8585b58349f83c4a93b8c61d764a392a63283c383ce1ae6009f975b3779a140f[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

8585b58349f83c4a93b8c61d764a392a63283c383ce1ae6009f975b3779a140f.exe
Size

50.6MB
MD5

57181a2117ca742bedf33946fb8f0e64
SHA1

1e74053f8f6a12fb3010da80da81b1eedff6ef6c
SHA256

8585b58349f83c4a93b8c61d764a392a63283c383ce1ae6009f975b3779a140f
SHA512

4099d5578a5f7e9b8aa362db836b004f081e5754ea7e78b7e8fd4878e01c930c98443802a84d94acbde8d526b0dbbf27157ac5851eea7722d9ba84c7544fe226
SSDEEP

1572864:GvVzw1Wt/SrzuA7XYAu+FVl3HPNXQ52syxbXSEK:G1w8t/21XYAzFVLQ52DS

Score

3^/10

pdf link

Malware Config

Signatures

One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
pdf link

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/StartMenu.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack003/$PLUGINSDIR/System.dll
unpack003/$PLUGINSDIR/UserInfo.dll
unpack003/$PLUGINSDIR/nsSCM.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
static1/unpack001/uninstall.exe	nsis_installer_1
static1/unpack001/uninstall.exe	nsis_installer_2

Files

8585b58349f83c4a93b8c61d764a392a63283c383ce1ae6009f975b3779a140f.exe
.exe windows:5 windows x86 arch:x86

30f8d55e3bbae2055b382e82a31f87b7

Code Sign

a9:98:54:37:fa:60:5f:ab:1b:f3:47:bc:b3:e9:c0:55
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

05-04-2023 00:00

Not After

04-07-2026 23:59

Subject

CN=Miray Software AG,O=Miray Software AG,ST=Bayern,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01-01-2004 00:00

Not After

31-12-2028 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

a9:98:54:37:fa:60:5f:ab:1b:f3:47:bc:b3:e9:c0:55
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

05-04-2023 00:00

Not After

04-07-2026 23:59

Subject

CN=Miray Software AG,O=Miray Software AG,ST=Bayern,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01-01-2004 00:00

Not After

31-12-2028 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

66:80:29:7e:d7:03:e8:07:6b:ce:b8:28:86:e9:26:92:12:92:fb:3e:57:8e:9b:f4:04:d0:75:10:56:7c:ab:93
Signer

Actual PE Digest

66:80:29:7e:d7:03:e8:07:6b:ce:b8:28:86:e9:26:92:12:92:fb:3e:57:8e:9b:f4:04:d0:75:10:56:7c:ab:93

Digest Algorithm

sha256

PE Digest Matches

true

b0:57:4d:70:fb:e4:06:7b:bd:af:9c:7b:9d:9f:57:d9:38:c6:ca:87
Signer

Actual PE Digest

b0:57:4d:70:fb:e4:06:7b:bd:af:9c:7b:9d:9f:57:d9:38:c6:ca:87

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyW
RegEnumValueW
RegQueryValueExW
RegSetValueExW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
SetFileSecurityW
RegCreateKeyExW
RegOpenKeyExW

shell32

ShellExecuteExW
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
SHGetSpecialFolderLocation

ole32

OleInitialize
OleUninitialize
CoTaskMemFree
IIDFromString
CoCreateInstance

comctl32

ord17
ImageList_Destroy
ImageList_AddMasked
ImageList_Create

user32

DispatchMessageW
wsprintfA
SystemParametersInfoW
SetClassLongW
GetWindowLongW
GetSysColor
ScreenToClient
SetCursor
GetWindowRect
TrackPopupMenu
AppendMenuW
EnableMenuItem
CreatePopupMenu
GetSystemMenu
GetSystemMetrics
IsWindowEnabled
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
CheckDlgButton
EndDialog
DialogBoxParamW
IsWindowVisible
SetWindowPos
CreateWindowExW
GetClassInfoW
PeekMessageW
CallWindowProcW
GetMessagePos
CharNextW
ExitWindowsEx
SetWindowTextW
SetTimer
CreateDialogParamW
DestroyWindow
LoadImageW
FindWindowExW
SetWindowLongW
InvalidateRect
ReleaseDC
GetDC
SetForegroundWindow
EnableWindow
GetDlgItem
ShowWindow
IsWindow
PostQuitMessage
SendMessageTimeoutW
SendMessageW
wsprintfW
FillRect
GetClientRect
EndPaint
BeginPaint
DrawTextW
DefWindowProcW
SetDlgItemTextW
GetDlgItemTextW
CharNextA
MessageBoxIndirectW
RegisterClassW
CharPrevW
LoadCursorW

gdi32

SetBkMode
CreateBrushIndirect
GetDeviceCaps
SelectObject
DeleteObject
SetBkColor
SetTextColor
CreateFontIndirectW

kernel32

WriteFile
GetLastError
WaitForSingleObject
GetExitCodeProcess
GetTempFileNameW
CreateFileW
CreateDirectoryW
WideCharToMultiByte
lstrlenW
lstrcpynW
GlobalLock
GlobalUnlock
CreateThread
GetDiskFreeSpaceW
CopyFileW
GetWindowsDirectoryW
GetVersion
ExitProcess
GetCurrentProcess
CreateProcessW
GetTempPathW
SetEnvironmentVariableW
GetCommandLineW
GetModuleFileNameW
GetTickCount
GetFileSize
MultiByteToWideChar
MoveFileW
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
lstrcmpiW
lstrcmpW
MulDiv
GlobalFree
GlobalAlloc
LoadLibraryExW
GetModuleHandleW
FreeLibrary
Sleep
CloseHandle
SetFileTime
SetFilePointer
SetFileAttributesW
ReadFile
GetShortPathNameW
GetFullPathNameW
GetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
CompareFileTime
SearchPathW
SetCurrentDirectoryW
ExpandEnvironmentStringsW
RemoveDirectoryW
GetSystemDirectoryW
MoveFileExW
GetModuleHandleA
GetProcAddress
lstrcmpiA
lstrcpyA
lstrcatW
SetErrorMode

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 240KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/StartMenu.dll
.dll windows:6 windows x86 arch:x86

b5fb7b323147c1617ff81db35003551e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
MulDiv
lstrcmpW
lstrcmpiW
lstrcpyW
FindNextFileW
GlobalAlloc
GlobalFree
lstrcpynW
FindFirstFileW
lstrcatW
FindClose

user32

CallWindowProcW
DestroyWindow
SendMessageW
MoveWindow
CreateDialogParamW
GetDlgItem
CheckDlgButton
IsDlgButtonChecked
EnableWindow
GetDC
ReleaseDC
SetWindowTextW
GetWindowTextW
GetClientRect
GetWindowRect
ScreenToClient
GetWindowLongW
SetWindowLongW
LoadIconW
IsDialogMessageW
PostMessageW
DispatchMessageW
TranslateMessage
GetMessageW
wsprintfW
ShowWindow

gdi32

GetTextMetricsW
SelectObject

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation

ole32

CoTaskMemFree

Exports

Exports

Init
Select
Show

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 400B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:6 windows x86 arch:x86

4f33ea844b96a31c8f4690530ba63854

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalSize
GlobalFree
lstrcpynW
lstrcpyW
GetLastError
VirtualAlloc
VirtualProtect
VirtualFree
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryW
lstrlenW
MultiByteToWideChar
WideCharToMultiByte

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 926B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:6 windows x86 arch:x86

78632eb768f749a1e233abbe73be60bc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenW
HeapAlloc
HeapReAlloc
HeapFree
lstrcmpiW
MulDiv
GlobalFree
lstrcpynW
GetFileAttributesW
GetCurrentDirectoryW
GlobalAlloc
lstrcpyW
GetProcessHeap
SetCurrentDirectoryW

user32

CreateWindowExW
IsWindow
DestroyWindow
MapDialogRect
SetWindowPos
CreateDialogParamW
GetDlgItem
SetTimer
KillTimer
DrawTextW
SetPropW
GetPropW
RemovePropW
CallWindowProcW
GetWindowRect
SetCursor
MapWindowPoints
GetSysColor
DrawFocusRect
GetWindowLongW
SetWindowLongW
LoadCursorW
IsDialogMessageW
wsprintfW
GetClientRect
CharPrevW
CharNextW
DispatchMessageW
TranslateMessage
GetWindowTextW
SendMessageW
GetMessageW
ShowWindow

gdi32

SetTextColor

shell32

SHGetPathFromIDListW
SHBrowseForFolderW

comdlg32

GetOpenFileNameW
GetSaveFileNameW
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HDShredder.Service.exe
HDShredder.exe
.exe windows:5 windows x64 arch:x64

15591335df33e588fb66ca6c4069abd2

Code Sign

a9:98:54:37:fa:60:5f:ab:1b:f3:47:bc:b3:e9:c0:55
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

05-04-2023 00:00

Not After

04-07-2026 23:59

Subject

CN=Miray Software AG,O=Miray Software AG,ST=Bayern,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01-01-2004 00:00

Not After

31-12-2028 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

a9:98:54:37:fa:60:5f:ab:1b:f3:47:bc:b3:e9:c0:55
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

05-04-2023 00:00

Not After

04-07-2026 23:59

Subject

CN=Miray Software AG,O=Miray Software AG,ST=Bayern,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01-01-2004 00:00

Not After

31-12-2028 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d9:e0:49:ff:77:34:94:f9:35:a2:31:f7:29:c3:f3:48:06:10:f2:bd:dc:25:54:8c:09:43:02:22:6a:f5:0b:0a
Signer

Actual PE Digest

d9:e0:49:ff:77:34:94:f9:35:a2:31:f7:29:c3:f3:48:06:10:f2:bd:dc:25:54:8c:09:43:02:22:6a:f5:0b:0a

Digest Algorithm

sha256

PE Digest Matches

true

01:9d:14:f1:7d:ed:1b:a2:bd:2a:1b:39:1b:bf:9b:2c:1a:cb:d5:38
Signer

Actual PE Digest

01:9d:14:f1:7d:ed:1b:a2:bd:2a:1b:39:1b:bf:9b:2c:1a:cb:d5:38

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

P:\dbg\_x64\choice.pdb

Imports

psapi

GetProcessImageFileNameW
EnumProcesses

kernel32

QueryDosDeviceW
GetVolumeInformationW
FindFirstFileW
EnterCriticalSection
FindNextFileW
DeviceIoControl
SetThreadPriority
LeaveCriticalSection
InitializeCriticalSection
CreateMutexW
OpenFile
FindClose
GetFileAttributesW
GetVersion
SetFileAttributesW
GetCurrentThread
GetFileSize
GetSystemWindowsDirectoryW
GetTickCount
MoveFileW
GetDriveTypeW
FlushFileBuffers
SetFilePointerEx
GetTimeZoneInformation
GetDiskFreeSpaceW
SetEndOfFile
GetLogicalDrives
LocalLock
LocalAlloc
GlobalAlloc
GlobalLock
GlobalUnlock
MulDiv
LocalUnlock
GetSystemTime
GetStdHandle
SetEvent
SetStdHandle
SetErrorMode
CreateEventA
GetModuleFileNameA
SetProcessAffinityMask
GetProcessAffinityMask
SuspendThread
GetModuleHandleA
GetLocaleInfoA
FileTimeToSystemTime
QueryPerformanceFrequency
GetLocalTime
GetCurrentDirectoryW
SystemTimeToFileTime
QueryPerformanceCounter
SetLastError
WaitForMultipleObjects
GetQueuedCompletionStatus
ResumeThread
TerminateThread
QueueUserAPC
GetThreadContext
SwitchToThread
EnumResourceNamesA
FindResourceA
FormatMessageA
CreateNamedPipeA
SetFilePointer
CreateThread
CreateProcessA
Module32Next
Module32First
GetCurrentThreadId
CreateToolhelp32Snapshot
GetCurrentProcessId
AddVectoredExceptionHandler
HeapCreate
GetSystemInfo
GlobalMemoryStatusEx
SleepEx
GetSystemTimeAsFileTime
GetProcessTimes
SetThreadExecutionState
SetThreadContext
WaitForSingleObjectEx
ResetEvent
VirtualFree
VirtualAlloc
FlushInstructionCache
VirtualQuery
HeapLock
HeapWalk
HeapUnlock
RtlAddFunctionTable
RtlDeleteFunctionTable
RtlLookupFunctionEntry
WideCharToMultiByte
GetUserDefaultUILanguage
GetStringTypeW
GetCPInfo
CreateEventW
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
GlobalSize
GlobalFree
FormatMessageW
CopyFileW
OutputDebugStringA
GetModuleHandleExW
GlobalDeleteAtom
lstrcmpA
lstrcmpW
CreateActCtxW
ActivateActCtx
DeactivateActCtx
FindActCtxSectionStringW
QueryActCtxW
CompareStringA
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
GlobalAddAtomW
GetSystemDirectoryW
GlobalFindAtomW
CompareStringW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalReAlloc
GetLocaleInfoW
GetSystemDefaultUILanguage
GlobalFlags
GetFullPathNameW
LockFile
UnlockFile
DuplicateHandle
lstrcmpiW
GlobalGetAtomNameW
VirtualProtect
lstrcpyW
FileTimeToLocalFileTime
GetFileAttributesExW
GetFileSizeEx
GetFileTime
SystemTimeToTzSpecificLocalTime
FindResourceExW
GetWindowsDirectoryW
VerSetConditionMask
VerifyVersionInfoW
GetProfileIntW
SearchPathW
GetTempFileNameW
GetUserDefaultLCID
OutputDebugStringW
RaiseException
RtlUnwindEx
RtlPcToFileHeader
RtlUnwind
ExitThread
FreeLibraryAndExitThread
WriteConsoleW
GetFileInformationByHandle
PeekNamedPipe
GetCommandLineA
HeapQueryInformation
GetDateFormatW
GetTimeFormatW
LCMapStringW
IsValidLocale
EnumSystemLocalesW
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetVersionExA
MultiByteToWideChar
GetEnvironmentVariableW
CallNamedPipeW
EncodePointer
CreateProcessW
GetProcessHeap
ExitProcess
DeleteCriticalSection
LocalFree
HeapDestroy
DecodePointer
HeapAlloc
HeapReAlloc
HeapSize
GetVersionExW
InitializeCriticalSectionAndSpinCount
GetCommandLineW
HeapFree
LoadLibraryExW
GetModuleHandleW
FindResourceW
LoadResource
GetNativeSystemInfo
DeleteFileW
LockResource
GetLastError
OpenProcess
GetTempPathW
SetEnvironmentVariableW
RemoveDirectoryW
TerminateProcess
GetCurrentProcess
SizeofResource
ReadFile
CreateDirectoryW
CreateSemaphoreW
FreeLibrary
GetProcAddress
LoadLibraryW
CloseHandle
LoadLibraryA
Sleep
CreateFileW
WaitForSingleObject
GetModuleFileNameW
WriteFile
ReleaseSemaphore
GetFileType

user32

CopyRect
EqualRect
GetClassLongPtrW
GetTopWindow
SetScrollInfo
GetScrollInfo
DrawTextExW
GrayStringW
TabbedTextOutW
GetWindowDC
GetNextDlgTabItem
LoadMenuW
WindowFromPoint
SendDlgItemMessageA
SetRectEmpty
OffsetRect
GetKeyNameTextW
MapVirtualKeyW
GetSysColorBrush
LoadCursorW
DeleteMenu
RealChildWindowFromPoint
CharUpperW
DestroyMenu
GetMenuItemInfoW
InflateRect
MapDialogRect
IntersectRect
LoadImageW
CreatePopupMenu
GetMenuDefaultItem
GetNextDlgGroupItem
DrawFocusRect
IsRectEmpty
DrawIconEx
EnableScrollBar
HideCaret
InvertRect
NotifyWinEvent
SetLayeredWindowAttributes
EnumDisplayMonitors
DrawStateW
SetClassLongPtrW
SetWindowRgn
SetParent
DrawEdge
DrawFrameControl
BringWindowToTop
SetCursorPos
CopyIcon
FrameRect
UnionRect
UpdateLayeredWindow
LoadAcceleratorsW
TranslateAcceleratorW
InsertMenuItemW
UnpackDDElParam
ReuseDDElParam
GetComboBoxInfo
PostThreadMessageW
GetKeyboardLayout
IsCharLowerW
MapVirtualKeyExW
ToUnicodeEx
CreateAcceleratorTableW
DestroyAcceleratorTable
CopyAcceleratorTableW
LockWindowUpdate
SetMenuDefaultItem
GetDoubleClickTime
ModifyMenuW
RegisterClipboardFormatW
CharUpperBuffW
IsClipboardFormatAvailable
GetUpdateRect
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
SubtractRect
CreateMenu
GetWindowRgn
DestroyCursor
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
CheckMenuItem
GetFocus
UnhookWindowsHookEx
GetWindowThreadProcessId
IsWindowEnabled
ShowOwnedPopups
CallNextHookEx
SetWindowsHookExW
ValidateRect
GetKeyState
IsWindowVisible
GetMessageW
PostMessageW
RemoveMenu
GetWindowTextLengthW
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuStringW
WaitForInputIdle
GetKeyboardState
ToUnicode
SendMessageA
DefWindowProcW
GetMessageA
DispatchMessageA
LoadCursorA
PostMessageA
CreateWindowExW
RegisterClassExW
GetWindowPlacement
PostThreadMessageA
TrackMouseEvent
MessageBoxA
GetMonitorInfoA
SetCapture
SetCursor
IsZoomed
PeekMessageA
GetWindowLongPtrA
GetDesktopWindow
RegisterWindowMessageW
SetWindowLongPtrA
ReleaseCapture
ShowCursor
InvalidateRect
GetLastActivePopup
GetSystemMenu
GetWindow
DestroyWindow
FillRect
GetSystemMetrics
MessageBeep
WaitMessage
GetWindowLongPtrW
DrawIcon
LoadStringW
GetActiveWindow
IsWindow
GetAsyncKeyState
OpenClipboard
RedrawWindow
IsDialogMessageW
CloseClipboard
EmptyClipboard
GetSysColor
MoveWindow
GetDialogBaseUnits
WinHelpW
SetFocus
LoadIconW
GetClassNameW
SetClipboardData
GetClientRect
DrawTextW
SetRect
CheckDlgButton
PostQuitMessage
CreateDialogIndirectParamW
EnableMenuItem
SystemParametersInfoW
GetParent
BeginPaint
EndPaint
GetWindowTextW
GetWindowRect
SetWindowLongPtrW
ScreenToClient
ClientToScreen
PtInRect
UpdateWindow
EnableWindow
ShowWindow
FindWindowW
IsIconic
CopyImage
CreateIconIndirect
RemovePropW
GetPropW
SetPropW
SetForegroundWindow
GetMonitorInfoW
MonitorFromWindow
AdjustWindowRectEx
wsprintfW
GetCursorPos
ReleaseDC
DialogBoxParamW
KillTimer
GetDlgItem
SetWindowLongW
AnimateWindow
TranslateMessage
LoadBitmapW
RegisterClassW
SetDlgItemTextW
PeekMessageW
DestroyIcon
SetTimer
DispatchMessageW
GetClassInfoW
SetWindowTextW
EndDialog
SendMessageW
GetIconInfo
MessageBoxW
SetWindowPos
GetDC
MonitorFromPoint
CreateDialogParamW
GetWindowLongW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
GetForegroundWindow
SetActiveWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
GetDlgCtrlID
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
IsChild
IsMenu
GetClassInfoExW
CallWindowProcW
MapWindowPoints
GetMessageTime
GetMessagePos
AppendMenuW
SetMenuItemInfoW
GetMenuState

gdi32

SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateRectRgnIndirect
PatBlt
CombineRgn
SetRectRgn
DPtoLP
GetTextMetricsW
EnumFontFamiliesExW
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
GetBkColor
CreateCompatibleBitmap
EnumFontFamiliesW
GetTextCharsetInfo
DeleteDC
GetStockObject
SetBkColor
SetTextColor
GetTextExtentPoint32W
CreateDCW
SelectObject
StretchBlt
CreateCompatibleDC
CreateDIBSection
BitBlt
CopyMetaFileW
SetViewportOrgEx
CreateHatchBrush
CreatePen
CreatePatternBrush
CreateRectRgn
Escape
ExcludeClipRect
GetClipBox
GetObjectType
GetPixel
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
DeleteObject
GetObjectW
GetDeviceCaps
SetPixel
SetViewportExtEx
SetWindowExtEx
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectPalette
SetBkMode
SetMapMode
SetLayout
GetLayout
ExtTextOutW
TextOutW
MoveToEx
CreateSolidBrush
CreateFontIndirectW
CreateBitmap
CreateDIBitmap
GetTextFaceW
GetViewportOrgEx
GetWindowOrgEx
SetPixelV
SetPaletteEntries
ExtFloodFill
PtInRegion
GetBoundsRect
FrameRgn
FillRgn
RoundRect
OffsetRgn
GetRgnBox
Rectangle
SetPolyFillMode
SetROP2
SetDIBColorTable
CreateEllipticRgn
Ellipse
GetTextColor
LPtoDP
CreateRoundRectRgn
Polyline
Polygon
CreatePolygonRgn
SetTextAlign

advapi32

QueryServiceStatusEx
OpenSCManagerW
CloseServiceHandle
RegQueryValueExW
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
RegCloseKey
StartServiceW
ControlService
RegEnumValueW
RegQueryInfoKeyW
RegEnumKeyW
RegQueryValueW
RegEnumKeyExW
GetUserNameW
OpenServiceW

shell32

ShellExecuteW
SHGetFolderPathW
SHGetSpecialFolderPathW
SHGetFileInfoW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHBrowseForFolderW
DragQueryFileW
DragFinish
SHAppBarMessage
CommandLineToArgvW

msimg32

AlphaBlend
TransparentBlt

shlwapi

PathFileExistsW
PathIsRelativeW
PathFindExtensionW
PathFindFileNameW
StrFormatKBSizeW
PathStripToRootW
PathRemoveFileSpecW
PathIsUNCW

uxtheme

OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeColor
DrawThemeParentBackground
GetWindowTheme
IsAppThemed
IsThemeBackgroundPartiallyTransparent
GetThemeSysColor
GetThemePartSize
GetCurrentThemeName
DrawThemeText

gdiplus

GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown
GdipDrawImageRectI

winmm

timeEndPeriod
timeBeginPeriod
PlaySoundW

ws2_32

closesocket

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

iphlpapi

DeleteIPAddress

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

ole32

OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
CoTaskMemFree
CoTaskMemAlloc
CoInitializeSecurity
OleLockRunning
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
DoDragDrop
CreateStreamOnHGlobal
CoDisconnectObject
CoCreateGuid
ReleaseStgMedium
OleDuplicateData
CoInitializeEx
StgCreateDocfile
CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

SysAllocString
SysAllocStringLen
VariantInit
VariantClear
VariantChangeType
LoadTypeLi
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SysFreeString
VariantCopy
VarBstrFromDate

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 708KB - Virtual size: 707KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

oldrsrc
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 47.4MB - Virtual size: 47.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
help.chm
.chm
manual.pdf
.pdf
- http://www.miray-software.com/HDClone
- http://www.gnu.org/copyleft/gpl.htm
- http://www.miray-software.com/Feedback
- http://www.miray-software.com/support/
- http://enwww.miray-software.com/HDShredenderen-US.en1.4
- http://www.gnu.org/copyleft/gpl.htmlen-US.
- http://enmiray-software.com/supporten-US
readme.txt
uninstall.exe
.exe windows:5 windows x86 arch:x86

2d84eb23e42040199a771122dc973e83

Code Sign

a9:98:54:37:fa:60:5f:ab:1b:f3:47:bc:b3:e9:c0:55
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

05-04-2023 00:00

Not After

04-07-2026 23:59

Subject

CN=Miray Software AG,O=Miray Software AG,ST=Bayern,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01-01-2004 00:00

Not After

31-12-2028 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

a9:98:54:37:fa:60:5f:ab:1b:f3:47:bc:b3:e9:c0:55
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

05-04-2023 00:00

Not After

04-07-2026 23:59

Subject

CN=Miray Software AG,O=Miray Software AG,ST=Bayern,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01-01-2004 00:00

Not After

31-12-2028 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4d:2d:b8:d2:36:56:bf:ec:1f:0b:04:ae:ff:d6:0c:8c:31:bc:59:31:78:0d:6b:4c:b7:7f:54:12:f1:62:ab:05
Signer

Actual PE Digest

4d:2d:b8:d2:36:56:bf:ec:1f:0b:04:ae:ff:d6:0c:8c:31:bc:59:31:78:0d:6b:4c:b7:7f:54:12:f1:62:ab:05

Digest Algorithm

sha256

PE Digest Matches

true

a6:15:2d:df:58:e0:f3:0c:67:53:34:e1:de:85:8e:be:b2:94:5c:a5
Signer

Actual PE Digest

a6:15:2d:df:58:e0:f3:0c:67:53:34:e1:de:85:8e:be:b2:94:5c:a5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyA
RegEnumValueA
RegQueryValueExA
RegSetValueExA
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
SetFileSecurityA
RegCreateKeyExA
RegOpenKeyExA

shell32

ShellExecuteExA
SHBrowseForFolderA
SHFileOperationA
SHGetPathFromIDListA
SHGetFileInfoA
SHGetSpecialFolderLocation

ole32

OleUninitialize
IIDFromString
OleInitialize
CoTaskMemFree
CoCreateInstance

comctl32

ord17
ImageList_Destroy
ImageList_AddMasked
ImageList_Create

user32

SystemParametersInfoA
LoadCursorA
SetClassLongA
GetWindowLongA
ScreenToClient
SetCursor
GetWindowRect
TrackPopupMenu
AppendMenuA
EnableMenuItem
CreatePopupMenu
GetSystemMenu
GetSystemMetrics
IsWindowEnabled
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
CheckDlgButton
EndDialog
DialogBoxParamA
IsWindowVisible
SetWindowPos
CreateWindowExA
GetClassInfoA
RegisterClassA
DispatchMessageA
GetMessagePos
CharNextA
ExitWindowsEx
SetWindowTextA
SetTimer
CreateDialogParamA
DestroyWindow
LoadImageA
FindWindowExA
SetWindowLongA
InvalidateRect
ReleaseDC
GetDC
SetForegroundWindow
EnableWindow
GetDlgItem
ShowWindow
IsWindow
PostQuitMessage
SendMessageTimeoutA
SendMessageA
wsprintfA
FillRect
GetClientRect
EndPaint
BeginPaint
DrawTextA
DefWindowProcA
PeekMessageA
SetDlgItemTextA
MessageBoxIndirectA
CharPrevA
CallWindowProcA
GetDlgItemTextA
GetSysColor

gdi32

SetBkMode
CreateBrushIndirect
GetDeviceCaps
SelectObject
DeleteObject
SetBkColor
SetTextColor
CreateFontIndirectA

kernel32

WriteFile
GetTempFileNameA
GetLastError
WaitForSingleObject
ReadFile
CreateFileA
CreateDirectoryA
lstrcpynA
GlobalLock
GlobalUnlock
CreateThread
GetDiskFreeSpaceA
CopyFileA
lstrlenA
GetWindowsDirectoryA
GetVersion
ExitProcess
GetExitCodeProcess
SetErrorMode
GetTempPathA
SetEnvironmentVariableA
GetCommandLineA
GetModuleFileNameA
GetTickCount
GetFileSize
MultiByteToWideChar
MoveFileA
WritePrivateProfileStringA
GetPrivateProfileStringA
lstrcmpiA
lstrcmpA
MulDiv
GetShortPathNameA
GlobalFree
GlobalAlloc
LoadLibraryExA
GetModuleHandleA
FreeLibrary
Sleep
CloseHandle
SetFileTime
SetFilePointer
SetFileAttributesA
GetFullPathNameA
GetFileAttributesA
FindNextFileA
FindFirstFileA
FindClose
DeleteFileA
CompareFileTime
SearchPathA
SetCurrentDirectoryA
ExpandEnvironmentStringsA
RemoveDirectoryA
CreateProcessA
WideCharToMultiByte
GetSystemDirectoryA
GetProcAddress
lstrcpyA
lstrcatA
MoveFileExA
GetCurrentProcess

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 76KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:6 windows x86 arch:x86

595a3fd71239f605bb02d7a5e48fd4df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalSize
GlobalFree
lstrcpynA
lstrcpyA
GetLastError
VirtualAlloc
VirtualProtect
VirtualFree
FreeLibrary
GetModuleHandleA
GetProcAddress
LoadLibraryA
lstrlenA
MultiByteToWideChar
WideCharToMultiByte

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 894B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:6 windows x86 arch:x86

6c6bc8fc5f830625bd6be44ea9cb452f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

OpenThreadToken
AllocateAndInitializeSid
EqualSid
FreeSid
GetTokenInformation
GetUserNameA
OpenProcessToken

kernel32

CloseHandle
GetLastError
GetCurrentProcess
GetCurrentThread
GetVersion
GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalFree
lstrcpynA

Exports

Exports

GetAccountType
GetName
GetOriginalAccountType

Sections

.text
Size: 1024B - Virtual size: 745B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/nsSCM.dll
.dll windows:4 windows x86 arch:x86

cae3b41a07819ca715746a4d081b8a6c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

CreateServiceA
StartServiceA
OpenServiceA
ControlService
QueryServiceStatus
DeleteService
OpenSCManagerA
CloseServiceHandle

kernel32

GlobalFree
GetLastError
lstrcpyA
lstrcpynA
GlobalAlloc

user32

wsprintfA

Exports

Exports

Install
QueryStatus
Remove
Start
Stop

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 650B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

30f8d55e3bbae2055b382e82a31f87b7

Code Sign

a9:98:54:37:fa:60:5f:ab:1b:f3:47:bc:b3:e9:c0:55Certificate

Extended Key Usages

Key Usages

01Certificate

Key Usages

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

a9:98:54:37:fa:60:5f:ab:1b:f3:47:bc:b3:e9:c0:55Certificate

Extended Key Usages

Key Usages

01Certificate

Key Usages

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

66:80:29:7e:d7:03:e8:07:6b:ce:b8:28:86:e9:26:92:12:92:fb:3e:57:8e:9b:f4:04:d0:75:10:56:7c:ab:93Signer

b0:57:4d:70:fb:e4:06:7b:bd:af:9c:7b:9d:9f:57:d9:38:c6:ca:87Signer

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shell32

ole32

comctl32

user32

gdi32

kernel32

Sections

.text Size: 27KB - Virtual size: 26KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 127KB

.ndata Size: - Virtual size: 240KB

.rsrc Size: 75KB - Virtual size: 74KB

b5fb7b323147c1617ff81db35003551e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 296B

.reloc Size: 512B - Virtual size: 400B

a9:98:54:37:fa:60:5f:ab:1b:f3:47:bc:b3:e9:c0:55
Certificate

01
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

a9:98:54:37:fa:60:5f:ab:1b:f3:47:bc:b3:e9:c0:55
Certificate

01
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

66:80:29:7e:d7:03:e8:07:6b:ce:b8:28:86:e9:26:92:12:92:fb:3e:57:8e:9b:f4:04:d0:75:10:56:7c:ab:93
Signer

b0:57:4d:70:fb:e4:06:7b:bd:af:9c:7b:9d:9f:57:d9:38:c6:ca:87
Signer

.text
Size: 27KB - Virtual size: 26KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 127KB

.ndata
Size: - Virtual size: 240KB

.rsrc
Size: 75KB - Virtual size: 74KB

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 296B

.reloc
Size: 512B - Virtual size: 400B

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 1024B - Virtual size: 926B

.data
Size: 512B - Virtual size: 68B

.reloc
Size: 512B - Virtual size: 488B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: - Virtual size: 8KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 512B - Virtual size: 408B

a9:98:54:37:fa:60:5f:ab:1b:f3:47:bc:b3:e9:c0:55
Certificate

01
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

a9:98:54:37:fa:60:5f:ab:1b:f3:47:bc:b3:e9:c0:55
Certificate

01
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate