImageW
CreateWindowExW
MapDialogRect
GetClipboardData
GetWindowRect
CreateDialogParamW
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
SetCursor
DrawTextW
GetWindowLongW
DrawFocusRect
CallWindowProcW
PostMessageW
wsprintfW
CharNextW
MessageBoxW
CloseClipboard
GetDlgCtrlID
MapWindowPoints
SetWindowPos
PtInRect
GetWindowTextW
SetWindowTextW
SendMessageW
DestroyWindow

gdi32

SelectObject
CreateRectRgn
GetObjectW
CombineRgn
DeleteObject
CreateCompatibleDC
GetDIBits
SetTextColor

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteW
SHGetDesktopFolder

comdlg32

GetOpenFileNameW
CommDlgExtendedError
GetSaveFileNameW

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
Vpn123.exe
.exe windows:5 windows x86 arch:x86

d130aaba8cfc0641e8b0d688d64c629c

Code Sign

04:00:00:00:00:01:23:9e:0f:ac:b3
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:26:91:b1:e0:39
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

03/02/2010, 02:06

Not After

03/02/2012, 02:06

Subject

CN=Shanghai Exun Information Technology Co.\, Ltd.,O=Shanghai Exun Information Technology Co.\, Ltd.,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:23:9e:0f:af:24
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 10:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6f:21:38:55:93:9a:4e:a6:de:9d:98:38:62:e6:32:1b:ca:18:87:4d
Signer

Actual PE Digest

6f:21:38:55:93:9a:4e:a6:de:9d:98:38:62:e6:32:1b:ca:18:87:4d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

g:\SVNREP\vpn123\prog\winclient\src\Release-VPN123\Vpn123.pdb

Imports

kernel32

IsDebuggerPresent
GetSystemTimeAsFileTime
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
RtlUnwind
RaiseException
ExitThread
ExitProcess
HeapSize
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
GetCPInfo
GetACP
GlobalFlags
IsValidCodePage
SetUnhandledExceptionFilter
GetDateFormatA
GetTimeZoneInformation
LCMapStringW
GetStringTypeA
GetStringTypeW
LCMapStringA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
CreateFileA
SetEnvironmentVariableA
GetFileTime
InitializeCriticalSection
IsProcessorFeaturePresent
InterlockedCompareExchange
GetFileSizeEx
GetFileAttributesW
UnhandledExceptionFilter
GetStartupInfoW
GetTimeFormatA
SetErrorMode
FileTimeToLocalFileTime
FileTimeToSystemTime
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
GetLocaleInfoW
CompareStringA
lstrcmpA
GetPrivateProfileIntW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
GetThreadLocale
SuspendThread
SetThreadPriority
GetModuleHandleA
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LoadLibraryA
lstrcmpW
GetVersionExA
FormatMessageW
MulDiv
HeapAlloc
GetProcessHeap
HeapFree
CreateMutexW
CopyFileW
GetCommandLineW
GetSystemDirectoryW
FlushInstructionCache
GetVersion
FreeResource
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
OpenProcess
QueryPerformanceCounter
GetCurrentProcessId
SetLastError
FreeLibrary
GetModuleFileNameW
GetPrivateProfileStringA
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileSectionNamesW
DeviceIoControl
CreateFileW
lstrcatA
lstrcpyA
lstrlenA
LoadLibraryW
GetOverlappedResult
WaitForMultipleObjects
DisconnectNamedPipe
GetLastError
ConnectNamedPipe
LocalFree
CreateNamedPipeW
LocalAlloc
CreateEventW
SetEvent
ResetEvent
Sleep
lstrcmpiW
SetProcessWorkingSetSize
GetVersionExW
SetFileAttributesW
GetProcAddress
GetModuleHandleW
DeleteFileW
MultiByteToWideChar
lstrlenW
GetTickCount
ResumeThread
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
ReadFile
PeekNamedPipe
WriteFile
WriteConsoleW
CloseHandle
CreateProcessW
GetCurrentThreadId
TerminateProcess
WaitForSingleObject
CreateThread
GetCurrentProcess
DuplicateHandle
CreatePipe
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetOEMCP

user32

SetWindowContextHelpId
MapDialogRect
PostQuitMessage
CharUpperW
GetMessageW
ValidateRect
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
GetWindowThreadProcessId
GetWindowDC
GetActiveWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
SetPropW
GetPropW
RemovePropW
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
GetDlgItem
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
GetKeyState
SetMenu
UpdateWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
EqualRect
GetScrollInfo
GetParent
GetClientRect
PostMessageW
SetCursor
GetDlgCtrlID
GetMenu
SetWindowPos
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetMenuState
GetMenuItemID
GetMenuItemCount
DispatchMessageW
TranslateMessage
PeekMessageW
FindWindowW
MessageBoxW
LoadImageW
GetMenuDefaultItem
TrackPopupMenu
GetCursorPos
GetSysColorBrush
CharNextW
CopyAcceleratorTableW
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
DestroyIcon
SetMenuDefaultItem
RegisterClipboardFormatW
PostThreadMessageW
GetWindowRect
ClientToScreen
InvalidateRect
EnableWindow
SendMessageW
BringWindowToTop
SetTimer
KillTimer
LoadIconW
SetForegroundWindow
IsWindowVisible
LoadMenuW
InflateRect
GetSubMenu
CopyRect
DefWindowProcW
RedrawWindow
SetWindowLongW
GetWindowLongW
SetRect
RegisterClassExW
BeginPaint
DrawEdge
IsWindowEnabled
UnregisterClassW
FillRect
EndPaint
wsprintfW
GetDC
ReleaseDC
ScreenToClient
GetTopWindow
RegisterWindowMessageW
GetDesktopWindow
IsWindow
ReleaseCapture
SetCapture
GetClassNameW
GetSystemMetrics
GrayStringW
DrawTextExW
TabbedTextOutW
CallWindowProcW
SetWindowRgn
GetFocus
PtInRect
IsRectEmpty
OffsetRect
DrawTextW
LoadCursorW
GetWindow
DestroyMenu

gdi32

GetMapMode
GetBkColor
GetRgnBox
MoveToEx
LineTo
CreateRectRgnIndirect
CreateSolidBrush
CreatePen
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
GetWindowExtEx
GetViewportExtEx
SetMapMode
SetStretchBltMode
RestoreDC
SaveDC
GetClipBox
CreateFontW
CreateBitmap
SetBkColor
GetObjectW
SetDIBColorTable
SelectObject
GetDIBColorTable
StretchBlt
CreateDIBSection
DeleteDC
Escape
ExtTextOutW
RectVisible
PtVisible
GetStockObject
TextOutW
CombineRgn
CreateRectRgn
CreateRoundRectRgn
GetTextColor
SetTextColor
SetBkMode
GetTextExtentPoint32W
GetDeviceCaps
CreateCompatibleBitmap
DeleteObject
BitBlt
CreateCompatibleDC
Rectangle

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

QueryServiceStatus
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegEnumKeyExW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegOpenKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
OpenSCManagerW
CloseServiceHandle
StartServiceW
ChangeServiceConfigW
QueryServiceConfigW
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenServiceW
EnumServicesStatusExW
GetSecurityDescriptorSacl
SetNamedSecurityInfoW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

shell32

DragQueryFileW
SHGetFolderPathW
SHCreateDirectoryExW
SHGetFileInfoW
ShellExecuteExW
ShellExecuteW
Shell_NotifyIconW
CommandLineToArgvW

comctl32

_TrackMouseEvent
InitCommonControlsEx

shlwapi

PathIsUNCW
PathRemoveFileSpecW
PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathFileExistsW

oledlg

OleUIBusyW

ole32

CoTaskMemFree
CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoInitialize
CreateStreamOnHGlobal
CoCreateInstance
OleUninitialize
CoFreeUnusedLibraries
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoRegisterMessageFilter
OleInitialize

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear
VariantChangeType
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElement
SafeArrayDestroy
SysStringLen
SysAllocStringLen
VariantCopy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect

gdiplus

GdipGetImagePalette
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdiplusStartup
GdipFree
GdipAlloc
GdipDisposeImage
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipDrawImageI
GdipGetImagePaletteSize
GdipCloneImage
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdiplusShutdown

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

winmm

timeGetTime

iphlpapi

GetAdaptersInfo
CreateIpForwardEntry
DeleteIpForwardEntry
GetIpForwardTable

crypt32

CryptUnprotectData
CryptProtectData

rasapi32

RasGetProjectionInfoW
RasSetEntryPropertiesW
RasDialW
RasHangUpW
RasGetConnectionStatistics
RasGetErrorStringW
RasEnumConnectionsW

ws2_32

connect
gethostbyname
WSAGetLastError
send
recv
__WSAFDIsSet
closesocket
inet_ntoa
sendto
htons
recvfrom
select
bind
ioctlsocket
socket
WSACleanup
WSAStartup
inet_addr

Sections

.text
Size: 473KB - Virtual size: 472KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 141KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 228KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Vpn123Bind.dll
.dll regsvr32 windows:5 windows x86 arch:x86

a13c9155f90808716e4a9c9eea53df2a

Code Sign

04:00:00:00:00:01:23:9e:0f:ac:b3
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:26:91:b1:e0:39
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

03/02/2010, 02:06

Not After

03/02/2012, 02:06

Subject

CN=Shanghai Exun Information Technology Co.\, Ltd.,O=Shanghai Exun Information Technology Co.\, Ltd.,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:23:9e:0f:af:24
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 10:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

59:b1:71:3a:19:a2:0b:04:fb:0d:82:bb:3c:51:2f:fa:ef:aa:4e:51
Signer

Actual PE Digest

59:b1:71:3a:19:a2:0b:04:fb:0d:82:bb:3c:51:2f:fa:ef:aa:4e:51

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

g:\SVNREP\vpn123\prog\winclient\src\Release-VPN123\Vpn123Bind.pdb

Imports

kernel32

SizeofResource
LockResource
LoadResource
FindResourceExW
LocalFree
GetLastError
CloseHandle
OpenProcess
GetProcAddress
LoadLibraryW
HeapAlloc
GetProcessHeap
HeapFree
ExpandEnvironmentStringsW
OutputDebugStringA
GetModuleFileNameA
CreateMutexW
WaitForSingleObject
ReleaseMutex
FindResourceW
DisconnectNamedPipe
ReadFile
WriteFile
SetNamedPipeHandleState
WaitNamedPipeW
CreateFileW
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
UnmapViewOfFile
DeleteCriticalSection
InitializeCriticalSection
GetCurrentProcessId
GetModuleFileNameW
LeaveCriticalSection
GetTickCount
EnterCriticalSection
ResetEvent
GetPrivateProfileSectionNamesW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileStringA
MultiByteToWideChar
GetSystemTimeAsFileTime
WideCharToMultiByte
FlushFileBuffers
CreateFileA
GetLocaleInfoW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
InitializeCriticalSectionAndSpinCount
LoadLibraryA
HeapDestroy
HeapReAlloc
HeapSize
RaiseException
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
InterlockedIncrement
InterlockedDecrement
GetCurrentThreadId
GetCommandLineA
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
Sleep
ExitProcess
LCMapStringW
HeapCreate
VirtualFree
VirtualAlloc
GetStdHandle
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
VirtualQuery
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
LCMapStringA
SetFilePointer
GetConsoleCP
GetConsoleMode

advapi32

SetSecurityDescriptorDacl
SetNamedSecurityInfoW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityInfo
InitializeSecurityDescriptor

shell32

SHGetFolderPathW
SHCreateDirectoryExW

ws2_32

getpeername
WSAGetLastError
WSCDeinstallProvider
bind
WSCInstallProvider
WSCGetProviderPath
WSAStartup
WSCEnumProtocols
getsockname
ntohs
WSCWriteProviderOrder

Exports

Exports

DllRegisterServer
DllUnregisterServer
VpnBindGetGlobalControlBlock
VpnBindStart
VpnBindStop
WSPStartup

Sections

.text
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Vpn123Diagnosis.exe
.exe windows:5 windows x86 arch:x86

f964dca4737ad38a5faaee9019ebff97

Code Sign

04:00:00:00:00:01:23:9e:0f:ac:b3
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:26:91:b1:e0:39
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

03/02/2010, 02:06

Not After

03/02/2012, 02:06

Subject

CN=Shanghai Exun Information Technology Co.\, Ltd.,O=Shanghai Exun Information Technology Co.\, Ltd.,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:23:9e:0f:af:24
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 10:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

82:47:2c:2e:4f:4b:e8:f4:44:a2:2a:d7:14:04:47:dc:a7:14:50:42
Signer

Actual PE Digest

82:47:2c:2e:4f:4b:e8:f4:44:a2:2a:d7:14:04:47:dc:a7:14:50:42

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

g:\SVNREP\vpn123\prog\winclient\src\Release-VPN123\Vpn123Diagnosis.pdb

Imports

kernel32

GetFileAttributesW
GetFileSizeEx
GetFileTime
lstrlenA
InterlockedIncrement
GlobalFlags
SetErrorMode
GetStartupInfoW
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
HeapReAlloc
Sleep
ExitProcess
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapSize
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetTimeFormatA
GetDateFormatA
GetTimeZoneInformation
LCMapStringW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
LCMapStringA
CreateFileA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
SetEnvironmentVariableA
FileTimeToLocalFileTime
FileTimeToSystemTime
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GetModuleHandleA
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
CreateFileW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
GetThreadLocale
GetCurrentProcessId
InterlockedDecrement
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
FreeLibrary
CompareStringW
LoadLibraryA
lstrcmpW
GetVersionExA
FreeResource
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
lstrlenW
MulDiv
SetLastError
GetTempPathW
GetModuleFileNameW
LocalFree
OpenProcess
WritePrivateProfileStringW
LoadLibraryW
GetTickCount
Process32NextW
Module32NextW
Module32FirstW
Process32FirstW
GetLastError
CreateToolhelp32Snapshot
HeapFree
GetProcessHeap
HeapAlloc
GetVersionExW
GetModuleHandleW
GetProcAddress
FindResourceW
LoadResource
LockResource
SizeofResource
MultiByteToWideChar
WideCharToMultiByte
ReadFile
PeekNamedPipe
WriteFile
WriteConsoleW
CloseHandle
CreateProcessW
GetCurrentThreadId
TerminateProcess
WaitForSingleObject
CreateThread
GetCurrentProcess
DuplicateHandle
CreatePipe
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
InitializeCriticalSection

user32

PostThreadMessageW
GetNextDlgGroupItem
InvalidateRgn
InvalidateRect
SetRect
IsRectEmpty
CopyAcceleratorTableW
CharNextW
ReleaseCapture
SetCapture
UnregisterClassW
DestroyMenu
LoadCursorW
GetSysColorBrush
SetCursor
SetWindowContextHelpId
MapDialogRect
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
PostQuitMessage
CharUpperW
GetWindowThreadProcessId
GetMessageW
TranslateMessage
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetFocus
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
DispatchMessageW
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
GetKeyState
PostMessageW
EnableWindow
LoadIconW
SendMessageW
SetMenu
SetForegroundWindow
IsWindowVisible
UpdateWindow
GetClientRect
MessageBoxW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
RegisterClipboardFormatW
EqualRect
MessageBeep
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
EndDialog
GetNextDlgTabItem
GetParent
IsWindowEnabled
GetDlgItem
GetWindowLongW
IsWindow
DestroyWindow
CreateDialogIndirectParamW
SetActiveWindow
GetActiveWindow
GetDesktopWindow
GetWindowRect
GetWindow
GetSystemMetrics
GetWindowPlacement
IsIconic
SystemParametersInfoA
IntersectRect
OffsetRect
SetWindowPos
SetWindowLongW
GetMenu
CallWindowProcW
DefWindowProcW
GetDlgCtrlID
PtInRect
CopyRect
TabbedTextOutW

gdi32

CreateRectRgnIndirect
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
GetStockObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
DeleteObject
SetMapMode
RestoreDC
SaveDC
CreateBitmap
GetObjectW
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
SelectObject

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegOpenKeyExW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyW
RegQueryValueExW
RegCloseKey

shell32

SHGetFolderPathW
SHCreateDirectoryExW

comctl32

InitCommonControlsEx

shlwapi

PathFindExtensionW
PathStripToRootW
PathIsUNCW
PathRemoveFileSpecW
PathFindFileNameW

oledlg

OleUIBusyW

ole32

CoTaskMemFree
OleIsCurrentClipboard
OleFlushClipboard
CoTaskMemAlloc
CoUninitialize
CoCreateInstance
CoInitializeEx
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
CoRevokeClassObject
OleInitialize
CoRegisterMessageFilter

oleaut32

SysFreeString
SysAllocStringLen
VariantClear
VariantChangeType
VariantInit
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
SysAllocString
SysStringLen

wsock32

WSASetLastError
closesocket
shutdown
recv
send
connect
socket
htons
inet_addr
gethostbyname
ioctlsocket
WSACleanup
WSAGetLastError
WSAStartup

ws2_32

WSCEnumProtocols
WSCGetProviderPath

rpcrt4

RpcStringFreeW
UuidToStringW

Sections

.text
Size: 259KB - Virtual size: 258KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uninst.exe.nsis
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

bf95d1fc1d10de18b32654b123ad5e1f

Code Sign

04:00:00:00:00:01:23:9e:0f:ac:b3Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:20:19:c1:90:66Certificate

Key Usages

01:00:00:00:00:01:25:b0:b4:cc:01Certificate

Extended Key Usages

Key Usages

01:00:00:00:00:01:26:91:b1:e0:39Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:23:9e:0f:af:24Certificate

Extended Key Usages

Key Usages

6a:04:6a:0d:55:74:db:e1:66:16:04:54:1d:3d:d0:4e:52:b7:3a:5dSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 26KB - Virtual size: 25KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 452KB

.ndata Size: - Virtual size: 564KB

.rsrc Size: 28KB - Virtual size: 28KB

cd90e33ffbc335413a25300c682c83df

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 1024B - Virtual size: 17KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

d130aaba8cfc0641e8b0d688d64c629c

Code Sign

04:00:00:00:00:01:23:9e:0f:ac:b3Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:20:19:c1:90:66Certificate

Key Usages

01:00:00:00:00:01:25:b0:b4:cc:01Certificate

Extended Key Usages

Key Usages

01:00:00:00:00:01:26:91:b1:e0:39Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:23:9e:0f:af:24Certificate

Extended Key Usages

Key Usages

6f:21:38:55:93:9a:4e:a6:de:9d:98:38:62:e6:32:1b:ca:18:87:4dSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

04:00:00:00:00:01:23:9e:0f:ac:b3
Certificate

04:00:00:00:00:01:20:19:c1:90:66
Certificate

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

01:00:00:00:00:01:26:91:b1:e0:39
Certificate

04:00:00:00:00:01:23:9e:0f:af:24
Certificate

6a:04:6a:0d:55:74:db:e1:66:16:04:54:1d:3d:d0:4e:52:b7:3a:5d
Signer

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 452KB

.ndata
Size: - Virtual size: 564KB

.rsrc
Size: 28KB - Virtual size: 28KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 1024B - Virtual size: 17KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

04:00:00:00:00:01:23:9e:0f:ac:b3
Certificate

04:00:00:00:00:01:20:19:c1:90:66
Certificate

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

01:00:00:00:00:01:26:91:b1:e0:39
Certificate

04:00:00:00:00:01:23:9e:0f:af:24
Certificate

6f:21:38:55:93:9a:4e:a6:de:9d:98:38:62:e6:32:1b:ca:18:87:4d
Signer

.text
Size: 473KB - Virtual size: 472KB

.rdata
Size: 141KB - Virtual size: 140KB

.data
Size: 14KB - Virtual size: 30KB

.rsrc
Size: 228KB - Virtual size: 228KB

04:00:00:00:00:01:23:9e:0f:ac:b3
Certificate

04:00:00:00:00:01:20:19:c1:90:66
Certificate

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

01:00:00:00:00:01:26:91:b1:e0:39
Certificate

04:00:00:00:00:01:23:9e:0f:af:24
Certificate

59:b1:71:3a:19:a2:0b:04:fb:0d:82:bb:3c:51:2f:fa:ef:aa:4e:51
Signer

.text
Size: 124KB - Virtual size: 124KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 4KB - Virtual size: 13KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 7KB

04:00:00:00:00:01:23:9e:0f:ac:b3
Certificate

04:00:00:00:00:01:20:19:c1:90:66
Certificate

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

01:00:00:00:00:01:26:91:b1:e0:39
Certificate