7071dc95c67ab733e0e3b2971cb200c6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

7071dc95c67ab733e0e3b2971cb200c6_JaffaCakes118
Size

6.5MB
MD5

7071dc95c67ab733e0e3b2971cb200c6
SHA1

99748e0272a266194f52086271f071259f7563fb
SHA256

71e4d49d24ee8d9acc3e692af54d6bf59dcbe8b9ae1357deb7c0945a96b827e8
SHA512

6827e57044b2d7d6ec6ad75dfd5675dee30f7959b1d48c14d47df43fbfab5c6f2023cb45aa5a5e1d50bd9406ca292e1f476218c489d217eb2ec4260a88b62c39
SSDEEP

98304:dSzcqSmGghSyW0k+yGyxoAJ2GYiwpaoIidrymLL0ovzXnZuUK:dcSmhWc+oAJ2GsaoLdvrnZuT

Score

1^/10

Malware Config

Signatures

Files

7071dc95c67ab733e0e3b2971cb200c6_JaffaCakes118
.exe windows:5 windows x86 arch:x86

aba87f7b250fad301c46997845376e8e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

37:6e:fb:51:f1:79:57:2c:f4:cc:42:99:8c:ae:2c:e5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

05/06/2018, 00:00

Not After

20/07/2019, 23:59

Subject

CN=EnigmaSoft Limited,O=EnigmaSoft Limited,L=Dublin 2,ST=Dublin 2,C=IE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

34:29:bd:e1:9c:17:12:05:36:20:7d:b9:31:5c:73:ad
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

20/07/2017, 00:00

Not After

19/07/2020, 23:59

Subject

SERIALNUMBER=597114,CN=EnigmaSoft Limited,O=EnigmaSoft Limited,L=Dublin 2,ST=Dublin 2,C=IE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13084475626c696e2032,1.3.6.1.4.1.311.60.2.1.2=#13084475626c696e2032,1.3.6.1.4.1.311.60.2.1.3=#13024945

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0e:1a:9c:e4:b9:c7:37:8a:28:f9:1a:21:44:66:4c:8c:eb:80:73:bb:fd:cd:f3:3e:95:4d:e2:5e:c5:5d:a4:fa
Signer

Actual PE Digest

0e:1a:9c:e4:b9:c7:37:8a:28:f9:1a:21:44:66:4c:8c:eb:80:73:bb:fd:cd:f3:3e:95:4d:e2:5e:c5:5d:a4:fa

Digest Algorithm

sha256

PE Digest Matches

true

c4:68:8c:c5:df:d0:cc:f3:8c:98:19:0c:2e:c0:cb:7a:dd:76:6f:40
Signer

Actual PE Digest

c4:68:8c:c5:df:d0:cc:f3:8c:98:19:0c:2e:c0:cb:7a:dd:76:6f:40

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\GIT\esginstaller\_Builds\Release\Win32-sh5\Installer-sh5.pdb

Imports

gdiplus

GdiplusStartup
GdiplusShutdown
GdipImageRotateFlip
GdipCreateBitmapFromResource
GdipCreateBitmapFromStream
GdipCreateHBITMAPFromBitmap
GdipSetImageAttributesColorMatrix
GdipSetImageAttributesColorKeys
GdipAddPathArcI
GdipCloneImage
GdipDeleteBrush
GdipAlloc
GdipCreateBitmapFromHBITMAP
GdipDisposeImageAttributes
GdipDisposeImage
GdipResetPath
GdipSetPenDashStyle
GdipSetPixelOffsetMode
GdipClosePathFigure
GdipCreateTextureIAI
GdipCreateImageAttributes
GdipFree
GdipDrawPath
GdipSetImageAttributesWrapMode
GdipGetImageGraphicsContext
GdipFillRectangleI
GdipDeletePen
GdipDrawImagePointRectI
GdipCreateBitmapFromScan0
GdipCreatePen1
GdipDrawImageRectRectI
GdipGetImageHeight
GdipDeleteGraphics
GdipDeleteRegion
GdipGetClip
GdipCreateFromHDC
GdipSetInfinite
GdipSetClipRegion
GdipCreateRegion
GdipCreatePath
GdipDeletePath
GdipCombineRegionPath
GdipSetSmoothingMode
GdipGetImageWidth

kernel32

GetDriveTypeW
QueryDosDeviceW
FindFirstVolumeW
lstrlenW
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
FindVolumeClose
GetVolumePathNamesForVolumeNameW
FindNextVolumeW
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
SetFilePointerEx
MoveFileW
GetTimeFormatW
GetDateFormatW
LockResource
GetLogicalDrives
SetFilePointer
GetVolumeNameForVolumeMountPointW
DefineDosDeviceW
SetVolumeMountPointW
DeleteVolumeMountPointW
lstrcpynW
FreeResource
UnmapViewOfFile
GetFileSize
CreateFileMappingW
MapViewOfFile
FlushFileBuffers
SetStdHandle
EnumSystemLocalesW
IsValidLocale
GetFullPathNameW
GetCurrentDirectoryW
lstrcpyW
HeapSize
GetConsoleCP
GetACP
GetCommandLineW
GetCommandLineA
ExitProcess
SetConsoleCtrlHandler
FreeLibraryAndExitThread
ExitThread
CreateThread
SystemTimeToTzSpecificLocalTime
WriteConsoleW
GetModuleFileNameA
RtlUnwind
GetStringTypeExA
LCMapStringA
GetStringTypeExW
QueryPerformanceFrequency
CreateWaitableTimerA
ResumeThread
SetWaitableTimer
OpenEventA
WaitForMultipleObjectsEx
ReleaseSemaphore
LoadLibraryExA
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
OutputDebugStringW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
UnhandledExceptionFilter
ResetEvent
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
CreateEventW
EncodePointer
GetStringTypeW
CreateProcessW
GetComputerNameW
GetSystemInfo
HeapReAlloc
lstrcatW
GetCurrentThread
GetLogicalDriveStringsW
LocalAlloc
CreatePipe
SetHandleInformation
GetVolumeInformationW
MulDiv
CopyFileW
DeviceIoControl
ExpandEnvironmentStringsW
GetLongPathNameW
CreateDirectoryW
GetSystemTime
FindNextFileW
FindFirstFileW
FindClose
ConvertThreadToFiber
ConvertFiberToThread
LoadLibraryA
CreateFiber
DeleteFiber
SwitchToFiber
FormatMessageW
QueryPerformanceCounter
GetModuleHandleExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
WideCharToMultiByte
GetEnvironmentVariableW
GetFileType
PeekNamedPipe
WaitForMultipleObjects
GetStdHandle
ExpandEnvironmentStringsA
VerifyVersionInfoW
VerSetConditionMask
GetSystemDirectoryW
FormatMessageA
InitializeCriticalSection
SleepEx
LocalFree
OpenMutexW
OpenProcess
TerminateProcess
SystemTimeToFileTime
FileTimeToSystemTime
GetVersionExW
SetUnhandledExceptionFilter
LoadLibraryExW
SetDllDirectoryW
InterlockedIncrement
GetModuleHandleW
LoadResource
MultiByteToWideChar
GetModuleFileNameW
InterlockedDecrement
SizeofResource
EnumResourceNamesW
GetSystemTimeAsFileTime
GetCurrentProcessId
CreateMutexW
GetExitCodeProcess
WaitForSingleObject
SetFileAttributesW
RemoveDirectoryW
WriteFile
GetFileSizeEx
ReadFile
GetFileAttributesW
GetLocalTime
LoadLibraryW
GetUserDefaultLCID
HeapAlloc
FindResourceW
CreateProcessA
lstrcmpiW
GetTickCount
CreateSemaphoreA
GetProcessHeap
GetProcAddress
WaitForSingleObjectEx
GetModuleHandleA
DuplicateHandle
HeapFree
Sleep
CreateFileW
FreeLibrary
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetCurrentProcess
DeleteCriticalSection
DecodePointer
RaiseException
CloseHandle
SetEvent
InitializeCriticalSectionAndSpinCount
CreateEventA
GetLastError
DeleteFileW
MoveFileExW
GetFileAttributesExW
GetTimeZoneInformation
SetEnvironmentVariableA
SetEnvironmentVariableW
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEndOfFile
GetTempPathW

user32

SetWindowRgn
ExitWindowsEx
GetMessageExtraInfo
wsprintfW
GetUserObjectInformationW
GetProcessWindowStation
FindWindowExW
GetWindowTextLengthW
GetMenuItemInfoW
AllowSetForegroundWindow
MonitorFromPoint
GetMenuItemCount
LoadStringA
LockSetForegroundWindow
MessageBeep
CreatePopupMenu
GetActiveWindow
IsDialogMessageW
DestroyMenu
BringWindowToTop
TranslateAcceleratorW
LoadIconW
TrackPopupMenuEx
RemoveMenu
AppendMenuW
PostQuitMessage
DialogBoxParamW
GetMessageW
LoadMenuW
ScreenToClient
UpdateLayeredWindow
ShowCaret
GetWindow
EndPaint
BeginPaint
PtInRect
GetParent
EnableWindow
GetClientRect
SetWindowLongW
SetCursor
LoadCursorW
IsClipboardFormatAvailable
SetClipboardData
InsertMenuW
DestroyCaret
GetClipboardData
CreateCaret
EmptyClipboard
CloseClipboard
ClientToScreen
OpenClipboard
SetCaretPos
TrackPopupMenu
HideCaret
MessageBoxW
GetSystemMetrics
LoadAcceleratorsW
LoadStringW
EndDialog
GetWindowInfo
GetMonitorInfoW
MapWindowPoints
EnumWindows
GetWindowDC
SetWindowTextW
MonitorFromWindow
MoveWindow
InvalidateRect
GetDC
GetClassInfoW
DispatchMessageW
PeekMessageW
RegisterClassW
CharNextW
TranslateMessage
UpdateWindow
SetForegroundWindow
LoadImageW
ReleaseDC
GetFocus
RegisterClassExW
GetCapture
KillTimer
SetTimer
GetDlgItem
IsCharAlphaNumericA
SetActiveWindow
GetKeyState
TrackMouseEvent
IsWindowEnabled
SetFocus
SetCapture
SetRect
GetClassInfoExW
ReleaseCapture
GetCursorPos
InflateRect
IsZoomed
DrawTextW
IsIconic
CreateWindowExW
GetWindowLongW
DefWindowProcW
AdjustWindowRectEx
CallWindowProcW
PostMessageW
GetWindowRect
DestroyWindow
IsWindowVisible
SetWindowPos
EnumChildWindows
SendMessageW
UnregisterClassW
ShowWindow
IsWindow
OffsetRect
RedrawWindow

gdi32

CreateSolidBrush
IntersectClipRect
SelectClipRgn
Rectangle
CreatePen
SetTextAlign
GetTextColor
ExtTextOutW
CombineRgn
SetStretchBltMode
MoveToEx
SetTextColor
ExtCreatePen
LineTo
GetTextExtentPoint32W
CreateRectRgn
GetDIBits
CreateFontW
SetBrushOrgEx
GetDeviceCaps
GetBkColor
GetTextMetricsW
TextOutW
SetBkMode
BitBlt
CreateCompatibleBitmap
SaveDC
SelectObject
CreateCompatibleDC
DeleteDC
SetViewportOrgEx
ExcludeClipRect
RestoreDC
DeleteObject
GetObjectW
ExtSelectClipRgn
SetBkColor

advapi32

CryptDestroyKey
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegCloseKey
RegQueryInfoKeyW
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
GetLengthSid
GetTokenInformation
RegEnumValueW
RegSaveKeyExW
LookupPrivilegeValueW
AdjustTokenPrivileges
AccessCheck
CloseServiceHandle
OpenSCManagerW
AllocateAndInitializeSid
ControlService
IsValidSecurityDescriptor
FreeSid
DuplicateToken
ConvertSidToStringSidW
OpenServiceW
GetUserNameW
OpenThreadToken
QueryServiceStatusEx
SetSecurityDescriptorGroup
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
InitializeAcl
OpenProcessToken
GetNamedSecurityInfoW
SetNamedSecurityInfoW
SetEntriesInAclW
GetExplicitEntriesFromAclW
RegQueryValueExW
AddAccessAllowedAce
InitializeSecurityDescriptor
RegSetKeySecurity
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl

shell32

SHParseDisplayName
SHOpenFolderAndSelectItems
ShellExecuteW
ShellExecuteExW

ole32

CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemRealloc
CoInitializeEx
CreateStreamOnHGlobal
CoTaskMemAlloc
CoTaskMemFree

oleaut32

VarUI4FromStr
VariantClear
SysAllocString
SysFreeString
VariantInit

comctl32

ord413
ord412
ord410

usp10

ScriptString_pLogAttr
ScriptStringGetOrder
ScriptStringOut
ScriptStringXtoCP
ScriptStringCPtoX
ScriptString_pSize
ScriptStringAnalyse
ScriptStringGetLogicalWidths
ScriptStringFree
ScriptString_pcOutChars

crypt32

CertDuplicateCertificateContext
CertCloseStore
CertOpenStore
CertFreeCertificateContext
CertGetCertificateContextProperty
CertEnumCertificatesInStore
CertFindCertificateInStore
CertOpenSystemStoreW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

shlwapi

StrCmpNIW
StrCmpIW
ord1

psapi

GetModuleFileNameExW
GetProcessImageFileNameW
EnumProcessModules

ws2_32

closesocket
WSASetLastError
getpeername
getsockname
socket
ntohs
connect
WSAIoctl
htons
setsockopt
send
recv
WSAGetLastError
WSACleanup
WSAStartup
bind
select
ioctlsocket
__WSAFDIsSet
freeaddrinfo
getaddrinfo
sendto
recvfrom
listen
accept
gethostname
getnameinfo
getsockopt
shutdown

Sections

.text
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 826KB - Virtual size: 825KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 99KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 220KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aba87f7b250fad301c46997845376e8e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

37:6e:fb:51:f1:79:57:2c:f4:cc:42:99:8c:ae:2c:e5Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49Certificate

Extended Key Usages

Key Usages

34:29:bd:e1:9c:17:12:05:36:20:7d:b9:31:5c:73:adCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

0e:1a:9c:e4:b9:c7:37:8a:28:f9:1a:21:44:66:4c:8c:eb:80:73:bb:fd:cd:f3:3e:95:4d:e2:5e:c5:5d:a4:faSigner

c4:68:8c:c5:df:d0:cc:f3:8c:98:19:0c:2e:c0:cb:7a:dd:76:6f:40Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

gdiplus

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

usp10

crypt32

version

shlwapi

psapi

ws2_32

Sections

.text Size: 4.1MB - Virtual size: 4.1MB

.rdata Size: 826KB - Virtual size: 825KB

.data Size: 99KB - Virtual size: 149KB

.gfids Size: 1KB - Virtual size: 1KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1.3MB - Virtual size: 1.3MB

.reloc Size: 220KB - Virtual size: 220KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

37:6e:fb:51:f1:79:57:2c:f4:cc:42:99:8c:ae:2c:e5
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

34:29:bd:e1:9c:17:12:05:36:20:7d:b9:31:5c:73:ad
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

0e:1a:9c:e4:b9:c7:37:8a:28:f9:1a:21:44:66:4c:8c:eb:80:73:bb:fd:cd:f3:3e:95:4d:e2:5e:c5:5d:a4:fa
Signer

c4:68:8c:c5:df:d0:cc:f3:8c:98:19:0c:2e:c0:cb:7a:dd:76:6f:40
Signer

.text
Size: 4.1MB - Virtual size: 4.1MB

.rdata
Size: 826KB - Virtual size: 825KB

.data
Size: 99KB - Virtual size: 149KB

.gfids
Size: 1KB - Virtual size: 1KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 220KB - Virtual size: 220KB