0272e1cd910e40d43b2f123db668b710_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

0272e1cd910e40d43b2f123db668b710_NeikiAnalytics.exe
Size

5.2MB
MD5

0272e1cd910e40d43b2f123db668b710
SHA1

ed7b10ef1f7d637dd613bc486f8eab7046d1e7eb
SHA256

492df6f4fc4b890b577cce8dc7b96746f5b78d556946343ab85faca9174a6761
SHA512

a4072d2e20783ca119a40afa38769a455e874d9cd357ff7c8d54fca5b0b564102939c908e217779bad2b5fa2b88440b392f744246334fa39b801cd9f07a2d8ba
SSDEEP

98304:gPLJHN63ViG9QZwGScbG865Qmm1erlC4Jis9s/yZAMoGlPKq:AJt6l2bv96C1MrHiU7PNlPKq

Score

3^/10

Malware Config

Signatures

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
0272e1cd910e40d43b2f123db668b710_NeikiAnalytics.exe
unpack001/$PLUGINSDIR/ButtonEvent.dll
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/LogEx.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/UAC.dll
unpack001/$PLUGINSDIR/nsProcess.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

0272e1cd910e40d43b2f123db668b710_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 108KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ButtonEvent.dll
.dll windows:5 windows x86 arch:x86

f6b3bf118c165362ce7d90c8b59bd5eb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Program Files (x86)\NSIS\Plugins\ButtonEvent.pdb

Imports

kernel32

GlobalAlloc
lstrcmpiA
GlobalFree
lstrcpyA
lstrcpynA
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GetSystemTimeAsFileTime

user32

FindWindowExA
SetWindowLongA
GetDlgItem
PostMessageA
CallWindowProcA
wsprintfA

msvcr90

_initterm_e
_amsg_exit
_adjust_fdiv
_initterm
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_decode_pointer
_encoded_null
free
_malloc_crt
_encode_pointer
__CppXcptFilter

Exports

Exports

AddEventHandler
UnsetEventHandler
WhichButtonId

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 972B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 564B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LogEx.dll
.dll windows:4 windows x86 arch:x86

cc1698ea7adafebb0d87210da8a4f5a8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileA
CloseHandle
GlobalFree
GlobalAlloc
VirtualFree
WriteFile
ReadFile
VirtualAlloc
GetFileSize
lstrcpyA
GetCommandLineA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetCPInfo
GetACP
GetOEMCP
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
HeapFree
HeapAlloc
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
HeapReAlloc
GetProcAddress
LoadLibraryA
RtlUnwind
InterlockedDecrement
InterlockedIncrement

user32

FindWindowExA
GetDlgItem
SendMessageA
SetWindowTextA

Exports

Exports

AddFile
Close
Init
Write

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UAC.dll
.dll windows:4 windows x86 arch:x86

8cf5dbc8faf0856e6ce0e1c3a196d197

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
SetLastError
CloseHandle
GlobalFree
LocalFree
FormatMessageA
MultiByteToWideChar
GetLastError
CreateProcessA
GlobalAlloc
lstrlenA
GetVersionExA
lstrcmpiA
GetCurrentThreadId
lstrcatA
FreeLibrary
GetProcAddress
lstrcpynA
GetExitCodeProcess
WaitForSingleObject
lstrcpyA
GetCurrentProcess
GetCurrentThread
GetCurrentProcessId
Sleep
CreateThread
GetStartupInfoA
GetCommandLineA
GetPrivateProfileIntA
GetPrivateProfileStringA
LoadLibraryA
GetModuleHandleA

user32

ShowWindow
GetWindowLongA
DestroyWindow
LoadImageA
SetWindowLongA
EndDialog
MessageBoxA
SendMessageW
DialogBoxParamA
CharNextA
UnhookWindowsHookEx
CallNextHookEx
GetClassNameA
SetWindowsHookExA
SendMessageTimeoutA
WaitForInputIdle
DefWindowProcA
PostMessageA
GetLastActivePopup
PostQuitMessage
SetForegroundWindow
DispatchMessageA
GetMessageA
CreateWindowExA
RegisterClassA
UnregisterClassA
GetWindowTextA
TranslateMessage
IsDialogMessageA
PeekMessageA
MsgWaitForMultipleObjects
IsWindow
SetWindowTextA
wsprintfA
GetDlgItem
SendMessageA
LoadStringA
EnableWindow

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shell32

ShellExecuteExA

ole32

CoInitialize
CoUninitialize

Exports

Exports

Exec
ExecCodeSegment
ExecWait
GetElevationType
GetOuterHwnd
IsAdmin
RunElevated
ShellExec
ShellExecWait
StackPush
SupportsUAC
Unload

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/features.txt
.txt .rtf
$PLUGINSDIR/intro-banner.bmp
$PLUGINSDIR/intro-prod.bmp
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsProcess.dll
.dll windows:4 windows x86 arch:x86

c9fc7f6df8fedf8f8f1f9f820c072664

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
CloseHandle
TerminateProcess
OpenProcess
lstrcmpiA
WideCharToMultiByte
FreeLibrary
LocalFree
LocalAlloc
GetProcAddress
LoadLibraryA
GetVersionExA
GlobalFree
lstrcpynA
GlobalAlloc

Exports

Exports

_FindProcess
_KillProcess
_Unload

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 646B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 146B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/mystart-manifest.xml
$TEMP/mystart-toolbar.xml
$_56_/extensions/{607b689f-7600-45e4-b8e5-887f72dab15c}/manifest.xml
$_6_/$R0
.dll regsvr32 windows:5 windows x86 arch:x86

c1d2aed717cf88e5124e951a678a05f9

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

26:6f:9e:30:99:1b:0c:3e:fc:03:da:9b:8c:dd:b6:8d
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

08-05-2014 00:00

Not After

20-06-2016 23:59

Subject

CN=Visicom Media Inc.,OU=SECURE APPLICATION DEVELOPMENT,O=Visicom Media Inc.,L=Brossard,ST=Quebec,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

ab:b4:f3:fe:4f:f0:1b:80:d1:0f:4c:20:51:9c:60:40:db:a3:27:c2
Signer

Actual PE Digest

ab:b4:f3:fe:4f:f0:1b:80:d1:0f:4c:20:51:9c:60:40:db:a3:27:c2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetReadFile
HttpSendRequestW
HttpOpenRequestW
InternetConnectW
InternetCrackUrlW
InternetGetConnectedState
FindNextUrlCacheEntryA
DeleteUrlCacheEntry
FindFirstUrlCacheEntryA
InternetCloseHandle
HttpQueryInfoA
HttpQueryInfoW
FtpOpenFileW
InternetOpenW

ws2_32

inet_ntoa
gethostbyname

kernel32

lstrcmpiA
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameA
GetModuleHandleW
IsDBCSLeadByte
FreeLibrary
LoadLibraryExA
GetCurrentProcessId
FlushInstructionCache
GetCurrentProcess
ActivateActCtx
CreateActCtxA
GetVersionExA
ReleaseActCtx
DeactivateActCtx
TerminateThread
WaitForSingleObject
GetTickCount
OpenMutexA
CloseHandle
ReleaseMutex
GetCurrentThreadId
CreateThread
SetLastError
lstrcmpA
MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
CreateMutexA
WritePrivateProfileStringA
GetPrivateProfileStringA
Sleep
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
UnmapViewOfFile
LoadLibraryA
QueryPerformanceCounter
QueryPerformanceFrequency
VirtualAlloc
VirtualFree
GetVersion
IsBadCodePtr
TlsGetValue
GetEnvironmentVariableA
SetEnvironmentVariableA
SetFilePointer
SystemTimeToFileTime
GetFileAttributesA
CreateFileA
lstrlenA
GetCurrentDirectoryA
LocalFileTimeToFileTime
CreateDirectoryA
SetFileTime
WriteFile
GlobalFree
CreateProcessA
WaitForMultipleObjects
CreateEventA
SetEvent
GetSystemInfo
VirtualProtect
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
HeapSize
HeapReAlloc
HeapDestroy
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsSetValue
TlsFree
HeapCreate
ExitProcess
GetStdHandle
SetHandleCount
GetFileType
GetStartupInfoA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetModuleHandleA
GetProcAddress
GetLastError
FindResourceExA
FindResourceA
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
GetUserDefaultLCID
GetCPInfo
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
InitializeCriticalSectionAndSpinCount
InterlockedExchange
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
SetEndOfFile
LocalFree
VirtualQuery
GetSystemTimeAsFileTime
GetCommandLineA
ReadFile
CreateFileW

user32

SetWindowTextA
GetActiveWindow
SetWindowTextW
CreateAcceleratorTableA
UnhookWindowsHookEx
IsWindow
GetDesktopWindow
SetFocus
DestroyAcceleratorTable
BeginPaint
EndPaint
DestroyWindow
FillRect
ReleaseCapture
GetClassNameA
IsChild
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
GetWindowTextA
GetWindowTextLengthA
RegisterWindowMessageA
OffsetRect
ScreenToClient
ClientToScreen
DialogBoxParamA
WindowFromPoint
EndDialog
LoadIconA
GetMonitorInfoA
CallWindowProcW
GetDlgItem
IsDlgButtonChecked
CheckDlgButton
CreateWindowExA
RegisterClassExA
CharUpperBuffA
CharLowerBuffA
MapWindowPoints
SetRect
IntersectRect
EqualRect
PtInRect
GetCursorPos
MessageBoxA
GetKeyState
LoadStringA
GetSystemMetrics
CreateIcon
GetClassInfoA
UnregisterClassA
UpdateWindow
SetForegroundWindow
IsWindowVisible
SetParent
SetMenu
GetSystemMenu
DeleteMenu
SetCursorPos
SetActiveWindow
GetMessageA
GetWindowInfo
SetWindowLongW
GetWindowLongW
IsIconic
PostQuitMessage
SetTimer
SetPropA
SetWindowsHookExA
FindWindowExA
ShowWindow
KillTimer
SetWindowPos
RegisterClassA
CallNextHookEx
GetSysColor
SendMessageA
LoadCursorA
GetClassInfoExA
GetWindowRect
MoveWindow
TranslateMessage
DispatchMessageA
GetClientRect
CallWindowProcA
GetFocus
GetWindow
GetParent
PostMessageA
GetWindowLongA
SetWindowLongA
DefWindowProcA
CharNextW
CharNextA
SetWindowRgn
MonitorFromWindow
SendMessageW
GetPropA

gdi32

GetDIBits
GetBitmapBits
CreateDIBitmap
CreateDIBSection
ExtCreateRegion
CreateICA
CreateRectRgn
CreateRoundRectRgn
OffsetWindowOrgEx
SetWindowOrgEx
GetPixel
GetStockObject
GetObjectA
CreateSolidBrush
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteObject
CreateDCA
GetDeviceCaps
DeleteDC

advapi32

RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegQueryValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExW

shell32

ShellExecuteExW
SHGetFolderPathA
ShellExecuteA

ole32

StringFromGUID2
StringFromCLSID
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoUninitialize
CoCreateInstance
WriteClassStm
CoInitialize
OleSaveToStream
ReadClassStm
OleRun
CLSIDFromProgID
OleLockRunning
CoGetClassObject
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoGetObject
CoCreateGuid
CLSIDFromString

oleaut32

GetErrorInfo
GetActiveObject
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
OleCreateFontIndirect
VarBstrCmp
SysAllocStringLen
VarBstrCat
LoadRegTypeLi
SysStringByteLen
SysAllocStringByteLen
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
VariantClear
VariantChangeType
VariantCopy
VariantInit
SysAllocString
SysStringLen
SysFreeString

shlwapi

PathCanonicalizeA
SHDeleteKeyA
PathStripPathA
PathRemoveFileSpecA
SHCreateStreamOnFileA
UrlEscapeW
PathAddBackslashA

urlmon

CoInternetGetSession
URLDownloadToFileA
IsValidURL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInsert
DllRegisterServer
DllUnregisterServer
dtxh

Sections

.text
Size: 382KB - Virtual size: 381KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_6_/manifest.xml
$_6_/mystarttb.dll
.dll regsvr32 windows:5 windows x86 arch:x86

c1d2aed717cf88e5124e951a678a05f9

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

26:6f:9e:30:99:1b:0c:3e:fc:03:da:9b:8c:dd:b6:8d
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

08-05-2014 00:00

Not After

20-06-2016 23:59

Subject

CN=Visicom Media Inc.,OU=SECURE APPLICATION DEVELOPMENT,O=Visicom Media Inc.,L=Brossard,ST=Quebec,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

ab:b4:f3:fe:4f:f0:1b:80:d1:0f:4c:20:51:9c:60:40:db:a3:27:c2
Signer

Actual PE Digest

ab:b4:f3:fe:4f:f0:1b:80:d1:0f:4c:20:51:9c:60:40:db:a3:27:c2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetReadFile
HttpSendRequestW
HttpOpenRequestW
InternetConnectW
InternetCrackUrlW
InternetGetConnectedState
FindNextUrlCacheEntryA
DeleteUrlCacheEntry
FindFirstUrlCacheEntryA
InternetCloseHandle
HttpQueryInfoA
HttpQueryInfoW
FtpOpenFileW
InternetOpenW

ws2_32

inet_ntoa
gethostbyname

kernel32

lstrcmpiA
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameA
GetModuleHandleW
IsDBCSLeadByte
FreeLibrary
LoadLibraryExA
GetCurrentProcessId
FlushInstructionCache
GetCurrentProcess
ActivateActCtx
CreateActCtxA
GetVersionExA
ReleaseActCtx
DeactivateActCtx
TerminateThread
WaitForSingleObject
GetTickCount
OpenMutexA
CloseHandle
ReleaseMutex
GetCurrentThreadId
CreateThread
SetLastError
lstrcmpA
MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
CreateMutexA
WritePrivateProfileStringA
GetPrivateProfileStringA
Sleep
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
UnmapViewOfFile
LoadLibraryA
QueryPerformanceCounter
QueryPerformanceFrequency
VirtualAlloc
VirtualFree
GetVersion
IsBadCodePtr
TlsGetValue
GetEnvironmentVariableA
SetEnvironmentVariableA
SetFilePointer
SystemTimeToFileTime
GetFileAttributesA
CreateFileA
lstrlenA
GetCurrentDirectoryA
LocalFileTimeToFileTime
CreateDirectoryA
SetFileTime
WriteFile
GlobalFree
CreateProcessA
WaitForMultipleObjects
CreateEventA
SetEvent
GetSystemInfo
VirtualProtect
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
HeapSize
HeapReAlloc
HeapDestroy
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsSetValue
TlsFree
HeapCreate
ExitProcess
GetStdHandle
SetHandleCount
GetFileType
GetStartupInfoA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetModuleHandleA
GetProcAddress
GetLastError
FindResourceExA
FindResourceA
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
GetUserDefaultLCID
GetCPInfo
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
InitializeCriticalSectionAndSpinCount
InterlockedExchange
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
SetEndOfFile
LocalFree
VirtualQuery
GetSystemTimeAsFileTime
GetCommandLineA
ReadFile
CreateFileW

user32

SetWindowTextA
GetActiveWindow
SetWindowTextW
CreateAcceleratorTableA
UnhookWindowsHookEx
IsWindow
GetDesktopWindow
SetFocus
DestroyAcceleratorTable
BeginPaint
EndPaint
DestroyWindow
FillRect
ReleaseCapture
GetClassNameA
IsChild
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
GetWindowTextA
GetWindowTextLengthA
RegisterWindowMessageA
OffsetRect
ScreenToClient
ClientToScreen
DialogBoxParamA
WindowFromPoint
EndDialog
LoadIconA
GetMonitorInfoA
CallWindowProcW
GetDlgItem
IsDlgButtonChecked
CheckDlgButton
CreateWindowExA
RegisterClassExA
CharUpperBuffA
CharLowerBuffA
MapWindowPoints
SetRect
IntersectRect
EqualRect
PtInRect
GetCursorPos
MessageBoxA
GetKeyState
LoadStringA
GetSystemMetrics
CreateIcon
GetClassInfoA
UnregisterClassA
UpdateWindow
SetForegroundWindow
IsWindowVisible
SetParent
SetMenu
GetSystemMenu
DeleteMenu
SetCursorPos
SetActiveWindow
GetMessageA
GetWindowInfo
SetWindowLongW
GetWindowLongW
IsIconic
PostQuitMessage
SetTimer
SetPropA
SetWindowsHookExA
FindWindowExA
ShowWindow
KillTimer
SetWindowPos
RegisterClassA
CallNextHookEx
GetSysColor
SendMessageA
LoadCursorA
GetClassInfoExA
GetWindowRect
MoveWindow
TranslateMessage
DispatchMessageA
GetClientRect
CallWindowProcA
GetFocus
GetWindow
GetParent
PostMessageA
GetWindowLongA
SetWindowLongA
DefWindowProcA
CharNextW
CharNextA
SetWindowRgn
MonitorFromWindow
SendMessageW
GetPropA

gdi32

GetDIBits
GetBitmapBits
CreateDIBitmap
CreateDIBSection
ExtCreateRegion
CreateICA
CreateRectRgn
CreateRoundRectRgn
OffsetWindowOrgEx
SetWindowOrgEx
GetPixel
GetStockObject
GetObjectA
CreateSolidBrush
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteObject
CreateDCA
GetDeviceCaps
DeleteDC

advapi32

RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegQueryValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExW

shell32

ShellExecuteExW
SHGetFolderPathA
ShellExecuteA

ole32

StringFromGUID2
StringFromCLSID
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoUninitialize
CoCreateInstance
WriteClassStm
CoInitialize
OleSaveToStream
ReadClassStm
OleRun
CLSIDFromProgID
OleLockRunning
CoGetClassObject
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoGetObject
CoCreateGuid
CLSIDFromString

oleaut32

GetErrorInfo
GetActiveObject
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
OleCreateFontIndirect
VarBstrCmp
SysAllocStringLen
VarBstrCat
LoadRegTypeLi
SysStringByteLen
SysAllocStringByteLen
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
VariantClear
VariantChangeType
VariantCopy
VariantInit
SysAllocString
SysStringLen
SysFreeString

shlwapi

PathCanonicalizeA
SHDeleteKeyA
PathStripPathA
PathRemoveFileSpecA
SHCreateStreamOnFileA
UrlEscapeW
PathAddBackslashA

urlmon

CoInternetGetSession
URLDownloadToFileA
IsValidURL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInsert
DllRegisterServer
DllUnregisterServer
dtxh

Sections

.text
Size: 382KB - Virtual size: 381KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 108KB

.rsrc Size: 18KB - Virtual size: 18KB

f6b3bf118c165362ce7d90c8b59bd5eb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

msvcr90

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 972B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 564B

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

cc1698ea7adafebb0d87210da8a4f5a8

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 18KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 12KB

.reloc Size: 4KB - Virtual size: 3KB

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 108KB

.rsrc
Size: 18KB - Virtual size: 18KB

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 972B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 564B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 20KB - Virtual size: 18KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 12KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B

.text
Size: 12KB - Virtual size: 12KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 646B

.data
Size: - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 146B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

26:6f:9e:30:99:1b:0c:3e:fc:03:da:9b:8c:dd:b6:8d
Certificate

ab:b4:f3:fe:4f:f0:1b:80:d1:0f:4c:20:51:9c:60:40:db:a3:27:c2
Signer

.text
Size: 382KB - Virtual size: 381KB

.rdata
Size: 91KB - Virtual size: 91KB