3769a60d479817e27007e15fb5951a42_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3769a60d479817e27007e15fb5951a42_JaffaCakes118
Size

453KB
MD5

3769a60d479817e27007e15fb5951a42
SHA1

3e36986f7dd323a063fd89c7f9f451d809b49759
SHA256

738f4bce4607318adf576f5f6192a265f234a3e594b2e0efba3050b9ca6a57d6
SHA512

606c2cc7965634010099b65477e535b07ce657551806cb0c0577b7e63ea7da12df87b6846e2f3e75e0d70b30cf11bd1a997f77d3caa04d0764e9b863b16fcb8b
SSDEEP

12288:Mur7Q8pygX4p7OmuFuB54B0CbS5G62+i0urkjXtuwE+Ajv0HmDWJe0DeYusPpSYD:Mur7Q8pygX4pymuFuB54SCbX63i0urkt

Score

1^/10

Malware Config

Signatures

Files

3769a60d479817e27007e15fb5951a42_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

5c104cfdd6ed6e43e3564c2556d0edbc

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/01/2010, 00:00

Not After

25/01/2013, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a9:6b:96:98:3a:ab:1d:ef:ac:66:6d:c9:60:8f:f5:b9:36:d9:a0:42
Signer

Actual PE Digest

a9:6b:96:98:3a:ab:1d:ef:ac:66:6d:c9:60:8f:f5:b9:36:d9:a0:42

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\系统修复\Basic\Output\BinFinal\QMScriptApi.pdb

Imports

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

ws2_32

htons
htonl
ntohl
ntohs

shlwapi

PathFindFileNameW
PathStripToRootW
SHGetValueW
StrStrIW
StrCpyNW
PathGetArgsW
PathRemoveFileSpecW
PathAppendW
UrlGetPartW
PathFileExistsW
wnsprintfW
PathAddBackslashW

kernel32

SetErrorMode
GetStartupInfoW
WritePrivateProfileStringA
WritePrivateProfileStringW
GetFileAttributesW
CreateProcessW
MoveFileExW
SetFileAttributesW
WriteFile
CreateEventW
GetCurrentProcess
RemoveDirectoryW
OpenProcess
CloseHandle
LocalFree
ExpandEnvironmentStringsW
GetCurrentThread
CreateToolhelp32Snapshot
LoadLibraryW
Process32FirstW
GetWindowsDirectoryW
GetProcAddress
Process32NextW
GetLogicalDrives
FreeLibrary
GetDriveTypeW
GetModuleHandleW
SetEvent
ResetEvent
GetTickCount
WaitForSingleObject
GetFileSize
ReadFile
lstrlenA
DeleteFileW
lstrcatW
IsBadWritePtr
lstrcpynA
GetVersionExW
FindNextFileW
WaitForMultipleObjects
GetLogicalDriveStringsW
Module32FirstW
Module32NextW
DeviceIoControl
HeapFree
GetProcessHeap
HeapAlloc
Sleep
GetCurrentThreadId
TerminateThread
IsBadReadPtr
lstrcpynW
GetSystemInfo
ReleaseMutex
CreateMutexW
DuplicateHandle
UnmapViewOfFile
InitializeCriticalSectionAndSpinCount
WideCharToMultiByte
OpenFileMappingA
MapViewOfFileEx
InterlockedExchange
ChangeTimerQueueTimer
FormatMessageA
SwitchToThread
DeleteTimerQueueTimer
InterlockedCompareExchange
GetLocalTime
OpenFileMappingW
OpenEventW
MapViewOfFile
GetCurrentDirectoryW
GetCurrentProcessId
VirtualQuery
GetSystemDefaultLangID
LoadLibraryA
HeapDestroy
GetVersionExA
GetLocaleInfoA
GetACP
GetStdHandle
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapSize
HeapReAlloc
InterlockedIncrement
InterlockedDecrement
GetThreadLocale
SetThreadLocale
lstrlenW
RaiseException
GetLastError
GetModuleFileNameW
InitializeCriticalSection
MultiByteToWideChar
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetSystemDirectoryW
GetSystemDefaultLCID
GetLocaleInfoW
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
SetFilePointer
GetFileAttributesExW
FindFirstFileW
CopyFileW
GetFileSizeEx
GetPrivateProfileStringW
CreateFileW
SetLastError
CreateFileMappingA
FindClose
CreatePipe

user32

FindWindowA
SendMessageTimeoutW
UnregisterClassA
CharNextW
MessageBoxW

advapi32

RegOpenKeyW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExW
GetAclInformation
AddAce
InitializeAcl
LookupAccountSidW
GetUserNameW
IsValidSid
OpenThreadToken
GetLengthSid
OpenProcessToken
SetNamedSecurityInfoW
LookupAccountNameW
DuplicateTokenEx
GetNamedSecurityInfoW
SetTokenInformation
CopySid
ConvertStringSidToSidW
GetAce
CreateProcessAsUserW
RegQueryValueExW
RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW

shell32

SHGetFolderPathW
SHCreateDirectoryExW
SHGetSpecialFolderPathW
ShellExecuteW
SHGetPathFromIDListW

ole32

CoUninitialize
CoTaskMemFree
CoLoadLibrary
CoFreeLibrary
CLSIDFromProgID
CoGetInterfaceAndReleaseStream
CoFreeUnusedLibrariesEx
CoCreateGuid
CoInitializeEx
CoInitialize
CoCreateInstance
StringFromGUID2
StgCreateDocfile
CoMarshalInterThreadInterfaceInStream
StgIsStorageFile
StgOpenStorage

oleaut32

VariantClear
SafeArrayUnlock
SafeArrayLock
SafeArrayCopy
SafeArrayGetVartype
SafeArrayDestroy
SafeArrayCreate
SafeArrayGetUBound
SafeArrayGetLBound
VariantChangeType
SysStringLen
RegisterTypeLi
LoadTypeLi
SysAllocString
SysAllocStringLen
SysFreeString
UnRegisterTypeLi
VarCmp
VariantCopy
SysAllocStringByteLen
VariantInit

iphlpapi

GetIpForwardTable

psapi

GetModuleFileNameExW

msvcp80

?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?find_last_not_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?find_first_not_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?find_first_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
?copy@?$char_traits@D@std@@SAPADPADPBDI@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
?copy@?$char_traits@_W@std@@SAPA_WPA_WPB_WI@Z
?compare@?$char_traits@_W@std@@SAHPB_W0I@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@V32@@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?uncaught_exception@std@@YA_NXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@@Z
??$?6DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?compare@?$char_traits@D@std@@SAHPBD0I@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z

userenv

UnloadUserProfile

msvcr80

wcstol
iswdigit
_wcsicmp
malloc
wcsncat_s
strstr
strchr
??2@YAPAXI@Z
free
wcsncpy_s
wcscat_s
wcscpy_s
??_V@YAXPAX@Z
_vscwprintf
vswprintf_s
memcpy_s
memmove_s
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
_invalid_parameter_noinfo
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@XZ
_time64
_localtime64_s
wcschr
wcsstr
memmove
fwrite
fflush
fclose
fopen
fseek
rename
_localtime64
_vsnwprintf_s
_beginthreadex
tolower
_wtoi
strncpy_s
srand
rand
_getpid
_wsplitpath_s
_snwscanf
_snwprintf_s
_snprintf_s
memcpy
_wcsnicmp
vsprintf_s
wcsncmp
_vscprintf
strncmp
isprint
isspace
strtoul
_mbsstr
_mbschr
_mbslwr_s
_wstat64
_wmkdir
isalnum
_unlink
wcsrchr
_mbscmp
_CxxThrowException
_vsnprintf
strrchr
_memicmp
setlocale
_wfopen_s
fread
wcsncpy
swscanf_s
memset
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
?_name_internal_method@type_info@@QBEPBDPAU__type_info_node@@@Z
__clean_type_info_names_internal
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__CxxFrameHandler3
iswspace
realloc
calloc
??3@YAXPAX@Z
_purecall
_wcslwr_s

wintrust

CryptCATAdminCalcHashFromFileHandle
CryptCATAdminEnumCatalogFromHash
CryptCATCatalogInfoFromContext
WinVerifyTrust
CryptCATAdminAcquireContext
CryptCATAdminReleaseContext

netapi32

NetApiBufferFree
NetWkstaTransportEnum
Netbios

Exports

Exports

??4_Init_locks@std@@QAEAAV01@ABV01@@Z
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 316KB - Virtual size: 315KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5c104cfdd6ed6e43e3564c2556d0edbc

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0Certificate

Extended Key Usages

Key Usages

a9:6b:96:98:3a:ab:1d:ef:ac:66:6d:c9:60:8f:f5:b9:36:d9:a0:42Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

ws2_32

shlwapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

iphlpapi

psapi

msvcp80

userenv

msvcr80

wintrust

netapi32

Exports

Exports

Sections

.text Size: 316KB - Virtual size: 315KB

.rdata Size: 84KB - Virtual size: 82KB

.data Size: 12KB - Virtual size: 13KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 28KB - Virtual size: 27KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

a9:6b:96:98:3a:ab:1d:ef:ac:66:6d:c9:60:8f:f5:b9:36:d9:a0:42
Signer

.text
Size: 316KB - Virtual size: 315KB

.rdata
Size: 84KB - Virtual size: 82KB

.data
Size: 12KB - Virtual size: 13KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 28KB - Virtual size: 27KB