Silver_Rat[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Silver_Rat.zip
Size

28.7MB
MD5

520858d87505cbf0316ae9b24eb22f8c
SHA1

93cd36ade41903630204a0a345968062c7ea45ea
SHA256

e0803fe76c83da3b24ae34f2862e08356b46d9046bf53947de8c1729e5dd18ee
SHA512

59d0a49f4babc4d1a436f0063affc082e9f39dde2881232a1c88365f9f33ce34a4dbd5baddba02e0fc96b864cba4f42b383f18ae0f0a7e653de7ef2ecd9f8bcb
SSDEEP

786432:IaPM3krYTAxoFxbGSjSGJBxny9WIVXel1TokyNNX2JRPft:nU3keAsxq4hBhcoT4XSRPF

Score

7^/10

agilenet

Malware Config

Signatures

Obfuscated with Agile.Net obfuscator 2 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

Processes:

resource	yara_rule
static1/unpack001/Bunifu.Licensing.dll	agile_net
static1/unpack001/bunifu.ui.winforms.1.5.3.dll	agile_net

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/RestSharp.dll
unpack001/SilverRat.exe
unpack001/bouncycastle.crypto.dll
unpack001/bunifu.ui.winforms.dll
unpack001/cgeoip.dll
unpack001/protobuf-net.core.dll
unpack001/protobuf-net.dll

Files

Silver_Rat.zip
.zip
Bunifu.Licensing.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5c:a8:2f:f3:e2:49:8f:60:ba:9b:0f:ad:f3:bc:d4:87
Certificate

Issuer

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

31-03-2021 00:00

Not After

31-03-2022 23:59

Subject

SERIALNUMBER=CPR/2014/141232,CN=Bunifu Technologies Limited,O=Bunifu Technologies Limited,L=Ngong,C=KE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024b45

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19-01-2010 00:00

Not After

18-01-2038 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-12-2014 00:00

Not After

02-12-2029 23:59

Subject

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ec:b2:77:c2:12:4e:91:29:6f:54:9a:e7:fb:15:1a:ca:da:79:ed:09
Signer

Actual PE Digest

ec:b2:77:c2:12:4e:91:29:6f:54:9a:e7:fb:15:1a:ca:da:79:ed:09

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\wilsk\source\repos\apps\desktop\bunifu\work\bunifu-framework\Licensing\Bunifu.Licensing.Redistributable\bin\Debug\net40\Secured\net40\Bunifu.Licensing.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Newtonsoft.Json.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2031 00:00

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:b0:41:8d:a5:1e:14:8c:33:1b:bc:de:b7:13:83:23
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27-04-2018 12:41

Not After

27-04-2028 12:41

Subject

CN=.NET Foundation Projects Code Signing CA,O=.NET Foundation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:71:a1:b0:c2:96:f5:c7:90:65:47:0a:3c:20:53:7e
Certificate

Issuer

CN=.NET Foundation Projects Code Signing CA,O=.NET Foundation,C=US

Not Before

25-10-2018 00:00

Not After

29-10-2021 12:00

Subject

SERIALNUMBER=603 389 068,CN=Json.NET (.NET Foundation),O=Json.NET (.NET Foundation),L=Redmond,ST=wa,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04-01-2017 00:00

Not After

18-01-2028 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a7:cc:fe:41:40:99:65:07:53:c6:c7:f4:1c:e3:22:5f:f1:9e:7a:db:83:aa:c0:1c:bd:9b:44:a1:54:ff:58:a1
Signer

Actual PE Digest

a7:cc:fe:41:40:99:65:07:53:c6:c7:f4:1c:e3:22:5f:f1:9e:7a:db:83:aa:c0:1c:bd:9b:44:a1:54:ff:58:a1

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

/_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 649KB - Virtual size: 649KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/Camera.dll
Plugins/Chat.dll
Plugins/HApps.dll
Plugins/HBrowser.dll
Plugins/HRDP.dll
Plugins/HVNC.dll
Plugins/Keylogger.dll
Plugins/Manager.dll
Plugins/Options.dll
Plugins/OptionsForm.dll
Plugins/OptionsForm.dll.config
Plugins/Passwords.dll
Plugins/RAPP.dll
Plugins/RDP.dll
Plugins/Ransom.dll
Plugins/ReverseProxy.dll
Plugins/ScanNET.dll
Profiles/Builder.xml
Profiles/SocketPort.xml
RestSharp.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\personal_source\RestSharp\RestSharp.Net46\obj\ReleaseSigned\RestSharp.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SilverRat.exe
.exe windows:4 windows x86 arch:x86

a9c887a4f18a3fede2cc29ceea138ed3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

malloc
memset
strcmp
strcpy
getenv
sprintf
fopen
fwrite
fclose
__argc
__argv
_environ
_XcptFilter
__set_app_type
_controlfp
__getmainargs
exit

shell32

ShellExecuteA

kernel32

SetUnhandledExceptionFilter

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31.3MB - Virtual size: 31.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SilverRat.exe.config
.xml
System.Buffers.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:01:52:9b:40:9f:50:56:99:75:88:00:00:00:00:01:52
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-05-2019 21:37

Not After

02-05-2020 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d4:65:dc:35:86:93:2f:fb:0d:d0:c1:ac:2f:31:92:bd:28:75:14:21:57:3f:3b:7d:55:33:05:32:59:3d:d4:62
Signer

Actual PE Digest

d4:65:dc:35:86:93:2f:fb:0d:d0:c1:ac:2f:31:92:bd:28:75:14:21:57:3f:3b:7d:55:33:05:32:59:3d:d4:62

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\A\_work\156\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Buffers\netfx\System.Buffers.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
System.Collections.Immutable.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:01:52:9b:40:9f:50:56:99:75:88:00:00:00:00:01:52
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-05-2019 21:37

Not After

02-05-2020 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:35:16:55:df:62:5e:90:93:72:fe:bd:fe:ac:db:f2:1e:96:b4:4d:30:e1:68:45:9c:04:3b:aa:ba:f4:42:36
Signer

Actual PE Digest

33:35:16:55:df:62:5e:90:93:72:fe:bd:fe:ac:db:f2:1e:96:b4:4d:30:e1:68:45:9c:04:3b:aa:ba:f4:42:36

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

/_/artifacts/obj/System.Collections.Immutable/net461-Release/System.Collections.Immutable.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
System.Memory.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:02:52:8b:33:aa:f8:95:f3:39:db:00:00:00:00:02:52
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-09-2021 18:32

Not After

01-09-2022 18:32

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a4:6c:07:cf:a9:38:ad:dd:05:7b:ae:24:e4:ad:78:9e:fa:07:82:fb:e0:b3:ea:d5:f5:bc:8e:78:ff:71:9b:27
Signer

Actual PE Digest

a4:6c:07:cf:a9:38:ad:dd:05:7b:ae:24:e4:ad:78:9e:fa:07:82:fb:e0:b3:ea:d5:f5:bc:8e:78:ff:71:9b:27

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\_work\1\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Memory\netfx\System.Memory.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
System.Numerics.Vectors.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:00:c2:a0:09:c5:37:76:e9:f6:cd:00:00:00:00:00:c2
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-09-2016 17:58

Not After

07-09-2018 17:58

Subject

CN=Microsoft Time-Stamp Service,OU=AOC+OU=Thales TSS ESN:C3B0-0F6A-4111,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:79:7c:2e:57:4e:52:e1:ca:d6:00:01:00:00:01:79
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11-08-2017 20:11

Not After

11-08-2018 20:11

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:c4:e9:89:f8:7a:81:50:e9:ff:00:00:00:00:00:c4
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11-08-2017 20:20

Not After

11-08-2018 20:20

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

99:0e:22:c8:fb:bc:e4:62:63:f1:99:41:db:03:50:70:a9:f7:d6:99:5f:43:9a:3b:2d:d5:4b:9c:fc:3d:7c:e6
Signer

Actual PE Digest

99:0e:22:c8:fb:bc:e4:62:63:f1:99:41:db:03:50:70:a9:f7:d6:99:5f:43:9a:3b:2d:d5:4b:9c:fc:3d:7c:e6

Digest Algorithm

sha256

PE Digest Matches

true

12:57:a0:40:75:36:a1:51:f8:dd:f2:97:bc:f9:16:a8:2c:bd:f3:8d
Signer

Actual PE Digest

12:57:a0:40:75:36:a1:51:f8:dd:f2:97:bc:f9:16:a8:2c:bd:f3:8d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\A\_work\39\s\corefx\bin/obj/AnyOS.AnyCPU.Release/System.Numerics.Vectors/net46\System.Numerics.Vectors.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bouncycastle.crypto.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bunifu.ui.winforms.1.5.3.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5c:a8:2f:f3:e2:49:8f:60:ba:9b:0f:ad:f3:bc:d4:87
Certificate

Issuer

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

31-03-2021 00:00

Not After

31-03-2022 23:59

Subject

SERIALNUMBER=CPR/2014/141232,CN=Bunifu Technologies Limited,O=Bunifu Technologies Limited,L=Ngong,C=KE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024b45

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19-01-2010 00:00

Not After

18-01-2038 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-12-2014 00:00

Not After

02-12-2029 23:59

Subject

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3e:60:9f:ee:0b:c1:db:79:70:f4:a1:a5:c3:e7:56:69:b3:1e:fc:57
Signer

Actual PE Digest

3e:60:9f:ee:0b:c1:db:79:70:f4:a1:a5:c3:e7:56:69:b3:1e:fc:57

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\wilsk\source\repos\apps\desktop\bunifu\work\bunifu-framework\__build__\__raw__\Bunifu UI WinForms\1.5.3\net40\Secured\net40\Bunifu.UI.WinForms.1.5.3.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 286KB - Virtual size: 286KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bunifu.ui.winforms.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cgeoip.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
guna.ui2.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

7a:98:1b:7d:3e:b4:86:bb:45:84:c4:3c:c9:a8:3f:db
Certificate

Issuer

CN=Sobatdata Root CA

Not Before

23-10-2019 05:22

Not After

22-10-2025 17:00

Subject

CN=Sobatdata Software

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2014 00:00

Not After

22-10-2024 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a6:b6:6a:35:8d:b6:02:9a:d9:94:90:ab:3a:ff:17:50:0a:a4:8b:2e
Signer

Actual PE Digest

a6:b6:6a:35:8d:b6:02:9a:d9:94:90:ab:3a:ff:17:50:0a:a4:8b:2e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Ilham-PC\Documents\Visual Studio 2015\Projects\Guna.UI2\Build\Guna.UI2.WinForms\build\.net 4.0\Guna.UI2.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
protobuf-net.core.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

protobuf-net.Core.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 260KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
protobuf-net.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

protobuf-net.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 249KB - Virtual size: 248KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
stub.cs
.js

Sharing

General

Malware Config

Signatures

Files

dae02f32a21e03ce65412f6e56942daa

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

5c:a8:2f:f3:e2:49:8f:60:ba:9b:0f:ad:f3:bc:d4:87Certificate

Extended Key Usages

Key Usages

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9dCertificate

Key Usages

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1Certificate

Extended Key Usages

Key Usages

ec:b2:77:c2:12:4e:91:29:6f:54:9a:e7:fb:15:1a:ca:da:79:ed:09Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Code Sign

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77Certificate

Key Usages

07:b0:41:8d:a5:1e:14:8c:33:1b:bc:de:b7:13:83:23Certificate

Extended Key Usages

Key Usages

0a:71:a1:b0:c2:96:f5:c7:90:65:47:0a:3c:20:53:7eCertificate

Extended Key Usages

Key Usages

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41Certificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

a7:cc:fe:41:40:99:65:07:53:c6:c7:f4:1c:e3:22:5f:f1:9e:7a:db:83:aa:c0:1c:bd:9b:44:a1:54:ff:58:a1Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 649KB - Virtual size: 649KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 164KB - Virtual size: 163KB

.rsrc Size: 1024B - Virtual size: 1016B

.reloc Size: 512B - Virtual size: 12B

a9c887a4f18a3fede2cc29ceea138ed3

Headers

File Characteristics

Imports

msvcrt

shell32

kernel32

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 31.3MB - Virtual size: 31.3MB

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

5c:a8:2f:f3:e2:49:8f:60:ba:9b:0f:ad:f3:bc:d4:87
Certificate

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

ec:b2:77:c2:12:4e:91:29:6f:54:9a:e7:fb:15:1a:ca:da:79:ed:09
Signer

.text
Size: 1.3MB - Virtual size: 1.3MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

07:b0:41:8d:a5:1e:14:8c:33:1b:bc:de:b7:13:83:23
Certificate

0a:71:a1:b0:c2:96:f5:c7:90:65:47:0a:3c:20:53:7e
Certificate

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

a7:cc:fe:41:40:99:65:07:53:c6:c7:f4:1c:e3:22:5f:f1:9e:7a:db:83:aa:c0:1c:bd:9b:44:a1:54:ff:58:a1
Signer

.text
Size: 649KB - Virtual size: 649KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 164KB - Virtual size: 163KB

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 31.3MB - Virtual size: 31.3MB

.bss
Size: - Virtual size: 4B

.rsrc
Size: 11KB - Virtual size: 11KB

33:00:00:01:52:9b:40:9f:50:56:99:75:88:00:00:00:00:01:52
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

d4:65:dc:35:86:93:2f:fb:0d:d0:c1:ac:2f:31:92:bd:28:75:14:21:57:3f:3b:7d:55:33:05:32:59:3d:d4:62
Signer

.text
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

33:00:00:01:52:9b:40:9f:50:56:99:75:88:00:00:00:00:01:52
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

33:35:16:55:df:62:5e:90:93:72:fe:bd:fe:ac:db:f2:1e:96:b4:4d:30:e1:68:45:9c:04:3b:aa:ba:f4:42:36
Signer

.text
Size: 162KB - Virtual size: 162KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 12B

33:00:00:02:52:8b:33:aa:f8:95:f3:39:db:00:00:00:00:02:52
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

a4:6c:07:cf:a9:38:ad:dd:05:7b:ae:24:e4:ad:78:9e:fa:07:82:fb:e0:b3:ea:d5:f5:bc:8e:78:ff:71:9b:27
Signer

.text
Size: 126KB - Virtual size: 126KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

33:00:00:00:c2:a0:09:c5:37:76:e9:f6:cd:00:00:00:00:00:c2
Certificate

33:00:00:01:79:7c:2e:57:4e:52:e1:ca:d6:00:01:00:00:01:79
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:00:c4:e9:89:f8:7a:81:50:e9:ff:00:00:00:00:00:c4
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

99:0e:22:c8:fb:bc:e4:62:63:f1:99:41:db:03:50:70:a9:f7:d6:99:5f:43:9a:3b:2d:d5:4b:9c:fc:3d:7c:e6
Signer

12:57:a0:40:75:36:a1:51:f8:dd:f2:97:bc:f9:16:a8:2c:bd:f3:8d
Signer