blankgrabber | SonicX_Executor[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

SonicX_Executor.zip
Size

19.5MB
MD5

fa3f48ad811854c852b8cf51c68f745c
SHA1

99141c82d431cfb77abf03cb1d1a872271028539
SHA256

e09786736b94a59006103aec78bc3d5ebd618e6286450cc6e1f83c6ae7b2429e
SHA512

7efd28f174efdd6ffdf8054d824ddf3596366188f49e1ab79a7c53ff0c15dd3905e775e9fc0b47075cd335395ebfb5a915f3dc88b61531b566de5facb35e1467
SSDEEP

393216:LPIbbz+YarfWV4F5JoRBUq9y+yNOcOiBFWmmVM+TEIaVtMonOWHAu8vfU0nSnE:zIbf+YazhFf8KTNOcOSUS7Vuon/A+nE

Score

10^/10

blankgrabber

Malware Config

Signatures

A stealer written in Python and packaged with Pyinstaller 1 IoCs

resource	yara_rule
static1/unpack002/�b�1Ƣg.pyc	blankgrabber

Blankgrabber family
blankgrabber

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/SonicX/SonicX.dll

Files

SonicX_Executor.zip
.zip
SonicX/Newtonsoft.Json.xml
.xml
SonicX/RequireFolder/Angel.txt
SonicX/RequireFolder/Boom X4.txt
SonicX/RequireFolder/Country Roads Admin.txt
SonicX/RequireFolder/Eraser.txt
SonicX/RequireFolder/Ice Cream.txt
SonicX/RequireFolder/Insanity Powers.txt
SonicX/RequireFolder/Jhon Doe.txt
SonicX/RequireFolder/Jhon wick.txt
SonicX/RequireFolder/Kermit Gui.txt
SonicX/RequireFolder/Kfc.txt
SonicX/RequireFolder/Knife V2.txt
SonicX/RequireFolder/Mcdonalds.txt
SonicX/RequireFolder/Rare Sword.txt
SonicX/RequireFolder/School Shooter.txt
SonicX/RequireFolder/Trap Rifle.txt
SonicX/SonicX.dll
.dll windows:6 windows x64 arch:x64

5f1988dd053a64d4ce09004bcc3d1a55

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ws2_32

WSACleanup
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAGetLastError
WSAIoctl
WSAResetEvent
WSASetEvent
WSASetLastError
WSAStartup
WSAWaitForMultipleEvents
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
getpeername
getsockname
getsockopt
htonl
htons
inet_ntop
inet_pton
ioctlsocket
listen
ntohs
recv
select
send
setsockopt
socket

advapi32

CryptAcquireContextA
CryptCreateHash
CryptDestroyHash
CryptGenRandom
CryptGetHashParam
CryptHashData
CryptReleaseContext
GetCurrentHwProfileA

kernel32

AcquireSRWLockExclusive
AreFileApisANSI
CloseHandle
CloseThreadpoolWork
CompareStringW
ConnectNamedPipe
CopyFileW
CreateDirectoryW
CreateFileA
CreateFileW
CreateNamedPipeW
CreateThread
CreateThreadpoolWork
CreateToolhelp32Snapshot
DecodePointer
DeleteCriticalSection
DeleteFileW
DisconnectNamedPipe
EncodePointer
EnterCriticalSection
EnumSystemLocalesW
ExitProcess
ExitThread
FileTimeToSystemTime
FindClose
FindFirstFileExW
FindFirstFileW
FindNextFileW
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
FormatMessageA
FormatMessageW
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryAndExitThread
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetConsoleOutputCP
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatW
GetDriveTypeW
GetEnvironmentStringsW
GetEnvironmentVariableA
GetExitCodeThread
GetFileAttributesExW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFileSizeEx
GetFileType
GetFullPathNameW
GetLastError
GetLocaleInfoEx
GetLocaleInfoW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetNativeSystemInfo
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemDirectoryA
GetSystemTimeAsFileTime
GetTickCount
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLCID
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeConditionVariable
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
InitializeSListHead
InterlockedFlushSList
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
K32GetModuleFileNameExA
LCMapStringEx
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LocalFree
MoveFileExA
MultiByteToWideChar
OpenProcess
PeekNamedPipe
Process32First
Process32Next
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadConsoleW
ReadFile
ReleaseSRWLockExclusive
RtlCaptureContext
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwind
RtlUnwindEx
RtlVirtualUnwind
SetEndOfFile
SetEnvironmentVariableW
SetFileInformationByHandle
SetFilePointerEx
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
Sleep
SleepConditionVariableCS
SleepConditionVariableSRW
SleepEx
SubmitThreadpoolWork
SwitchToThread
SystemTimeToTzSpecificLocalTime
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryAcquireSRWLockExclusive
UnhandledExceptionFilter
VerSetConditionMask
VerifyVersionInfoW
WaitForSingleObject
WaitForSingleObjectEx
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFile
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

ClientToScreen
CloseClipboard
EmptyClipboard
EnumWindows
GetClientRect
GetClipboardData
GetForegroundWindow
GetSystemMetrics
GetWindowTextA
GetWindowThreadProcessId
MapVirtualKeyA
MessageBoxA
OpenClipboard
RegisterClipboardFormatA
SetClipboardData
keybd_event
mouse_event

bcrypt

BCryptGenRandom

crypt32

CertAddCertificateContextToStore
CertCloseStore
CertCreateCertificateChainEngine
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFindExtension
CertFreeCertificateChain
CertFreeCertificateChainEngine
CertFreeCertificateContext
CertGetCertificateChain
CertGetNameStringA
CertOpenStore
CryptDecodeObjectEx
CryptQueryObject
CryptStringToBinaryA
PFXImportCertStore

Sections

.text
Size: - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 557KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gxfg
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.`=o
Size: - Virtual size: 8.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.y[q
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.7[h
Size: 15.6MB - Virtual size: 15.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 411B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SonicX/SonicX.exe
.exe windows:5 windows x64 arch:x64

f4f2e2b03fe5666a721620fcea3aea9b

Code Sign

33:00:00:04:13:31:bc:19:88:07:a9:07:74:00:00:00:00:04:13
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03-02-2023 00:05

Not After

01-02-2024 00:05

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c3:5e:ea:01:02:f6:9e:33:d1:2e:01:6b:68:03:b0:b2:56:12:81:20:0d:15:01:91:c0:bf:45:2c:4e:b4:5d:28
Signer

Actual PE Digest

c3:5e:ea:01:02:f6:9e:33:d1:2e:01:6b:68:03:b0:b2:56:12:81:20:0d:15:01:91:c0:bf:45:2c:4e:b4:5d:28

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

CreateWindowExW
PostMessageW
GetMessageW
MessageBoxW
MessageBoxA
SystemParametersInfoW
DestroyIcon
SetWindowLongPtrW
GetWindowLongPtrW
GetClientRect
InvalidateRect
ReleaseDC
GetDC
DrawTextW
GetDialogBaseUnits
EndDialog
DialogBoxIndirectParamW
MoveWindow
SendMessageW

comctl32

ord380

kernel32

IsValidCodePage
GetStringTypeW
GetFileAttributesExW
HeapReAlloc
FlushFileBuffers
GetCurrentDirectoryW
GetACP
GetOEMCP
GetModuleHandleW
MulDiv
GetLastError
SetDllDirectoryW
CreateFileW
GetFinalPathNameByHandleW
CloseHandle
GetModuleFileNameW
CreateSymbolicLinkW
GetCPInfo
GetCommandLineW
GetEnvironmentVariableW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
CreateDirectoryW
GetTempPathW
WaitForSingleObject
Sleep
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
FreeLibrary
LoadLibraryExW
SetConsoleCtrlHandler
FindClose
FindFirstFileExW
GetCurrentProcess
LocalFree
FormatMessageW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetTimeZoneInformation
HeapSize
WriteConsoleW
SetEndOfFile
GetProcAddress
GetSystemTimeAsFileTime
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
RtlUnwindEx
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
RaiseException
RtlPcToFileHeader
GetCommandLineA
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFullPathNameW
RemoveDirectoryW
FindNextFileW
SetStdHandle
DeleteFileW
ReadFile
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
HeapFree
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleOutputCP
GetFileSizeEx
HeapAlloc
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW

advapi32

OpenProcessToken
GetTokenInformation
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

gdi32

SelectObject
DeleteObject
CreateFontIndirectW

Sections

.text
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
�b�1Ƣg.pyc
SonicX/Vurnability.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

06:ce:e1:31:be:6d:55:c8:07:f7:c0:c7:fb:44:e6:20
Certificate

Issuer

CN=DigiCert CS RSA4096 Root G5,O=DigiCert\, Inc.,C=US

Not Before

15-01-2021 00:00

Not After

14-01-2046 23:59

Subject

CN=DigiCert CS RSA4096 Root G5,O=DigiCert\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:de:32:e9:50:9b:44:aa:34:b1:da:f1:bc:0e:c8:73
Certificate

Issuer

CN=DigiCert CS RSA4096 Root G5,O=DigiCert\, Inc.,C=US

Not Before

15-07-2021 00:00

Not After

14-07-2031 23:59

Subject

CN=.NET Foundation Projects Code Signing CA2,O=.NET Foundation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:d1:40:7a:5a:bd:ed:43:d5:c1:73:12:1d:38:c5:29
Certificate

Issuer

CN=.NET Foundation Projects Code Signing CA2,O=.NET Foundation,C=US

Not Before

13-08-2021 00:00

Not After

29-10-2024 23:59

Subject

SERIALNUMBER=603 389 068,CN=Json.NET (.NET Foundation),O=Json.NET (.NET Foundation),L=Redmond,ST=Washington,C=US,1.3.6.1.4.1.311.60.2.1.2=#130a57617368696e67746f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

38:27:11:d0:35:02:fc:58:64:ae:1e:6c:cb:c5:eb:67:eb:5d:dc:c8:86:9e:e4:59:cc:0d:02:0e:5f:d1:fc:9b
Signer

Actual PE Digest

38:27:11:d0:35:02:fc:58:64:ae:1e:6c:cb:c5:eb:67:eb:5d:dc:c8:86:9e:e4:59:cc:0d:02:0e:5f:d1:fc:9b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

/_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 681KB - Virtual size: 680KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5f1988dd053a64d4ce09004bcc3d1a55

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

advapi32

kernel32

user32

bcrypt

crypt32

Sections

.text Size: - Virtual size: 2.5MB

.rdata Size: - Virtual size: 557KB

.data Size: - Virtual size: 47KB

.pdata Size: - Virtual size: 80KB

.00cfg Size: - Virtual size: 56B

.gxfg Size: - Virtual size: 11KB

.tls Size: - Virtual size: 9B

_RDATA Size: - Virtual size: 500B

.`=o Size: - Virtual size: 8.2MB

.y[q Size: 3KB - Virtual size: 2KB

.7[h Size: 15.6MB - Virtual size: 15.6MB

.reloc Size: 512B - Virtual size: 280B

.rsrc Size: 512B - Virtual size: 411B

f4f2e2b03fe5666a721620fcea3aea9b

Code Sign

33:00:00:04:13:31:bc:19:88:07:a9:07:74:00:00:00:00:04:13Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

c3:5e:ea:01:02:f6:9e:33:d1:2e:01:6b:68:03:b0:b2:56:12:81:20:0d:15:01:91:c0:bf:45:2c:4e:b4:5d:28Signer

Headers

DLL Characteristics

File Characteristics

Imports

user32

comctl32

kernel32

advapi32

gdi32

Sections

.text Size: 172KB - Virtual size: 171KB

.rdata Size: 76KB - Virtual size: 75KB

.data Size: 3KB - Virtual size: 12KB

.pdata Size: 9KB - Virtual size: 8KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 89KB - Virtual size: 89KB

.reloc Size: 2KB - Virtual size: 1KB

dae02f32a21e03ce65412f6e56942daa

Code Sign

06:ce:e1:31:be:6d:55:c8:07:f7:c0:c7:fb:44:e6:20Certificate

Key Usages

0a:de:32:e9:50:9b:44:aa:34:b1:da:f1:bc:0e:c8:73Certificate

Extended Key Usages

Key Usages

0c:d1:40:7a:5a:bd:ed:43:d5:c1:73:12:1d:38:c5:29Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

38:27:11:d0:35:02:fc:58:64:ae:1e:6c:cb:c5:eb:67:eb:5d:dc:c8:86:9e:e4:59:cc:0d:02:0e:5f:d1:fc:9bSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text
Size: - Virtual size: 2.5MB

.rdata
Size: - Virtual size: 557KB

.data
Size: - Virtual size: 47KB

.pdata
Size: - Virtual size: 80KB

.00cfg
Size: - Virtual size: 56B

.gxfg
Size: - Virtual size: 11KB

.tls
Size: - Virtual size: 9B

_RDATA
Size: - Virtual size: 500B

.`=o
Size: - Virtual size: 8.2MB

.y[q
Size: 3KB - Virtual size: 2KB

.7[h
Size: 15.6MB - Virtual size: 15.6MB

.reloc
Size: 512B - Virtual size: 280B

.rsrc
Size: 512B - Virtual size: 411B

33:00:00:04:13:31:bc:19:88:07:a9:07:74:00:00:00:00:04:13
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

c3:5e:ea:01:02:f6:9e:33:d1:2e:01:6b:68:03:b0:b2:56:12:81:20:0d:15:01:91:c0:bf:45:2c:4e:b4:5d:28
Signer

.text
Size: 172KB - Virtual size: 171KB

.rdata
Size: 76KB - Virtual size: 75KB

.data
Size: 3KB - Virtual size: 12KB

.pdata
Size: 9KB - Virtual size: 8KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 89KB - Virtual size: 89KB

.reloc
Size: 2KB - Virtual size: 1KB

06:ce:e1:31:be:6d:55:c8:07:f7:c0:c7:fb:44:e6:20
Certificate

0a:de:32:e9:50:9b:44:aa:34:b1:da:f1:bc:0e:c8:73
Certificate

0c:d1:40:7a:5a:bd:ed:43:d5:c1:73:12:1d:38:c5:29
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

38:27:11:d0:35:02:fc:58:64:ae:1e:6c:cb:c5:eb:67:eb:5d:dc:c8:86:9e:e4:59:cc:0d:02:0e:5f:d1:fc:9b
Signer

.text
Size: 681KB - Virtual size: 680KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B