63cb6a598151d9799914e1721cbf3972_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

63cb6a598151d9799914e1721cbf3972_JaffaCakes118
Size

190KB
MD5

63cb6a598151d9799914e1721cbf3972
SHA1

ef2b22fa938e5e26c3986648dc77dacfa1727cdf
SHA256

64342e4f94acf12f26aac7eb0a027b9427ab0a67e77f9b2b7afad5f3c05b5704
SHA512

f1316cdd8c141e5d64bcd538d9e8dc0b45eed3016d3ee3506c1cfdebd74568b85e910f179c48ff12375da76ba0c5c1ba89698ac857fae47cf0dffb8f975f23f6
SSDEEP

3072:vr5x3K3Sr3y4rrtj7mrZZ2CDelNZcxG87+rFrBCpGZWFh4AipLNOmOlSjkNenBWs:vr5x3Kir3y4rrtj7mrZZ2CiY78XoApLx

Score

1^/10

Malware Config

Signatures

Files

63cb6a598151d9799914e1721cbf3972_JaffaCakes118
.exe windows:5 windows x86 arch:x86

4fb24c7e4b89274fc047a221201ddf32

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

44:51:ad:37:17:cf:a2:23:71:ff:bc:07:df:13:e6:5d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17-10-2013 00:00

Not After

15-11-2016 23:59

Subject

CN=VMware\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=VMware\, Inc.,L=Palo Alto,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:09:33:2b:5b:d4:3e:ec:66:83:35:d7:7a:33:18:28:2b:e1:d0:3e
Signer

Actual PE Digest

4c:09:33:2b:5b:d4:3e:ec:66:83:35:d7:7a:33:18:28:2b:e1:d0:3e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\build\ob\bora-3770994\bora\build\build\unity-helper\release\win32\vmware-unity-helper.pdb

Imports

msvcr90

__RTDynamicCast
__argc
__wargv
wcscpy_s
??_U@YAPAXI@Z
vswprintf_s
?terminate@@YAXXZ
??2@YAPAXI@Z
__CxxFrameHandler3
_recalloc
wcsncpy_s
memcpy_s
malloc
_CxxThrowException
??0exception@std@@QAE@XZ
??3@YAXPAX@Z
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
??8type_info@@QBE_NABV0@@Z
??1exception@std@@UAE@XZ
memmove_s
??0exception@std@@QAE@ABV01@@Z
wcsstr
free
atoi
??_V@YAXPAX@Z
memset
_purecall
swprintf_s
_vscwprintf
_controlfp_s
_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
_invalid_parameter_noinfo
_except_handler4_common

msvcp90

?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?_Lock@_Mutex@std@@QAEXXZ
?_Unlock@_Mutex@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?eof@?$char_traits@D@std@@SAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?length@?$char_traits@D@std@@SAIPBD@Z
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?allocate@?$allocator@_W@std@@QAEPA_WI@Z
?deallocate@?$allocator@_W@std@@QAEXPA_WI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

sigc-2.0

??4connection@sigc@@QAEAAU01@ABU01@@Z
?notify@slot_rep@internal@sigc@@SAPAXPAX@Z
?remove_destroy_notify_callback@trackable@sigc@@QBEXPAX@Z
?connect@signal_base@sigc@@IAE?AV?$_Iterator@$00@?$list@Vslot_base@sigc@@V?$allocator@Vslot_base@sigc@@@std@@@std@@ABVslot_base@2@@Z
??0slot_base@sigc@@QAE@XZ
??1signal_exec@internal@sigc@@QAE@XZ
??1slot_rep@internal@sigc@@QAE@XZ
??1slot_base@sigc@@QAE@XZ
??1trackable@sigc@@QAE@XZ
??0slot_base@sigc@@QAE@PAUslot_rep@internal@1@@Z
?notify_callbacks@trackable@sigc@@QAEXXZ
??1connection@sigc@@QAE@XZ
??0connection@sigc@@QAE@XZ
?blocked@slot_base@sigc@@QBE_NXZ
?empty@slot_base@sigc@@QBE_NXZ
??Rslot_do_bind@internal@sigc@@QBEXPBUtrackable@2@@Z
??Rslot_do_unbind@internal@sigc@@QBEXPBUtrackable@2@@Z
??0signal_exec@internal@sigc@@QAE@PBUsignal_impl@12@@Z
??1signal_base@sigc@@QAE@XZ
??0signal_base@sigc@@QAE@XZ
?add_destroy_notify_callback@trackable@sigc@@QBEXPAXP6APAX0@Z@Z
??0slot_base@sigc@@QAE@ABV01@@Z
??0slot_do_unbind@internal@sigc@@QAE@PAUslot_rep@12@@Z
??0slot_do_bind@internal@sigc@@QAE@PAUslot_rep@12@@Z
??0slot_rep@internal@sigc@@QAE@P6APAXPAX@Z11@Z
??3slot_rep@internal@sigc@@SAXPAX@Z
?disconnect@connection@sigc@@QAEXXZ
?empty@connection@sigc@@QBE_NXZ
??2slot_rep@internal@sigc@@SAPAXI@Z
??0trackable@sigc@@QAE@XZ

kernel32

HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
InterlockedCompareExchange
InterlockedExchange
WaitForSingleObject
Sleep
ReleaseMutex
WaitForMultipleObjects
GetExitCodeProcess
OpenMutexW
CreateEventW
LoadLibraryW
OutputDebugStringW
CreateMutexW
GetComputerNameW
lstrcpynW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
SetLastError
lstrcmpiW
GetModuleHandleW
GetProcAddress
InterlockedDecrement
InterlockedIncrement
lstrlenW
GetCurrentProcess
FlushInstructionCache
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
MulDiv
GetVersion
GetTickCount
GetCurrentThreadId
VerSetConditionMask
VerifyVersionInfoW
GetModuleFileNameW
CreateProcessW
CloseHandle
GetLastError
HeapSize

shell32

SHAppBarMessage

advapi32

RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

user32

ShowWindow
IsWindowVisible
SetTimer
KillTimer
IsWindow
GetSystemMetrics
UnhookWindowsHookEx
UnregisterHotKey
RegisterHotKey
MonitorFromRect
AttachThreadInput
SetForegroundWindow
GetWindowThreadProcessId
GetForegroundWindow
GetWindowLongW
FindWindowExW
DestroyWindow
MonitorFromPoint
FindWindowW
DefWindowProcW
CallNextHookEx
GetCursorPos
SendInput
SetWindowsHookExW
GetMonitorInfoW
PtInRect
SetFocus
SetWindowLongW
CallWindowProcW
ReleaseDC
GetDC
GetWindowRect
GetAncestor
GetClassInfoExW
LoadCursorW
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
CharNextW
RegisterClassExW
CreateWindowExW
SendMessageW
InflateRect
OffsetRect
GetClientRect
RedrawWindow
IsChild
GetDlgItem
IsDialogMessageW
SystemParametersInfoW
DrawFrameControl
DrawFocusRect
DrawTextW
GetSysColor
GetDlgCtrlID
GetFocus
AllowSetForegroundWindow
FillRect
GetWindowDC
GetClassLongW
UnregisterClassA
SetWindowPos
PostMessageW
CopyRect
IntersectRect
MonitorFromWindow
SetRectEmpty
PostQuitMessage
AnimateWindow

dwmapi

DwmGetColorizationColor

vmwarebase

Preference_Init
Poll_InitDefault
VThreadBase_SetName
Dictionary_Free
Dictionary_Create
Dict_SetString
Dict_SetLong
W32Util_EnableSafePathSearching
Log_CfgInterface
Log_SetProductInfo
Log_InitWithFileInt
Panic
Log_Exit
ProductState_GetCompilationOption
Unicode_Init
ProductState_GetBuildNumberString
ProductState_GetVersion
ProductState_GetName
Log
ProductState_IsProduct
Warning
Util_GetCanonicalPath

vmwarecui

?GetConnectionState@Connection@ipc@cui@@QBE?AW4ConnectionState@123@XZ
??1Dispatch@ipc@cui@@UAE@XZ
?SetControl@Dispatch@ipc@cui@@QAEXPAVControl@23@@Z
??0Control@ipc@cui@@QAE@PAVConnection@12@@Z
??0Dispatch@ipc@cui@@QAE@XZ
??1Control@ipc@cui@@UAE@XZ
?SendCommand@Dispatch@ipc@cui@@QAEXVstring@utf@@V?$deque@Vstring@utf@@V?$allocator@Vstring@utf@@@std@@@std@@H@Z
?COMMAND_ID_GHI_LAUNCH@UnityHelper@ipc@cui@@2Vstring@utf@@B
??0Color@cui@@QAE@ABVstring@utf@@@Z
?COMMAND_ID_SHOW_APPS_MENU@UnityHelper@ipc@cui@@2Vstring@utf@@B
?Format@cui@@YA?AVstring@utf@@PBDZZ
?ReceiveMessage@Dispatch@ipc@cui@@QAEXHV?$deque@Vstring@utf@@V?$allocator@Vstring@utf@@@std@@@std@@V?$slot@XV?$deque@Vstring@utf@@V?$allocator@Vstring@utf@@@std@@@std@@Unil@sigc@@U34@U34@U34@U34@U34@@sigc@@@Z
?GetControl@Dispatch@ipc@cui@@QBEPAVControl@23@XZ
?COMMAND_ID_LAUNCH_MENU_HOTKEY_CHANGED@UnityHelper@ipc@cui@@2Vstring@utf@@B
?COMMAND_ID_MENU_CLOSED@UnityHelper@ipc@cui@@2Vstring@utf@@B
?COMMAND_ID_HIDE_APPS_BUTTON@UnityHelper@ipc@cui@@2Vstring@utf@@B
?COMMAND_ID_SHOW_APPS_BUTTON@UnityHelper@ipc@cui@@2Vstring@utf@@B
?COMMAND_ID_SET_UNITY_ACTIVE@UnityHelper@ipc@cui@@2Vstring@utf@@B
?COMMAND_ID_UPDATE_VM_INFO@UnityHelper@ipc@cui@@2Vstring@utf@@B
?COMMAND_ID_OPEN_VM_FAILED@UnityHelper@ipc@cui@@2Vstring@utf@@B
??1DestroyNotifier@cui@@MAE@XZ
?SetConnectionState@Connection@ipc@cui@@IAEXW4ConnectionState@123@@Z
??0Error@cui@@QAE@ABVstring@utf@@@Z
??1Error@cui@@UAE@XZ
?GetConnection@Control@ipc@cui@@QBEPAVConnection@23@XZ
??0Connection@ipc@cui@@QAE@XZ
??1Connection@ipc@cui@@UAE@XZ
?FromMKSBitfield@Modifiers@cui@@SA?AU12@I@Z
??9Color@cui@@QBE_NABV01@@Z
??0Color@cui@@QAE@EEEE@Z
?COMMAND_ID_ADD_VM@UnityHelper@ipc@cui@@2Vstring@utf@@B
?COMMAND_ID_REMOVE_VM@UnityHelper@ipc@cui@@2Vstring@utf@@B

vmwarestring

??0string@utf@@QAE@ABVubstr_t@@@Z
??0string@utf@@QAE@ABV01@@Z
??1string@utf@@QAE@XZ
?c_str@string@utf@@QBEPBDXZ
??8string@utf@@QBE_NABV01@@Z
??0string@utf@@QAE@PBD@Z
??Mstring@utf@@QBE_NABV01@@Z
??4string@utf@@QAEAAV01@V01@@Z
??9string@utf@@QBE_NABV01@@Z
?CreateWritableBuffer@utf@@YAXABVstring@1@AAV?$vector@_WV?$allocator@_W@std@@@std@@@Z
??0string@utf@@QAE@XZ
?empty@string@utf@@QBE_NXZ
??0string@utf@@QAE@PB_W@Z
?w_str@string@utf@@QBEPB_WXZ
??0string@utf@@QAE@ABV_bstr_t@@@Z
?swap@string@utf@@QAEXAAV12@@Z

vmwarewui

?CreateServerConnection@ipc@wui@@YAPAV?$CComObjectNoLockCreator@VServerConnectionImpl@ipc@wui@@@12@XZ
??1TrackableWindow@wui@@MAE@XZ
??_7TrackableWindow@wui@@6B@
?VmwGetDpiForMonitor@@YAJPAUHMONITOR__@@AAI@Z
?LookUpExecPath@unityHelperXml@wui@@YA_NABVstring@utf@@AAV34@@Z
?LookUpVmxPath@unityHelperXml@wui@@YA_NABVstring@utf@@AAV34@@Z
?Succeeded@CInitGdiplus@wui@@QBE_NXZ
??1CInitGdiplus@wui@@QAE@XZ
??0CInitGdiplus@wui@@QAE@_N@Z
??1UnityMgr@wui@@UAE@XZ
??1VMUnityMgr@wui@@UAE@XZ
?GetMoniker@util@wui@@YAJABVstring@utf@@PAPAUIMoniker@@@Z
?ScheduleCallback@wui@@YA?AUconnection@sigc@@V?$slot@XUnil@sigc@@U12@U12@U12@U12@U12@U12@@3@I@Z
??1VM@wui@@MAE@XZ

ole32

CoTaskMemAlloc
CreateBindCtx
CoCreateGuid
StringFromGUID2
CoInitialize
CoUninitialize
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc

oleaut32

SysAllocStringByteLen
VarUI4FromStr
SysStringByteLen
VariantInit
VariantChangeType
VariantClear
SysAllocString
VariantCopy
SysFreeString

shlwapi

PathAppendW
AssocQueryStringW
PathRemoveFileSpecW

gdi32

DeleteObject
GetDeviceCaps
SaveDC
RestoreDC
CreateBitmap
CreateDIBSection
CreateCompatibleDC
SelectObject
CreateCompatibleBitmap
CreateFontIndirectW
SetBkColor
SetBkMode
SetTextColor
BitBlt
ExtTextOutW
GetObjectA
DeleteDC
ExcludeClipRect
CreateRectRgnIndirect
CombineRgn
GetTextMetricsW

uxtheme

OpenThemeData
CloseThemeData
IsCompositionActive
GetThemeInt
DrawThemeBackground

gdiplus

GdipDeleteStringFormat
GdipDeleteBrush
GdipFree
GdipAlloc
GdipCreatePen1
GdipCreatePen2
GdipDeletePen
GdipCreateStringFormat
GdipDeleteGraphics
GdipDeleteFont
GdipCreateSolidFill
GdipCreateLineBrushFromRect
GdipSetStringFormatFlags
GdipSetStringFormatLineAlign
GdipSetStringFormatHotkeyPrefix
GdipSetStringFormatTrimming
GdipCreateFromHDC
GdipGetDC
GdipReleaseDC
GdipDrawRectangle
GdipFillRectangle
GdipFillPolygonI
GdipDrawString
GdipMeasureString
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipCloneBrush

Exports

Exports

??4CGuestLaunchMenu@wui@@QAEAAV01@ABV01@@Z
??_DUnityMgr@wui@@QAEXXZ
??_DVM@wui@@IAEXXZ
??_DVMUnityMgr@wui@@QAEXXZ
?CreateClientConnection@ipc@wui@@YAPAV?$CComObjectNoLockCreator@VClientConnectionImpl@ipc@wui@@@12@XZ
?GetLaunchMenu@VMUnityMgr@wui@@QAEAAVCGuestLaunchMenu@2@XZ
?GetUnityWindowZOrder@UnityMgr@wui@@QBEABV?$vector@PAUHWND__@@V?$allocator@PAUHWND__@@@std@@@std@@XZ
?GetVM@VMUnityMgr@wui@@QBEPAVVM@2@XZ
?GetWatchingForAlwaysAboveWindows@UnityMgr@wui@@QBE_NXZ
?ShowError@UnityMgr@wui@@MAEXABVstring@utf@@@Z
?ShowWarning@UnityMgr@wui@@MAEXABVstring@utf@@@Z

Sections

.text
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4fb24c7e4b89274fc047a221201ddf32

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

44:51:ad:37:17:cf:a2:23:71:ff:bc:07:df:13:e6:5dCertificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

4c:09:33:2b:5b:d4:3e:ec:66:83:35:d7:7a:33:18:28:2b:e1:d0:3eSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcr90

msvcp90

sigc-2.0

kernel32

shell32

advapi32

user32

dwmapi

vmwarebase

vmwarecui

vmwarestring

vmwarewui

ole32

oleaut32

shlwapi

gdi32

uxtheme

gdiplus

Exports

Exports

Sections

.text Size: 117KB - Virtual size: 116KB

.rdata Size: 44KB - Virtual size: 43KB

.data Size: 3KB - Virtual size: 4KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 14KB - Virtual size: 14KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

44:51:ad:37:17:cf:a2:23:71:ff:bc:07:df:13:e6:5d
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

4c:09:33:2b:5b:d4:3e:ec:66:83:35:d7:7a:33:18:28:2b:e1:d0:3e
Signer

.text
Size: 117KB - Virtual size: 116KB

.rdata
Size: 44KB - Virtual size: 43KB

.data
Size: 3KB - Virtual size: 4KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 14KB - Virtual size: 14KB