892d7725d798a0bea0a80245057183dbf53dceb729985de2d1653316b72b3fde

Sharing

Copy URL Twitter E-mail

General

Target

892d7725d798a0bea0a80245057183dbf53dceb729985de2d1653316b72b3fde
Size

20.2MB
MD5

3d9022126f8e43eb0e9d041b05c7fa54
SHA1

0097862d23e44be4efef3e458a68565d4673d029
SHA256

892d7725d798a0bea0a80245057183dbf53dceb729985de2d1653316b72b3fde
SHA512

1a66c635bebff31655f9afc1c6eac474531aa8f5b0fd446e237a393e47e0e787534d70ea9f3f61e7299f87a74ac1e67b5c9bb5f704d9ae77343cc1a51d0688ad
SSDEEP

393216:jdi1odk9kX7Ut/eRxKzoCpAnFN+Gk7eW4GGATl5aDlZd/0I6uGS4GuYzKDvHqe:jdAodskrUEPFUGCeW4GvBIp0I65X6ve

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/hlpr.dat
unpack001/instlib.dat

Files

892d7725d798a0bea0a80245057183dbf53dceb729985de2d1653316b72b3fde
.zip
hlpr.dat
.exe windows:6 windows x64 arch:x64

fea66912b6fa42d996bdddadf6ea1caa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SizeofResource
LocalAlloc
FindResourceA
LockResource
Process32FirstW
Process32NextW
WriteConsoleW
LoadResource
FreeResource
OpenProcess
TerminateProcess
GetCurrentProcess
GetLastError
CloseHandle
WriteFile
SetEndOfFile
CreateToolhelp32Snapshot
CreateFileA
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
LCMapStringEx
GetStringTypeW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlPcToFileHeader
RaiseException
RtlUnwindEx
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetStdHandle
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
ReadFile
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetProcessHeap
HeapSize
CreateFileW
RtlUnwind

advapi32

RegSetValueExW
RegCreateKeyExW
RegCloseKey
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken

Sections

.text
Size: 183KB - Virtual size: 182KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 584KB - Virtual size: 583KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
install.dat
.exe windows:5 windows x86 arch:x86

48aa5c8931746a9655524f67b25a47ef

Code Sign

68:90:0a:61:97:43:2a:80:73:df:0c:2c:bf:54:d7:65
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

13/01/2020, 00:00

Not After

11/01/2023, 23:59

Subject

SERIALNUMBER=597325,CN=Famatech Corp.,O=Famatech Corp.,L=Road Town,C=VG,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#1309526f616420546f776e,1.3.6.1.4.1.311.60.2.1.2=#1307546f72746f6c61,1.3.6.1.4.1.311.60.2.1.3=#13025647

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:72:eb:71:2d:d7:8f:7e:66:9a:bf:fe:fd:eb:ea:64:cd:6d:8b:77:e5:66:63:91:6f:46:2d:de:f7:e5:10:c8
Signer

Actual PE Digest

0a:72:eb:71:2d:d7:8f:7e:66:9a:bf:fe:fd:eb:ea:64:cd:6d:8b:77:e5:66:63:91:6f:46:2d:de:f7:e5:10:c8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges

user32

GetKeyboardType
LoadStringW
MessageBoxA
CharNextW
CreateWindowExW
TranslateMessage
SetWindowLongW
PeekMessageW
MsgWaitForMultipleObjects
MessageBoxW
LoadStringW
GetSystemMetrics
ExitWindowsEx
DispatchMessageW
DestroyWindow
CharUpperBuffW
CallWindowProcW

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleW
WriteFile
WideCharToMultiByte
WaitForSingleObject
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
SizeofResource
SignalObjectAndWait
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResetEvent
RemoveDirectoryW
ReadFile
MultiByteToWideChar
LockResource
LoadResource
LoadLibraryW
GetWindowsDirectoryW
GetVersionExW
GetUserDefaultLangID
GetThreadLocale
GetSystemInfo
GetStdHandle
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLastError
GetFullPathNameW
GetFileSize
GetFileAttributesW
GetExitCodeProcess
GetEnvironmentVariableW
GetDiskFreeSpaceW
GetCurrentProcess
GetCommandLineW
GetCPInfo
InterlockedExchange
InterlockedCompareExchange
FreeLibrary
FormatMessageW
FindResourceW
EnumCalendarInfoW
DeleteFileW
CreateProcessW
CreateFileW
CreateEventW
CreateDirectoryW
CloseHandle
Sleep

comctl32

InitCommonControls

Sections

.text
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 21KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
instlib.dat
.dll windows:6 windows x86 arch:x86

180c50ea081b0bc6fc351b3b9051fe23

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\123\source\repos\ins_asi\Release\instlib.pdb

Imports

kernel32

GetTempPathW
WaitForSingleObject
GetLastError
OutputDebugStringW
DeleteFileW
CreateThread
GetCurrentDirectoryW
CreateProcessW
WriteConsoleW
CloseHandle
CreateFileW
SetFilePointerEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InterlockedFlushSList
RtlUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RaiseException
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
DecodePointer

user32

SetWindowsHookExW
wsprintfW
UnhookWindowsHookEx
CallNextHookEx

Exports

Exports

InitializeHook
UninitializeHook
amIready
hookProc

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setup.exe
.exe windows:6 windows x86 arch:x86

c497c7ae4ef231e5be5c8a519a4916d2

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:cb:0d:db:6a:0c:59:8b:1d:fb:aa:b6:b8:ca:48:df
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

26/11/2021, 00:00

Not After

30/11/2022, 23:59

Subject

SERIALNUMBER=1004589-6,CN=Wechapaisch Consulting & Construction Limited,O=Wechapaisch Consulting & Construction Limited,L=Greater Sudbury,ST=Ontario,C=CA,1.3.6.1.4.1.311.60.2.1.3=#13024341,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

09/06/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:d8:13:a0:59:a3:a2:50:14:18:f8:b5:ca:c6:f4:3e:94:1d:3c:06:53:37:ca:5f:d9:47:d1:06:53:fa:2e:b6
Signer

Actual PE Digest

0e:d8:13:a0:59:a3:a2:50:14:18:f8:b5:ca:c6:f4:3e:94:1d:3c:06:53:37:ca:5f:d9:47:d1:06:53:fa:2e:b6

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\123\source\repos\ins_asi\Win32\Release\setup.pdb

Imports

kernel32

WriteFile
GetModuleFileNameW
lstrlenA
CreateFileW
Sleep
GetLastError
OutputDebugStringW
DeleteFileW
CloseHandle
LoadLibraryW
GetProcAddress
CreateProcessW
FreeLibrary
WriteConsoleW
SetFilePointerEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
RaiseException
GetStdHandle
ExitProcess
GetModuleHandleExW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
GetStringTypeW
LCMapStringW
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
DecodePointer

user32

wsprintfW
WaitForInputIdle
MessageBoxW

Sections

.text
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fea66912b6fa42d996bdddadf6ea1caa

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

Sections

.text Size: 183KB - Virtual size: 182KB

.rdata Size: 77KB - Virtual size: 77KB

.data Size: 5KB - Virtual size: 10KB

.pdata Size: 9KB - Virtual size: 9KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 584KB - Virtual size: 583KB

.reloc Size: 2KB - Virtual size: 2KB

48aa5c8931746a9655524f67b25a47ef

Code Sign

68:90:0a:61:97:43:2a:80:73:df:0c:2c:bf:54:d7:65Certificate

Extended Key Usages

Key Usages

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49Certificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

0a:72:eb:71:2d:d7:8f:7e:66:9a:bf:fe:fd:eb:ea:64:cd:6d:8b:77:e5:66:63:91:6f:46:2d:de:f7:e5:10:c8Signer

Headers

DLL Characteristics

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

comctl32

Sections

.text Size: 60KB - Virtual size: 60KB

.itext Size: 3KB - Virtual size: 2KB

.data Size: 3KB - Virtual size: 3KB

.bss Size: - Virtual size: 21KB

.idata Size: 3KB - Virtual size: 3KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.rsrc Size: 64KB - Virtual size: 64KB

180c50ea081b0bc6fc351b3b9051fe23

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 40KB

.rdata Size: 23KB - Virtual size: 23KB

.data Size: 2KB - Virtual size: 5KB

.shared Size: 512B - Virtual size: 12B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 3KB - Virtual size: 3KB

c497c7ae4ef231e5be5c8a519a4916d2

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0b:cb:0d:db:6a:0c:59:8b:1d:fb:aa:b6:b8:ca:48:dfCertificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

.text
Size: 183KB - Virtual size: 182KB

.rdata
Size: 77KB - Virtual size: 77KB

.data
Size: 5KB - Virtual size: 10KB

.pdata
Size: 9KB - Virtual size: 9KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 584KB - Virtual size: 583KB

.reloc
Size: 2KB - Virtual size: 2KB

68:90:0a:61:97:43:2a:80:73:df:0c:2c:bf:54:d7:65
Certificate

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

0a:72:eb:71:2d:d7:8f:7e:66:9a:bf:fe:fd:eb:ea:64:cd:6d:8b:77:e5:66:63:91:6f:46:2d:de:f7:e5:10:c8
Signer

.text
Size: 60KB - Virtual size: 60KB

.itext
Size: 3KB - Virtual size: 2KB

.data
Size: 3KB - Virtual size: 3KB

.bss
Size: - Virtual size: 21KB

.idata
Size: 3KB - Virtual size: 3KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.rsrc
Size: 64KB - Virtual size: 64KB

.text
Size: 40KB - Virtual size: 40KB

.rdata
Size: 23KB - Virtual size: 23KB

.data
Size: 2KB - Virtual size: 5KB

.shared
Size: 512B - Virtual size: 12B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 3KB - Virtual size: 3KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0b:cb:0d:db:6a:0c:59:8b:1d:fb:aa:b6:b8:ca:48:df
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0
Certificate

0e:d8:13:a0:59:a3:a2:50:14:18:f8:b5:ca:c6:f4:3e:94:1d:3c:06:53:37:ca:5f:d9:47:d1:06:53:fa:2e:b6
Signer

.text
Size: 41KB - Virtual size: 41KB

.rdata
Size: 23KB - Virtual size: 23KB

.data
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 67KB - Virtual size: 66KB

.reloc
Size: 3KB - Virtual size: 3KB