862698a7b44144ef7d3c54101086ba54f7003b8fc5d3eb86de05a27c6a009a27

Sharing

Copy URL

Twitter E-mail

General

Target

862698a7b44144ef7d3c54101086ba54f7003b8fc5d3eb86de05a27c6a009a27
Size

656KB
MD5

d54269fc137cead0d5be738cc548eee3
SHA1

22d2df99ad817959af819cb314b05279ed9ff597
SHA256

862698a7b44144ef7d3c54101086ba54f7003b8fc5d3eb86de05a27c6a009a27
SHA512

4ecb228caf13a48c34637668ac48886eea464cee0535b2934d6d3ad71933c1ef7cd5495a7378222d088f9f59fcf5c1a8b492d5b5833050bf5ace427f31af95d7
SSDEEP

12288:QEOYahDb03GZMyKhh5HCXTTqX2DNVW2MxOfhw3YFPHr8oHCl:QpYaNWGZxOmfqGDT7fO3YFIp

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
862698a7b44144ef7d3c54101086ba54f7003b8fc5d3eb86de05a27c6a009a27
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$PLUGINSDIR/nsExec.dll
unpack001/uninstaller.exe
unpack002/$PLUGINSDIR/nsExec.dll

Files

862698a7b44144ef7d3c54101086ba54f7003b8fc5d3eb86de05a27c6a009a27
.exe windows:4 windows x64 arch:x64

7cfc673bb4d426dcebc76a3f9ab61eae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegCreateKeyExW
RegDeleteKeyExW
RegDeleteValueW
RegEnumKeyW
RegEnumValueW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
SetFileSecurityW

comctl32

ImageList_AddMasked
ImageList_Create
ImageList_Destroy
InitCommonControls

gdi32

CreateBrushIndirect
CreateFontIndirectW
DeleteObject
GetDeviceCaps
SelectObject
SetBkColor
SetBkMode
SetTextColor

kernel32

CloseHandle
CompareFileTime
CopyFileW
CreateDirectoryW
CreateFileW
CreateProcessW
CreateThread
DeleteFileW
ExitProcess
ExpandEnvironmentStringsW
FindClose
FindFirstFileW
FindNextFileW
FreeLibrary
GetCommandLineW
GetCurrentProcess
GetDiskFreeSpaceExW
GetExitCodeProcess
GetFileAttributesW
GetFileSize
GetFullPathNameW
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetPrivateProfileStringW
GetProcAddress
GetShortPathNameW
GetSystemDirectoryW
GetTempFileNameW
GetTempPathW
GetTickCount
GetUserDefaultUILanguage
GetVersionExW
GetWindowsDirectoryW
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
LoadLibraryExW
MoveFileExW
MoveFileW
MulDiv
MultiByteToWideChar
ReadFile
RemoveDirectoryW
SearchPathW
SetCurrentDirectoryW
SetEnvironmentVariableW
SetErrorMode
SetFileAttributesW
SetFilePointer
SetFileTime
Sleep
WaitForSingleObject
WideCharToMultiByte
WriteFile
WritePrivateProfileStringW
lstrcatW
lstrcmpW
lstrcmpiA
lstrcmpiW
lstrcpynW
lstrlenA
lstrlenW

ole32

CoCreateInstance
CoTaskMemFree
OleInitialize
OleUninitialize

shell32

SHBrowseForFolderW
SHCLSIDFromString
SHFileOperationW
SHGetFileInfoW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW

user32

AppendMenuW
BeginPaint
CallWindowProcW
CharNextA
CharNextW
CharPrevW
CheckDlgButton
CloseClipboard
CreateDialogParamW
CreatePopupMenu
CreateWindowExW
DefWindowProcW
DestroyWindow
DialogBoxParamW
DispatchMessageW
DrawTextW
EmptyClipboard
EnableMenuItem
EnableWindow
EndDialog
EndPaint
ExitWindowsEx
FillRect
FindWindowExW
GetClassInfoW
GetClientRect
GetDC
GetDlgItem
GetDlgItemTextW
GetMessagePos
GetSysColor
GetSystemMenu
GetSystemMetrics
GetWindowLongPtrW
GetWindowRect
InvalidateRect
IsWindow
IsWindowEnabled
IsWindowVisible
LoadCursorW
LoadImageW
MessageBoxIndirectW
OpenClipboard
PeekMessageW
PostQuitMessage
RegisterClassW
ReleaseDC
ScreenToClient
SendMessageTimeoutW
SendMessageW
SetClassLongPtrW
SetClipboardData
SetCursor
SetDlgItemTextW
SetForegroundWindow
SetTimer
SetWindowLongPtrW
SetWindowPos
SetWindowTextW
ShowWindow
SystemParametersInfoW
TrackPopupMenu
wsprintfW

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 166KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: 512B - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x64 arch:x64

cf8eee620b3371ff06e99c34f39ea84c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetLastError
GetModuleHandleW
GetProcAddress
GlobalAlloc
GlobalFree
GlobalSize
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryW
MultiByteToWideChar
Sleep
TlsGetValue
VirtualFree
VirtualProtect
VirtualQuery
WideCharToMultiByte
lstrcpyW
lstrcpynW
lstrlenW

msvcrt

__iob_func
_amsg_exit
_initterm
_lock
_unlock
abort
calloc
free
fwrite
realloc
strlen
strncmp
vfprintf

ole32

CLSIDFromString
StringFromGUID2

user32

wsprintfW

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 884B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 400B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 179B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x64 arch:x64

2a21171b63c0ee0261cd54df366503d2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

comdlg32

CommDlgExtendedError
GetOpenFileNameW
GetSaveFileNameW

gdi32

SetTextColor

kernel32

GetCurrentDirectoryW
GetFileAttributesW
GetProcessHeap
GlobalAlloc
GlobalFree
HeapAlloc
HeapFree
HeapReAlloc
MulDiv
MultiByteToWideChar
SetCurrentDirectoryW
WideCharToMultiByte
lstrcmpiW
lstrcpyW
lstrcpynW
lstrlenW

ole32

CoTaskMemFree

shell32

SHBrowseForFolderW
SHGetPathFromIDListW

user32

CallWindowProcW
CharNextW
CharPrevW
CreateDialogParamW
CreateWindowExW
DestroyWindow
DispatchMessageW
DrawFocusRect
DrawTextW
GetClientRect
GetDlgItem
GetMessageW
GetPropW
GetSysColor
GetWindowLongPtrW
GetWindowRect
GetWindowTextW
IsDialogMessageW
IsWindow
KillTimer
LoadCursorW
MapDialogRect
MapWindowPoints
RemovePropW
SendMessageW
SetCursor
SetPropW
SetTimer
SetWindowLongPtrW
SetWindowPos
ShowWindow
TranslateMessage
wsprintfW

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 552B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 512B - Virtual size: 444B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 363B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x64 arch:x64

74ba91b9fcb5a967b84ea9b49217f8d2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

InitializeSecurityDescriptor
IsTextUnicode
SetSecurityDescriptorDacl

kernel32

CloseHandle
CopyFileW
CreateFileMappingW
CreateFileW
CreatePipe
CreateProcessW
DeleteFileW
ExitProcess
GetCommandLineW
GetExitCodeProcess
GetModuleFileNameW
GetStartupInfoW
GetTempFileNameW
GetTickCount
GlobalAlloc
GlobalFree
GlobalReAlloc
IsDBCSLeadByteEx
MapViewOfFile
MultiByteToWideChar
PeekNamedPipe
ReadFile
Sleep
TerminateProcess
UnmapViewOfFile
WaitForSingleObject
WideCharToMultiByte
lstrcatW
lstrcmpiW
lstrcpyW
lstrcpynW
lstrlenW

user32

CharNextW
CharPrevW
FindWindowExW
SendMessageW
wsprintfW

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 512B - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LICENSE.txt
ivshmem.cat
ivshmem.inf
ivshmem.pdb
ivshmem.sys
.sys windows:10 windows x64 arch:x64

ad577173b7af4afe41d64d113816ac7b

Code Sign

33:00:00:00:57:ee:4d:65:9a:92:3e:7c:10:00:00:00:00:00:57
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/06/2022, 18:08

Not After

01/06/2023, 18:08

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ce:ca:dc:b4:6b:83:04:a7:0e:1c:40:14:e8:fa:62:15:e2:a1:de:61:29:08:da:c0:64:9e:b0:2e:5c:05:31:b1
Signer

Actual PE Digest

ce:ca:dc:b4:6b:83:04:a7:0e:1c:40:14:e8:fa:62:15:e2:a1:de:61:29:08:da:c0:64:9e:b0:2e:5c:05:31:b1

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\cygwin64\tmp\build\source\internal-kvm-guest-drivers-windows\ivshmem\objfre_win10_amd64\amd64\ivshmem.pdb

Imports

ntoskrnl.exe

KeAcquireSpinLockRaiseToDpc
KeReleaseSpinLock
KeReleaseSpinLockFromDpcLevel
ExAllocatePoolWithTag
ExFreePoolWithTag
MmAllocateMdlForIoSpace
MmUnmapLockedPages
MmMapIoSpace
MmUnmapIoSpace
IoFreeMdl
KeAcquireSpinLockAtDpcLevel
ObDereferenceObjectDeferDelete
KeClearEvent
KeBugCheckEx
MmMapLockedPagesSpecifyCache
IoIs32bitProcess
ObReferenceObjectByHandle
__C_specific_handler
ExEventObjectType
KeInitializeSpinLock
RtlCopyUnicodeString
DbgPrintEx
KeSetEvent
MmGetSystemRoutineAddress
ObfDereferenceObject
RtlInitUnicodeString

wdfldr.sys

WdfVersionUnbind
WdfVersionBind
WdfVersionUnbindClass
WdfVersionBindClass

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
looking-glass-host.exe
.exe windows:4 windows x64 arch:x64

5a9a71f18e3f13c6ff0b198e0676d95c

Code Sign

fa:33:cd:07:7b:c4:bf:80:58:e2:c2:c7:99:a4:dc:2a
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

01/11/2021, 00:00

Not After

31/10/2024, 23:59

Subject

CN=HostFission,O=HostFission,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/01/2004, 00:00

Not After

31/12/2028, 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

58:c8:08:86:9e:25:99:b1:80:b2:38:e1:e6:e0:b8:fe:48:30:b6:ed:e5:65:e8:89:84:5c:28:f2:d2:65:3e:09
Signer

Actual PE Digest

58:c8:08:86:9e:25:99:b1:80:b2:38:e1:e6:e0:b8:fe:48:30:b6:ed:e5:65:e8:89:84:5c:28:f2:d2:65:3e:09

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

Z:\home\builder\repos\gnif\LookingGlass\build\looking-glass-host.pdb

Imports

advapi32

AdjustTokenPrivileges
CloseServiceHandle
ControlService
CreateServiceA
DeleteService
DeregisterEventSource
DuplicateTokenEx
GetTokenInformation
LookupPrivilegeValueA
OpenProcessToken
OpenSCManagerA
OpenServiceA
QueryServiceStatusEx
RegGetValueA
RegisterEventSourceA
RegisterServiceCtrlHandlerA
ReportEventA
SetServiceStatus
SetTokenInformation
StartServiceA
StartServiceCtrlDispatcherA

avrt

AvRevertMmThreadCharacteristics
AvSetMmThreadCharacteristicsA
AvSetMmThreadPriority

d3d11

D3D11CreateDevice

d3d9

Direct3DCreate9

d3dcompiler_47

D3DCompile

dbghelp

StackWalk64
SymCleanup
SymFromAddr
SymFunctionTableAccess64
SymGetLineFromAddr64
SymGetModuleBase64
SymInitialize
SymSetOptions

dwmapi

DwmFlush

dxgi

CreateDXGIFactory2

gdi32

D3DKMTSetProcessSchedulingPriorityClass

kernel32

AttachConsole
CloseHandle
CreateDirectoryA
CreateEventA
CreateFileA
CreateFileMappingA
CreateThread
DeleteCriticalSection
DeviceIoControl
EnterCriticalSection
FormatMessageA
FreeLibrary
GetCommandLineW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetEnvironmentVariableA
GetExitCodeProcess
GetLastError
GetLogicalProcessorInformationEx
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetStdHandle
GetSystemDirectoryA
GetSystemFirmwareTable
GetSystemInfo
GetTempPathA
GetTickCount64
GetVersionExA
InitializeCriticalSection
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryA
LocalFree
MapViewOfFile
OpenEventA
QueryPerformanceCounter
QueryPerformanceFrequency
RegisterWaitForSingleObject
ResetEvent
SetConsoleCtrlHandler
SetEvent
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnmapViewOfFile
UnregisterWait
VerSetConditionMask
VerifyVersionInfoW
VirtualProtect
VirtualQuery
WTSGetActiveConsoleSessionId
WaitForMultipleObjects
WaitForSingleObject
__C_specific_handler

msvcrt

__getmainargs
__initenv
__iob_func
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_commode
_errno
_fdopen
_fmode
_initterm
_ismbblead
_localtime64
_onexit
_open_osfhandle
_stat64
_stricmp
_time64
_vscprintf
_vsnprintf
abort
atof
atol
calloc
exit
fclose
feof
fflush
fgetc
fopen
fprintf
fputc
free
freopen
fwrite
isspace
malloc
mbstowcs
memcmp
memcpy
memmove
memset
putc
qsort
rand
realloc
rename
setbuf
signal
sprintf
srand
sscanf
strcmp
strcpy
strcspn
strftime
strlen
strncmp
strncpy
strrchr
strstr
strtok
strtoul
vfprintf
wcscmp
wcslen
wcsstr
wcstombs
_unlink
_strdup

powrprof

CallNtPowerInformation

rpcrt4

RpcStringFreeA
UuidCreate
UuidToStringA

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA
SetupDiGetDeviceInterfaceDetailA
SetupDiGetDeviceRegistryPropertyA

shell32

CommandLineToArgvW
Shell_NotifyIconA

shlwapi

PathCombineA
PathIsDirectoryA

user32

AppendMenuA
BeginPaint
CallNextHookEx
ChangeWindowMessageFilterEx
CloseDesktop
CreatePopupMenu
CreateWindowExA
DefWindowProcA
DestroyMenu
DestroyWindow
DispatchMessageA
DisplayConfigGetDeviceInfo
EndPaint
FillRect
GetCursorPos
GetDesktopWindow
GetDisplayConfigBufferSizes
GetMessageA
GetMonitorInfoA
GetMonitorInfoW
GetSysColor
KillTimer
LoadCursorA
LoadIconA
MessageBoxA
MonitorFromWindow
MsgWaitForMultipleObjects
OpenInputDesktop
PeekMessageA
PostQuitMessage
QueryDisplayConfig
RegisterClassA
RegisterClassExA
RegisterShellHookWindow
RegisterWindowMessageA
SendMessageA
SetCursorPos
SetForegroundWindow
SetLayeredWindowAttributes
SetThreadDesktop
SetTimer
SetWinEventHook
SetWindowsHookExA
ShowWindow
TrackPopupMenu
TranslateMessage
UnhookWinEvent
UnhookWindowsHookEx
UnregisterClassA

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationA
WTSQueryUserToken
WTSRegisterSessionNotification
WTSUnRegisterSessionNotification

ntdll

NtDelayExecution
NtSetTimerResolution
RtlNtStatusToDosError

Sections

.text
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 336B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 708B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug
Size: 124B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
looking-glass-host.pdb
uninstaller.exe
.exe windows:4 windows x64 arch:x64

7cfc673bb4d426dcebc76a3f9ab61eae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegCreateKeyExW
RegDeleteKeyExW
RegDeleteValueW
RegEnumKeyW
RegEnumValueW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
SetFileSecurityW

comctl32

ImageList_AddMasked
ImageList_Create
ImageList_Destroy
InitCommonControls

gdi32

CreateBrushIndirect
CreateFontIndirectW
DeleteObject
GetDeviceCaps
SelectObject
SetBkColor
SetBkMode
SetTextColor

kernel32

CloseHandle
CompareFileTime
CopyFileW
CreateDirectoryW
CreateFileW
CreateProcessW
CreateThread
DeleteFileW
ExitProcess
ExpandEnvironmentStringsW
FindClose
FindFirstFileW
FindNextFileW
FreeLibrary
GetCommandLineW
GetCurrentProcess
GetDiskFreeSpaceExW
GetExitCodeProcess
GetFileAttributesW
GetFileSize
GetFullPathNameW
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetPrivateProfileStringW
GetProcAddress
GetShortPathNameW
GetSystemDirectoryW
GetTempFileNameW
GetTempPathW
GetTickCount
GetUserDefaultUILanguage
GetVersionExW
GetWindowsDirectoryW
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
LoadLibraryExW
MoveFileExW
MoveFileW
MulDiv
MultiByteToWideChar
ReadFile
RemoveDirectoryW
SearchPathW
SetCurrentDirectoryW
SetEnvironmentVariableW
SetErrorMode
SetFileAttributesW
SetFilePointer
SetFileTime
Sleep
WaitForSingleObject
WideCharToMultiByte
WriteFile
WritePrivateProfileStringW
lstrcatW
lstrcmpW
lstrcmpiA
lstrcmpiW
lstrcpynW
lstrlenA
lstrlenW

ole32

CoCreateInstance
CoTaskMemFree
OleInitialize
OleUninitialize

shell32

SHBrowseForFolderW
SHCLSIDFromString
SHFileOperationW
SHGetFileInfoW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW

user32

AppendMenuW
BeginPaint
CallWindowProcW
CharNextA
CharNextW
CharPrevW
CheckDlgButton
CloseClipboard
CreateDialogParamW
CreatePopupMenu
CreateWindowExW
DefWindowProcW
DestroyWindow
DialogBoxParamW
DispatchMessageW
DrawTextW
EmptyClipboard
EnableMenuItem
EnableWindow
EndDialog
EndPaint
ExitWindowsEx
FillRect
FindWindowExW
GetClassInfoW
GetClientRect
GetDC
GetDlgItem
GetDlgItemTextW
GetMessagePos
GetSysColor
GetSystemMenu
GetSystemMetrics
GetWindowLongPtrW
GetWindowRect
InvalidateRect
IsWindow
IsWindowEnabled
IsWindowVisible
LoadCursorW
LoadImageW
MessageBoxIndirectW
OpenClipboard
PeekMessageW
PostQuitMessage
RegisterClassW
ReleaseDC
ScreenToClient
SendMessageTimeoutW
SendMessageW
SetClassLongPtrW
SetClipboardData
SetCursor
SetDlgItemTextW
SetForegroundWindow
SetTimer
SetWindowLongPtrW
SetWindowPos
SetWindowTextW
ShowWindow
SystemParametersInfoW
TrackPopupMenu
wsprintfW

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 166KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: 512B - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x64 arch:x64

74ba91b9fcb5a967b84ea9b49217f8d2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

InitializeSecurityDescriptor
IsTextUnicode
SetSecurityDescriptorDacl

kernel32

CloseHandle
CopyFileW
CreateFileMappingW
CreateFileW
CreatePipe
CreateProcessW
DeleteFileW
ExitProcess
GetCommandLineW
GetExitCodeProcess
GetModuleFileNameW
GetStartupInfoW
GetTempFileNameW
GetTickCount
GlobalAlloc
GlobalFree
GlobalReAlloc
IsDBCSLeadByteEx
MapViewOfFile
MultiByteToWideChar
PeekNamedPipe
ReadFile
Sleep
TerminateProcess
UnmapViewOfFile
WaitForSingleObject
WideCharToMultiByte
lstrcatW
lstrcmpiW
lstrcpyW
lstrcpynW
lstrlenW

user32

CharNextW
CharPrevW
FindWindowExW
SendMessageW
wsprintfW

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 512B - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7cfc673bb4d426dcebc76a3f9ab61eae

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

comctl32

gdi32

kernel32

ole32

shell32

user32

Sections

.text Size: 33KB - Virtual size: 33KB

.data Size: 512B - Virtual size: 336B

.rdata Size: 43KB - Virtual size: 42KB

.xdata Size: 1KB - Virtual size: 1KB

.pdata Size: 1KB - Virtual size: 1KB

.bss Size: - Virtual size: 166KB

.idata Size: 6KB - Virtual size: 6KB

.ndata Size: 512B - Virtual size: 172KB

.rsrc Size: 94KB - Virtual size: 93KB

.reloc Size: 512B - Virtual size: 136B

cf8eee620b3371ff06e99c34f39ea84c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

ole32

user32

Exports

Exports

Sections

.text Size: 14KB - Virtual size: 14KB

.data Size: 512B - Virtual size: 112B

.rdata Size: 3KB - Virtual size: 2KB

.pdata Size: 1KB - Virtual size: 1KB

.xdata Size: 1024B - Virtual size: 884B

.bss Size: - Virtual size: 400B

.edata Size: 512B - Virtual size: 179B

.idata Size: 1KB - Virtual size: 1KB

.CRT Size: 512B - Virtual size: 88B

.tls Size: 512B - Virtual size: 16B

.reloc Size: 512B - Virtual size: 104B

2a21171b63c0ee0261cd54df366503d2

Headers

DLL Characteristics

File Characteristics

Imports

comdlg32

gdi32

kernel32

ole32

shell32

user32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 1024B - Virtual size: 576B

.pdata Size: 1024B - Virtual size: 552B

.xdata Size: 512B - Virtual size: 444B

.bss Size: - Virtual size: 8KB

.edata Size: 512B - Virtual size: 363B

.idata Size: 2KB - Virtual size: 2KB

.rsrc Size: 512B - Virtual size: 144B

.reloc Size: 512B - Virtual size: 16B

74ba91b9fcb5a967b84ea9b49217f8d2

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

.text
Size: 33KB - Virtual size: 33KB

.data
Size: 512B - Virtual size: 336B

.rdata
Size: 43KB - Virtual size: 42KB

.xdata
Size: 1KB - Virtual size: 1KB

.pdata
Size: 1KB - Virtual size: 1KB

.bss
Size: - Virtual size: 166KB

.idata
Size: 6KB - Virtual size: 6KB

.ndata
Size: 512B - Virtual size: 172KB

.rsrc
Size: 94KB - Virtual size: 93KB

.reloc
Size: 512B - Virtual size: 136B

.text
Size: 14KB - Virtual size: 14KB

.data
Size: 512B - Virtual size: 112B

.rdata
Size: 3KB - Virtual size: 2KB

.pdata
Size: 1KB - Virtual size: 1KB

.xdata
Size: 1024B - Virtual size: 884B

.bss
Size: - Virtual size: 400B

.edata
Size: 512B - Virtual size: 179B

.idata
Size: 1KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 88B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 512B - Virtual size: 104B

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 576B

.pdata
Size: 1024B - Virtual size: 552B

.xdata
Size: 512B - Virtual size: 444B

.bss
Size: - Virtual size: 8KB

.edata
Size: 512B - Virtual size: 363B

.idata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 512B - Virtual size: 144B

.reloc
Size: 512B - Virtual size: 16B

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 512B - Virtual size: 288B

.pdata
Size: 512B - Virtual size: 324B

.xdata
Size: 512B - Virtual size: 240B

.bss
Size: - Virtual size: 1KB

.edata
Size: 512B - Virtual size: 108B

.idata
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 16B

33:00:00:00:57:ee:4d:65:9a:92:3e:7c:10:00:00:00:00:00:57
Certificate

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

ce:ca:dc:b4:6b:83:04:a7:0e:1c:40:14:e8:fa:62:15:e2:a1:de:61:29:08:da:c0:64:9e:b0:2e:5c:05:31:b1
Signer

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 808B

.pdata
Size: 512B - Virtual size: 324B

PAGE
Size: 1KB - Virtual size: 1KB

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 52B

fa:33:cd:07:7b:c4:bf:80:58:e2:c2:c7:99:a4:dc:2a
Certificate

01
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

58:c8:08:86:9e:25:99:b1:80:b2:38:e1:e6:e0:b8:fe:48:30:b6:ed:e5:65:e8:89:84:5c:28:f2:d2:65:3e:09
Signer