ver3_release_file[.]rar

resource	yara_rule
static1/unpack001/setup.exe	themida

resource
unpack001/LiteRes.dll
unpack001/LiteSkinUtils.dll

ver3_release_file.rar

.rar

Password: 1234

LiteRes.dll

.dll windows:4 windows x86 arch:x86

Password: 1234

ce6ef31899b31809ae0c71c094c6f083

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Imports

mfc42

ord1253

ord342

ord823

ord1182

ord1168

msvcrt

free

_initterm

malloc

_adjust_fdiv

Sections

.text
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 308B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 732KB - Virtual size: 731KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

LiteSkinUtils.dll

.dll windows:4 windows x86 arch:x86

Password: 1234

a8d043bdfc629c21151b760b23d3bcd9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Imports

mfc42

ord1233

ord1114

ord2055

ord2152

ord567

ord1113

ord3237

ord6376

ord4441

ord4837

ord3798

ord5290

ord2623

ord3742

ord4424

ord4627

ord4080

ord3079

ord3825

ord3831

ord3830

ord2976

ord2985

ord3136

ord4465

ord3259

ord3147

ord2982

ord5277

ord2124

ord2446

ord5261

ord1727

ord5065

ord3749

ord1601

ord4078

ord2648

ord4353

ord6374

ord5163

ord4275

ord535

ord2385

ord5241

ord4407

ord1776

ord6055

ord4003

ord858

ord2486

ord538

ord540

ord941

ord1168

ord1253

ord342

ord823

ord1182

ord3318

ord818

ord800

ord539

ord825

ord665

ord1979

ord537

ord5186

ord354

ord2864

ord6880

msvcrt

_CxxThrowException

memcpy

??1type_info@@UAE@XZ

free

strlen

memset

strncpy

_adjust_fdiv

malloc

_initterm

__CxxFrameHandler

?terminate@@YAXXZ

_except_handler3

_onexit

__dllonexit

fopen

fclose

strrchr

_purecall

kernel32

GetLastError

MultiByteToWideChar

lstrlenA

LocalFree

LoadLibraryExA

GetModuleHandleA

GetModuleFileNameA

GetProcAddress

InterlockedDecrement

InterlockedIncrement

GetCurrentProcessId

FreeLibrary

user32

GetParent

EnableWindow

EnumWindows

OffsetRect

GetWindowThreadProcessId

GetSysColor

PostMessageA

IsWindow

GetWindowRect

gdi32

GetStockObject

GetObjectA

ole32

CoCreateInstance

OleRun

CreateStreamOnHGlobal

CoRegisterClassObject

CoRevokeClassObject

oleaut32

VariantClear

SysFreeString

SysAllocString

LoadTypeLibEx

icqrt

ord36

ord195

ord179

ord328

ord142

ord174

ord360

ord38

ord15

ord191

ord158

ord250

ord259

advapi32

RegCloseKey

RegCreateKeyExA

RegSetValueExA

RegOpenKeyExA

RegQueryValueExA

Exports

??0MCSkin@@AAE@XZ

??0MCSkin@@QAE@ABV0@@Z

??0MCSkinAdvisor@@AAE@XZ

??0MCSkinRegistry@@QAE@ABV0@@Z

??0MCSkinRegistry@@QAE@XZ

??0MISknSink@@QAE@ABV0@@Z

??0MISknSink@@QAE@XZ

??1MCSkin@@QAE@XZ

??1MCSkinAdvisor@@UAE@XZ

??1MCSkinRegistry@@QAE@XZ

??4MCSkin@@QAEAAV0@ABV0@@Z

??4MCSkinLoader@@QAEAAV0@ABV0@@Z

??4MCSkinRegistry@@QAEAAV0@ABV0@@Z

??4MISknSink@@QAEAAV0@ABV0@@Z

??_7MCSkinAdvisor@@6B@

??_7MISknSink@@6B@

?Advise@MCSkinAdvisor@@QAEKPAUISkinObject@@PAVMISknSink@@@Z

?ChangeSkin@MCSkin@@QAEJPBDI@Z

?CheckSkinVersion@MCSkin@@QAEGPBDAAV?$vector@VCString@@V?$allocator@VCString@@@std@@@std@@@Z

?CreateFontStruct@MCSkin@@QAEXPAUSkinLogFont@@H@Z

?CreateSkinComponent@MCSkin@@QAEJPAPAUISkin@@@Z

?EnumWindowsProc@MCSkin@@SGHPAUHWND__@@J@Z

?FindNames@MCSkin@@AAE_NPAUISkinObject@@PAPAGHAAV?$vector@VCString@@V?$allocator@VCString@@@std@@@std@@@Z

?FindPath@MCSkinLoader@@SAXXZ

?FromReg@MCSkinRegistry@@QAE_NXZ

?Get@MCSkin@@SAPAUISkin@@XZ

?GetAppColor@MCSkin@@SAKW4APP_COLOR@1@@Z

?GetDispatchMap@MCSkinAdvisor@@MBEPBUAFX_DISPMAP@@XZ

?GetHUE@MCSkin@@QAEEXZ

?GetInterfaceMap@MCSkinAdvisor@@MBEPBUAFX_INTERFACEMAP@@XZ

?GetMessageMap@MCSkinAdvisor@@MBEPBUAFX_MSGMAP@@XZ

?GetSkinFileID@MCSkin@@QAE?AVCString@@PBD@Z

?GetSkinFileID@MCSkin@@QAE?AVCString@@XZ

?GetSkinFullPathName@MCSkinRegistry@@QAEPBDXZ

?GetSysColor@MCSkin@@SAKH@Z

?GetWantSkin@MCSkinRegistry@@QAE_NXZ

?Initialize@MCSkin@@QAEJP6AXPAUIUnknown@@@Z@Z

?Initialize@MCSkinAdvisor@@QAE_NXZ

?Instance@MCSkin@@SAPAV1@XZ

?Instance@MCSkinAdvisor@@SAPAV1@XZ

?IsInitialized@MCSkin@@QBE_NXZ

?IsInitialized@MCSkinRegistry@@AAE_NXZ

?IsLoaded@MCSkin@@QBE_NXZ

?Load@MCSkin@@QAEJPBD@Z

?Load@MCSkinLoader@@SAJPAUISkin@@@Z

?OnDblClick@MCSkinAdvisor@@MAEXPAUIUnknown@@@Z

?OnMouseIn@MCSkinAdvisor@@MAEXPAUIUnknown@@@Z

?OnMouseMove@MCSkinAdvisor@@MAEXPAUIUnknown@@JJ@Z

?OnMouseOut@MCSkinAdvisor@@MAEXPAUIUnknown@@@Z

?OnRender@MCSkinAdvisor@@MAEXPAUIUnknown@@0JJ@Z

?OnSkinDblClick@MISknSink@@UAEXPAUIUnknown@@@Z

?OnSkinGenEvent@MCSkinAdvisor@@MAEXPAUIUnknown@@PBD@Z

?OnSkinGenEvent@MISknSink@@UAEXPAUIUnknown@@PBD@Z

?OnSkinMouseIn@MISknSink@@UAEXPAUIUnknown@@@Z

?OnSkinMouseMove@MISknSink@@UAEXPAUIUnknown@@JJ@Z

?OnSkinMouseOut@MISknSink@@UAEXPAUIUnknown@@@Z

?RenderParentBK@MCSkin@@QAE_NPAUHWND__@@PAUHDC__@@@Z

?SetAppValues@MCSkinRegistry@@SAXPAUHKEY__@@PBD1@Z

?SetCaptionFont@MCSkin@@QAEXAAV?$_com_ptr_t@V?$_com_IIID@UISkinObject@@$1?_GUID_6a5905c9_0bdd_49fb_9c45_cbb450d3bfd5@@3U__s_GUID@@A@@@@PAG@Z

?SetCaptionFont@MCSkin@@QAEXPAG@Z

?SetCaptionFont@MCSkin@@QAEXXZ

?SetFileName@MCSkinLoader@@SAXPBD@Z

?SetHUE@MCSkin@@QAEXE@Z

?SetMenuFont@MCSkin@@QAEXPAG@Z

?SetMenuFont@MCSkin@@QAEXXZ

?SetSkinFullPathName@MCSkinRegistry@@QAEXPBD@Z

?SetWantSkin@MCSkinRegistry@@QAEX_N@Z

?SkinFileExist@MCSkinLoader@@SA_NXZ

?ToReg@MCSkinRegistry@@QAEXXZ

?Unadvise@MCSkinAdvisor@@QAE_NAAK@Z

?Uninitialize@MCSkin@@QAE_NXZ

?Uninitialize@MCSkinAdvisor@@QAE_NXZ

?Unload@MCSkin@@QAE_NXZ

?_GetBaseDispatchMap@MCSkinAdvisor@@KGPBUAFX_DISPMAP@@XZ

?_GetBaseInterfaceMap@MCSkinAdvisor@@KGPBUAFX_INTERFACEMAP@@XZ

?_GetBaseMessageMap@MCSkinAdvisor@@KGPBUAFX_MSGMAP@@XZ

?_dispatchEntries@MCSkinAdvisor@@0QBUAFX_DISPMAP_ENTRY@@B

?_dispatchEntryCount@MCSkinAdvisor@@0IA

?_dwStockPropMask@MCSkinAdvisor@@0KA

?_interfaceEntries@MCSkinAdvisor@@0QBUAFX_INTERFACEMAP_ENTRY@@B

?_messageEntries@MCSkinAdvisor@@0QBUAFX_MSGMAP_ENTRY@@B

?dispatchMap@MCSkinAdvisor@@1UAFX_DISPMAP@@B

?interfaceMap@MCSkinAdvisor@@1UAFX_INTERFACEMAP@@B

?messageMap@MCSkinAdvisor@@1UAFX_MSGMAP@@B

?s_hRootKey@MCSkinRegistry@@0PAUHKEY__@@A

?s_sDefName@MCSkinRegistry@@0V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@A

?s_sPath@MCSkinRegistry@@0V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@A

?s_strFileName@MCSkinLoader@@2V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@A

?s_strPath@MCSkinLoader@@2VCString@@A

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

Resource/CMap/Identity-H

Resource/CMap/Identity-V

Resource/CMap/UCS2-GBK-EUC

Resource/CMap/UniKS-UTF16-H

Resource/CMap/UniKS-UTF16-V

Resource/Font/AdobePIStd.otf

Resource/Font/CourierStd-Bold.otf

Resource/Font/CourierStd-BoldOblique.otf

Resource/Font/CourierStd-Oblique.otf

Resource/Font/CourierStd.otf

Resource/Font/MinionPro-Bold.otf

Resource/Font/MinionPro-BoldIt.otf

Resource/Font/MinionPro-It.otf

Resource/Font/MinionPro-Regular.otf

Resource/Font/MyriadPro-Bold.otf

Resource/Font/MyriadPro-BoldIt.otf

Resource/Font/MyriadPro-It.otf

Resource/Font/MyriadPro-Regular.otf

Resource/Font/Pfm/SY______.PFM

Resource/Font/Pfm/zx______.pfm

Resource/Font/Pfm/zy______.pfm

Resource/Font/SY______.PFB

Resource/Font/ZX______.PFB

Resource/Font/ZY______.PFB

Resource/Locals/am.pak

Resource/Locals/ar.pak

Resource/Locals/fi.pak

Resource/Locals/fil.pak

Resource/Locals/fr.pak

Resource/Locals/gu.pak

Resource/Locals/he.pak

Resource/Locals/hi.pak

Resource/Locals/hr.pak

Resource/Locals/hu.pak

Resource/Locals/id.pak

Resource/Locals/lt.pak

Resource/Locals/lv.pak

Resource/TypeSupport/Unicode/ICU/icudt26l.dat

Resource/TypeSupport/Unicode/Mappings/Adobe/symbol.txt

Resource/TypeSupport/Unicode/Mappings/Adobe/zdingbat.txt

Resource/TypeSupport/Unicode/Mappings/Mac/CENTEURO.TXT

Resource/TypeSupport/Unicode/Mappings/Mac/CORPCHAR.TXT

Resource/TypeSupport/Unicode/Mappings/Mac/CROATIAN.TXT

Resource/TypeSupport/Unicode/Mappings/Mac/CYRILLIC.TXT

Resource/TypeSupport/Unicode/Mappings/Mac/GREEK.TXT

Resource/TypeSupport/Unicode/Mappings/Mac/ICELAND.TXT

Resource/TypeSupport/Unicode/Mappings/Mac/ROMAN.TXT

Resource/TypeSupport/Unicode/Mappings/Mac/ROMANIAN.TXT

Resource/TypeSupport/Unicode/Mappings/Mac/SYMBOL.TXT

Resource/TypeSupport/Unicode/Mappings/Mac/TURKISH.TXT

Resource/TypeSupport/Unicode/Mappings/Mac/UKRAINE.TXT

Resource/TypeSupport/Unicode/Mappings/win/CP1250.TXT

Resource/TypeSupport/Unicode/Mappings/win/CP1251.TXT

Resource/TypeSupport/Unicode/Mappings/win/CP1252.TXT

Resource/TypeSupport/Unicode/Mappings/win/CP1253.TXT

Resource/TypeSupport/Unicode/Mappings/win/CP1254.TXT

Resource/TypeSupport/Unicode/Mappings/win/CP1257.TXT

Resource/TypeSupport/Unicode/Mappings/win/CP1258.TXT

Resource/resources.pak

bentonite.cfg

.png

setup.exe

.exe windows:6 windows x64 arch:x64

Password: 1234

023aae353653db016d3a89da454d1d86

Code Sign

ff:26:7d:5b:62:17:88:49:b0:26:f7:a1:55:3c:c7:c6
Certificate

Issuer

Not Before

22/03/2024, 08:16

Not After

20/05/2026, 00:00

Subject

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

3c:c6:db:da:3b:df:9f:14:9b:80:b7:bf:fc:a3:1d:9e:fb:04:ed:af:f5:ed:4e:ef:6f:ed:08:5a:66:3c:65:37
Signer

Actual PE Digest

3c:c6:db:da:3b:df:9f:14:9b:80:b7:bf:fc:a3:1d:9e:fb:04:ed:af:f5:ed:4e:ef:6f:ed:08:5a:66:3c:65:37

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetModuleHandleA

HeapAlloc

HeapFree

ExitProcess

GetModuleHandleA

LoadLibraryA

GetProcAddress

user32

GetCursorPos

advapi32

RegCloseKey

shell32

SHGetFolderPathA

ole32

CoCreateInstance

oleaut32

VariantClear

Sections

Size: 565KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

Size: 97KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

Size: 22KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.vmp‡�
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.themida
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.vmp‡�
Size: 456KB - Virtual size: 456KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.vmp‡�
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.vmp‡�
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_MEM_READ

.rsrc
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: 1234

Password: 1234

ce6ef31899b31809ae0c71c094c6f083

Headers

File Characteristics

Imports

mfc42

msvcrt

Sections

.text Size: 512B - Virtual size: 480B

.rdata Size: 512B - Virtual size: 308B

.data Size: 512B - Virtual size: 76B

.rsrc Size: 732KB - Virtual size: 731KB

.reloc Size: 512B - Virtual size: 420B

Password: 1234

a8d043bdfc629c21151b760b23d3bcd9

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

ole32

oleaut32

icqrt

advapi32

Exports

Exports

Sections

.text Size: 27KB - Virtual size: 27KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 864B

.reloc Size: 3KB - Virtual size: 3KB

Password: 1234

023aae353653db016d3a89da454d1d86

Code Sign

ff:26:7d:5b:62:17:88:49:b0:26:f7:a1:55:3c:c7:c6Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

3c:c6:db:da:3b:df:9f:14:9b:80:b7:bf:fc:a3:1d:9e:fb:04:ed:af:f5:ed:4e:ef:6f:ed:08:5a:66:3c:65:37Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

Sections

Size: 565KB - Virtual size: 1.6MB

Size: 97KB - Virtual size: 284KB

Size: 4KB - Virtual size: 44KB

Size: 22KB - Virtual size: 60KB

Size: 512B - Virtual size: 500B

.vmp‡� Size: 79KB - Virtual size: 78KB

Size: 3KB - Virtual size: 8KB

.idata Size: 512B - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.themida Size: 4.7MB - Virtual size: 4.7MB

.vmp‡� Size: 456KB - Virtual size: 456KB

.vmp‡� Size: 1024B - Virtual size: 968B

.vmp‡� Size: 1.1MB - Virtual size: 1.1MB

.reloc Size: 11KB - Virtual size: 10KB

.rsrc Size: 79KB - Virtual size: 78KB

.text
Size: 512B - Virtual size: 480B

.rdata
Size: 512B - Virtual size: 308B

.data
Size: 512B - Virtual size: 76B

.rsrc
Size: 732KB - Virtual size: 731KB

.reloc
Size: 512B - Virtual size: 420B

.text
Size: 27KB - Virtual size: 27KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 864B

.reloc
Size: 3KB - Virtual size: 3KB

ff:26:7d:5b:62:17:88:49:b0:26:f7:a1:55:3c:c7:c6
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

3c:c6:db:da:3b:df:9f:14:9b:80:b7:bf:fc:a3:1d:9e:fb:04:ed:af:f5:ed:4e:ef:6f:ed:08:5a:66:3c:65:37
Signer

.vmp‡�
Size: 79KB - Virtual size: 78KB

.idata
Size: 512B - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.themida
Size: 4.7MB - Virtual size: 4.7MB

.vmp‡�
Size: 456KB - Virtual size: 456KB

.vmp‡�
Size: 1024B - Virtual size: 968B

.vmp‡�
Size: 1.1MB - Virtual size: 1.1MB

.reloc
Size: 11KB - Virtual size: 10KB

.rsrc
Size: 79KB - Virtual size: 78KB