3e79a56b40e3b768bdbc846605f62075_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3e79a56b40e3b768bdbc846605f62075_JaffaCakes118
Size

202KB
MD5

3e79a56b40e3b768bdbc846605f62075
SHA1

707238ff43e1f9620f5fae124a1063424a8ce5bd
SHA256

c62c935d6b97b3b3a86f410deecee2fd3c5085d62ad1afcaf906fd9c7ea3b610
SHA512

32cec5b68ade276c98c21f324db9fcac7d7203f2241b5e38ef41db1950c48402f6d98d99bb05812b787c583e85ff2e4b10c4da66314e54248202fce022b4f9b3
SSDEEP

1536:Rfa7kS9P7Lxt4FvOsq3TmLOONHxJgY6xGV5Lmk7pOPf2IjhF1Jai8RyAQIVztHXN:07kS9P7LxqVXJgAVBmktcOaEi8QLjijX

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/UAC.dll
unpack001/$PLUGINSDIR/httpget.dll
unpack001/$PLUGINSDIR/img.dll
unpack001/$PLUGINSDIR/nsisFile.dll
unpack001/$PLUGINSDIR/nsisXML.dll
unpack001/out.upx

NSIS installer 1 IoCs

installer

resource	yara_rule
static1/unpack001/out.upx	nsis_installer_2

Files

3e79a56b40e3b768bdbc846605f62075_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

02:b6:70:45:fa:04:7d:17:1c:e0:3f:a0:67:ed:43:35
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/05/2012, 00:00

Not After

23/05/2013, 23:59

Subject

CN=Destiny Media,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Destiny Media,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ed:e7:75:5b:03:a4:e8:b0:ac:cf:82:f8:99:af:0c:78:06:b0:cc:bd
Signer

Actual PE Digest

ed:e7:75:5b:03:a4:e8:b0:ac:cf:82:f8:99:af:0c:78:06:b0:cc:bd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 376KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 114KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UAC.dll
.dll windows:4 windows x86 arch:x86

51cc377db2a9db8d63bafd8fe8dffb97

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetLastError
GetProcAddress
GetVersionExA
lstrcmpiA
GetCurrentThreadId
GetCommandLineA
UnmapViewOfFile
WaitForSingleObject
GetCurrentProcessId
SetEvent
lstrlenA
SetCurrentDirectoryA
MapViewOfFile
Sleep
OpenProcess
GetExitCodeProcess
GetModuleHandleA
GetExitCodeThread
CreateThread
CreateFileMappingA
CreateEventA
GlobalAlloc
CreateProcessA
GetLastError
MultiByteToWideChar
FormatMessageA
LocalFree
GlobalFree
CloseHandle
GetModuleFileNameA
lstrcatA
GetPrivateProfileIntA
GetPrivateProfileStringA
DuplicateHandle
LoadLibraryA

user32

GetClassNameA
SetWindowsHookExA
DispatchMessageA
TranslateMessage
IsDialogMessageA
PeekMessageA
MsgWaitForMultipleObjects
DefWindowProcA
SetForegroundWindow
PostMessageA
CreateWindowExA
GetWindowThreadProcessId
CallWindowProcA
SetWindowPos
GetWindowRect
UnhookWindowsHookEx
GetClientRect
FindWindowExA
LoadIconA
CreateDialogParamA
IsWindowVisible
CallNextHookEx
CharNextA
DialogBoxParamA
SendMessageW
MessageBoxA
EndDialog
LoadImageA
DestroyWindow
GetWindowLongA
EnableWindow
ShowWindow
wsprintfA
GetDlgItem
SendMessageA
LoadStringA
SetWindowLongA

advapi32

GetUserNameA
OpenSCManagerA
GetTokenInformation
CloseServiceHandle
OpenProcessToken
FreeSid
EqualSid
AllocateAndInitializeSid
OpenThreadToken
AdjustTokenPrivileges
LookupPrivilegeValueA
QueryServiceStatus
OpenServiceA

shell32

ShellExecuteExA

ole32

CoInitialize

Exports

Exports

_

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 964B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/httpget.dll
.dll windows:4 windows x86 arch:x86

eb42b4b67227f576aef6a2e83ac8ef5e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_adjust_fdiv
sprintf
malloc
_initterm
free
strtol
atoi
strtoul
??3@YAXPAX@Z
??2@YAPAXI@Z

kernel32

SetFilePointer
lstrcpynA
lstrcpyA
lstrcmpiA
CreateThread
LoadLibraryA
CreateFileA
lstrcatA
lstrlenA
CloseHandle
DeleteFileA
WriteFile
MulDiv
Sleep
GetLastError
GlobalAlloc
GlobalFree

wininet

InternetReadFile
InternetCloseHandle
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetCrackUrlA
InternetSetOptionA
InternetQueryOptionA
InternetOpenA

Exports

Exports

get

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 322B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/img.dll
.dll windows:4 windows x86 arch:x86

8244405577263a4c327ca6eebef5b3d5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_adjust_fdiv
free
malloc
_initterm

kernel32

GlobalFree
Sleep
MultiByteToWideChar
lstrcmpiA
GlobalAlloc
lstrcpyA

user32

GetWindowRect
GetDlgItem
IsWindowVisible
FindWindowExA
EndPaint
CallWindowProcA
BeginPaint
ScreenToClient
MessageBoxA
GetDC
ReleaseDC
InvalidateRect
IsWindow
GetWindowLongA
SetWindowLongA
GetClientRect

gdi32

DeleteDC
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
DeleteObject

ole32

CoCreateInstance

shlwapi

StrToIntExA

Exports

Exports

show
stop

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 788B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsisFile.dll
.dll windows:4 windows x86 arch:x86

722b4c6354d0d74582e6b8b9621ef62c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ReadFile
lstrlenA
WriteFile
SetFilePointer
SetEndOfFile
GlobalFree
lstrcpyA
lstrcpynA
GlobalAlloc

msvcrt

??3@YAXPAX@Z
??2@YAPAXI@Z
atoi
_itoa
memmove
memcmp
memchr
free
_initterm
malloc
_adjust_fdiv

Exports

Exports

BinToHex
FileFindBytes
FileReadBytes
FileTruncate
FileWriteBytes
HexToBin

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 699B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 214B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsisXML.dll
.dll windows:4 windows x86 arch:x86

177dccc4d0323e428824818efd241cc7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
InterlockedIncrement
GlobalFree
WideCharToMultiByte
GetLastError
MultiByteToWideChar
lstrlenA
InterlockedDecrement
LocalFree

user32

wsprintfA

ole32

OleRun
CLSIDFromString
CLSIDFromProgID
CoCreateInstance
CoInitialize

oleaut32

SysAllocString
GetErrorInfo
VariantCopy
VariantInit
SysStringByteLen
SysAllocStringByteLen
SysFreeString
VariantClear

msvcrt

free
_onexit
__dllonexit
_adjust_fdiv
malloc
_CxxThrowException
memcpy
??2@YAPAXI@Z
??3@YAXPAX@Z
__CxxFrameHandler
_initterm
??1type_info@@UAE@XZ
atoi

Exports

Exports

appendChild
create
createElement
createProcessingInstruction
getAttribute
getText
insertBefore
load
loadAndValidate
parentNode
release
removeChild
save
select
setAttribute
setDocumentElement
setText

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 476B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 666B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/bullet.bmp
$TEMP/no-cover.jpg
.jpg
out.upx
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 88KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
utils.jar
.zip
org/sevenzip/decoder/CRC.class
org/sevenzip/decoder/LzmaAloneDecoder$CommandLine.class
org/sevenzip/decoder/LzmaAloneDecoder.class
org/sevenzip/decoder/LzmaException.class
org/sevenzip/decoder/SevenZipFolderDecoder.class
org/sevenzip/decoder/compression/lz/OutWindow.class
org/sevenzip/decoder/compression/lzma/Base.class
org/sevenzip/decoder/compression/lzma/Decoder$LenDecoder.class
org/sevenzip/decoder/compression/lzma/Decoder$LiteralDecoder$Decoder2.class
org/sevenzip/decoder/compression/lzma/Decoder$LiteralDecoder.class
org/sevenzip/decoder/compression/lzma/Decoder.class
org/sevenzip/decoder/compression/rangecoder/BitTreeDecoder.class
org/sevenzip/decoder/compression/rangecoder/Decoder.class
ru/megamakc/core/hash/ProgressListener.class
ru/megamakc/core/path/IPathConverter.class
ru/megamakc/core/tools/FileHelperBase.class
ru/megamakc/zip/IZipCreator.class
ru/megamakc/zip/ZipHelper$1.class
ru/megamakc/zip/ZipHelper$ZipDeflatedStream.class
ru/megamakc/zip/ZipHelper.class

Sharing

General

Malware Config

Signatures

Files

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

02:b6:70:45:fa:04:7d:17:1c:e0:3f:a0:67:ed:43:35Certificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

ed:e7:75:5b:03:a4:e8:b0:ac:cf:82:f8:99:af:0c:78:06:b0:cc:bdSigner

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 376KB

UPX1 Size: 18KB - Virtual size: 20KB

.rsrc Size: 114KB - Virtual size: 116KB

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 784B

.data Size: 512B - Virtual size: 100B

.reloc Size: 1024B - Virtual size: 520B

51cc377db2a9db8d63bafd8fe8dffb97

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

Exports

Exports

Sections

.text Size: 10KB - Virtual size: 9KB

.data Size: 1024B - Virtual size: 852B

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 1024B - Virtual size: 964B

eb42b4b67227f576aef6a2e83ac8ef5e

Headers

File Characteristics

Imports

msvcrt

kernel32

wininet

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 232B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 322B

8244405577263a4c327ca6eebef5b3d5

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

02:b6:70:45:fa:04:7d:17:1c:e0:3f:a0:67:ed:43:35
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

ed:e7:75:5b:03:a4:e8:b0:ac:cf:82:f8:99:af:0c:78:06:b0:cc:bd
Signer

UPX0
Size: - Virtual size: 376KB

UPX1
Size: 18KB - Virtual size: 20KB

.rsrc
Size: 114KB - Virtual size: 116KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B

.text
Size: 10KB - Virtual size: 9KB

.data
Size: 1024B - Virtual size: 852B

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 1024B - Virtual size: 964B

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 232B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 322B

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 788B

.reloc
Size: 512B - Virtual size: 424B

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 699B

.data
Size: 512B - Virtual size: 68B

.reloc
Size: 512B - Virtual size: 214B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 476B

.reloc
Size: 1024B - Virtual size: 666B

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 151KB

.ndata
Size: - Virtual size: 88KB

.rsrc
Size: 114KB - Virtual size: 114KB