2bb9f6d5e6d6baf177f3f10235ca0c3c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2bb9f6d5e6d6baf177f3f10235ca0c3c_JaffaCakes118
Size

623KB
MD5

2bb9f6d5e6d6baf177f3f10235ca0c3c
SHA1

f765c493cb947ac9de484d77fd0f367ccb2f7688
SHA256

040e18a04152c825dc677c6927426d6fc85e07e1b5457e43725db85a9d4a3ac0
SHA512

5bfa84fbec5085d1607eb4dfbedcd536e8cb9e825694942631a115e09626694231a2edef2cfbd19aa2c87c812c57cfdb093d4e5f8099b7247ac3c7d8f295d416
SSDEEP

12288:Ocqk4xzjSu4G8sW/rrW2Sq7iNXosZY5Ph459x2S2rMh2lELCisEYag8G6kFLaAhf:7qk4xSNG8sqwq7w4LiBbbVUjam

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/setnrd20/setnrd20.exe

Files

2bb9f6d5e6d6baf177f3f10235ca0c3c_JaffaCakes118
.zip
InstallPlay65.exe
.exe windows:4 windows x86 arch:x86

a41060a262d1ccb9fb1f5cfdd4f68390

Code Sign

31:1b:d7:df:e6:e9:eb:bb:23:6c:a8:c1:d8:45:dc:8d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/10/2009, 00:00

Not After

22/11/2012, 23:59

Subject

CN=InterLogic Ltd.,OU=Digital ID Class 3 - Microsoft VBA Software Validation v2+OU=Skill Games,O=InterLogic Ltd.,L=Carmel,ST=North,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f8:6c:0f:ea:e9:29:98:9b:7b:f1:69:57:44:a2:90:91:96:bf:95:d0
Signer

Actual PE Digest

f8:6c:0f:ea:e9:29:98:9b:7b:f1:69:57:44:a2:90:91:96:bf:95:d0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

InitCommonControlsEx

kernel32

LocalFree
SetEnvironmentVariableA
SetEndOfFile
GetLocaleInfoW
SetStdHandle
lstrlenW
MultiByteToWideChar
GetOEMCP
GetCurrentThreadId
IsBadCodePtr
IsBadReadPtr
IsValidCodePage
GetLastError
IsValidLocale
lstrcmpiA
lstrlenA
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
CloseHandle
CompareStringA
CompareStringW
WriteFile
DeleteFileA
FreeLibrary
EndUpdateResourceA
UpdateResourceA
SizeofResource
BeginUpdateResourceA
LockResource
LoadResource
FindResourceA
LoadLibraryExA
CreateDirectoryA
CreateFileA
TerminateProcess
OpenProcess
GetStringTypeA
Sleep
GetModuleFileNameA
GetTempPathA
CreateProcessA
SetLastError
GetFileType
GetFileAttributesA
VerifyVersionInfoA
GetProcAddress
GetModuleHandleA
CopyFileA
SetCurrentDirectoryA
SetHandleCount
HeapAlloc
FreeEnvironmentStringsW
GetCurrentDirectoryA
GetEnvironmentStrings
GetExitCodeProcess
WaitForSingleObject
SetFileAttributesA
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
SetFilePointer
FlushFileBuffers
SetUnhandledExceptionFilter
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
GetTickCount
QueryPerformanceCounter
IsBadWritePtr
VirtualFree
GetProcessHeap
HeapFree
GetCurrentProcess
HeapCreate
GetCPInfo
LCMapStringW
InterlockedIncrement
InterlockedDecrement
LCMapStringA
ExitThread
lstrcpynA
FlushInstructionCache
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
WideCharToMultiByte
GetVersionExA
IsDBCSLeadByte
GetTimeZoneInformation
MoveFileExA
GetCurrentProcessId
ReadFile
GetFileSize
GetThreadLocale
CreateThread
LoadLibraryA
MoveFileA
GetSystemTimeAsFileTime
Process32Next
Process32First
CreateToolhelp32Snapshot
FindClose
FindNextFileA
FindFirstFileA
GetCommandLineA
RemoveDirectoryA
GetStartupInfoA
SetEvent
ResetEvent
WaitForMultipleObjects
CreateEventA
RtlUnwind
GetLocaleInfoA
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
ExitProcess
HeapSize
HeapReAlloc
HeapDestroy
GetACP
InterlockedExchange
GetEnvironmentStringsW

user32

EnumWindows
IsWindowVisible
GetWindowThreadProcessId
CreateWindowExA
RegisterClassExA
DefWindowProcA
PostQuitMessage
UnregisterClassA
LoadCursorA
wsprintfA
GetClassInfoExA
SetWindowLongA
GetWindowLongA
PostMessageA
SetWindowTextA
MoveWindow
SetWindowPos
GetWindowRect
InvalidateRect
GetDlgItem
MessageBoxA
ShowWindow
ScreenToClient
SendMessageA
GetActiveWindow
CharNextA
DialogBoxParamA
CreateIconFromResource
GetClientRect
GetSystemMetrics
CallWindowProcA
EndDialog
DestroyWindow
GetParent
GetWindow
SystemParametersInfoA
MapWindowPoints

shell32

SHFileOperationA
ShellExecuteA
SHGetSpecialFolderPathA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc

advapi32

RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegEnumKeyExA
RegQueryInfoKeyA
GetUserNameA
RegCloseKey
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA

wininet

InternetCloseHandle
HttpQueryInfoA
InternetConnectA
InternetOpenA
InternetReadFile
InternetSetOptionA
InternetQueryOptionA
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA

ole32

CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoUninitialize
CoInitialize
CoInitializeEx
CoCreateInstance

oleaut32

VariantInit
VariantClear
SysAllocStringLen
LoadRegTypeLi
LoadTypeLi
SysFreeString
SysStringByteLen
SysAllocStringByteLen
VarUI4FromStr
SysStringLen

Sections

.text
Size: 172KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Nardy_Online.exe
.exe windows:4 windows x86 arch:x86

b82564e714c29cfaac9b3994f200ae10

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:d0:cd:25:2e:0e:c2:28:85:86:19:3f:28:bf:60:f3
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

18/02/2009, 00:00

Not After

18/02/2011, 23:59

Subject

CN=Skill on Net ltd,OU=SECURE APPLICATION DEVELOPMENT,O=Skill on Net ltd,L=Gibraltar,ST=Gibraltar,C=GI

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

f5:ac:35:31:6b:32:fd:46:ac:f4:38:c5:7c:d6:56:58:4e:62:48:da
Signer

Actual PE Digest

f5:ac:35:31:6b:32:fd:46:ac:f4:38:c5:7c:d6:56:58:4e:62:48:da

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\BG\app\release\debug\setup.pdb

Imports

wininet

InternetCloseHandle
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenUrlA
InternetReadFile
InternetOpenA

netapi32

Netbios

kernel32

FreeLibrary
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetCurrentThreadId
FreeResource
InterlockedDecrement
SetThreadPriority
EnumResourceLanguagesA
ConvertDefaultLocale
lstrcmpA
GetCurrentThread
InterlockedIncrement
LocalAlloc
GlobalReAlloc
GlobalHandle
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
FileTimeToSystemTime
SetErrorMode
FileTimeToLocalFileTime
GetFileAttributesA
GetFileTime
GlobalFlags
GetCPInfo
GetOEMCP
WritePrivateProfileStringA
lstrcatA
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
ExitProcess
RtlUnwind
GetStartupInfoA
GetCommandLineA
HeapReAlloc
ExitThread
CreateThread
HeapSize
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
QueryPerformanceCounter
SetUnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
IsBadReadPtr
IsBadCodePtr
SetStdHandle
SetEnvironmentVariableA
lstrcmpW
GetModuleHandleA
LoadLibraryA
GetProcAddress
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
lstrcpyA
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
MoveFileA
SetLastError
GlobalFree
SizeofResource
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
lstrcpynA
ResetEvent
SetEvent
CreateEventA
SuspendThread
ResumeThread
CreateProcessA
WaitForSingleObject
CreateToolhelp32Snapshot
Process32First
OpenProcess
TerminateProcess
GetCurrentProcessId
Sleep
Process32Next
GetComputerNameA
GetSystemTimeAsFileTime
GetLocalTime
FormatMessageA
LocalFree
GetCurrentDirectoryA
GetTickCount
EnterCriticalSection
LeaveCriticalSection
GetTempPathA
DeleteFileA
CreateDirectoryA
GetModuleFileNameA
CopyFileA
SetCurrentDirectoryA
GetCurrentProcess
SetPriorityClass
CreateFileA
CloseHandle
DeviceIoControl
FindResourceA
LoadResource
LockResource
DeleteCriticalSection
InitializeCriticalSection
RaiseException
CompareStringW
CompareStringA
lstrlenA
lstrcmpiA
GetVersion
GetLastError
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
HeapAlloc

user32

CharNextA
IsRectEmpty
CopyAcceleratorTableA
InvalidateRect
InvalidateRgn
SetCapture
ReleaseCapture
GetNextDlgGroupItem
MessageBeep
RegisterClipboardFormatA
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
GetDesktopWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
IsWindow
SetFocus
IsChild
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
DestroyMenu
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
GetKeyState
IsWindowVisible
GetMenu
GetSysColor
AdjustWindowRectEx
EqualRect
GetClassInfoA
RegisterClassA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetWindowLongA
SetWindowLongA
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
CopyRect
PtInRect
GetWindow
SetMenuItemBitmaps
GetFocus
GetParent
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
wsprintfA
GetMenuState
GetMenuItemID
GetMenuItemCount
LoadCursorA
GetSysColorBrush
SetWindowContextHelpId
MapDialogRect
SetCursor
GetSubMenu
GetMessageA
TranslateMessage
GetCursorPos
ValidateRect
DispatchMessageA
EndPaint
LoadIconA
EnumWindows
GetWindowThreadProcessId
LoadImageA
PostQuitMessage
SetForegroundWindow
PostThreadMessageA
MessageBoxA
UnregisterClassA
IsWindowEnabled
GetActiveWindow
SetActiveWindow
GetSystemMetrics
SetRect
EnableWindow
UpdateWindow
GetClientRect
GetWindowRect
BringWindowToTop
IsIconic
PostMessageA
SendMessageA
DrawIcon
CharUpperA

gdi32

ExtSelectClipRgn
DeleteDC
GetStockObject
SetViewportExtEx
GetBkColor
GetTextColor
CreateRectRgnIndirect
GetMapMode
GetRgnBox
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
ScaleWindowExtEx
SetWindowExtEx
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
GetDeviceCaps
CreateSolidBrush
GetWindowExtEx
GetViewportExtEx
DeleteObject
SetMapMode
RestoreDC
SaveDC
ScaleViewportExtEx

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

advapi32

RegDeleteValueA
RegQueryValueA
RegEnumKeyA
RegOpenKeyA
RegCloseKey
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA

shell32

SHBrowseForFolderA
SHGetMalloc
SHGetSpecialFolderLocation
SHFileOperationA
SHGetPathFromIDListA

comctl32

ord17

shlwapi

PathIsUNCA
PathFindExtensionA
PathStripToRootA
PathFindFileNameA

oledlg

ord8

ole32

CLSIDFromProgID
CoTaskMemAlloc
CLSIDFromString
CoTaskMemFree
CoInitialize
CoCreateInstance
CoUninitialize
CoRegisterMessageFilter
OleFlushClipboard
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
StgOpenStorageOnILockBytes
CoGetClassObject
OleIsCurrentClipboard
CoRevokeClassObject
CoFreeUnusedLibraries
OleInitialize

oleaut32

SysAllocString
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
SysAllocStringLen
VariantInit
VariantChangeType
VariantClear
SysAllocStringByteLen
SysStringLen
OleCreateFontIndirect
SysFreeString

ws2_32

WSACleanup

oleacc

CreateStdAccessibleObject
LresultFromObject

Sections

.text
Size: 196KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
setnrd20/setnrd20.exe
.exe windows:4 windows x86 arch:x86

547c94826e733fab0c2f59262339e0b1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareStringA
VirtualFree
WriteFile
VirtualAlloc
DeleteFileA
FreeLibrary
GetProcAddress
LoadLibraryA
CloseHandle
lstrcpyA
CreateFileA
lstrlenA
ReadFile
SetFilePointer
GetWindowsDirectoryA
GetSystemDirectoryA
ExitProcess
GetCurrentDirectoryA
GetTempPathA
lstrcpynA
GetModuleFileNameA
InterlockedIncrement
GetModuleHandleA

user32

LoadCursorA
SendMessageA
GetDlgItem
SetCursor
MessageBoxA
wsprintfA
ShowWindow
FindWindowA

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 842B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Shared
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a41060a262d1ccb9fb1f5cfdd4f68390

Code Sign

31:1b:d7:df:e6:e9:eb:bb:23:6c:a8:c1:d8:45:dc:8dCertificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

f8:6c:0f:ea:e9:29:98:9b:7b:f1:69:57:44:a2:90:91:96:bf:95:d0Signer

Headers

File Characteristics

Imports

comctl32

kernel32

user32

shell32

advapi32

wininet

ole32

oleaut32

Sections

.text Size: 172KB - Virtual size: 170KB

.rdata Size: 32KB - Virtual size: 29KB

.data Size: 20KB - Virtual size: 27KB

.rsrc Size: 16KB - Virtual size: 13KB

b82564e714c29cfaac9b3994f200ae10

Code Sign

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

69:d0:cd:25:2e:0e:c2:28:85:86:19:3f:28:bf:60:f3Certificate

Extended Key Usages

f5:ac:35:31:6b:32:fd:46:ac:f4:38:c5:7c:d6:56:58:4e:62:48:daSigner

Headers

File Characteristics

PDB Paths

Imports

wininet

netapi32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

ws2_32

oleacc

Sections

.text Size: 196KB - Virtual size: 192KB

.rdata Size: 56KB - Virtual size: 53KB

.data Size: 40KB - Virtual size: 60KB

.rsrc Size: 4KB - Virtual size: 3KB

547c94826e733fab0c2f59262339e0b1

Headers

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 512B - Virtual size: 8B

.data Size: 512B - Virtual size: 9KB

.idata Size: 1024B - Virtual size: 842B

31:1b:d7:df:e6:e9:eb:bb:23:6c:a8:c1:d8:45:dc:8d
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

f8:6c:0f:ea:e9:29:98:9b:7b:f1:69:57:44:a2:90:91:96:bf:95:d0
Signer

.text
Size: 172KB - Virtual size: 170KB

.rdata
Size: 32KB - Virtual size: 29KB

.data
Size: 20KB - Virtual size: 27KB

.rsrc
Size: 16KB - Virtual size: 13KB

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

69:d0:cd:25:2e:0e:c2:28:85:86:19:3f:28:bf:60:f3
Certificate

f5:ac:35:31:6b:32:fd:46:ac:f4:38:c5:7c:d6:56:58:4e:62:48:da
Signer

.text
Size: 196KB - Virtual size: 192KB

.rdata
Size: 56KB - Virtual size: 53KB

.data
Size: 40KB - Virtual size: 60KB

.rsrc
Size: 4KB - Virtual size: 3KB

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 512B - Virtual size: 8B

.data
Size: 512B - Virtual size: 9KB

.idata
Size: 1024B - Virtual size: 842B

.Shared
Size: 512B - Virtual size: 4B

.rsrc
Size: 1024B - Virtual size: 924B

.reloc
Size: 1024B - Virtual size: 536B