CheckForCheats[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

CheckForCheats.zip
Size

2.4MB
MD5

2c5fc9c85e739c605a3449a7a7f7cae0
SHA1

5510504eee7498e8583c16e5f371ffd8be9a87ee
SHA256

81d67f9d94804b1c736e1e8851a7a8360fdeb6023515f7a7bd6c7fecfaee0862
SHA512

2e9d7b1051e79810e348081a8ec09d9be7c9fe23ff346359349d553a2a7be9fef24668c615ef78db9250ca27b42f428f702c18b874ac7de89158f81ce4a9ba58
SSDEEP

49152:nkh+GZg2BCZLnjp+jo1zEk7eqUdGI3zsaoyj86uNzbh:nc+GZg2G7jwjo1zeqrATVuNzV

Score

10^/10

upx

Malware Config

Signatures

Nirsoft 3 IoCs

resource	yara_rule
static1/unpack002/out.upx	Nirsoft
static1/unpack001/CheckForCheats/᫥ .exe	Nirsoft
static1/unpack001/CheckForCheats/᫥ ⨢ .exe	Nirsoft

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/CheckForCheats/᫥ 饭.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/CheckForCheats/᫥ 饭.exe
unpack002/out.upx

Files

CheckForCheats.zip
.zip
CheckForCheats/appdata.bat
CheckForCheats/ ணࠬ/Everything.exe
.exe windows:4 windows x64 arch:x64

5b6e895fb0f85d35fb9ab09a1d22ae0d

Code Sign

0e:ae:3b:a4:9c:f8:c1:7c:12:57:cd:df:59:7d:a8:47
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

16/11/2020, 00:00

Not After

17/03/2022, 23:59

Subject

CN=voidtools,O=voidtools,L=Wilmington,ST=South Australia,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9b:8f:12:49:c3:e7:c4:58:3e:af:a7:54:78:42:35:34:28:16:fb:a7:ac:b5:d8:2b:57:8e:3d:8e:d2:3b:ce:3d
Signer

Actual PE Digest

9b:8f:12:49:c3:e7:c4:58:3e:af:a7:54:78:42:35:34:28:16:fb:a7:ac:b5:d8:2b:57:8e:3d:8e:d2:3b:ce:3d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

comctl32

ImageList_GetIconSize
ImageList_DrawEx
_TrackMouseEvent
InitCommonControlsEx

ws2_32

gethostbyname
WSAGetLastError
WSACleanup
closesocket
send
recv
connect
WSAAsyncSelect
setsockopt
socket
WSAStartup
shutdown
listen
bind
ntohs
getsockname
accept
inet_addr
htons
getpeername

shlwapi

PathRemoveFileSpecW
SHRegGetUSValueW
PathIsRootW
PathCombineW

kernel32

FileTimeToSystemTime
GetSystemTime
FreeResource
LockResource
LoadResource
SizeofResource
FindResourceW
GetSystemDefaultLangID
LoadLibraryA
CopyFileW
TerminateProcess
OpenProcess
CreateMutexW
SetLastError
GetStartupInfoW
HeapAlloc
GetProcessHeap
HeapFree
VirtualAlloc
VirtualFree
QueryDosDeviceW
SetErrorMode
DeleteFileW
RemoveDirectoryW
MoveFileW
MoveFileExW
CreateDirectoryW
GetFileAttributesW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetComputerNameW
GetVolumeInformationW
GetDiskFreeSpaceW
GetFullPathNameW
GetFileSize
FindFirstFileW
FindNextFileW
GetDriveTypeW
GetThreadPriority
CreateEventW
GetProcAddress
FreeLibrary
SetFilePointer
GetWindowsDirectoryW
GetCurrentDirectoryW
GetFileAttributesExW
LocalFileTimeToFileTime
SystemTimeToFileTime
FileTimeToLocalFileTime
SystemTimeToTzSpecificLocalTime
__C_specific_handler
WaitForMultipleObjects
GetSystemDirectoryW
LoadLibraryW
ExpandEnvironmentStringsW
GetSystemInfo
GetVersionExA
LocalFree
LocalAlloc
ConnectNamedPipe
CreateNamedPipeW
GetTimeZoneInformation
MulDiv
GetTimeFormatW
GetNumberFormatW
GetDateFormatW
MultiByteToWideChar
HeapCreate
HeapSetInformation
GetModuleFileNameA
FlsAlloc
TlsSetValue
FlsFree
TlsFree
FlsSetValue
FlsGetValue
GetModuleHandleA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetStartupInfoA
GetCommandLineA
CreateThread
ExitThread
GetTempPathW
CreateFileW
FreeConsole
AllocConsole
SetStdHandle
SetConsoleScreenBufferSize
ExitProcess
QueryPerformanceFrequency
QueryPerformanceCounter
WriteFile
FlushFileBuffers
GetStdHandle
GetFileType
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
WriteConsoleW
GetLocaleInfoW
GetCalendarInfoW
DeviceIoControl
GetOverlappedResult
ResetEvent
Sleep
FindNextChangeNotification
FindFirstChangeNotificationW
GetFileInformationByHandle
GetLocalTime
FindCloseChangeNotification
FindClose
GetSystemTimeAsFileTime
GetCurrentThread
SetThreadPriority
InitializeCriticalSection
WaitForSingleObject
DeleteCriticalSection
EnterCriticalSection
GetTickCount
LeaveCriticalSection
SetEvent
GetCommandLineW
GetCurrentThreadId
GetModuleHandleW
ReadFile
GetLastError
CloseHandle
WideCharToMultiByte
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetCurrentProcessId
HeapReAlloc
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
GetModuleFileNameW

user32

IsClipboardFormatAvailable
IsWindowVisible
SetCursor
SetCapture
ChangeClipboardChain
DrawEdge
DrawFrameControl
EqualRect
GetSubMenu
GetMenu
SetClipboardViewer
EnumWindows
ActivateKeyboardLayout
LoadIconW
IsDlgButtonChecked
SetScrollInfo
UpdateWindow
ScrollWindowEx
SetDlgItemInt
GetMenuState
RemoveMenu
GetMenuItemID
GetMenuDefaultItem
EnableMenuItem
AdjustWindowRect
GetSysColorBrush
OffsetRect
InvalidateRgn
MessageBeep
SetCursorPos
GetDlgItemInt
GetDlgCtrlID
SendDlgItemMessageW
GetDesktopWindow
ValidateRect
CharLowerW
CharUpperW
CreateIconIndirect
PostQuitMessage
GetLastActivePopup
OpenIcon
GetForegroundWindow
AttachThreadInput
SetActiveWindow
BringWindowToTop
EnumChildWindows
CheckDlgButton
GetMenuItemInfoW
GetKeyboardLayoutList
LoadCursorW
GetScrollInfo
InvalidateRect
ClientToScreen
ScreenToClient
GetAsyncKeyState
IsIconic
GetWindowPlacement
IsZoomed
GetWindowTextLengthW
GetWindowTextW
GetParent
CopyRect
EmptyClipboard
SetClipboardData
GetWindowLongPtrW
SetWindowLongPtrW
SetFocus
PtInRect
FindWindowW
InsertMenuW
SetDlgItemTextW
SetForegroundWindow
BeginPaint
EndPaint
OpenClipboard
GetClipboardData
CloseClipboard
FillRect
CreateWindowExW
GetClassInfoExW
RegisterClassExW
IsWindowEnabled
GetClientRect
GetCapture
ReleaseCapture
ShowWindow
CreateDialogIndirectParamW
GetFocus
GetNextDlgTabItem
EnableWindow
SetWindowPos
SetWindowTextW
SetWindowLongW
MessageBoxW
DialogBoxIndirectParamW
DrawTextW
GetMenuItemCount
CreatePopupMenu
AppendMenuW
DeleteMenu
SetMenuItemInfoW
GetWindowLongW
AdjustWindowRectEx
CallWindowProcW
GetDlgItem
GetWindowRect
MapWindowPoints
IntersectRect
GetMonitorInfoW
SystemParametersInfoW
GetDC
ReleaseDC
SetWindowsHookExW
PeekMessageW
WaitMessage
SetMenu
RegisterClipboardFormatW
RedrawWindow
GetMessagePos
RegisterWindowMessageA
ReplyMessage
GetCursorPos
CreateMenu
SetMenuDefaultItem
TrackPopupMenu
DestroyMenu
KillTimer
GetDoubleClickTime
RegisterHotKey
GetKeyState
UnregisterHotKey
PostThreadMessageW
GetSysColor
EndDialog
PostMessageW
DestroyIcon
SetTimer
DestroyWindow
DefWindowProcW
SendMessageTimeoutW
GetWindowThreadProcessId
IsWindow
GetKeyNameTextW
MapVirtualKeyExW
UnhookWindowsHookEx
CallNextHookEx
GetClassNameW
SendMessageW
GetMessageW
TranslateMessage
DispatchMessageW
GetSystemMetrics
LoadImageW
GetKeyboardLayout

gdi32

SetStretchBltMode
GetDeviceCaps
GetDIBits
SelectClipRgn
TextOutW
GetTextAlign
SetTextAlign
CreateCompatibleBitmap
OffsetClipRgn
OffsetRgn
CombineRgn
GetDCOrgEx
GetRandomRgn
EnumFontFamiliesExW
CreateCompatibleDC
BitBlt
StretchDIBits
GetRegionData
ExtCreateRegion
GetObjectW
CreateFontIndirectW
GetStockObject
GetNearestColor
CreateSolidBrush
CreateRectRgn
CreateDIBSection
GetCurrentObject
ExcludeClipRect
RectVisible
GetTextExtentExPointW
GetTextExtentPoint32W
DeleteDC
SetBkMode
CreateBitmapIndirect
CreatePatternBrush
SetBrushOrgEx
SetBkColor
SetTextColor
PatBlt
SelectObject
GetTextMetricsW
StretchBlt
DeleteObject

comdlg32

GetOpenFileNameW
GetSaveFileNameW
ChooseColorW
CommDlgExtendedError

advapi32

RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
DeleteService
CloseServiceHandle
RegOpenKeyA
RegQueryValueW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
QueryServiceConfigW
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW
RegEnumKeyW
RegCloseKey
RegDeleteKeyW
GetUserNameW
RegisterEventSourceW
ReportEventW
DeregisterEventSource
CreateServiceW
StartServiceW
OpenSCManagerW
OpenServiceW
ControlService
SetServiceStatus

shell32

DragQueryPoint
DragFinish
DragAcceptFiles
Shell_NotifyIconW
SHBrowseForFolderW
SHGetFileInfoW
DragQueryFileW
SHGetSpecialFolderLocation
ord16
SHFileOperationW
ShellExecuteExW
SHGetDesktopFolder
SHGetPathFromIDListW
SHChangeNotify

ole32

CoTaskMemFree
OleUninitialize
OleInitialize
CoCreateInstance
CoInitializeEx
CoUninitialize
CLSIDFromString
CreateStreamOnHGlobal
CoTaskMemAlloc
RevokeDragDrop
DoDragDrop
RegisterDragDrop
ReleaseStgMedium

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 302KB - Virtual size: 301KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 71KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CheckForCheats/ ணࠬ/Everything.lng
CheckForCheats/᫥ 饭.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 25KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CheckForCheats/᫥ .cfg
CheckForCheats/᫥ .exe
.exe windows:4 windows x86 arch:x86

d0faef4f30a486dd1300a7acd0c85b75

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/09/2014, 00:00

Not After

12/09/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

bd:1b:1e:45:0b:bd:d5:df:88:67:8e:7d:da:22:3d:17
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

30/03/2016, 00:00

Not After

30/06/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

2c:74:00:47:85:71:32:fd:9e:ae:4c:83:8f:76:fa:2e:82:8b:31:16:a5:3d:04:66:db:d1:63:42:11:69:aa:c0
Signer

Actual PE Digest

2c:74:00:47:85:71:32:fd:9e:ae:4c:83:8f:76:fa:2e:82:8b:31:16:a5:3d:04:66:db:d1:63:42:11:69:aa:c0

Digest Algorithm

sha256

PE Digest Matches

true

8e:c6:6f:fc:4a:a1:e5:fe:44:cc:2e:f8:cf:c3:7a:51:fe:7e:cd:4f
Signer

Actual PE Digest

8e:c6:6f:fc:4a:a1:e5:fe:44:cc:2e:f8:cf:c3:7a:51:fe:7e:cd:4f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Projects\VS2005\JumpListsView\Release\JumpListsView.pdb

Imports

msvcrt

__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_XcptFilter
__p__fmode
_c_exit
_onexit
__dllonexit
strlen
qsort
_wcslwr
_itow
wcstoul
wcsrchr
malloc
__set_app_type
_controlfp
_except_handler3
_exit
_wcsicmp
wcscmp
wcschr
free
modf
_memicmp
memcmp
??2@YAPAXI@Z
??3@YAXPAX@Z
memcpy
wcslen
_wtoi
_purecall
wcscpy
memset
wcscat
_snwprintf
wcsncat

comctl32

ImageList_Add
ImageList_Create
ord17
ImageList_AddMasked
ImageList_SetImageCount
CreateStatusWindowW
CreateToolbarEx

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

ReadProcessMemory
GetCurrentProcess
ExitProcess
GetCurrentProcessId
OpenProcess
EnumResourceTypesW
GetTickCount
GetModuleHandleA
GetStartupInfoW
LoadResource
SetErrorMode
DeleteFileW
GetStdHandle
GetPrivateProfileStringW
FileTimeToSystemTime
SystemTimeToFileTime
CompareFileTime
LoadLibraryW
GetProcAddress
FreeLibrary
GetModuleHandleW
MultiByteToWideChar
lstrlenW
lstrcpyW
GlobalAlloc
SystemTimeToTzSpecificLocalTime
GlobalUnlock
LoadLibraryExW
WideCharToMultiByte
GetTempPathW
GetLastError
GetLocaleInfoW
FindNextFileW
SizeofResource
GlobalLock
GetDateFormatW
GetTempFileNameW
FormatMessageW
FindClose
GetVersionExW
GetFileSize
FindFirstFileW
GetTimeFormatW
CloseHandle
GetFileAttributesW
GetWindowsDirectoryW
FileTimeToLocalFileTime
ReadFile
WriteFile
GetModuleFileNameW
GetNumberFormatW
CreateFileW
LockResource
LocalFree
FindResourceW
WritePrivateProfileStringW
GetPrivateProfileIntW
EnumResourceNamesW

user32

GetMessageW
PostQuitMessage
TrackPopupMenu
RegisterWindowMessageW
KillTimer
DispatchMessageW
SetCursor
LoadCursorW
GetSysColorBrush
ShowWindow
DrawTextExW
DeferWindowPos
GetClientRect
CreateWindowExW
SendDlgItemMessageW
EndDialog
GetWindow
SetWindowLongW
GetDlgItem
GetWindowRect
DrawFrameControl
GetDlgItemInt
SetWindowTextW
InvalidateRect
UpdateWindow
SendMessageW
SetWindowPlacement
SetDlgItemTextW
GetDlgItemTextW
EndPaint
GetWindowPlacement
SetDlgItemInt
GetSystemMetrics
BeginPaint
SetMenu
LoadAcceleratorsW
PostMessageW
DefWindowProcW
TranslateAcceleratorW
RegisterClassW
MessageBoxW
LoadImageW
GetWindowLongW
GetSysColor
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
GetSubMenu
GetDC
EmptyClipboard
EnableMenuItem
ReleaseDC
GetClassNameW
OpenClipboard
MoveWindow
GetMenuStringW
GetMenuItemCount
CheckMenuItem
CloseClipboard
GetCursorPos
GetParent
SetClipboardData
EnableWindow
MapWindowPoints
GetMenu
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
DialogBoxParamW
CreateDialogParamW
EnumChildWindows
LoadStringW
DestroyWindow
SetWindowPos
GetDesktopWindow
GetWindowTextW
LoadIconW
DestroyIcon
SetTimer
IsDialogMessageW
TranslateMessage
ChildWindowFromPoint

gdi32

GetStockObject
GetTextExtentPoint32W
SetBkColor
GetDeviceCaps
GetObjectW
GetPixel
DeleteDC
SetPixel
SelectObject
CreateCompatibleDC
SetTextColor
CreateFontIndirectW
SetBkMode
DeleteObject

comdlg32

FindTextW
GetSaveFileNameW

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

SHGetMalloc
SHBrowseForFolderW
SHGetFileInfoW
ShellExecuteW
SHGetPathFromIDListW

ole32

CoUninitialize
CoInitialize
StgOpenStorageEx

Sections

.text
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CheckForCheats/᫥ ⨢ .exe
.exe windows:4 windows x86 arch:x86

8e0ee8bdfc37e806f77196a49dba6058

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/09/2014, 00:00

Not After

12/09/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

bd:1b:1e:45:0b:bd:d5:df:88:67:8e:7d:da:22:3d:17
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

30/03/2016, 00:00

Not After

30/06/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

f3:2b:56:05:4d:1f:65:ff:8f:74:d7:b3:04:c8:ca:d7:42:10:01:4b:1d:4f:f9:60:ea:3e:cf:94:ec:ed:5d:20
Signer

Actual PE Digest

f3:2b:56:05:4d:1f:65:ff:8f:74:d7:b3:04:c8:ca:d7:42:10:01:4b:1d:4f:f9:60:ea:3e:cf:94:ec:ed:5d:20

Digest Algorithm

sha256

PE Digest Matches

true

ce:64:88:67:c4:67:47:3c:46:78:5f:a3:63:d8:16:13:63:d9:f4:55
Signer

Actual PE Digest

ce:64:88:67:c4:67:47:3c:46:78:5f:a3:63:d8:16:13:63:d9:f4:55

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Projects\VS2005\LastActivityView\Release\LastActivityView.pdb

Imports

msvcrt

__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
__p__fmode
exit
_cexit
_XcptFilter
_exit
_c_exit
_onexit
__dllonexit
_msize
__set_app_type
_controlfp
_except_handler3
_wcmdln
calloc
realloc
_wcslwr
strlen
_purecall
_itow
_wcsnicmp
qsort
modf
_memicmp
_wtoi
memcmp
wcstoul
wcsrchr
swscanf
malloc
_ultow
wcscmp
free
??3@YAXPAX@Z
??2@YAPAXI@Z
memcpy
wcslen
wcscpy
memset
_wcsicmp
wcschr
_snwprintf
wcscat
wcsncat

comctl32

CreateStatusWindowW
CreateToolbarEx
ImageList_SetImageCount
ImageList_Create
ord17
ImageList_Add
ImageList_AddMasked

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

ExitProcess
ReadProcessMemory
QueryDosDeviceW
GetVolumeInformationW
GetLogicalDrives
GetLongPathNameW
OpenProcess
EnumResourceTypesW
GetModuleHandleA
GetStartupInfoW
GetProcAddress
GetCurrentProcessId
SetErrorMode
DeleteFileW
CloseHandle
GetFileSize
SystemTimeToFileTime
FileTimeToSystemTime
CompareFileTime
GetSystemTimeAsFileTime
GetDriveTypeW
FreeLibrary
GetModuleHandleW
LoadLibraryW
GetTickCount
GetWindowsDirectoryW
ExpandEnvironmentStringsW
GetLastError
GetCurrentProcess
GetDateFormatW
FindNextFileW
SizeofResource
GetTempFileNameW
GlobalLock
FormatMessageW
FindFirstFileW
GetVersionExW
FindClose
GetTimeFormatW
GetFileAttributesW
FileTimeToLocalFileTime
ReadFile
FindResourceW
WriteFile
GetModuleFileNameW
LocalFree
LoadResource
CreateFileW
TzSpecificLocalTimeToSystemTime
LockResource
SystemTimeToTzSpecificLocalTime
lstrcpyW
MultiByteToWideChar
lstrlenW
LocalFileTimeToFileTime
LoadLibraryExW
GlobalAlloc
GetSystemDirectoryW
GlobalUnlock
WideCharToMultiByte
GetTempPathW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
EnumResourceNamesW
GetStdHandle

user32

ChildWindowFromPoint
LoadCursorW
SetCursor
GetSysColorBrush
ShowWindow
GetDlgItemInt
SetDlgItemInt
DeferWindowPos
CreateWindowExW
BeginPaint
EndPaint
GetWindow
GetClientRect
SendDlgItemMessageW
DrawFrameControl
EndDialog
SetWindowLongW
GetDlgItem
SetWindowTextW
UpdateWindow
SendMessageW
SetDlgItemTextW
InvalidateRect
GetDlgItemTextW
GetWindowRect
GetSystemMetrics
RegisterClassW
PostMessageW
MessageBoxW
TranslateAcceleratorW
SetMenu
SetWindowPos
GetWindowPlacement
LoadAcceleratorsW
DefWindowProcW
LoadImageW
GetSysColor
GetWindowLongW
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
KillTimer
SetTimer
GetParent
GetClassNameW
MoveWindow
OpenClipboard
CheckMenuItem
GetMenuStringW
GetMenuItemCount
CloseClipboard
CheckMenuRadioItem
SetClipboardData
EnableWindow
GetCursorPos
MapWindowPoints
GetMenu
GetSubMenu
GetDC
EmptyClipboard
EnableMenuItem
ReleaseDC
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
DialogBoxParamW
CreateDialogParamW
EnumChildWindows
DestroyWindow
LoadStringW
GetDesktopWindow
GetWindowTextW
LoadMenuW
DestroyIcon
LoadIconW
IsDialogMessageW
TranslateMessage
DrawTextExW
GetKeyState
RegisterWindowMessageW
TrackPopupMenu
PostQuitMessage
GetMessageW
DispatchMessageW
CreatePopupMenu
CallWindowProcW

gdi32

CreateFontIndirectW
SetTextColor
DeleteObject
GetPixel
DeleteDC
SetBkMode
SetBkColor
GetStockObject
GetTextExtentPoint32W
GetDeviceCaps
SetPixel
SelectObject
CreateCompatibleDC
GetObjectW

comdlg32

FindTextW
GetSaveFileNameW

advapi32

RegCloseKey
RegEnumValueW
RegOpenKeyExW
RegEnumKeyExW
RegQueryValueExW
RegQueryInfoKeyW
OpenServiceW
OpenSCManagerW
ControlService
StartServiceW
QueryServiceStatus
CloseServiceHandle
RegConnectRegistryW

shell32

SHGetFileInfoW
ShellExecuteW
SHGetPathFromIDListW
SHBindToParent
SHGetDesktopFolder
SHGetMalloc

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysFreeString
SysAllocString
VariantTimeToSystemTime

Sections

.text
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CheckForCheats/ .exe
.exe windows:4 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

cd:80:2f:7b:b8:e4:3e:4c:e2:97:15:2e:a3:bf:92:f6
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

30/01/2018, 00:00

Not After

29/01/2021, 23:59

Subject

CN=Goversoft LLC,O=Goversoft LLC,POSTALCODE=19958,STREET=16192 Coastal Hwy,L=Lewes,ST=Delaware,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:cf:89:d9:ff:27:b5:fd:c8:99:91:c5:09:4d:1c:f6:5d:f3:35:aa
Signer

Actual PE Digest

1d:cf:89:d9:ff:27:b5:fd:c8:99:91:c5:09:4d:1c:f6:5d:f3:35:aa

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 973KB - Virtual size: 972KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 5KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 36B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 393KB - Virtual size: 393KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5b6e895fb0f85d35fb9ab09a1d22ae0d

Code Sign

0e:ae:3b:a4:9c:f8:c1:7c:12:57:cd:df:59:7d:a8:47Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

9b:8f:12:49:c3:e7:c4:58:3e:af:a7:54:78:42:35:34:28:16:fb:a7:ac:b5:d8:2b:57:8e:3d:8e:d2:3b:ce:3dSigner

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

ws2_32

shlwapi

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 302KB - Virtual size: 301KB

.data Size: 71KB - Virtual size: 77KB

.pdata Size: 50KB - Virtual size: 50KB

.rsrc Size: 40KB - Virtual size: 40KB

.reloc Size: 12KB - Virtual size: 12KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 48KB

UPX1 Size: 25KB - Virtual size: 28KB

.rsrc Size: 4KB - Virtual size: 8KB

Headers

File Characteristics

Sections

.text Size: 33KB - Virtual size: 33KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 1024B - Virtual size: 5KB

.rsrc Size: 9KB - Virtual size: 9KB

d0faef4f30a486dd1300a7acd0c85b75

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8Certificate

Extended Key Usages

Key Usages

bd:1b:1e:45:0b:bd:d5:df:88:67:8e:7d:da:22:3d:17Certificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

2c:74:00:47:85:71:32:fd:9e:ae:4c:83:8f:76:fa:2e:82:8b:31:16:a5:3d:04:66:db:d1:63:42:11:69:aa:c0Signer

8e:c6:6f:fc:4a:a1:e5:fe:44:cc:2e:f8:cf:c3:7a:51:fe:7e:cd:4fSigner

Headers

File Characteristics

0e:ae:3b:a4:9c:f8:c1:7c:12:57:cd:df:59:7d:a8:47
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

9b:8f:12:49:c3:e7:c4:58:3e:af:a7:54:78:42:35:34:28:16:fb:a7:ac:b5:d8:2b:57:8e:3d:8e:d2:3b:ce:3d
Signer

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 302KB - Virtual size: 301KB

.data
Size: 71KB - Virtual size: 77KB

.pdata
Size: 50KB - Virtual size: 50KB

.rsrc
Size: 40KB - Virtual size: 40KB

.reloc
Size: 12KB - Virtual size: 12KB

UPX0
Size: - Virtual size: 48KB

UPX1
Size: 25KB - Virtual size: 28KB

.rsrc
Size: 4KB - Virtual size: 8KB

.text
Size: 33KB - Virtual size: 33KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 1024B - Virtual size: 5KB

.rsrc
Size: 9KB - Virtual size: 9KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

bd:1b:1e:45:0b:bd:d5:df:88:67:8e:7d:da:22:3d:17
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

2c:74:00:47:85:71:32:fd:9e:ae:4c:83:8f:76:fa:2e:82:8b:31:16:a5:3d:04:66:db:d1:63:42:11:69:aa:c0
Signer

8e:c6:6f:fc:4a:a1:e5:fe:44:cc:2e:f8:cf:c3:7a:51:fe:7e:cd:4f
Signer

.text
Size: 47KB - Virtual size: 46KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 1KB - Virtual size: 6KB

.rsrc
Size: 20KB - Virtual size: 20KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

bd:1b:1e:45:0b:bd:d5:df:88:67:8e:7d:da:22:3d:17
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

f3:2b:56:05:4d:1f:65:ff:8f:74:d7:b3:04:c8:ca:d7:42:10:01:4b:1d:4f:f9:60:ea:3e:cf:94:ec:ed:5d:20
Signer

ce:64:88:67:c4:67:47:3c:46:78:5f:a3:63:d8:16:13:63:d9:f4:55
Signer

.text
Size: 71KB - Virtual size: 71KB

.rdata
Size: 23KB - Virtual size: 22KB

.data
Size: 3KB - Virtual size: 62KB

.rsrc
Size: 21KB - Virtual size: 21KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate