GoziGroup[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

GoziGroup.rar
Size

319KB
MD5

ddd9a89f9f61b79ffec11aaccb50359f
SHA1

95ecfc6e7ce8c7c3e33696816a568172bf9670ac
SHA256

cf40318d8d3aa423652f12b8f92df271c7ef46651dec48628476653cd75f8aab
SHA512

b4e7d4eb17892633c396f5259a5a82227527fa1a3db5544d617964ce71a8748ed2c83041ee1ffee402107bbe99002f98d4cb57c18c499273a93b68bdf8e7fb95
SSDEEP

6144:58YYxfJTLS+sAhpLS11AgyQEfnsIDtAHo48MUGcb2oGdEs5ys7:CtRtfLSAgybUIDtAHdOGcbIz5ys7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/GoziGroup/GoziBankerISFB.exe

Files

GoziGroup.rar
.rar
GoziGroup/GoziBankerISFB.exe
.exe windows:4 windows x86 arch:x86

91dd9e8484082865d27a3f4ddc672144

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
HeapAlloc
HeapDestroy
HeapCreate
HeapFree
GetModuleHandleA
ExitProcess
CreateEventA
CloseHandle
GetTickCount
VirtualFree
VirtualAlloc
VirtualProtect
GetProcAddress
LoadLibraryA
WaitForSingleObject
SetEvent

ntdll

memcpy
memset
RtlUnwind
NtQueryVirtualMemory

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 30KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
GoziGroup/HeVRmuUO.exe_.exe
.exe windows:5 windows x86 arch:x86

748191526761b4423deb53fba9b95d54

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

52:fa:ba:84:ef:2a:42:d9:8d:3c:2b:8c:46:db:57:a5
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

15/06/2018, 00:00

Not After

15/06/2019, 23:59

Subject

CN=SARI SEFWI LIMITED,O=SARI SEFWI LIMITED,POSTALCODE=SW9 7HX,STREET=147 St. James's Crescent,L=London,ST=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

00:df:4c:82:e4:e1:25:61:44:41:83:22:6a:18:33:d7:fb:1b:a5:4e
Signer

Actual PE Digest

00:df:4c:82:e4:e1:25:61:44:41:83:22:6a:18:33:d7:fb:1b:a5:4e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

##################RRRRRRRRRRRRRRRRRR.pdb

Imports

msvcrt

memcpy

userenv

ProcessGroupPolicyCompleted

kernel32

GetVersion
GetNativeSystemInfo
GetUserDefaultLCID

user32

RegisterShellHookWindow

mprapi

MprConfigInterfaceCreate

advapi32

RegRestoreKeyA

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt1
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 284KB - Virtual size: 283KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 788B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GoziGroup/KRKeMaIts.exe_.exe
.exe windows:5 windows x86 arch:x86

8c958c88156ebb6ca95a073dd1e6f0d5

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

b5:2f:c0:0f:f7:d3:3b:4e:c4:11:3f:b9:ca:a4:e3:95
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/07/2018, 00:00

Not After

12/07/2019, 23:59

Subject

CN=LOKALIX LIMITED,O=LOKALIX LIMITED,POSTALCODE=W5 3TA,STREET=52-53 The Mall,L=London,ST=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d7:07:b8:da:7b:9e:27:16:e8:59:1a:69:50:bf:29:4a:03:e8:ff:d1
Signer

Actual PE Digest

d7:07:b8:da:7b:9e:27:16:e8:59:1a:69:50:bf:29:4a:03:e8:ff:d1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

lejjwppqbncvm,xfkjhjasockzlefp.pdb

Imports

msvcrt

memcpy

kernel32

LocaleNameToLCID
IsSystemResumeAutomatic
CreateTimerQueue
GetFileSize
GetProcessShutdownParameters
FreeLibrary
GetProcAddress
LocalFree
GetPrivateProfileStructW
RaiseException
LocalAlloc
LoadLibraryA
InterlockedExchange
GetLastError

shlwapi

PathUnExpandEnvStringsA

setupapi

SetupGetBackupInformationW

crypt32

CertGetCRLContextProperty

ws2_32

WSAIsBlocking

clusapi

ClusterRegCloseKey

user32

LoadCursorA

mprapi

MprAdminPortDisconnect

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 284KB - Virtual size: 283KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 972B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GoziGroup/lsPEcswsco.exe_.exe
.exe windows:5 windows x86 arch:x86

eafc215d8ba93e941a1de3868dbfd953

Code Sign

07
Certificate

Issuer

CN=Starfield Root Certificate Authority - G2,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

03/05/2011, 07:00

Not After

03/05/2031, 07:00

Subject

CN=Starfield Secure Certificate Authority - G2,OU=http://certs.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b5:2f:c0:0f:f7:d3:3b:4e:c4:11:3f:b9:ca:a4:e3:95
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/07/2018, 00:00

Not After

12/07/2019, 23:59

Subject

CN=LOKALIX LIMITED,O=LOKALIX LIMITED,POSTALCODE=W5 3TA,STREET=52-53 The Mall,L=London,ST=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ef:95:c2:f4:80:e3:1b:93
Certificate

Issuer

CN=Starfield Secure Certificate Authority - G2,OU=http://certs.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

14/11/2017, 07:00

Not After

14/11/2022, 07:00

Subject

CN=Starfield Timestamp Authority - G2,O=Starfield Technologies\, LLC,L=Scottsdale,ST=Arizona,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bf:2d:20:f3:c1:eb:62:2e:65:1e:76:56:fd:4f:77:ad:3a:b4:06:e1
Signer

Actual PE Digest

bf:2d:20:f3:c1:eb:62:2e:65:1e:76:56:fd:4f:77:ad:3a:b4:06:e1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

lejRLContextm,xupGetBackupInformatifp.pdb

Imports

clusapi

ClusterRegCloseKey

kernel32

GetProcessShutdownParameters
CreateTimerQueue
GetFileSize
GetPrivateProfileStructW
IsSystemResumeAutomatic
LocaleNameToLCID
LoadLibraryA
GetLastError
InterlockedExchange
FreeLibrary
RaiseException
GetProcAddress
LocalFree
LocalAlloc

crypt32

CertGetCRLContextProperty

ws2_32

WSAIsBlocking

user32

LoadCursorA

mprapi

MprAdminPortDisconnect

setupapi

SetupGetBackupInformationW

msvcrt

memcpy

shlwapi

PathUnExpandEnvStringsA

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GoziGroup/vCfjTmdR.exe_.exe
.exe windows:5 windows x86 arch:x86

ebe507123723800973958e5f7d66d026

Code Sign

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

08/03/2016, 13:10

Not After

30/05/2027, 13:10

Subject

CN=Certum EV TSA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

a0:45:1a:93:00:14:d2:bf:9c:fe:33:5f:db:f3:ee:8c
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

20/07/2018, 00:00

Not After

20/07/2019, 23:59

Subject

CN=AGF RESOURCING LTD,O=AGF RESOURCING LTD,POSTALCODE=W3 9JN,STREET=50c Hereford Road,L=London,ST=Greater London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d4:16:c7:7b:fb:6d:e0:87:9d:53:0d:bb:74:60:bb:d3:d5:15:0c:0e
Signer

Actual PE Digest

d4:16:c7:7b:fb:6d:e0:87:9d:53:0d:bb:74:60:bb:d3:d5:15:0c:0e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

sdtez%^565hfdgtftrjiytjgfn.pdb

Imports

msvcrt

memcpy

kernel32

LocaleNameToLCID
GetFileSize
AssignProcessToJobObject
TerminateJobObject
ClearCommBreak
GetModuleHandleA
GetProcessShutdownParameters
CreateTimerQueue
IsSystemResumeAutomatic

pdh

PdhCollectQueryData

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt1
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 284KB - Virtual size: 283KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 728B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

91dd9e8484082865d27a3f4ddc672144

Headers

File Characteristics

Imports

kernel32

ntdll

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 1024B - Virtual size: 4KB

.data Size: 512B - Virtual size: 4KB

.bss Size: 512B - Virtual size: 4KB

.reloc Size: 30KB - Virtual size: 32KB

748191526761b4423deb53fba9b95d54

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

52:fa:ba:84:ef:2a:42:d9:8d:3c:2b:8c:46:db:57:a5Certificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

00:df:4c:82:e4:e1:25:61:44:41:83:22:6a:18:33:d7:fb:1b:a5:4eSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

userenv

kernel32

user32

mprapi

advapi32

Sections

.text Size: 16KB - Virtual size: 15KB

.data Size: 56KB - Virtual size: 59KB

.crt1 Size: 8KB - Virtual size: 6KB

.qdata Size: 4KB - Virtual size: 1KB

.rsrc Size: 284KB - Virtual size: 283KB

.reloc Size: 4KB - Virtual size: 788B

8c958c88156ebb6ca95a073dd1e6f0d5

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

b5:2f:c0:0f:f7:d3:3b:4e:c4:11:3f:b9:ca:a4:e3:95Certificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

d7:07:b8:da:7b:9e:27:16:e8:59:1a:69:50:bf:29:4a:03:e8:ff:d1Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

shlwapi

setupapi

crypt32

ws2_32

clusapi

user32

mprapi

Sections

.text Size: 20KB - Virtual size: 19KB

.data Size: 68KB - Virtual size: 76KB

.qdata Size: 4KB - Virtual size: 1KB

.rsrc Size: 284KB - Virtual size: 283KB

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 1024B - Virtual size: 4KB

.data
Size: 512B - Virtual size: 4KB

.bss
Size: 512B - Virtual size: 4KB

.reloc
Size: 30KB - Virtual size: 32KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

52:fa:ba:84:ef:2a:42:d9:8d:3c:2b:8c:46:db:57:a5
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

00:df:4c:82:e4:e1:25:61:44:41:83:22:6a:18:33:d7:fb:1b:a5:4e
Signer

.text
Size: 16KB - Virtual size: 15KB

.data
Size: 56KB - Virtual size: 59KB

.crt1
Size: 8KB - Virtual size: 6KB

.qdata
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 284KB - Virtual size: 283KB

.reloc
Size: 4KB - Virtual size: 788B

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

b5:2f:c0:0f:f7:d3:3b:4e:c4:11:3f:b9:ca:a4:e3:95
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

d7:07:b8:da:7b:9e:27:16:e8:59:1a:69:50:bf:29:4a:03:e8:ff:d1
Signer

.text
Size: 20KB - Virtual size: 19KB

.data
Size: 68KB - Virtual size: 76KB

.qdata
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 284KB - Virtual size: 283KB

.reloc
Size: 4KB - Virtual size: 972B

07
Certificate

b5:2f:c0:0f:f7:d3:3b:4e:c4:11:3f:b9:ca:a4:e3:95
Certificate

ef:95:c2:f4:80:e3:1b:93
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

bf:2d:20:f3:c1:eb:62:2e:65:1e:76:56:fd:4f:77:ad:3a:b4:06:e1
Signer

.text
Size: 20KB - Virtual size: 19KB

.data
Size: 76KB - Virtual size: 82KB

.qdata
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 8KB - Virtual size: 5KB

.reloc
Size: 4KB - Virtual size: 1KB

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70
Certificate

a0:45:1a:93:00:14:d2:bf:9c:fe:33:5f:db:f3:ee:8c
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

d4:16:c7:7b:fb:6d:e0:87:9d:53:0d:bb:74:60:bb:d3:d5:15:0c:0e
Signer

.text
Size: 12KB - Virtual size: 10KB

.data
Size: 56KB - Virtual size: 59KB

.crt1
Size: 8KB - Virtual size: 6KB

.qdata
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 284KB - Virtual size: 283KB

.reloc
Size: 4KB - Virtual size: 728B