412d9f40832b3e5e0b5ac5df9302963f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

412d9f40832b3e5e0b5ac5df9302963f_JaffaCakes118
Size

5.4MB
MD5

412d9f40832b3e5e0b5ac5df9302963f
SHA1

b720ee7dd24693933811f7eb9fa375f37df8c84e
SHA256

5eaaac101ef688e58f6a1d7fc3e032018344bd95a6d76d333d4b95909d56e29a
SHA512

9a94bc0a164a601186bfd1537b565f41cd635197691d8fd0ae873d42dd042f5c200302698f7cdaa14fa88c4116aa398656945cec925be626c2875eda5132acf2
SSDEEP

98304:wR0hJtRqWppVUkRPyCYvOM/IpLIdikGGHnIsOG/TTz7hF1iLLaXl61n6FLW/:k+nrHRPyCkO2IRIdRGSbTTJFKeXg1n5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/System.dll

Files

412d9f40832b3e5e0b5ac5df9302963f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

be41bf7b8cc010b614bd36bbca606973

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:06:a0:81:d3:3f:d8:7a:e5:82:4c:c1:6b:52:09:4e:03
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

03/02/2015, 00:00

Not After

03/03/2026, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7d:55:78:e2:b2:bf:d2:f6:03:5c:35:15:4b:e5:34:e7
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

01/04/2016, 00:00

Not After

01/07/2017, 23:59

Subject

CN=MEIXIAN XIE,OU=Individual Developer,O=No Organization Affiliation,L=深圳市,ST=广东省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

79:3b:96:ab:db:0b:24:7d:c1:a6:82:d3:67:62:0a:cc:84:3a:0f:46
Signer

Actual PE Digest

79:3b:96:ab:db:0b:24:7d:c1:a6:82:d3:67:62:0a:cc:84:3a:0f:46

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
CloseHandle
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
CreateFileW
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrlenW

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 458KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 368KB - Virtual size: 367KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WeatherEntryDll.dll
.dll windows:5 windows x64 arch:x64

4a798ac5c699c072b82fd25ad8ec776b

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:06:a0:81:d3:3f:d8:7a:e5:82:4c:c1:6b:52:09:4e:03
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

03/02/2015, 00:00

Not After

03/03/2026, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7d:55:78:e2:b2:bf:d2:f6:03:5c:35:15:4b:e5:34:e7
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

01/04/2016, 00:00

Not After

01/07/2017, 23:59

Subject

CN=MEIXIAN XIE,OU=Individual Developer,O=No Organization Affiliation,L=深圳市,ST=广东省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5e:ed:c2:06:3f:f1:43:02:75:0e:fc:91:95:51:8c:ff:38:6a:5c:c5
Signer

Actual PE Digest

5e:ed:c2:06:3f:f1:43:02:75:0e:fc:91:95:51:8c:ff:38:6a:5c:c5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\jenkins\workspace\weather\Release\x64\WeatherEntryDll.pdb

Imports

msimg32

AlphaBlend

comctl32

ord17

uxtheme

IsThemeActive
GetThemeColor
OpenThemeData
DrawThemeParentBackground
CloseThemeData

kernel32

GetLocalTime
GetUserDefaultUILanguage
GetCurrentThreadId
GetCurrentProcessId
ExpandEnvironmentStringsW
WriteConsoleA
SetStdHandle
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetConsoleMode
GetConsoleCP
SetFilePointer
HeapReAlloc
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
IsValidCodePage
FlushFileBuffers
GetProcAddress
CreateFileA
WriteFile
GetStringTypeA
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
ExitProcess
HeapSize
FlsAlloc
SetLastError
GetLastError
GetTimeFormatW
GetVersionExW
GetLocaleInfoW
OutputDebugStringW
GetDateFormatW
GetModuleHandleW
GetConsoleOutputCP
GetACP
WriteConsoleW
CloseHandle
GetOEMCP
MultiByteToWideChar
WideCharToMultiByte
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
FlsSetValue
GetCommandLineA
GetCPInfo
RtlUnwindEx
RaiseException
RtlPcToFileHeader
LCMapStringW
LCMapStringA
GetStringTypeW
HeapAlloc
HeapSetInformation
HeapCreate
HeapDestroy
EncodePointer
DecodePointer
FlsGetValue
FlsFree

user32

DestroyWindow
TrackPopupMenu
RegisterWindowMessageW
FillRect
LoadImageW
GetClientRect
BeginPaint
GetClassInfoW
GetDC
InvalidateRect
AppendMenuW
SystemParametersInfoW
GetClassNameW
ReleaseDC
GetSysColor
SetWindowPos
GetCursorPos
CreatePopupMenu
EndPaint
CreateWindowExW
EqualRect
IsWindowVisible
SetWindowLongPtrW
SendMessageW
CallWindowProcW
CopyRect
GetWindowThreadProcessId
ScreenToClient
GetWindowRect
PostMessageW
GetParent
CallNextHookEx
WindowFromPoint
FindWindowW
PtInRect
IsWindow
SetWindowsHookExW
UnhookWindowsHookEx
FindWindowExW

gdi32

DeleteDC
CreateDIBSection
CreateFontIndirectW
DeleteObject
SelectObject
CreateCompatibleDC
DPtoLP
CreateSolidBrush
BitBlt

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW

Exports

Exports

?ResetHook@@YAHXZ
?SetHook@@YAHK@Z

Sections

.text
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Shared
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 834KB - Virtual size: 834KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
res/BR/skin.xml
.xml
res/BR/skin2.xml
.xml
res/CN/skin.xml
.xml
res/CN/skin2.xml
.xml
res/DE/skin.xml
.xml
res/DE/skin2.xml
.xml
res/EN/skin.xml
.xml
res/EN/skin2.xml
.xml
res/FR/skin.xml
.xml
res/FR/skin2.xml
.xml
res/JP/skin.xml
.xml
res/JP/skin2.xml
.xml
res/JP/skin3.xml
.xml
res/TH/skin.xml
.xml
res/TH/skin2.xml
.xml
res/XP/BR/skin.xml
.xml
res/XP/BR/skin2.xml
.xml
res/XP/CN/skin.xml
.xml
res/XP/CN/skin2.xml
.xml
res/XP/DE/skin.xml
.xml
res/XP/DE/skin2.xml
.xml
res/XP/EN/skin.xml
.xml
res/XP/EN/skin2.xml
.xml
res/XP/FR/skin.xml
.xml
res/XP/FR/skin2.xml
.xml
res/XP/JP/skin.xml
.xml
res/XP/JP/skin2.xml
.xml
res/XP/JP/skin3.xml
.xml
res/XP/TH/skin.xml
.xml
res/XP/TH/skin2.xml
.xml
res/picture/Humidity.png
.png
res/picture/Icon24_layout.png
.png
res/picture/Icon48_layout.png
.png
res/picture/Refresh.png
.png
res/picture/bg_main.png
.png
res/picture/bg_menu.png
.png
res/picture/bg_search.png
.png
res/picture/bg_user_guide.png
.png
res/picture/btn_cancel.png
.png
res/picture/btn_delete.png
.png
res/picture/btn_menu.png
.png
res/picture/btn_radio.png
.png
res/picture/clear.png
.png
res/picture/cloudy.png
.png
res/picture/cloudy_fg.png
.png
res/picture/fog.png
.png
res/picture/icn_add.png
.png
res/picture/icn_fail.png
.png
res/picture/icn_info_grey.png
.png
res/picture/icn_location_gray.png
.png
res/picture/icn_precipitation.png
.png
res/picture/icn_success.png
.png
res/picture/icn_thermo.png
.png
res/picture/icn_units.png
.png
res/picture/img_degree.png
.png
res/picture/img_dot_normal.png
.png
res/picture/img_dot_selected.png
.png
res/picture/img_minus.png
.png
res/picture/img_num_0.png
.png
res/picture/img_num_1.png
.png
res/picture/img_num_2.png
.png
res/picture/img_num_3.png
.png
res/picture/img_num_4.png
.png
res/picture/img_num_5.png
.png
res/picture/img_num_6.png
.png
res/picture/img_num_7.png
.png
res/picture/img_num_8.png
.png
res/picture/img_num_9.png
.png
res/picture/overcast.png
.png
res/picture/rain.png
.png
res/picture/scrollbar.png
.png
res/picture/sequence.png
.png
res/picture/snow.png
.png
res/picture/sunny.png
.png
res/picture/tstorm.png
.png
res/picture/uninstall/bg.png
.png
res/picture/uninstall/btn.png
.png
res/picture/uninstall/button.png
.png
res/picture/uninstall/buttondown.png
.png
res/picture/uninstall/checkbox.png
.png
res/picture/uninstall/click.png
.png
res/picture/uninstall/close.png
.png
res/picture/uninstall/hover.png
.png
res/picture/uninstall/normal.png
.png
res/picture/uninstall/page1.png
.png
res/picture/uninstall/page2.png
.png
res/picture/uninstall/page3.png
.png
res/picture/uninstall/page4.png
.png
res/picture/uninstall/progress_back.png
.png
res/picture/uninstall/progress_fore.png
.png
res/picture/uninstall/uninstall.png
.png
res/picture/uninstall/uninstalldown.png
.png
res/picture/windy.png
.png

Sharing

General

Malware Config

Signatures

Files

be41bf7b8cc010b614bd36bbca606973

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

11:21:06:a0:81:d3:3f:d8:7a:e5:82:4c:c1:6b:52:09:4e:03Certificate

Extended Key Usages

Key Usages

7d:55:78:e2:b2:bf:d2:f6:03:5c:35:15:4b:e5:34:e7Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

79:3b:96:ab:db:0b:24:7d:c1:a6:82:d3:67:62:0a:cc:84:3a:0f:46Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 29KB - Virtual size: 28KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 458KB

.ndata Size: - Virtual size: 1.0MB

.rsrc Size: 368KB - Virtual size: 367KB

.reloc Size: 4KB - Virtual size: 3KB

039bcbc605477e8e87ec550c2e60e748

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 963B

.data Size: 512B - Virtual size: 64B

.reloc Size: 1024B - Virtual size: 588B

4a798ac5c699c072b82fd25ad8ec776b

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

11:21:06:a0:81:d3:3f:d8:7a:e5:82:4c:c1:6b:52:09:4e:03Certificate

Extended Key Usages

Key Usages

7d:55:78:e2:b2:bf:d2:f6:03:5c:35:15:4b:e5:34:e7Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

5e:ed:c2:06:3f:f1:43:02:75:0e:fc:91:95:51:8c:ff:38:6a:5c:c5Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msimg32

comctl32

uxtheme

kernel32

user32

gdi32

advapi32

Exports

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:06:a0:81:d3:3f:d8:7a:e5:82:4c:c1:6b:52:09:4e:03
Certificate

7d:55:78:e2:b2:bf:d2:f6:03:5c:35:15:4b:e5:34:e7
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

79:3b:96:ab:db:0b:24:7d:c1:a6:82:d3:67:62:0a:cc:84:3a:0f:46
Signer

.text
Size: 29KB - Virtual size: 28KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 458KB

.ndata
Size: - Virtual size: 1.0MB

.rsrc
Size: 368KB - Virtual size: 367KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 963B

.data
Size: 512B - Virtual size: 64B

.reloc
Size: 1024B - Virtual size: 588B

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:06:a0:81:d3:3f:d8:7a:e5:82:4c:c1:6b:52:09:4e:03
Certificate

7d:55:78:e2:b2:bf:d2:f6:03:5c:35:15:4b:e5:34:e7
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

5e:ed:c2:06:3f:f1:43:02:75:0e:fc:91:95:51:8c:ff:38:6a:5c:c5
Signer

.text
Size: 128KB - Virtual size: 128KB

.rdata
Size: 35KB - Virtual size: 34KB

.data
Size: 7KB - Virtual size: 17KB

.pdata
Size: 8KB - Virtual size: 7KB

Shared
Size: 512B - Virtual size: 12B

.rsrc
Size: 834KB - Virtual size: 834KB

.reloc
Size: 4KB - Virtual size: 3KB