84b8d19ae23f7a16a810d32326ddca18_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

84b8d19ae23f7a16a810d32326ddca18_JaffaCakes118
Size

528KB
MD5

84b8d19ae23f7a16a810d32326ddca18
SHA1

e6a33265f87c00a43194f2b5e7c19ae85efba813
SHA256

1ccba7d191a8c0579fdaf32ca3bed698619b737c0dcfa82aef5f83657aa1f4ab
SHA512

094f6de07fc94705860533bd8e539ec9c1f58529c01e1988622d007ab995a8d835e21a1955a86a3d8db1bf1a08dba2216fecf4ba3fe763aa059054eba4285753
SSDEEP

6144:CI/5YnRIArkownUwS5BeEHok2DPFH6XdR+EkiH3y7tz+pWjEqqvCYL1qQ41O4Eh2:CI/qRF1i3E+DPNKT1zH36NUqYLvqEh2

Score

3^/10

Malware Config

Signatures

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/INetC.dll
unpack001/$PLUGINSDIR/LogEx.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/botva3.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$PLUGINSDIR/nsExec.dll
unpack001/$PLUGINSDIR/uidcreator.exe

Files

84b8d19ae23f7a16a810d32326ddca18_JaffaCakes118
.exe windows:5 windows x86 arch:x86

0c61ac7760f01d7870b342968bf483d3

Code Sign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/03/2019, 00:00

Not After

31/12/2028, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/01/2004, 00:00

Not After

31/12/2028, 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ac:42:42:72:07:5b:5d:76:90:fd:5f:41:fe:d2:e6:f3
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

16/07/2020, 00:00

Not After

03/12/2020, 23:59

Subject

CN=Argo Enterprise\, LLC,O=Argo Enterprise\, LLC,POSTALCODE=199155,STREET=d. 20 litera B pom. 14 per. Dekabristov,L=St. Petersburg,ST=Leningradskaya,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3e:85:b3:52:5d:38:47:c8:2b:18:cc:c4:6d:3f:89:38:7a:7d:9e:cf
Signer

Actual PE Digest

3e:85:b3:52:5d:38:47:c8:2b:18:cc:c4:6d:3f:89:38:7a:7d:9e:cf

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MoveFileW
MultiByteToWideChar
GetFileSize
GetTickCount
GetModuleFileNameW
GetCommandLineW
SetEnvironmentVariableW
GetTempPathW
SetErrorMode
GetCurrentProcess
ExitProcess
GetVersion
GetWindowsDirectoryW
CopyFileW
GetDiskFreeSpaceW
CreateThread
GlobalUnlock
GlobalLock
GetModuleHandleW
lstrlenW
WideCharToMultiByte
CreateDirectoryW
CreateFileW
GetTempFileNameW
RemoveDirectoryW
WriteFile
GetLastError
GetPrivateProfileStringW
GetExitCodeProcess
CreateProcessW
GetSystemDirectoryW
GetModuleHandleA
GetProcAddress
lstrcmpiA
lstrcpyA
lstrcatW
MoveFileExW
FreeLibrary
Sleep
CloseHandle
SetFileTime
SetFilePointer
SetFileAttributesW
ReadFile
GetShortPathNameW
GetFullPathNameW
GetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
CompareFileTime
SearchPathW
SetCurrentDirectoryW
ExpandEnvironmentStringsW
WritePrivateProfileStringW
lstrlenA
lstrcmpiW
lstrcmpW
MulDiv
GlobalFree
GlobalAlloc
WaitForSingleObject
LoadLibraryExW
lstrcpynW

user32

EndDialog
CheckDlgButton
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
IsWindowEnabled
GetSystemMetrics
GetSystemMenu
CreatePopupMenu
EnableMenuItem
AppendMenuW
TrackPopupMenu
GetWindowRect
SetCursor
ScreenToClient
GetSysColor
GetWindowLongW
SetClassLongW
DialogBoxParamW
SystemParametersInfoW
wsprintfA
DispatchMessageW
PeekMessageW
SetDlgItemTextW
GetDlgItemTextW
CharNextA
CharPrevW
MessageBoxIndirectW
CharNextW
ExitWindowsEx
SetWindowTextW
SetTimer
CreateDialogParamW
DestroyWindow
LoadImageW
FindWindowExW
SetWindowLongW
InvalidateRect
IsWindowVisible
SetWindowPos
CreateWindowExW
GetClassInfoW
RegisterClassW
CallWindowProcW
LoadCursorW
GetDC
SetForegroundWindow
EnableWindow
GetDlgItem
ShowWindow
IsWindow
PostQuitMessage
SendMessageTimeoutW
SendMessageW
wsprintfW
FillRect
GetClientRect
EndPaint
BeginPaint
DrawTextW
DefWindowProcW
GetMessagePos
ReleaseDC

gdi32

CreateBrushIndirect
DeleteObject
SelectObject
SetBkMode
SetTextColor
GetDeviceCaps
SetBkColor
CreateFontIndirectW

shell32

ShellExecuteExW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

AdjustTokenPrivileges
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyW
RegEnumValueW
RegQueryValueExW
RegSetValueExW
OpenProcessToken
RegOpenKeyExW
LookupPrivilegeValueW
SetFileSecurityW
RegCreateKeyExW

comctl32

ImageList_AddMasked
ord17
ImageList_Create
ImageList_Destroy

ole32

IIDFromString
CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 140KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 142KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/INetC.dll
.dll windows:5 windows x86 arch:x86

2c10f6f3e9eaa15d70f14c96e757b2e2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

FtpCreateDirectoryW
FtpOpenFileW
InternetGetLastResponseInfoW
InternetSetFilePointer
InternetSetOptionW
InternetQueryOptionW
HttpAddRequestHeadersA
InternetCloseHandle
InternetErrorDlg
HttpOpenRequestW
HttpAddRequestHeadersW
HttpEndRequestW
InternetConnectW
InternetCrackUrlW
InternetOpenW
HttpQueryInfoW
HttpSendRequestExW
HttpSendRequestW
InternetWriteFile
InternetReadFile

comctl32

ord17

shlwapi

UrlCombineW

kernel32

GlobalFree
WideCharToMultiByte
lstrlenA
CreateFileA
GlobalAlloc
WaitForSingleObject
TerminateThread
MultiByteToWideChar
GetModuleHandleW
MulDiv
lstrcmpiW
CreateFileW
GetFileSize
CloseHandle
CreateThread
GetTickCount
SetFilePointer
GetProcAddress
LoadLibraryA
lstrlenW
WriteFile
ReadFile
lstrcatW
LocalFree
lstrcpyW
LocalAlloc
lstrcmpW
lstrcpynW
GetLastError
DeleteFileW
SleepEx

user32

wsprintfA
FindWindowExW
CreateDialogParamW
EnableWindow
IsWindowVisible
IsDialogMessageW
GetMessageW
TranslateMessage
DispatchMessageW
RedrawWindow
KillTimer
DestroyWindow
UpdateWindow
LoadIconW
SetTimer
wsprintfW
IsWindow
MessageBoxW
GetParent
ShowWindow
SetWindowLongW
GetWindowLongW
SetWindowTextW
SendDlgItemMessageW
GetDlgItem
PostMessageW
GetWindowTextW
SendMessageW
SetDlgItemTextW
SetWindowPos
SystemParametersInfoW
GetClientRect
GetWindowRect

gdi32

SetBkColor
DeleteObject
SetTextColor
CreateSolidBrush

Exports

Exports

get
head
post
put

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 212KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LogEx.dll
.dll windows:4 windows x86 arch:x86

549d7b44067bbcdf42bf6a90a80a3a9e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WriteFile
CreateFileW
CloseHandle
GlobalFree
GlobalAlloc
VirtualFree
ReadFile
VirtualAlloc
GetFileSize
lstrcpyW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineA
GetVersion
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
ExitProcess
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
HeapFree
HeapAlloc
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
HeapReAlloc
GetProcAddress
LoadLibraryA
RtlUnwind
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
InterlockedDecrement
InterlockedIncrement

user32

FindWindowExW
GetDlgItem
SendMessageW
SetWindowTextW

Exports

Exports

AddFile
Close
Init
Write

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:6 windows x86 arch:x86

4f33ea844b96a31c8f4690530ba63854

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalSize
GlobalFree
lstrcpynW
lstrcpyW
GetLastError
VirtualAlloc
VirtualProtect
VirtualFree
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryW
lstrlenW
MultiByteToWideChar
WideCharToMultiByte

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 926B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/bg.png
.png
$PLUGINSDIR/botva3.dll
.dll windows:5 windows x86 arch:x86

383145efeee8575b5a5f6047fb85203c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetModuleFileNameW
GetLastError
GlobalAlloc
GetACP
CompareStringW
LocalFree
CloseHandle
TlsAlloc
WideCharToMultiByte
GetTickCount
MultiByteToWideChar
LoadLibraryW
LoadLibraryA
GetVersion
VirtualFree
RaiseException
GetStartupInfoW
ExitProcess
GetFileAttributesW
SwitchToThread
InitializeCriticalSection
VirtualAlloc
WriteFile
RtlUnwind
GetSystemInfo
GetCommandLineW
GetProcAddress
DeleteCriticalSection
TlsGetValue
GetStdHandle
GetVersionExW
TlsSetValue
GetModuleHandleW
FreeLibrary
LocalAlloc
GetCurrentThreadId
UnhandledExceptionFilter
TlsFree
VirtualQuery
GlobalFree
lstrcpynW
SetThreadLocale
Sleep

user32

MoveWindow
CreateWindowExW
UnionRect
DrawTextW
MapWindowPoints
CallWindowProcW
DestroyCursor
SetWindowLongW
PostMessageW
MessageBoxW
SetWindowTextW
SetRectEmpty
UpdateLayeredWindow
UpdateWindow
BeginPaint
GetClientRect
OffsetRect
IsWindowVisible
GetAncestor
GetDlgItem
IntersectRect
GetCursorPos
SendMessageW
IsWindow
SetRect
IsRectEmpty
ShowWindow
CharUpperW
InvalidateRect
SystemParametersInfoW
GetWindowRect
GetWindowLongW
CopyRect
GetWindowTextW
ScreenToClient
EnableWindow
IsWindowEnabled
EnumChildWindows
GetDC
SetCursor
ReleaseCapture
LoadCursorW
GetCapture
SetCapture
EndPaint
ReleaseDC
TrackMouseEvent

oleaut32

SysFreeString
SysReAllocStringLen

gdi32

SetBkMode
GetObjectW
CreateCompatibleBitmap
GetDIBits
CreateDIBSection
ExtCreateRegion
GetStockObject
GetPixel
SetTextColor
SelectObject
DeleteObject
DeleteDC
BitBlt
CreateCompatibleDC

Exports

Exports

BtnCreate_
BtnGetChecked_
BtnGetEnabled_
BtnGetPosition_
BtnGetText_
BtnGetVisibility_
BtnRefresh_
BtnSetChecked_
BtnSetCursor_
BtnSetEnabled_
BtnSetEvent_
BtnSetFontColor_
BtnSetFont_
BtnSetPosition_
BtnSetTextAlignment_
BtnSetText_
BtnSetVisibility_
CheckBoxCreate_
CheckBoxGetChecked_
CheckBoxGetEnabled_
CheckBoxGetPosition_
CheckBoxGetVisibility_
CheckBoxRefresh_
CheckBoxSetChecked_
CheckBoxSetCursor_
CheckBoxSetEnabled_
CheckBoxSetEvent_
CheckBoxSetFontColor_
CheckBoxSetFont_
CheckBoxSetPosition_
CheckBoxSetText_
CheckBoxSetVisibility_
CreateBitmapRgn_
CreateFormFromImage_
GetMinimizeAnimation_
GetSysCursorHandle_
ImgApplyChanges_
ImgGetPosition_
ImgGetTransparent_
ImgGetVisibility_
ImgGetVisiblePart_
ImgLoad_
ImgRelease_
ImgSetPosition_
ImgSetTransparent_
ImgSetVisibility_
ImgSetVisiblePart_
ReplaceOldBtn_
SetMinimizeAnimation_
TestUnicode_
__dbk_fcall_wrapper
dbkFCallWrapperAddr
gdipShutdown_

Sections

.text
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 512B - Virtual size: 340B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 13KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 512B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 69B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/btn.png
.png
$PLUGINSDIR/cb.png
.png
$PLUGINSDIR/downloader.exe
.exe windows:5 windows x86 arch:x86

a05d88650e5594db2afe874ec2674b55

Code Sign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:0f:f6:46:2b:63:d5:5a:fb:aa:81:f9:c7:34:a7:aa:94
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

25/09/2015, 10:44

Not After

25/09/2017, 10:44

Subject

CN=YANDEX LLC,O=YANDEX LLC,L=Moscow,ST=Moscow,C=RU,1.2.840.113549.1.9.1=#0c12706b694079616e6465782d7465616d2e7275

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:37:e8
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

02/08/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:b9:06:4e:5f:57:13:dc:c7:34:91:3c:8d:e9:3b:98:fc
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

10/11/2015, 15:46

Not After

10/11/2017, 15:46

Subject

CN=YANDEX LLC,OU=YANDEX LLC,O=YANDEX LLC,L=Moscow,ST=Moscow,C=RU,1.2.840.113549.1.9.1=#0c12706b694079616e6465782d7465616d2e7275

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:ed:90:18:ca:a9:27:b7:62:6c:52:6b:90:6d:93:f5:67
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode advanced - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

ec:f2:44:e1:a0:43:09:79:2d:1f:b6:20:46:f3:44:4c:79:41:38:a3:3c:ca:39:0a:2f:8b:d1:3e:d7:56:69:cc
Signer

Actual PE Digest

ec:f2:44:e1:a0:43:09:79:2d:1f:b6:20:46:f3:44:4c:79:41:38:a3:3c:ca:39:0a:2f:8b:d1:3e:d7:56:69:cc

Digest Algorithm

sha256

PE Digest Matches

true

98:46:38:18:c7:2d:b7:b3:d6:ae:48:04:ad:a5:bb:3e:6b:90:1e:0e
Signer

Actual PE Digest

98:46:38:18:c7:2d:b7:b3:d6:ae:48:04:ad:a5:bb:3e:6b:90:1e:0e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\BuildAgent\work\a197c1fa8a223363\downloader\Release\downloader.pdb

Imports

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

secur32

LsaFreeReturnBuffer
LsaGetLogonSessionData
LsaEnumerateLogonSessions

kernel32

GetCurrentProcess
SetHandleInformation
WaitForSingleObject
Sleep
GetVersionExW
GetExitCodeProcess
GetLastError
CloseHandle
GetCurrentProcessId
HeapAlloc
HeapFree
InterlockedDecrement
GetProcessHeap
WideCharToMultiByte
GetModuleFileNameW
MultiByteToWideChar
DuplicateHandle
WriteConsoleW
SetFilePointerEx
SetStdHandle
CreateProcessW
GetCommandLineW
CreateFileW
HeapReAlloc
GetConsoleMode
HeapSize
OutputDebugStringW
CompareStringW
LoadLibraryExW
SetEnvironmentVariableW
GetStringTypeW
GetConsoleCP
SetEndOfFile
ReadConsoleW
ReadFile
SetLastError
WriteFile
FlushFileBuffers
GetProcAddress
GetModuleHandleExW
ExitProcess
FreeEnvironmentStringsW
LCMapStringW
QueryPerformanceCounter
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetEnvironmentStringsW
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentThreadId
lstrlenA
LocalFree
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW

user32

CharLowerW
wsprintfW

advapi32

ConvertSidToStringSidW
GetLengthSid
LsaNtStatusToWinError
RegOpenKeyExW
RegQueryValueExW
CopySid
GetTokenInformation
OpenProcessToken
RegCloseKey

shell32

ShellExecuteExW
SHCreateDirectoryExW

ole32

CoInitialize
CoUninitialize
CoCreateInstance
OleRun

oleaut32

SysFreeString
VariantInit
VariantClear
GetErrorInfo
SysAllocString

urlmon

URLOpenBlockingStreamW

wintrust

WinVerifyTrust

ws2_32

send
freeaddrinfo
socket
WSACleanup
shutdown
htons
WSAGetLastError
getaddrinfo
htonl
WSAStartup
connect
closesocket
recv

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

Sections

.text
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsDialogs.dll
.dll windows:6 windows x86 arch:x86

78632eb768f749a1e233abbe73be60bc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenW
HeapAlloc
HeapReAlloc
HeapFree
lstrcmpiW
MulDiv
GlobalFree
lstrcpynW
GetFileAttributesW
GetCurrentDirectoryW
GlobalAlloc
lstrcpyW
GetProcessHeap
SetCurrentDirectoryW

user32

CreateWindowExW
IsWindow
DestroyWindow
MapDialogRect
SetWindowPos
CreateDialogParamW
GetDlgItem
SetTimer
KillTimer
DrawTextW
SetPropW
GetPropW
RemovePropW
CallWindowProcW
GetWindowRect
SetCursor
MapWindowPoints
GetSysColor
DrawFocusRect
GetWindowLongW
SetWindowLongW
LoadCursorW
IsDialogMessageW
wsprintfW
GetClientRect
CharPrevW
CharNextW
DispatchMessageW
TranslateMessage
GetWindowTextW
SendMessageW
GetMessageW
ShowWindow

gdi32

SetTextColor

shell32

SHGetPathFromIDListW
SHBrowseForFolderW

comdlg32

GetOpenFileNameW
GetSaveFileNameW
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsExec.dll
.dll windows:6 windows x86 arch:x86

c108c14619ccd3eab472cc6194df7ac9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ReadFile
CloseHandle
CreatePipe
PeekNamedPipe
WaitForSingleObject
Sleep
GetCurrentProcess
ExitProcess
TerminateProcess
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
GetVersion
GetTickCount
CreateFileMappingW
MapViewOfFile
GetTempFileNameW
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalReAlloc
GlobalFree
lstrcmpiW
lstrcpynW
lstrcpyA
lstrcpyW
lstrcatW
lstrlenW
CopyFileW
MultiByteToWideChar
IsDBCSLeadByteEx
DeleteFileW
CreateFileW
UnmapViewOfFile
GetCommandLineW

user32

FindWindowExW
CharNextW
SendMessageW
wsprintfW
CharNextExA
CharPrevW

advapi32

SetSecurityDescriptorDacl
IsTextUnicode
InitializeSecurityDescriptor

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/uidcreator.exe
.exe windows:6 windows x86 arch:x86

f1b22aa7af4d775e089fe1f69b62e96f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\users\tmilovanov\documents\visual studio 2015\Projects\uidcreator\Release\uidcreator.pdb

Imports

msvcp140

?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?widen@?$ctype@_W@std@@QBE_WD@Z
??Bid@locale@std@@QAEIXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?_Xlength_error@std@@YAXPBD@Z
?_BADOFF@std@@3_JB
?_Xout_of_range@std@@YAXPBD@Z
?id@?$ctype@_W@std@@2V0locale@2@A
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?_Xbad_alloc@std@@YAXXZ
?uncaught_exception@std@@YA_NXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??0_Lockit@std@@QAE@H@Z
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1_Lockit@std@@QAE@XZ

rpcrt4

RpcStringFreeW
UuidCreate
UuidToStringW

vcruntime140

__CxxFrameHandler3
__std_terminate
_CxxThrowException
memmove
__std_exception_destroy
memset
_except_handler4_common
__std_exception_copy
memcpy

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__stdio_common_vsprintf
__p__commode

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_register_onexit_function
_cexit
__p___argv
terminate
__p___argc
_invalid_parameter_noinfo_noreturn
_c_exit
_crt_atexit
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
_register_thread_local_exe_atexit_callback
_set_app_type
_seh_filter_exe
_controlfp_s
_exit

api-ms-win-crt-heap-l1-1-0

malloc
free
_callnewh
_set_new_mode

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

kernel32

UnhandledExceptionFilter
GetModuleHandleW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0c61ac7760f01d7870b342968bf483d3

Code Sign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

01Certificate

Key Usages

ac:42:42:72:07:5b:5d:76:90:fd:5f:41:fe:d2:e6:f3Certificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

3e:85:b3:52:5d:38:47:c8:2b:18:cc:c4:6d:3f:89:38:7a:7d:9e:cfSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 170KB

.ndata Size: - Virtual size: 140KB

.rsrc Size: 142KB - Virtual size: 141KB

2c10f6f3e9eaa15d70f14c96e757b2e2

Headers

DLL Characteristics

File Characteristics

Imports

wininet

comctl32

shlwapi

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 13KB - Virtual size: 13KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 22KB

.rsrc Size: 212KB - Virtual size: 212KB

.reloc Size: 3KB - Virtual size: 2KB

549d7b44067bbcdf42bf6a90a80a3a9e

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 17KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 12KB

.reloc Size: 4KB - Virtual size: 3KB

4f33ea844b96a31c8f4690530ba63854

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

01
Certificate

ac:42:42:72:07:5b:5d:76:90:fd:5f:41:fe:d2:e6:f3
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

3e:85:b3:52:5d:38:47:c8:2b:18:cc:c4:6d:3f:89:38:7a:7d:9e:cf
Signer

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 170KB

.ndata
Size: - Virtual size: 140KB

.rsrc
Size: 142KB - Virtual size: 141KB

.text
Size: 13KB - Virtual size: 13KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 22KB

.rsrc
Size: 212KB - Virtual size: 212KB

.reloc
Size: 3KB - Virtual size: 2KB

.text
Size: 20KB - Virtual size: 17KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 12KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 1024B - Virtual size: 926B

.data
Size: 512B - Virtual size: 68B

.reloc
Size: 512B - Virtual size: 488B

.text
Size: 73KB - Virtual size: 73KB

.itext
Size: 512B - Virtual size: 340B

.data
Size: 2KB - Virtual size: 2KB

.bss
Size: - Virtual size: 13KB

.idata
Size: 3KB - Virtual size: 2KB

.didata
Size: 512B - Virtual size: 292B

.edata
Size: 1KB - Virtual size: 1KB

.rdata
Size: 512B - Virtual size: 69B

.reloc
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 1024B - Virtual size: 1024B

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

11:21:0f:f6:46:2b:63:d5:5a:fb:aa:81:f9:c7:34:a7:aa:94
Certificate

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

04:00:00:00:00:01:31:89:c6:37:e8
Certificate

11:21:b9:06:4e:5f:57:13:dc:c7:34:91:3c:8d:e9:3b:98:fc
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

11:21:ed:90:18:ca:a9:27:b7:62:6c:52:6b:90:6d:93:f5:67
Certificate

ec:f2:44:e1:a0:43:09:79:2d:1f:b6:20:46:f3:44:4c:79:41:38:a3:3c:ca:39:0a:2f:8b:d1:3e:d7:56:69:cc
Signer

98:46:38:18:c7:2d:b7:b3:d6:ae:48:04:ad:a5:bb:3e:6b:90:1e:0e
Signer