64cf727274442c3f1d23f31bea629970_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

64cf727274442c3f1d23f31bea629970_JaffaCakes118
Size

1.3MB
MD5

64cf727274442c3f1d23f31bea629970
SHA1

e47b0fd82d6db645e12676525c3bfe51668b7a5a
SHA256

07d90fd7c7002fa7852990077c0281e15fb66899f9d7af407b25b2e61298129b
SHA512

5db46b1a06599a42ecde6ed37ae0f09a81e5e143029da51b6cbe4ea75c8835db03502b428570a8c6aa8c711af503ccf297dd9a34869b65164acb07a08ba74bf2
SSDEEP

24576:Cc+6G+QsuvnsbfVuK6xawlu8b0KVqpVqj/I44qG5+dQ/EvC+:l/7Qlq9ub4wlmqj1gT/EvC+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/vnctool.exe

Files

64cf727274442c3f1d23f31bea629970_JaffaCakes118
.rar
RemoteExec.exe
.exe windows:4 windows x86 arch:x86

0db4d80eb7db6c5dbf86bf978c550319

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:a5:d7
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

15-08-2005 22:26

Not After

17-09-2007 10:11

Subject

CN=RealVNC Ltd,OU=Software,O=RealVNC Ltd,L=Cambridge,ST=Cambridgeshire,C=UK

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04-12-2003 00:00

Not After

03-12-2008 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

f4:1d:09:1a:81:c6:49:07:10:9b:6f:60:a2:c4:c9:19:3b:2c:f9:b2
Signer

Actual PE Digest

f4:1d:09:1a:81:c6:49:07:10:9b:6f:60:a2:c4:c9:19:3b:2c:f9:b2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\scratch\jnw\realvnc.com\vnc4\win\Release\service.pdb

Imports

ws2_32

WSAStartup
htons
socket
htonl
sendto

kernel32

GetProcAddress
HeapAlloc
LoadLibraryA
GetVersionExA
GetLastError
DeleteFileA
ExitProcess
SetProcessShutdownParameters
GetCurrentThreadId
GetModuleHandleA
WaitForSingleObject
GetExitCodeProcess
ExpandEnvironmentStringsA
GetVolumeInformationA
FormatMessageA
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
TlsAlloc
TlsFree
TlsSetValue
DeleteCriticalSection
TlsGetValue
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
RtlUnwind
RaiseException
GetProcessHeap
GetCommandLineA
GetACP
GetOEMCP
GetCPInfo
SetLastError
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
VirtualQuery
SetUnhandledExceptionFilter
HeapReAlloc
TerminateProcess
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
GetTimeZoneInformation
VirtualProtect
VirtualAlloc
GetSystemInfo
LCMapStringA
MultiByteToWideChar
LCMapStringW
ReadFile
SetFilePointer
IsBadWritePtr
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
IsBadReadPtr
IsBadCodePtr
SetStdHandle
FlushFileBuffers
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetEndOfFile
GlobalMemoryStatus
HeapFree
OpenProcess
FreeLibrary
GetModuleFileNameA
lstrcpyA
CreateFileA
lstrlenA
WriteFile
CloseHandle
CreateProcessA
SetThreadPriority
GetCurrentThread
GetCurrentProcess
SetPriorityClass
ResumeThread
HeapSize
GetSystemTimeAsFileTime

user32

DefWindowProcA
DestroyWindow
CreateWindowExA
UnregisterClassA
RegisterClassA
SetWindowLongA
GetWindowLongA
WaitForInputIdle
wsprintfA
PostMessageA
GetWindowThreadProcessId
EnumWindows

advapi32

CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
CreateProcessAsUserA
RegOpenKeyExA
RegCreateKeyA
RegCloseKey
RegDeleteValueA
SetServiceStatus
DeleteService
RegQueryValueExA
RegSetValueExA
QueryServiceConfigA
OpenSCManagerA
OpenServiceA
CloseServiceHandle

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

Sections

.text
Size: 144KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
params.dat
vnc-E4_1_9-x86_win32.exe
.exe windows:1 windows x86 arch:x86

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:a5:d7
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

15-08-2005 22:26

Not After

17-09-2007 10:11

Subject

CN=RealVNC Ltd,OU=Software,O=RealVNC Ltd,L=Cambridge,ST=Cambridgeshire,C=UK

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04-12-2003 00:00

Not After

03-12-2008 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

8d:28:6a:a9:8d:be:64:0a:cd:06:c6:4e:3a:68:43:51:df:a1:f4:b6
Signer

Actual PE Digest

8d:28:6a:a9:8d:be:64:0a:cd:06:c6:4e:3a:68:43:51:df:a1:f4:b6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
vnctool.exe
.exe windows:4 windows x86 arch:x86

320b79dbc4518e6c381ce6602f49a8cb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\scratch\jnw\realvnc.com\vnc4\win\Release\vnctool.pdb

Imports

kernel32

GetLocaleInfoW
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
SetStdHandle
IsBadCodePtr
GetDriveTypeA
GetStringTypeW
GetStringTypeA
GetTimeZoneInformation
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
LCMapStringW
LCMapStringA
IsBadWritePtr
VirtualFree
HeapCreate
HeapDestroy
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
HeapSize
ExitThread
HeapReAlloc
GetSystemTimeAsFileTime
GetDateFormatA
GetTimeFormatA
GetCommandLineA
GetStartupInfoA
HeapFree
HeapAlloc
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
IsBadReadPtr
RtlUnwind
SetErrorMode
LocalFileTimeToFileTime
GetShortPathNameA
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
DeleteFileA
MoveFileA
GetCurrentDirectoryA
GetOEMCP
GetCPInfo
InterlockedIncrement
LocalReAlloc
GlobalHandle
GlobalReAlloc
SystemTimeToFileTime
GlobalFlags
FindFirstFileA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileA
FindClose
GetDiskFreeSpaceA
GetFullPathNameA
GetTempFileNameA
GetFileTime
SetFileTime
GetFileAttributesA
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
WritePrivateProfileStringA
GetPrivateProfileIntA
lstrcmpA
SuspendThread
SetThreadPriority
InterlockedDecrement
SetLastError
MulDiv
GlobalAlloc
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcatA
lstrcmpW
lstrcpynA
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
TlsGetValue
ResumeThread
GetThreadTimes
CreateThread
TlsSetValue
SetEvent
TlsFree
TlsAlloc
FreeLibrary
LoadLibraryA
GetProcAddress
FormatMessageA
GetVolumeInformationA
ResetEvent
CreateEventA
GetCurrentThreadId
ExitProcess
CreateFileA
GetCurrentThread
GetComputerNameA
TerminateProcess
GetExitCodeProcess
CloseHandle
WaitForSingleObject
GetModuleHandleA
GetModuleFileNameA
CreateProcessA
ExpandEnvironmentStringsA
LocalFree
LocalAlloc
SleepEx
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetLastError
lstrlenA
lstrcmpiA
GetStringTypeExA
RaiseException
CompareStringA
CompareStringW
MultiByteToWideChar
GetVersion
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
SetEnvironmentVariableA
InterlockedExchange

user32

RegisterWindowMessageA
WinHelpA
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
IsChild
GetForegroundWindow
GetLastActivePopup
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetScrollRange
GetScrollRange
SetForegroundWindow
ShowScrollBar
GetMenuItemID
GetMenuItemCount
GetSysColor
AdjustWindowRectEx
EqualRect
GetScrollInfo
SetScrollInfo
GetClassInfoA
GetDlgCtrlID
CallWindowProcA
OffsetRect
IntersectRect
IsIconic
GetWindowPlacement
CopyRect
PtInRect
wsprintfA
GetWindowTextLengthA
GetWindowTextA
GetScrollPos
SetScrollPos
GetWindow
GetActiveWindow
SetActiveWindow
FillRect
TabbedTextOutA
DrawTextExA
GrayStringA
GetWindowDC
BeginPaint
EndPaint
GetMenuItemInfoA
DestroyMenu
ValidateRect
TranslateMessage
IsZoomed
SetRectEmpty
CreateDialogIndirectParamA
IsWindowEnabled
GetParent
GetNextDlgTabItem
IsDialogMessageA
DefWindowProcA
CreateWindowExA
UnregisterClassA
RegisterClassA
FindWindowA
IsWindowVisible
DispatchMessageA
GetMessageA
EndDialog
SetWindowLongA
GetWindowLongA
SetFocus
DialogBoxParamA
SetWindowPos
GetDesktopWindow
SystemParametersInfoA
GetDlgItem
SetWindowTextA
WaitForInputIdle
GetCursorPos
SetMenuItemInfoA
UpdateWindow
LoadIconA
DrawMenuBar
GetMenu
ModifyMenuA
GetMenuState
EnableMenuItem
GetWindowRect
LoadMenuA
GetSubMenu
SetMenuDefaultItem
GetAsyncKeyState
BeginDeferWindowPos
EndDeferWindowPos
GetSystemMetrics
DeferWindowPos
RedrawWindow
ShowWindow
DestroyWindow
IsWindow
MoveWindow
GetMenuCheckMarkDimensions
CheckMenuItem
SetMenuItemBitmaps
GetClientRect
InflateRect
CharUpperA
KillTimer
SetTimer
PostMessageA
ReleaseCapture
GetFocus
SetCapture
InvalidateRect
ScreenToClient
ClientToScreen
AppendMenuA
CreatePopupMenu
LoadBitmapA
MessageBoxA
SendMessageA
EnableWindow
GetMenuStringA
GetDC
ReleaseDC
PeekMessageA
SetRect
WindowFromPoint
DrawIcon
SetWindowRgn
LoadCursorA
SetCursor
TranslateAcceleratorA
SetMenu
BringWindowToTop
InsertMenuItemA
LoadAcceleratorsA
SetParent
DestroyIcon
LockWindowUpdate
GetDCEx
GetSysColorBrush
ShowOwnedPopups
PostQuitMessage
DestroyCursor
SetCursorPos
UnpackDDElParam
ReuseDDElParam
DrawTextA

gdi32

Ellipse
CreateCompatibleBitmap
SetRectRgn
CombineRgn
LPtoDP
CreateEllipticRgn
GetBkColor
GetTextMetricsA
GetTextExtentPoint32A
CreateFontIndirectA
CreateSolidBrush
GetStockObject
CreateCompatibleDC
CreatePatternBrush
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetPixel
BitBlt
CreateRectRgn
SelectClipRgn
DeleteObject
IntersectClipRect
ExcludeClipRect
SetMapMode
SetBkMode
RestoreDC
SaveDC
PatBlt
CreateRectRgnIndirect
GetDeviceCaps
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetClipBox

comdlg32

GetFileTitleA
GetOpenFileNameA
GetSaveFileNameA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

CopySid
MapGenericMask
MakeSelfRelativeSD
GetSecurityDescriptorLength
SetSecurityDescriptorDacl
MakeAbsoluteSD
GetSecurityDescriptorDacl
RegOpenKeyExA
RegCreateKeyA
RegCloseKey
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA
RegQueryValueExA
RegEnumValueA
RegQueryInfoKeyA
RegEnumKeyExA
CreateProcessAsUserA
GetFileSecurityA
SetFileSecurityA
RegQueryValueA
RegEnumKeyA
RegCreateKeyExA
RegOpenKeyA
RegSetValueA
LookupAccountNameA
QueryServiceConfigA
QueryServiceStatus
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
AllocateAndInitializeSid
FreeSid
LookupAccountSidA
IsValidSid
GetLengthSid
RegConnectRegistryA
StartServiceA
OpenServiceA
DeleteService
OpenSCManagerA
CreateServiceA
CloseServiceHandle
IsValidSecurityDescriptor

shell32

DragFinish
DragQueryFileA
ExtractIconA
SHGetFileInfoA
DragAcceptFiles

comctl32

ImageList_AddMasked
ImageList_BeginDrag
ImageList_EndDrag
ImageList_DragMove
ImageList_DragShowNolock
ImageList_DragEnter
ImageList_DragLeave
PropertySheetA
ord17
ImageList_Destroy
ImageList_Create
ImageList_Draw
ImageList_GetImageInfo

shlwapi

PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

ole32

CoCreateInstance
CoInitialize

oleaut32

VariantChangeType
VariantClear
VariantInit
SysAllocStringLen

ws2_32

WSAStartup
WSAGetLastError
gethostbyname
select
__WSAFDIsSet
recv
ntohl
gethostbyaddr
bind
htonl
htons
socket
gethostname
inet_ntoa

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

mpr

WNetEnumResourceA
WNetCloseEnum
WNetAddConnection2A
WNetCancelConnection2A
WNetOpenEnumA

Sections

.text
Size: 580KB - Virtual size: 576KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
下载说明.htm
.html .js polyglot
说明.txt

Sharing

General

Malware Config

Signatures

Files

0db4d80eb7db6c5dbf86bf978c550319

Code Sign

0aCertificate

Extended Key Usages

Key Usages

21:a5:d7Certificate

Extended Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

f4:1d:09:1a:81:c6:49:07:10:9b:6f:60:a2:c4:c9:19:3b:2c:f9:b2Signer

Headers

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

user32

advapi32

version

Sections

.text Size: 144KB - Virtual size: 141KB

.rdata Size: 28KB - Virtual size: 26KB

.data Size: 16KB - Virtual size: 26KB

Code Sign

0aCertificate

Extended Key Usages

Key Usages

21:a5:d7Certificate

Extended Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

8d:28:6a:a9:8d:be:64:0a:cd:06:c6:4e:3a:68:43:51:df:a1:f4:b6Signer

Headers

File Characteristics

Sections

CODE Size: 36KB - Virtual size: 35KB

DATA Size: 1024B - Virtual size: 584B

BSS Size: - Virtual size: 3KB

.idata Size: 2KB - Virtual size: 2KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: - Virtual size: 2KB

.rsrc Size: 10KB - Virtual size: 10KB

320b79dbc4518e6c381ce6602f49a8cb

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

ws2_32

version

mpr

Sections

.text Size: 580KB - Virtual size: 576KB

.rdata Size: 132KB - Virtual size: 129KB

.data Size: 20KB - Virtual size: 37KB

.rsrc Size: 48KB - Virtual size: 47KB

0a
Certificate

21:a5:d7
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

f4:1d:09:1a:81:c6:49:07:10:9b:6f:60:a2:c4:c9:19:3b:2c:f9:b2
Signer

.text
Size: 144KB - Virtual size: 141KB

.rdata
Size: 28KB - Virtual size: 26KB

.data
Size: 16KB - Virtual size: 26KB

0a
Certificate

21:a5:d7
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

8d:28:6a:a9:8d:be:64:0a:cd:06:c6:4e:3a:68:43:51:df:a1:f4:b6
Signer

CODE
Size: 36KB - Virtual size: 35KB

DATA
Size: 1024B - Virtual size: 584B

BSS
Size: - Virtual size: 3KB

.idata
Size: 2KB - Virtual size: 2KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: - Virtual size: 2KB

.rsrc
Size: 10KB - Virtual size: 10KB

.text
Size: 580KB - Virtual size: 576KB

.rdata
Size: 132KB - Virtual size: 129KB

.data
Size: 20KB - Virtual size: 37KB

.rsrc
Size: 48KB - Virtual size: 47KB