3fda037228feaebdeba3ff7f01a1868b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3fda037228feaebdeba3ff7f01a1868b_JaffaCakes118
Size

517KB
MD5

3fda037228feaebdeba3ff7f01a1868b
SHA1

bad986595fa9230bba640161fe955dbb49b0075e
SHA256

c13b0424f254edcb2fe0e071071c95aeb375045c0fed05c44dbaf147499d3eca
SHA512

7598c2297d482ce6670d6cfe89eb4108db1cccd4d085e6d5da52eb75f24727ef26c25a7efc05377d0631bcac88b7ddd729f41c1ab2a2ffa76a736a03c17d8e12
SSDEEP

12288:/WkyuIftSVGGp/ZuII/WLY6e36UIpyQKITBxM+tcEeynoRQTrSgacGU6QlVX:ukyTcaW+IpyQ/nnXTrBtJ6iX

Score

1^/10

Malware Config

Signatures

Files

3fda037228feaebdeba3ff7f01a1868b_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

89a34d810cbca4c197a10b7ade26c3cd

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/01/2010, 00:00

Not After

25/01/2013, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:88:05:06:c2:50:2b:4c:9f:64:8f:d7:69:93:7a:50:51:9c:6f:0f
Signer

Actual PE Digest

52:88:05:06:c2:50:2b:4c:9f:64:8f:d7:69:93:7a:50:51:9c:6f:0f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\qqpcmgr_proj\trunk\Basic\Output\BinFinal\plugins\SysCleanPage\SysCleanPage.pdb

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

ws2_32

htonl
htons

shlwapi

PathAddBackslashW
PathAppendW
SHSetValueW
SHGetValueW
PathFileExistsW
PathRemoveFileSpecW
wnsprintfW

common

??1CTXStringW@@QAE@XZ
?Format@CTXStringW@@QAAXPB_WZZ
?RecordTransEnd@Perf@Util@@YAJ_JPB_WHH11H@Z
??H@YA?AVCTXStringW@@ABV0@0@Z
?RecordTransBegin@Perf@Util@@YA_JPB_WHH00@Z
??0CTXStringW@@QAE@XZ
??4CTXStringW@@QAEAAV0@PB_W@Z
?CreateTXData@Data@Util@@YAHPAPAUITXData@@@Z
?SetInterval@TXTimer@@YAHIPAUITXTimerCallback@@I@Z
?EraseTimerCallback@TXTimer@@YAHPAUITXTimerCallback@@I@Z
?SetTimeout@TXTimer@@YAHIPAUITXTimerCallback@@I@Z
??H@YA?AVCTXStringW@@ABV0@PB_W@Z
??H@YA?AVCTXStringW@@PB_WABV0@@Z
??BCTXStringW@@QBEPB_WXZ
?LoadStringW@TXStringBundle@@YAPB_WPB_W@Z
??0CTXStringW@@QAE@PB_W@Z
?IsEmpty@CTXBSTR@@QAEHXZ
?GetPlatformCore@Core@Util@@YAHPAPAUITXCore@@@Z
??0CTXBSTR@@QAE@XZ
??ICTXBSTR@@QAEPAPA_WXZ
??0CTXBSTR@@QAE@PB_W@Z
??BCTXBSTR@@QBEPA_WXZ
??1CTXBSTR@@QAE@XZ

gf

?GetService@GF@Util@@YAJABU_GUID@@PA_WPAPAX@Z
?CreateObject@GF@Util@@YAJABU_GUID@@0PAPAX@Z
?RawCreateGFElementByXtml@GF@Util@@YAJPA_WPAPAUIGFElement@@PAU3@0@Z

xgraphic32

CreateCanvasFromDC
DeleteCanvas

kernel32

DeleteFileW
GetSystemDirectoryW
FindClose
FreeLibrary
WideCharToMultiByte
GetDriveTypeW
WriteFile
lstrcpynW
GetCurrentProcessId
GetFileSize
ReadFile
ExpandEnvironmentStringsW
OpenMutexW
GetVersionExW
CreateProcessW
OpenEventW
GetCurrentDirectoryW
GetSystemTime
HeapFree
GetProcessHeap
HeapAlloc
GetFileAttributesW
MapViewOfFile
InterlockedCompareExchange
SetLastError
GetSystemDefaultLangID
VirtualQuery
LoadLibraryA
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
CreateFileMappingW
IsBadReadPtr
GetWindowsDirectoryW
LocalAlloc
IsBadWritePtr
GetStdHandle
CreatePipe
DeviceIoControl
CopyFileW
HeapReAlloc
HeapDestroy
GetVersionExA
GetLocaleInfoA
GetACP
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
CreateFileW
FindFirstFileW
ChangeTimerQueueTimer
InterlockedExchange
GetCurrentProcess
DuplicateHandle
Sleep
GetCurrentThreadId
LocalFree
FormatMessageA
InitializeCriticalSectionAndSpinCount
CreateTimerQueueTimer
SetEvent
CreateEventW
MapViewOfFileEx
OpenFileMappingA
CreateFileMappingA
UnmapViewOfFile
DeleteTimerQueueTimer
SwitchToThread
WaitForSingleObject
CreateMutexW
CloseHandle
ReleaseMutex
GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount
GetLongPathNameW
SystemTimeToFileTime
FileTimeToSystemTime
GetLocalTime
LoadLibraryW
GetProcAddress
GetThreadLocale
SetThreadLocale
GetModuleHandleW
lstrcmpiW
GetLastError
InitializeCriticalSection
GetModuleFileNameW
InterlockedDecrement
InterlockedIncrement
lstrlenW
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
HeapSize
OpenFileMappingW

user32

GetClassNameW
GetDesktopWindow
GetSystemMetrics
SetForegroundWindow
IsWindowVisible
DestroyIcon
SystemParametersInfoW
MessageBoxW
GetWindowTextW
SetWindowLongW
SetWindowPos
GetWindowLongW
GetClientRect
EnableWindow
GetWindowRect
FindWindowExW
IsWindow
SetWindowTextW
LoadImageW
SendMessageW
PostMessageW
CharNextW
GetCursorPos
RegisterClassExW
EqualRect
GetParent
SendMessageTimeoutW
FindWindowA
PtInRect
InvalidateRect
GetDC
ReleaseDC
DefWindowProcW
CreateWindowExW
DestroyWindow
UpdateWindow
FindWindowW
BringWindowToTop
SetFocus
UnregisterClassA
IsIconic

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
CreateFontIndirectW
DeleteObject
GetObjectW
GetStockObject

advapi32

RegSetValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegEnumKeyExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
OpenProcessToken
RegQueryValueExW
AllocateAndInitializeSid
RegOpenKeyExA
RegQueryValueExA
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
FreeSid
AddAccessAllowedAce
InitializeAcl
GetLengthSid
RegDeleteKeyW

shell32

ShellExecuteExW
ShellExecuteW
SHCreateDirectoryExW
SHGetSpecialFolderPathW
SHGetFileInfoW

ole32

StringFromCLSID
CoCreateInstance
StgOpenStorage
CoTaskMemFree
StgIsStorageFile
CoFreeUnusedLibrariesEx
StgCreateDocfile
CoInitialize
CoUninitialize
CoCreateGuid
CoRegisterClassObject
CoLoadLibrary

oleaut32

LoadRegTypeLi
SysStringLen
SysFreeString
LoadTypeLi
VarUI4FromStr
SysAllocString
VariantInit
VariantClear

mfc80u

ord1513
ord4255
ord1270
ord6273
ord3796
ord6275
ord1925
ord1271
ord3198
ord2362
ord3204
ord3339
ord1957
ord1118
ord3943
ord4961
ord1542
ord3435
ord1899
ord1785
ord4686
ord5609
ord5178
ord6061
ord6720
ord5908
ord1392
ord4256
ord4109
ord4206
ord4729
ord4884
ord4574
ord2011
ord1662
ord1661
ord5199
ord605
ord3176
ord3155
ord5633
ord2361
ord709
ord501
ord3635
ord2942
ord3322
ord2163
ord347
ord2638
ord2870
ord2856
ord5638
ord3703
ord2169
ord5727
ord3713
ord2399
ord6033
ord3712
ord2381
ord2527
ord2379
ord354
ord3756
ord6063
ord2640
ord2397
ord764
ord1178
ord266
ord762
ord1908
ord265
ord1176
ord577
ord870
ord283
ord1079
ord3238
ord2085
ord4094
ord1946
ord774
ord2311
ord899
ord896
ord776
ord1252
ord3877
ord5864
ord1472
ord1476
ord3990
ord2895
ord2878
ord293
ord5485
ord280
ord3842
ord2260
ord6086
ord2366
ord2460
ord2872
ord2861
ord5558
ord2155
ord3793
ord1479
ord282
ord6700
ord6721
ord5911
ord1353
ord1611
ord5171
ord1608
ord1955
ord4480
ord1647
ord3940
ord1646
ord1393
ord1590
ord5196
ord4238
ord1970
ord5148
ord2534
ord572
ord1894
ord5067
ord6271
ord4179
ord5210
ord3397
ord4716
ord4276
ord6293
ord5327
ord1591
ord753
ord5956
ord6282
ord1939
ord5231
ord5316
ord1006
ord1172
ord3249
ord5229
ord563
ord920
ord925
ord929
ord927
ord931
ord2384
ord2404
ord2261
ord2388
ord2394
ord2392
ord2531
ord2390
ord2725
ord2407
ord2829
ord602
ord2402
ord3674
ord4301
ord2255
ord2386
ord4344
ord2708
ord2409
ord754

msvcr80

memcpy
_except_handler3
_crt_debugger_hook
free
_recalloc
__CxxFrameHandler3
_invalid_parameter_noinfo
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
_purecall
memset
malloc
wcscpy_s
wcsncpy_s
wcsncpy
__RTDynamicCast
wcsncat_s
wcsncat
_wcsnicmp
wcsstr
_snwscanf
memmove_s
tolower
swscanf_s
wcsrchr
_wcsicmp
_snprintf_s
wcsncmp
_snwprintf_s
_wtoi
_snwprintf
memcpy_s
fwrite
strchr
strrchr
fflush
_memicmp
setlocale
_vsnwprintf_s
strncpy_s
_wsplitpath_s
_vswprintf_c_l
wcscat_s
printf
_vscwprintf
vswprintf_s
isalnum
_wmkdir
_wstat64
strtoul
_mbsstr
_mbscmp
_mbschr
_mbslwr_s
isspace
isprint
strncmp
?terminate@@YAXXZ
_except_handler4_common
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
?_name_internal_method@type_info@@QBEPBDPAU__type_info_node@@@Z
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ

comctl32

ImageList_Destroy
ImageList_Create
_TrackMouseEvent
ImageList_AddMasked

atl80

ord61
ord23
ord64
ord22
ord18
ord15
ord32
ord30

msvcp80

??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
?copy@?$char_traits@D@std@@SAPADPADPBDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
?compare@?$char_traits@D@std@@SAHPBD0I@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?copy@?$char_traits@_W@std@@SAPA_WPA_WPB_WI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?compare@?$char_traits@_W@std@@SAHPB_W0I@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?find_first_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@V32@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z

netapi32

Netbios
NetWkstaTransportEnum
NetApiBufferFree

imagehlp

MapAndLoad
UnMapAndLoad

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 324KB - Virtual size: 320KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

89a34d810cbca4c197a10b7ade26c3cd

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0Certificate

Extended Key Usages

Key Usages

52:88:05:06:c2:50:2b:4c:9f:64:8f:d7:69:93:7a:50:51:9c:6f:0fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

ws2_32

shlwapi

common

gf

xgraphic32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

mfc80u

msvcr80

comctl32

atl80

msvcp80

netapi32

imagehlp

Exports

Exports

Sections

.text Size: 324KB - Virtual size: 320KB

.rdata Size: 112KB - Virtual size: 110KB

.data Size: 36KB - Virtual size: 35KB

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 32KB - Virtual size: 31KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

52:88:05:06:c2:50:2b:4c:9f:64:8f:d7:69:93:7a:50:51:9c:6f:0f
Signer

.text
Size: 324KB - Virtual size: 320KB

.rdata
Size: 112KB - Virtual size: 110KB

.data
Size: 36KB - Virtual size: 35KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 32KB - Virtual size: 31KB