0733fb7c8bf279c31cf1afb863bf3f80_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0733fb7c8bf279c31cf1afb863bf3f80_JaffaCakes118
Size

477KB
MD5

0733fb7c8bf279c31cf1afb863bf3f80
SHA1

0bff514e055cfd1f926544e8322fb5bb46729687
SHA256

3bd70c46ca50f11950bc6d457ba1eb857975c75aafd870bbb2ff925e3f86196d
SHA512

288edebbdfe1a4b38f0bdd3edec59e24245240b91955ba32b6bc77a9709bbe7ca9f0a027e4ca5b5a977d294b1db38c037be5ef0da1828ad25006b95b08dc6ea5
SSDEEP

6144:TJB6MlUWlPnqs7XJm7e1c0LFVv+q/z1HRdVYjsg3pXOyhOAK6UBOFC3KtM:l8MlUWlPn/dRP+01H/ILXmBD3KtM

Score

1^/10

Malware Config

Signatures

Files

0733fb7c8bf279c31cf1afb863bf3f80_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

1e52a785291843c1d9387c82405332ad

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:92:ae:b3:83:26:5c:7c:64:53:bd:92:a0:40:a0:20
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

15/02/2009, 00:00

Not After

15/02/2010, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tencent,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4c:e1:c7:ae:bb:4a:58:42:a9:36:fc:5e:1b:71:95:1e:2c:6b:20:22
Signer

Actual PE Digest

4c:e1:c7:ae:bb:4a:58:42:a9:36:fc:5e:1b:71:95:1e:2c:6b:20:22

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Download1.ShortProj_int\qqlivebuilder_TT4.7Proj_2_int\Basic_Tools_VOB\TT4.0\Output\map\FavoriteLogical.pdb

Imports

kernel32

LoadLibraryA
WinExec
IsBadReadPtr
MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
LoadLibraryW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
Sleep
GetLocaleInfoA
GetACP
InterlockedExchange
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetVersionExA
GetProcAddress
FreeLibrary
DeleteFileW
GetPrivateProfileStringW
FindFirstFileW
FindNextFileW
FindClose
lstrcpynW
WideCharToMultiByte
GetVersionExW
GetThreadLocale
SetThreadLocale
InterlockedIncrement
GetModuleFileNameW
GetModuleHandleW
InitializeCriticalSection
CreateFileW
CloseHandle
WritePrivateProfileStringW
GetTickCount
CopyFileW
CreateDirectoryW
lstrlenA
MultiByteToWideChar
GetLastError
lstrcmpiW
lstrcpyW
SetLastError
lstrlenW
CompareStringW
GetCurrentProcess
FlushInstructionCache
InterlockedDecrement
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
LeaveCriticalSection
RaiseException
EnterCriticalSection
IsDebuggerPresent

user32

UnregisterClassA
GetWindowLongW
SetWindowTextW
MoveWindow
GetClientRect
SetDlgItemTextW
GetDlgItem
SetWindowPos
MapWindowPoints
SystemParametersInfoW
GetWindowRect
GetWindow
GetParent
SetWindowLongW
GetClassInfoExW
LoadCursorW
RegisterClipboardFormatW
LoadStringW
GetSystemMetrics
DrawEdge
GetWindowDC
GetMessagePos
ClientToScreen
IsDialogMessageW
GetSysColor
GetFocus
GetCapture
ReleaseCapture
EndPaint
BeginPaint
GetCursorPos
SetCursor
DrawFocusRect
FillRect
PtInRect
SetCapture
IsWindowEnabled
InvalidateRect
UpdateWindow
DestroyWindow
SetRectEmpty
CallWindowProcW
CreateDialogParamW
DefWindowProcW
IsMenu
AppendMenuW
GetForegroundWindow
SetTimer
KillTimer
GetMessageW
TranslateMessage
DispatchMessageW
PostMessageW
LoadIconW
GetActiveWindow
GetClassNameW
OffsetRect
ReleaseDC
GetDC
CharNextW
DialogBoxParamW
DrawTextW
IsWindow
AdjustWindowRectEx
EnableWindow
IsWindowVisible
ShowWindow
ScreenToClient
GetMenu
GetWindowTextLengthW
CreateWindowExW
GetWindowTextW
MessageBoxW
LoadImageW
SetFocus
RegisterClassExW
SendMessageW
EndDialog

gdi32

CreateFontW
CreateBitmap
CreatePatternBrush
PatBlt
CreatePen
MoveToEx
LineTo
GetStockObject
CreateFontIndirectW
SelectObject
GetObjectW
DeleteDC
DeleteObject
CreateSolidBrush
SetBkColor
ExtTextOutW
SetTextColor
SetBkMode

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegEnumKeyExW
RegSetValueExW

shell32

ShellExecuteW
SHGetSpecialFolderLocation
SHGetFileInfoW
SHGetSpecialFolderPathW

ole32

CoTaskMemFree
StringFromCLSID
CoTaskMemAlloc
RegisterDragDrop
CoCreateInstance
ReleaseStgMedium
OleDuplicateData
DoDragDrop

oleaut32

SysAllocStringByteLen
VariantClear
LoadTypeLi
LoadRegTypeLi
SysFreeString
SysAllocString
SysStringLen
SysStringByteLen
VarBstrCmp
VarUI4FromStr

atl80

ord64
ord22
ord18
ord31
ord15
ord32
ord30
ord44
ord43
ord23
ord61
ord58

shlwapi

PathFileExistsW
PathIsContentTypeW
PathIsURLW
PathIsUNCW
PathAppendW

ttutilwidget

??0CTXHttpUpload@@QAE@XZ
??0CTXHttpDownload@@QAE@XZ
??0CTXHttpDownloadSink@@QAE@XZ
?BeforeRun@CTXHttpDownload@@MAEXXZ
?AfterRun@CTXHttpDownload@@MAEXXZ
?Run@CTXHttpDownload@@MAEIXZ
?MyHttpSendRequest@CTXHttpDownload@@MAEIXZ
?OnStatusCallback@CTXHttpDownload@@MAEXPAXK0K@Z
?OnProgress@CTXHttpDownload@@MAEXK@Z
?OnSupportResume@CTXHttpDownload@@MAEXH@Z
?MyHttpSendRequest@CTXHttpUpload@@MAEIXZ
?OnProgress@CTXHttpUpload@@MAEXK@Z
??1CTXHttpDownload@@UAE@XZ
??1CTXHttpUpload@@UAE@XZ
?GetGlobalData@Module@Util@@YAHHPAK@Z
?QueryInfo@CTXHttpDownload@@QAEHABVCTTStringW@@AAV2@H@Z
?AddInfo@CTXHttpDownload@@QAEHABVCTTStringW@@PBEK@Z
?AddInfo@CTXHttpDownload@@QAEHABVCTTStringW@@K@Z
?ClearRequestHeader@CTXHttpDownload@@QAEXXZ
?AddInfo@CTXHttpDownload@@QAEHABVCTTStringW@@0@Z
?Download@CTXHttpDownload@@QAEHPB_WPAU_SYSTEMTIME@@@Z
?SetRequestMethod@CTXHttpDownload@@QAEXH@Z
?UploadFile@CTXHttpUpload@@QAEHPB_W00@Z
?SetFileSizeLimit@CTXHttpUpload@@QAEXK@Z
?ResetFormData@CTXHttpUpload@@QAEXXZ
?InitDownloadTempDirectory@CTXHttpDownload@@SAXPB_W@Z
?MoveDownloadFile@CTXHttpDownload@@QAEHPB_WH@Z
?SetUIInterface@CTXHttpDownload@@QAEXPAVCTXHttpDownloadSink@@@Z
?RemoveElem@CMarkup@@QAE_NXZ
?ExecTTCmd@Module@Util@@YAHPB_WK0@Z
?SetSoSoUrlSrcInfo@Module@Util@@YAXPA_WKK@Z
?SetGlobalData@Module@Util@@YAXHK@Z
?SetItemState@?$CTreeViewCtrlT@VCWindow@ATL@@@WTL@@QAEHPAU_TREEITEM@@II@Z
?GetWindowProc@?$CWindowImplBaseT@V?$CTreeViewCtrlT@VCWindow@ATL@@@WTL@@V?$CWinTraits@$0FGAAAAAA@$0A@@ATL@@@ATL@@UAEP6GJPAUHWND__@@IIJ@ZXZ
?OnFinalMessage@?$CWindowImplBaseT@V?$CTreeViewCtrlT@VCWindow@ATL@@@WTL@@V?$CWinTraits@$0FGAAAAAA@$0A@@ATL@@@ATL@@UAEXPAUHWND__@@@Z
?ProcessWindowMessage@CMyTreeCtrl@Util@@UAEHPAUHWND__@@IIJAAJK@Z
?GetItemText@?$CTreeViewCtrlT@VCWindow@ATL@@@WTL@@QBEHPAU_TREEITEM@@AAV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@@Z
?SetItemImage@?$CTreeViewCtrlT@VCWindow@ATL@@@WTL@@QAEHPAU_TREEITEM@@HH@Z
?SetItem@?$CTreeViewCtrlT@VCWindow@ATL@@@WTL@@QAEHPAU_TREEITEM@@IPB_WHHIIJ@Z
?ItemHasChildren@?$CTreeViewCtrlT@VCWindow@ATL@@@WTL@@QBEHPAU_TREEITEM@@@Z
?GetFavIcon@Module@Util@@YAHAAPAUHICON__@@PB_W@Z
?GetTTConfigPath@Module@Util@@YAHAAVCComBSTR@ATL@@H@Z
?GetItemData@?$CTreeViewCtrlT@VCWindow@ATL@@@WTL@@QBEKPAU_TREEITEM@@@Z
?CreateTTArray@Data@Util@@YAHPAPAUIUnknown@@@Z
?SelectItem@CMyTreeCtrl@Util@@QAEHPAU_TREEITEM@@@Z
??0CMyTreeCtrl@Util@@QAE@_N@Z
??1CMyTreeCtrl@Util@@UAE@XZ
?GetQQAccount@Module@Util@@YAHAAK@Z
?GetQQAccountProgress@Module@Util@@YAXAAK@Z
?CoQueryObject@Module@Util@@YAJPA_WABU_GUID@@PAPAX@Z
?Create@?$CWindowImpl@VCMyTreeCtrl@Util@@V?$CTreeViewCtrlT@VCWindow@ATL@@@WTL@@V?$CWinTraits@$0FGAAAAAA@$0A@@ATL@@@ATL@@QAEPAUHWND__@@PAU3@V_U_RECT@2@PB_WKKV_U_MENUorID@2@PAX@Z
?SetImageList@?$CTreeViewCtrlT@VCWindow@ATL@@@WTL@@QAE?AVCImageList@2@PAU_IMAGELIST@@H@Z
?GetMainWindowHandler@Module@Util@@YAPAUHWND__@@XZ
?IsValidFileName@Module@Util@@YAHPB_W@Z
?GetValidifyFileName@Module@Util@@YAXAAVCComBSTR@ATL@@@Z
?IsURLEx@Module@Util@@YAHPB_W@Z
?GetBinPath@Module@Util@@YAHPAPA_W@Z
?GetParentDir@Module@Util@@YAHPA_WPAPA_W@Z
?TXLoadString@@YAPB_WPB_W@Z
?GetCoreCenterPtr@Module@Util@@YAPAUIUnknown@@XZ
?CreateTTData@Data@Util@@YAHPAPAUIUnknown@@@Z
??1CTXHttpDownloadSink@@UAE@XZ
?SetLastQQAccount@Module@Util@@YAXK@Z
?InsertItem@?$CTreeViewCtrlT@VCWindow@ATL@@@WTL@@QAEPAU_TREEITEM@@IPB_WHHIIJPAU3@1@Z
?SetItemData@?$CTreeViewCtrlT@VCWindow@ATL@@@WTL@@QAEHPAU_TREEITEM@@K@Z
?GetSubDoc@CMarkup@@QBE?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@XZ
?x_SetPos@CMarkup@@IAEXHHH@Z
?x_AddSubDoc@CMarkup@@IAE_NPB_W_N1@Z
?x_AddElem@CMarkup@@IAE_NPB_W0_N1@Z
?x_SetAttrib@CMarkup@@IAE_NHPB_WH@Z
?x_SetData@CMarkup@@IAE_NHPB_WH@Z
??0CMarkup@@QAE@ABV0@@Z
??4CMarkup@@QAEXABV0@@Z
?FindChildElem@CMarkup@@QAE_NPB_W@Z
?x_SetAttrib@CMarkup@@IAE_NHPB_W0@Z
?ResetChildPos@CMarkup@@QAEXXZ
?ResetMainPos@CMarkup@@QAEXXZ
?ResetPos@CMarkup@@QAEXXZ
?Save@CMarkup@@QAE_NPB_W@Z
?GetCurQQAcount@Module@Util@@YAHAAK@Z
??0CMarkup@@QAE@XZ
?Load@CMarkup@@QAE_NPB_W@Z
??1CMarkup@@UAE@XZ
?GetAttrib@CMarkup@@QBE?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@PB_W@Z
?GetData@CMarkup@@QBE?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@XZ
?IntoElem@CMarkup@@QAE_NXZ
?OutOfElem@CMarkup@@QAE_NXZ
?FindElem@CMarkup@@QAE_NPB_W@Z
?ExtractUrlFromUrlLinkFile@CShellObject@@SAJPB_WPA_WI@Z
?GetIpAddrFromDomain@Module@Util@@YAHPA_WPAPA_W@Z
?GetTTVer@Module@Util@@YAHAAG000@Z
?TT_Log@TTLogDef@@SAXW4ENUM_LOG_SERVERITY@@PB_W1ZZ
?DRGetLTHandle@DataReport@Util@@YAPAXK@Z
?DRAddWord@DataReport@Util@@YAXPAXKG@Z
?CreateDirectoryExW@Module@Util@@YAHABVCComBSTR@ATL@@@Z
?GetMenuItemIcon@Module@Util@@YAKABKH@Z

comctl32

ImageList_Create
_TrackMouseEvent
ImageList_ReplaceIcon

msvcp80

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?_Lock@_Mutex@std@@QAEXXZ
?_Unlock@_Mutex@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
?setbase@std@@YA?AU?$_Smanip@H@1@H@Z
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHPB_W@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

wininet

InternetCrackUrlW
InternetCloseHandle
HttpQueryInfoW
InternetConnectW
InternetOpenW
HttpOpenRequestW
HttpAddRequestHeadersA
HttpSendRequestW

msvcr80

fopen
_localtime64_s
?terminate@@YAXXZ
_unlock
_wcslwr_s
wcspbrk
wcsstr
wcscmp
malloc
memset
_recalloc
memmove_s
free
??_V@YAXPAX@Z
??2@YAPAXI@Z
swprintf_s
wcsncmp
wcslen
_CxxThrowException
memcpy_s
??3@YAXPAX@Z
srand
rand
_snprintf
_vscwprintf
vswprintf_s
_wtoi
vsprintf_s
_vscprintf
_ltow
memcpy
wcsrchr
strcmp
_wfopen
fwrite
fclose
atoi
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_except_handler4_common
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
strncpy_s
_beginthreadex
_wtol
isdigit
sscanf
wcsncpy
strlen
_purecall
_wcsicmp
wcschr
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@XZ
_invalid_parameter_noinfo
??0exception@std@@QAE@ABV01@@Z
calloc
strncpy
iswspace
_time64
wcscpy_s
__CxxFrameHandler3
wcsncpy_s
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__clean_type_info_names_internal
_strnicmp
memcmp

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 264KB - Virtual size: 264KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1e52a785291843c1d9387c82405332ad

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

7b:92:ae:b3:83:26:5c:7c:64:53:bd:92:a0:40:a0:20Certificate

Extended Key Usages

Key Usages

4c:e1:c7:ae:bb:4a:58:42:a9:36:fc:5e:1b:71:95:1e:2c:6b:20:22Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

atl80

shlwapi

ttutilwidget

comctl32

msvcp80

wininet

msvcr80

Exports

Exports

Sections

.text Size: 264KB - Virtual size: 264KB

.rdata Size: 86KB - Virtual size: 86KB

.data Size: 15KB - Virtual size: 16KB

.rsrc Size: 75KB - Virtual size: 75KB

.reloc Size: 32KB - Virtual size: 31KB

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

7b:92:ae:b3:83:26:5c:7c:64:53:bd:92:a0:40:a0:20
Certificate

4c:e1:c7:ae:bb:4a:58:42:a9:36:fc:5e:1b:71:95:1e:2c:6b:20:22
Signer

.text
Size: 264KB - Virtual size: 264KB

.rdata
Size: 86KB - Virtual size: 86KB

.data
Size: 15KB - Virtual size: 16KB

.rsrc
Size: 75KB - Virtual size: 75KB

.reloc
Size: 32KB - Virtual size: 31KB