2024-04-24_1a3d9ceb79965557c39b63f0d86b9397_magniber_revil

Sharing

Copy URL

Twitter E-mail

General

Target

2024-04-24_1a3d9ceb79965557c39b63f0d86b9397_magniber_revil
Size

16.1MB
MD5

1a3d9ceb79965557c39b63f0d86b9397
SHA1

d597a3741f5799056778490608f121a8e389f01c
SHA256

ceaad01dfbfc5cae82a5c3fc83e867bd41648a534ad463e6d58b8322e7967ce6
SHA512

20c87bc9cc938c1a1458ba5be13f8340fc8dbd7c7f912db15d47a8ceb78369d0b9911f30f5f4b801673477d545051e02815fcf43453bf27d9c399ef67bd14462
SSDEEP

393216:sRjlV3inuC5K1M5ut2nijFiyD7XMOx0JrqNDUG2zYY14dYCCt37v9y:UlV3dC5K1M5FijwyDrP0NG2y

Score

10^/10

Malware Config

Signatures

Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers. 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_Binary_References_Browsers

Detects executables containing SQL queries to confidential data stores. Observed in infostealers 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_SQLQuery_ConfidentialDataStore

Files

2024-04-24_1a3d9ceb79965557c39b63f0d86b9397_magniber_revil
.exe windows:5 windows x86 arch:x86

020faf3f987cf423891679d8e9bbb7e2

Code Sign

87:82:52:60:00:00:00:00:51:d3:73:d9
Certificate

Issuer

CN=Entrust Root Certification Authority - G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

10-06-2015 13:42

Not After

10-11-2030 14:12

Subject

CN=Entrust Extended Validation Code Signing CA - EVCS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e9:4d:27:9d:ce:ef:2c:ee:00:00:00:00:55:65:b9:ef
Certificate

Issuer

CN=Entrust Extended Validation Code Signing CA - EVCS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

26-03-2020 16:57

Not After

01-05-2022 17:27

Subject

SERIALNUMBER=727035-6,CN=LULU Software (7270356 Canada Inc),O=LULU Software (7270356 Canada Inc),L=Saint-Laurent,ST=Quebec,C=CA,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024341

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

11:21:b4:55:35:1e:bb:1a:b2:4f:97:ef:07:fe:2a:b3:0b:8a
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for Standard - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ea:5e:8f:e9:9b:c2:ff:06:4a:c2:1e:24:a2:50:f4:93:46:8d:1d:17:af:56:e8:02:61:e9:36:af:ef:3f:fd:9f
Signer

Actual PE Digest

ea:5e:8f:e9:9b:c2:ff:06:4a:c2:1e:24:a2:50:f4:93:46:8d:1d:17:af:56:e8:02:61:e9:36:af:ef:3f:fd:9f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\TemporaryBuilds\installer_builder_1\30\s\_bin\soda12\Win32\Soda_PDF_Desktop_12_Installer.pdb

Imports

kernel32

GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetCurrentProcess
GetStdHandle
SetFileTime
GetEnvironmentVariableA
FindClose
CreateFileW
CloseHandle
LoadLibraryW
GetProcAddress
GetCurrentProcessId
SystemTimeToFileTime
FreeLibrary
GetSystemTime
DebugBreak
AreFileApisANSI
ReadFile
TryEnterCriticalSection
HeapCreate
HeapFree
EnterCriticalSection
GetFullPathNameW
WriteFile
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
LeaveCriticalSection
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
WaitForSingleObject
GetFileAttributesW
GetCurrentThreadId
GetVersionExW
UnmapViewOfFile
HeapValidate
HeapSize
MultiByteToWideChar
Sleep
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetLastError
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
CreateFileA
LoadLibraryA
WaitForSingleObjectEx
GetVersionExA
DeleteFileA
DeleteFileW
HeapReAlloc
GetSystemInfo
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
CreateFileMappingA
LocalFree
LockFileEx
GetFileSize
DeleteCriticalSection
GetProcessHeap
WideCharToMultiByte
GetSystemTimeAsFileTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
GetCurrentDirectoryW
LocalFileTimeToFileTime
CreateDirectoryW
TlsAlloc
WaitForMultipleObjects
TerminateThread
QueueUserAPC
SetEvent
CreateEventA
TlsFree
LocalAlloc
QueryPerformanceFrequency
GetDriveTypeW
GetModuleHandleW
GetCommandLineW
RaiseException
DecodePointer
InitializeCriticalSectionAndSpinCount
CreateThread
CreateEventW
FindNextFileW
GetModuleFileNameW
TerminateProcess
SetUnhandledExceptionFilter
GetDiskFreeSpaceExW
GetLogicalDriveStringsW
SetFileAttributesW
CopyFileW
CreateProcessW
RemoveDirectoryW
SetLastError
GetWindowsDirectoryW
ReleaseMutex
ReleaseSemaphore
CreateSemaphoreA
WaitForMultipleObjectsEx
LoadResource
SizeofResource
FindResourceW
LoadLibraryExW
lstrcmpiW
GetShortPathNameW
GetUserDefaultLCID
OpenProcess
CreateToolhelp32Snapshot
Module32FirstW
Module32NextW
IsWow64Process
GetExitCodeProcess
Process32FirstW
Process32NextW
GetModuleHandleA
LockResource
BeginUpdateResourceW
UpdateResourceW
EndUpdateResourceW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
ProcessIdToSessionId
CreateMutexA
GetModuleFileNameA
LoadLibraryExA
DuplicateHandle
SleepEx
PostQueuedCompletionStatus
CreateIoCompletionPort
SetWaitableTimer
GetQueuedCompletionStatus
VerSetConditionMask
VerifyVersionInfoW
FindFirstFileW
TlsSetValue
MoveFileW
GetSystemDirectoryW
MoveFileExA
CompareFileTime
GetFileType
PeekNamedPipe
GetCurrentThread
GetThreadTimes
GetEnvironmentVariableW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
GetModuleHandleExW
SwitchToFiber
DeleteFiber
CreateFiber
ConvertFiberToThread
ConvertThreadToFiber
GetLocalTime
FileTimeToSystemTime
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
GetLocaleInfoW
ResetEvent
CreateSemaphoreW
ResumeThread
GetComputerNameW
CompareStringW
CompareStringA
GetNumberFormatW
GetCurrencyFormatW
GetSystemDefaultLCID
MulDiv
GetTempFileNameA
GlobalSize
AllocConsole
SetErrorMode
ExitProcess
LocalSize
lstrlenW
GetCPInfo
SetHandleInformation
CancelIo
RegisterWaitForSingleObject
UnregisterWait
ConnectNamedPipe
SetNamedPipeHandleState
CreateNamedPipeW
WaitNamedPipeW
GetNamedPipeHandleStateW
SwitchToThread
QueueUserWorkItem
CreateNamedPipeA
GetNumberOfConsoleInputEvents
ReadConsoleInputW
WriteConsoleW
FillConsoleOutputCharacterW
FillConsoleOutputAttribute
GetConsoleCursorInfo
SetConsoleCursorInfo
SetConsoleCursorPosition
WriteConsoleInputW
UnregisterWaitEx
CreateJobObjectW
AssignProcessToJobObject
SetInformationJobObject
LCMapStringW
GetFileInformationByHandle
SetFilePointerEx
DeviceIoControl
MoveFileExW
CreateHardLinkW
GetLongPathNameW
ReadDirectoryChangesW
SetEnvironmentVariableW
GetVolumeInformationW
GetStartupInfoW
VirtualAlloc
VirtualFree
lstrcmpW
SetThreadPriority
GetThreadPriority
VirtualProtect
GetWindowsDirectoryA
GetComputerNameA
InterlockedPopEntrySList
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
SignalObjectAndWait
CreateTimerQueue
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
CreatePipe
EnumSystemLocalesW
IsValidLocale
GetFileSizeEx
GetConsoleCP
SetStdHandle
FreeLibraryAndExitThread
ExitThread
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
FoldStringW
EnumSystemLocalesA
GetLocaleInfoA
IsDBCSLeadByteEx
IsValidCodePage
GetStringTypeExA
LCMapStringA
GetStringTypeExW
GetFileTime
CreateWaitableTimerA
GetLogicalProcessorInformation
OpenEventA
EncodePointer
InitOnceComplete
InitOnceBeginInitialize
GetExitCodeThread
GetStringTypeW
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
UnhandledExceptionFilter
MapViewOfFileEx
lstrcpynW
VirtualQuery
TlsGetValue
SetConsoleCtrlHandler
QueryDepthSList

winspool.drv

ord203

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

gdiplus

GdipSetPageUnit
GdipTransformPoints
GdipDrawLine
GdipDrawArc
GdipDrawRectangle
GdipDrawEllipse
GdipDrawPie
GdipDrawPath
GdipGraphicsClear
GdipFillRectangle
GdipFillRectangleI
GdipFillRectanglesI
GdipFillEllipse
GdipFillPie
GdipFillPath
GdipDrawImageRectRect
GdipSetClipRect
GdipSetClipRectI
GdipGetClipBoundsI
GdipSaveGraphics
GdipRestoreGraphics
GdipBeginContainer2
GdipEndContainer
GdiplusStartup
GdiplusShutdown
GdipDeleteFontFamily
GdipGetEmHeight
GdipGetCellAscent
GdipGetLineSpacing
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipGetFamily
GdipGetFontSize
GdipCreateBitmapFromGraphics
GdipCreateHBITMAPFromBitmap
GdipDrawImageI
GdipDrawDriverString
GdipGetImageWidth
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipSetPixelOffsetMode
GdipGetSmoothingMode
GdipSetSmoothingMode
GdipSetCompositingQuality
GdipGetWorldTransform
GdipDisposeImage
GdipCloneImage
GdipDeleteGraphics
GdipCreateFromHWND
GdipCreateFromHDC
GdipTranslateWorldTransform
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipSetPenDashArray
GdipSetPenDashOffset
GdipSetPenDashStyle
GdipSetPenMiterLimit
GdipSetPenLineJoin
GdipSetPenEndCap
GdipSetPenStartCap
GdipDeletePen
GdipCreatePen2
GdipCreatePen1
GdipSetPathGradientTransform
GdipSetPathGradientWrapMode
GdipSetPathGradientPresetBlend
GdipSetPathGradientCenterPoint
GdipCreatePathGradientFromPath
GdipMultiplyLineTransform
GdipSetLineWrapMode
GdipSetLinePresetBlend
GdipCreateLineBrush
GdipCreateSolidFill
GdipCreateTexture
GdipDeleteBrush
GdipCloneBrush
GdipGetMatrixElements
GdipShearMatrix
GdipRotateMatrix
GdipScaleMatrix
GdipTranslateMatrix
GdipDeleteMatrix
GdipCreateMatrix2
GdipCreateMatrix
GdipIsVisiblePathPoint
GdipGetPathWorldBounds
GdipAddPathRectangleI
GdipAddPathArcI
GdipAddPathLineI
GdipAddPathEllipse
GdipAddPathBezier
GdipAddPathArc
GdipAddPathLine
GdipClosePathFigure
GdipStartPathFigure
GdipSetPathFillMode
GdipResetPath
GdipDeletePath
GdipClonePath
GdipCreatePath
GdipFree
GdipAlloc
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipGetImageHeight
GdipSetImageAttributesColorMatrix
GdipMultiplyWorldTransform
GdipGetImageGraphicsContext

uxtheme

SetWindowTheme
IsThemeBackgroundPartiallyTransparent
GetThemePartSize
DrawThemeBackground
CloseThemeData
OpenThemeData

usp10

ScriptFreeCache
ScriptApplyDigitSubstitution
ScriptBreak
ScriptPlace
ScriptShape
ScriptItemize

Exports

Exports

??0?$singleton@V?$extended_type_info_typeid@UAppMdiData@@@serialization@boost@@@serialization@boost@@IAE@XZ
??0?$singleton@V?$extended_type_info_typeid@Vdate@gregorian@boost@@@serialization@boost@@@serialization@boost@@IAE@XZ
??0?$singleton@V?$extended_type_info_typeid@Vptime@posix_time@boost@@@serialization@boost@@@serialization@boost@@IAE@XZ
??0?$singleton@V?$extended_type_info_typeid@Vtime_duration@posix_time@boost@@@serialization@boost@@@serialization@boost@@IAE@XZ
?get_const_instance@?$singleton@V?$extended_type_info_typeid@UAppMdiData@@@serialization@boost@@@serialization@boost@@SAABV?$extended_type_info_typeid@UAppMdiData@@@23@XZ
?get_const_instance@?$singleton@V?$extended_type_info_typeid@Vdate@gregorian@boost@@@serialization@boost@@@serialization@boost@@SAABV?$extended_type_info_typeid@Vdate@gregorian@boost@@@23@XZ
?get_const_instance@?$singleton@V?$extended_type_info_typeid@Vptime@posix_time@boost@@@serialization@boost@@@serialization@boost@@SAABV?$extended_type_info_typeid@Vptime@posix_time@boost@@@23@XZ
?get_const_instance@?$singleton@V?$extended_type_info_typeid@Vtime_duration@posix_time@boost@@@serialization@boost@@@serialization@boost@@SAABV?$extended_type_info_typeid@Vtime_duration@posix_time@boost@@@23@XZ
?get_const_instance@?$singleton@V?$iserializer@Vxml_wiarchive@archive@boost@@UAppMdiData@@@detail@archive@boost@@@serialization@boost@@SAABV?$iserializer@Vxml_wiarchive@archive@boost@@UAppMdiData@@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$iserializer@Vxml_wiarchive@archive@boost@@Vdate@gregorian@3@@detail@archive@boost@@@serialization@boost@@SAABV?$iserializer@Vxml_wiarchive@archive@boost@@Vdate@gregorian@3@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$iserializer@Vxml_wiarchive@archive@boost@@Vptime@posix_time@3@@detail@archive@boost@@@serialization@boost@@SAABV?$iserializer@Vxml_wiarchive@archive@boost@@Vptime@posix_time@3@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$iserializer@Vxml_wiarchive@archive@boost@@Vtime_duration@posix_time@3@@detail@archive@boost@@@serialization@boost@@SAABV?$iserializer@Vxml_wiarchive@archive@boost@@Vtime_duration@posix_time@3@@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$map@Vxml_wiarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SAABV?$map@Vxml_wiarchive@archive@boost@@@extra_detail@detail@archive@3@XZ
?get_const_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SAABV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ
?get_const_instance@?$singleton@V?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@@serialization@boost@@SAABV?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@XZ
?get_lock@singleton_module@serialization@boost@@AAEAA_NXZ
?get_mutable_instance@?$singleton@V?$map@Vxml_wiarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SAAAV?$map@Vxml_wiarchive@archive@boost@@@extra_detail@detail@archive@3@XZ
?get_mutable_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SAAAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ
?get_mutable_instance@?$singleton@V?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@@serialization@boost@@SAAAV?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@XZ
?is_destroyed@?$singleton@V?$map@Vxml_wiarchive@archive@boost@@@extra_detail@detail@archive@boost@@@serialization@boost@@SA_NXZ
?is_destroyed@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SA_NXZ
?is_destroyed@?$singleton@V?$multiset@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@Utype_compare@234@V?$allocator@PBVextended_type_info_typeid_0@typeid_system@serialization@boost@@@std@@@std@@@serialization@boost@@SA_NXZ
?is_locked@singleton_module@serialization@boost@@QAE_NXZ
?load_object_data@?$iserializer@Vxml_wiarchive@archive@boost@@UAppMdiData@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vxml_wiarchive@archive@boost@@Vdate@gregorian@3@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vxml_wiarchive@archive@boost@@Vptime@posix_time@3@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vxml_wiarchive@archive@boost@@Vtime_duration@posix_time@3@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?lock@?1??get_lock@singleton_module@serialization@boost@@AAEAA_NXZ@4_NA
?lock@singleton_module@serialization@boost@@QAEXXZ
?unlock@singleton_module@serialization@boost@@QAEXXZ

Sections

.text
Size: 9.6MB - Virtual size: 9.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 361KB - Virtual size: 515KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 538KB - Virtual size: 537KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

020faf3f987cf423891679d8e9bbb7e2

Code Sign

87:82:52:60:00:00:00:00:51:d3:73:d9Certificate

Extended Key Usages

Key Usages

e9:4d:27:9d:ce:ef:2c:ee:00:00:00:00:55:65:b9:efCertificate

Extended Key Usages

Key Usages

11:21:b4:55:35:1e:bb:1a:b2:4f:97:ef:07:fe:2a:b3:0b:8aCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

ea:5e:8f:e9:9b:c2:ff:06:4a:c2:1e:24:a2:50:f4:93:46:8d:1d:17:af:56:e8:02:61:e9:36:af:ef:3f:fd:9fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

winspool.drv

userenv

gdiplus

uxtheme

usp10

Exports

Exports

Sections

.text Size: 9.6MB - Virtual size: 9.6MB

.rdata Size: 2.0MB - Virtual size: 2.0MB

.data Size: 361KB - Virtual size: 515KB

.rsrc Size: 3.7MB - Virtual size: 3.7MB

.reloc Size: 538KB - Virtual size: 537KB

87:82:52:60:00:00:00:00:51:d3:73:d9
Certificate

e9:4d:27:9d:ce:ef:2c:ee:00:00:00:00:55:65:b9:ef
Certificate

11:21:b4:55:35:1e:bb:1a:b2:4f:97:ef:07:fe:2a:b3:0b:8a
Certificate

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

ea:5e:8f:e9:9b:c2:ff:06:4a:c2:1e:24:a2:50:f4:93:46:8d:1d:17:af:56:e8:02:61:e9:36:af:ef:3f:fd:9f
Signer

.text
Size: 9.6MB - Virtual size: 9.6MB

.rdata
Size: 2.0MB - Virtual size: 2.0MB

.data
Size: 361KB - Virtual size: 515KB

.rsrc
Size: 3.7MB - Virtual size: 3.7MB

.reloc
Size: 538KB - Virtual size: 537KB