19042024_0340_2023 Tax Organizer[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

19042024_0340_2023 Tax Organizer.zip
Size

10.6MB
MD5

283f7eabb82f578f49510915c4b2bf4f
SHA1

719ddeb335d1a6ce6d58826a363e249d974b82f7
SHA256

bd8ff468b6fb4958059537257894153fc0cb9eb43f4a05c0b7c42ddd0fac7df9
SHA512

c5fd5916505024bca1c9fbbdadfb8e851072a8923d469778aefa7445aa174040494dd23ec32e5f55b9be1fb1db4bc710ea62191339432b412289a290a741c512
SSDEEP

196608:Kr1D+scr7majR7NAiGmVRui3sBpQnAuRjoks+NhRKzxcneL94YoNpZVlV:KBD+sJ+2rmt3sBpQn7RkR8G94tpZd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Tax Organizer 2023/g2m.dll

Files

19042024_0340_2023 Tax Organizer.zip
.zip

Password: infected
Tax Organizer 2023/Tax Organizer.exe
.exe windows:6 windows x86 arch:x86

Password: infected

5419c6d0b7a37c6f48c0d961a0d909db

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27/04/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

Issuer

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

30/05/2020, 10:48

Subject

CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

07:77:dd:21:cf:5d:c9:dc:78:5a:cb:ae:2a:02:bb:26
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

26/10/2018, 00:00

Not After

03/11/2021, 12:00

Subject

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:10:c1:28:da:90:ce:50:43:d1:8e:83:8b:91:69:13:ad:36:49:d0:e1:e4:4b:74:ec:98:20:87:00:85:01:37
Signer

Actual PE Digest

90:10:c1:28:da:90:ce:50:43:d1:8e:83:8b:91:69:13:ad:36:49:d0:e1:e4:4b:74:ec:98:20:87:00:85:01:37

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\jenkins\workspace\Communication_Cloud\G2MWTEndpoint\Production\build-g2mwt-endpoint\output\G2M_Exe.pdb

Imports

kernel32

GetStartupInfoW
GetModuleFileNameA
GetCommandLineW
GetModuleHandleA
GetProcAddress
ExitProcess
GetModuleHandleW

user32

MessageBoxA

g2m

g2mcomm_winmain

Sections

.text
Size: 1024B - Virtual size: 973B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Tax Organizer 2023/g2m.dll
.dll regsvr32 windows:5 windows x86 arch:x86

Password: infected

7a3f4df5134515e5cd11f422da6c8d86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\p4builds\Products\GoToMeeting\release-723\output\G2M_Dll.pdb

Imports

rpcrt4

NdrCStdStubBuffer_Release
UuidToStringW
UuidCreate
RpcStringFreeW
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_CountRefs
NdrDllGetClassObject
NdrOleAllocate
NdrOleFree
CStdStubBuffer_QueryInterface
CStdStubBuffer_AddRef
IUnknown_QueryInterface_Proxy
CStdStubBuffer_Connect
IUnknown_AddRef_Proxy
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
IUnknown_Release_Proxy
CStdStubBuffer_IsIIDSupported

netapi32

NetApiBufferFree
Netbios
NetUserGetInfo
DsGetDcNameW

psapi

GetModuleBaseNameW
EnumProcessModules
EnumProcesses
GetModuleInformation
GetModuleFileNameExW

wsock32

send
recv
WSAGetLastError
shutdown
recvfrom
ntohl
inet_addr
sendto
setsockopt
select
ntohs
htonl
getsockopt
getsockname
getpeername
connect
WSACleanup
__WSAFDIsSet
gethostname
gethostbyname
accept
bind
closesocket
inet_ntoa
htons
ioctlsocket
listen
socket
WSAStartup
WSASetLastError

shlwapi

PathRemoveExtensionW
PathStripPathW
StrChrW
StrFormatByteSizeW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

powrprof

CallNtPowerInformation

secur32

InitSecurityInterfaceA
GetUserNameExW

wininet

HttpQueryInfoW
HttpAddRequestHeadersW
InternetSetStatusCallbackW
InternetSetOptionW
InternetConnectW
InternetReadFileExA
InternetErrorDlg
HttpEndRequestW
HttpSendRequestExW
InternetQueryOptionW
InternetCrackUrlW
InternetCanonicalizeUrlW
InternetCloseHandle
InternetOpenW
InternetCreateUrlW
HttpOpenRequestW

kernel32

GetSystemTime
SystemTimeToFileTime
FileTimeToSystemTime
GlobalMemoryStatusEx
LocalAlloc
GetSystemInfo
lstrcmpiW
lstrlenA
GetLocaleInfoW
OpenProcess
GetCurrentThread
GetShortPathNameW
GetModuleHandleExW
WriteFile
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
FindClose
SetFileTime
GetTempFileNameW
GetDiskFreeSpaceExW
GetFileAttributesW
DeleteFileW
FindFirstFileW
CopyFileW
MoveFileW
GetLocalTime
GetTempPathW
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
RemoveDirectoryW
ReleaseMutex
CreateMutexW
SetThreadPriority
GetThreadPriority
TerminateThread
ResumeThread
InitializeCriticalSection
TerminateProcess
GetExitCodeProcess
CreateProcessW
CompareFileTime
FindNextFileW
WaitForMultipleObjects
GetProcessTimes
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetTickCount
QueryPerformanceCounter
QueryPerformanceFrequency
GetTimeFormatW
GetDateFormatW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
ResetEvent
CreateEventW
OpenEventW
QueryDosDeviceW
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
LoadResource
SizeofResource
FindResourceW
HeapReAlloc
HeapSize
GetProcessHeap
OpenMutexW
MulDiv
GetTempPathA
CreateDirectoryA
GetWindowsDirectoryW
GetEnvironmentVariableW
TlsFree
SetLastError
GlobalAlloc
GlobalLock
GlobalUnlock
FlushInstructionCache
lstrcmpW
CreateWaitableTimerW
SetWaitableTimer
SetProcessShutdownParameters
GetCommandLineW
GetVersionExA
GetFileTime
LockResource
GlobalFree
Thread32First
Thread32Next
ExitProcess
InterlockedExchange
InterlockedExchangeAdd
GetProcessId
DuplicateHandle
CreateThread
OpenFileMappingW
lstrlenW
LoadLibraryExA
HeapAlloc
HeapDestroy
HeapCreate
GetSystemWindowsDirectoryW
LoadLibraryW
SetEvent
CreateEventA
CreateFileW
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
CloseHandle
GetFileSize
WaitForSingleObject
GetCurrentThreadId
GetCurrentProcessId
WideCharToMultiByte
MultiByteToWideChar
GetSystemDirectoryW
LoadLibraryExW
GetVersionExW
IsBadReadPtr
TlsSetValue
TlsGetValue
TlsAlloc
Sleep
SetUnhandledExceptionFilter
GetCurrentProcess
FreeLibrary
OutputDebugStringW
FormatMessageW
LocalFree
SetThreadLocale
GetThreadLocale
GetModuleHandleW
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
GetProcAddress
InterlockedDecrement
InterlockedIncrement
EncodePointer
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
DisableThreadLibraryCalls
DecodePointer
IsValidLocale
LCMapStringW
CompareStringW
CreateSemaphoreW
GetStartupInfoW
UnhandledExceptionFilter
GetCPInfo
SetEnvironmentVariableW
HeapFree
ReadConsoleInputA
SetConsoleMode
LocalFileTimeToFileTime
RtlUnwind
GetACP
ExitThread
CreateTimerQueue
WaitForSingleObjectEx
SignalObjectAndWait
SwitchToThread
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
RegisterWaitForSingleObject
UnregisterWait
FindFirstFileExW
GetCommandLineA
VirtualFree
VirtualAlloc
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
FreeLibraryAndExitThread
VirtualProtect
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
IsDebuggerPresent
FormatMessageA
GetStringTypeW
EnumSystemLocalesW
AreFileApisANSI
GetStdHandle
GetFileType
GetModuleFileNameA
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetOEMCP
GetConsoleCP
GetConsoleMode
SetConsoleCtrlHandler
SetFilePointerEx
SetStdHandle
WriteConsoleW
SetEnvironmentVariableA
ReadConsoleW
ReleaseSemaphore
GetModuleHandleA
GlobalMemoryStatus
LoadLibraryA
FlushConsoleInputBuffer
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesW
GetSystemDefaultLCID
EnumResourceLanguagesW
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
FileTimeToLocalFileTime
GetFileInformationByHandle
PeekNamedPipe
GetFullPathNameW
GetUserDefaultUILanguage
OpenThread
VerifyVersionInfoW
VerSetConditionMask
InterlockedCompareExchange
OpenEventA
GetFileSizeEx
GetExitCodeThread
MoveFileA
FindNextFileA
FindFirstFileA
GetFileAttributesExA
SetThreadAffinityMask
GetProcessAffinityMask
CreateWaitableTimerA
SetPriorityClass
FreeConsole
AllocConsole
OutputDebugStringA
CreateMutexA
GetLocaleInfoA
GetNativeSystemInfo
CreateSemaphoreA
GetOverlappedResult
ConnectNamedPipe
DisconnectNamedPipe
SetNamedPipeHandleState
WaitNamedPipeW
FoldStringW
GetVolumeInformationW
CreateNamedPipeW
SetThreadExecutionState
ExpandEnvironmentStringsW
FreeResource
GetThreadTimes
GetUserDefaultLCID

gdi32

GetRegionData
FillRgn
SetPixel
SetROP2
GetClipRgn
IntersectClipRect
CreateBitmap
GetObjectA
ExtTextOutW
EqualRgn
CreateRectRgnIndirect
DPtoLP
OffsetRgn
GetSystemPaletteEntries
CreatePalette
Polyline
GetPaletteEntries
SetDIBColorTable
GetDIBColorTable
CreateDIBSection
SaveDC
RestoreDC
GetDCOrgEx
CreateDCW
GetRgnBox
PtInRegion
CreatePen
Polygon
SetPolyFillMode
PaintRgn
FrameRgn
SetDCPenColor
SetDCBrushColor
Rectangle
CreateEllipticRgn
GetTextMetricsW
SetBkColor
CreatePolygonRgn
CreateRoundRectRgn
SetStretchBltMode
StretchBlt
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
MoveToEx
SetPixelV
SetMapMode
SelectClipRgn
LineTo
GetPixel
GetClipBox
SetRectRgn
ExcludeClipRect
CreateRectRgn
CombineRgn
GetTextExtentPoint32W
SetDIBits
GetDIBits
CreateDIBitmap
GetBitmapBits
TextOutW
SetTextColor
GetTextColor
GetBkMode
CreateFontW
CreateFontIndirectW
SetBrushOrgEx
SetBkMode
CreatePatternBrush
GetObjectW
SelectObject
GetStockObject
DeleteObject
DeleteDC
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
GetDeviceCaps

comdlg32

GetSaveFileNameW
ChooseColorW
CommDlgExtendedError
GetOpenFileNameW

ole32

OleLockRunning
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateFreeThreadedMarshaler
CoGetCurrentProcess
StringFromGUID2
CoCreateInstance
CoInitialize
CoRegisterClassObject
RegisterDragDrop
RevokeDragDrop
ReleaseStgMedium
StringFromCLSID
PropVariantClear
CreateStreamOnHGlobal
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
CoInitializeEx
CoRevokeClassObject
CoRegisterPSClsid
CoGetCallContext
CoSetProxyBlanket
CoDisconnectObject
CoInitializeSecurity
CoGetObject
CoCreateGuid
IIDFromString
OleRun
CoFreeUnusedLibraries
CoUninitialize
OleUninitialize
OleInitialize
StringFromIID

oleaut32

OleLoadPicture
SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
OleLoadPicturePath
VarBstrCat
OleCreateFontIndirect
DispCallFunc
LoadRegTypeLi
VariantClear
VariantInit
SysStringByteLen
SysAllocStringLen
VarUI4FromStr
LPSAFEARRAY_UserFree
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserSize
BSTR_UserFree
BSTR_UserUnmarshal
BSTR_UserMarshal
BSTR_UserSize
UnRegisterTypeLi
RegisterTypeLi
LoadTypeLi
SysStringLen
SysAllocString
SysFreeString
VariantChangeType
SafeArrayGetElement
SafeArrayDestroy
SafeArrayPutElement
OleCreatePropertyFrame
VariantCopy
VarBstrCmp
SystemTimeToVariantTime
SafeArrayGetLBound
SafeArrayGetUBound
SysAllocStringByteLen
LPSAFEARRAY_UserUnmarshal

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

comctl32

ord412
InitCommonControlsEx
ord413
ord410

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

winmm

mixerClose
mixerGetNumDevs
timeSetEvent
timeKillEvent
timeGetTime
mmioAscend
mmioDescend
mmioRead
mmioClose
mmioOpenA
mmioOpenW
waveOutPause
waveInGetPosition
waveInReset
waveInStop
waveInStart
waveInAddBuffer
waveInUnprepareHeader
waveInPrepareHeader
waveInGetErrorTextW
waveOutGetPosition
waveOutReset
waveOutWrite
waveOutUnprepareHeader
waveOutPrepareHeader
waveOutGetErrorTextW
waveOutSetVolume
waveOutGetVolume
timeBeginPeriod
mixerSetControlDetails
timeEndPeriod
mixerGetControlDetailsW
mixerGetLineControlsW
mixerGetLineInfoW
waveInGetNumDevs
mixerGetDevCapsW
mixerOpen
waveOutMessage
waveInMessage
waveOutGetDevCapsW
waveInGetDevCapsW
waveOutGetNumDevs
waveInOpen
waveOutOpen
waveInClose
waveOutClose
mixerGetID
waveInGetID
waveOutGetID

avicap32

capCreateCaptureWindowA
capGetDriverDescriptionA

d3d9

Direct3DCreate9

msacm32

acmStreamPrepareHeader
acmStreamConvert
acmStreamUnprepareHeader
acmStreamOpen
acmStreamClose

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDevsW

iphlpapi

GetAdaptersInfo

crypt32

CertGetNameStringA
CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertAddEncodedCertificateToStore
CertCloseStore
CertCreateCertificateContext
CertGetNameStringW
CertOpenStore

ws2_32

WSAAddressToStringA
getaddrinfo
freeaddrinfo
getnameinfo
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAResetEvent
WSAWaitForMultipleEvents
WSASetEvent
WSASend
WSAIoctl

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
g2mcomm_winmain
g2minstaller_winmain
g2minsthigh_winmain
g2mlauncher_winmain
g2mstart_winmain
g2mui_winmain
g2muninstall_winmain
g2mupdate_winmain
g2mupload_winmain
g2mvideoconference_winmain

Sections

.text
Size: 20.5MB - Virtual size: 20.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

IPPCODE
Size: 694KB - Virtual size: 696KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 396KB - Virtual size: 1012KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

IPPDATA
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 966KB - Virtual size: 965KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

5419c6d0b7a37c6f48c0d961a0d909db

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19Certificate

Extended Key Usages

Key Usages

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49Certificate

Extended Key Usages

Key Usages

07:77:dd:21:cf:5d:c9:dc:78:5a:cb:ae:2a:02:bb:26Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

90:10:c1:28:da:90:ce:50:43:d1:8e:83:8b:91:69:13:ad:36:49:d0:e1:e4:4b:74:ec:98:20:87:00:85:01:37Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

g2m

Sections

.text Size: 1024B - Virtual size: 973B

.rdata Size: 1KB - Virtual size: 1KB

.data Size: - Virtual size: 4B

.CRT Size: 512B - Virtual size: 4B

.rsrc Size: 20KB - Virtual size: 19KB

Password: infected

7a3f4df5134515e5cd11f422da6c8d86

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

rpcrt4

netapi32

psapi

wsock32

shlwapi

version

powrprof

secur32

wininet

kernel32

gdi32

comdlg32

ole32

oleaut32

wtsapi32

comctl32

userenv

winmm

avicap32

d3d9

msacm32

setupapi

iphlpapi

crypt32

ws2_32

Exports

Exports

Sections

.text Size: 20.5MB - Virtual size: 20.5MB

.orpc Size: 2KB - Virtual size: 4KB

IPPCODE Size: 694KB - Virtual size: 696KB

.rdata Size: 3.4MB - Virtual size: 3.4MB

.data Size: 396KB - Virtual size: 1012KB

IPPDATA Size: 1024B - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

07:77:dd:21:cf:5d:c9:dc:78:5a:cb:ae:2a:02:bb:26
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

90:10:c1:28:da:90:ce:50:43:d1:8e:83:8b:91:69:13:ad:36:49:d0:e1:e4:4b:74:ec:98:20:87:00:85:01:37
Signer

.text
Size: 1024B - Virtual size: 973B

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: - Virtual size: 4B

.CRT
Size: 512B - Virtual size: 4B

.rsrc
Size: 20KB - Virtual size: 19KB

.text
Size: 20.5MB - Virtual size: 20.5MB

.orpc
Size: 2KB - Virtual size: 4KB

IPPCODE
Size: 694KB - Virtual size: 696KB

.rdata
Size: 3.4MB - Virtual size: 3.4MB

.data
Size: 396KB - Virtual size: 1012KB

IPPDATA
Size: 1024B - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

_RDATA
Size: 5KB - Virtual size: 8KB

.rsrc
Size: 966KB - Virtual size: 965KB