644a49d6caa82b59185dc417ebb8cba0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

644a49d6caa82b59185dc417ebb8cba0N.exe
Size

694KB
MD5

644a49d6caa82b59185dc417ebb8cba0
SHA1

d3cc12261705c2994ecc3ae7526eb4a4e917ffe0
SHA256

eafb8e85127a85925aa9a0ec6100df3816aaf66482df20dc31c550c251001830
SHA512

73e3e54a2d0af4a026f07a997b496d64e6f372c70707d4d5cdb7e48e17456c6266a3f97bece7d1466bae9fc4a51490a03228ef57bb4124d0d44d1913a5b67fcd
SSDEEP

12288:TyiJKXSNCMtmuz22Qy/ZrES/MMCSy3R7ym2NjOdze90aRfqK7ZIDzzdHTHflx:Ty2KXmCXq/yhbWgaRiDlfv

Score

1^/10

Malware Config

Signatures

Files

644a49d6caa82b59185dc417ebb8cba0N.exe
.dll windows:6 windows x86 arch:x86

40d5f1a60f7446e24d13120b45a5481a

Code Sign

87:82:52:60:00:00:00:00:51:d3:73:d9
Certificate

Issuer

CN=Entrust Root Certification Authority - G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

10/06/2015, 13:42

Not After

10/11/2030, 14:12

Subject

CN=Entrust Extended Validation Code Signing CA - EVCS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

05:f9:7d:05:4a:9b:fc:bf:9d:5e:12:f8:d0:ab:be:07
Certificate

Issuer

CN=Entrust Extended Validation Code Signing CA - EVCS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

08/12/2020, 14:34

Not After

08/12/2023, 14:34

Subject

SERIALNUMBER=31 333 532,CN=ESET\, spol. s r.o.,O=ESET\, spol. s r.o.,L=Bratislava,C=SK,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302534b

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:00:42:00:ba:5e:23:b0:a1:f3:99:00:00:00:00:00:42
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/07/2015, 20:55

Not After

07/07/2025, 20:55

Subject

CN=Entrust Root Certification Authority - G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1b:29:d3:29:19:c8:62:38:6a:b7:77:91:f7:e5:bb:b4:de:78:7b:29
Certificate

Issuer

CN=ESET Code Signing CA 2020,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Not Before

19/07/2020, 00:00

Not After

19/07/2023, 00:00

Subject

CN=ESET\, spol. s r.o.,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7d:90:d1:7c:6b:36:ca:f6:8f:b9:b7:2f:65:68:b8:22:3d:30:2d:a8
Certificate

Issuer

CN=ESET Root Certificate Authority 2020,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Not Before

17/07/2020, 00:00

Not After

17/07/2030, 00:00

Subject

CN=ESET Code Signing CA 2020,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:79:73:ba:c8:77:a9:31:6b:52:06:18:77:49:4b:9f:1a:b2:6c:bc
Certificate

Issuer

CN=ESET Timestamping CA 2020,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Not Before

18/07/2020, 00:00

Not After

18/07/2023, 00:00

Subject

CN=ESET Timestamp,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

76:79:fc:14:55:72:11:3a:f7:92:d1:f4:af:3c:4e:3a:8a:8a:6e:38
Certificate

Issuer

CN=ESET Root Certificate Authority 2020,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Not Before

16/07/2020, 00:00

Not After

16/07/2030, 00:00

Subject

CN=ESET Timestamping CA 2020,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

28:d6:c2:12:58:43:51:9e:f3:b4:43:5a:d9:ee:bf:ef:88:b5:6f:7f:3c:23:13:2c:9d:48:55:c6:ad:fd:8d:f7
Signer

Actual PE Digest

28:d6:c2:12:58:43:51:9e:f3:b4:43:5a:d9:ee:bf:ef:88:b5:6f:7f:3c:23:13:2c:9d:48:55:c6:ad:fd:8d:f7

Digest Algorithm

sha256

PE Digest Matches

true

28:d6:c2:12:58:43:51:9e:f3:b4:43:5a:d9:ee:bf:ef:88:b5:6f:7f:3c:23:13:2c:9d:48:55:c6:ad:fd:8d:f7
Signer

Actual PE Digest

28:d6:c2:12:58:43:51:9e:f3:b4:43:5a:d9:ee:bf:ef:88:b5:6f:7f:3c:23:13:2c:9d:48:55:c6:ad:fd:8d:f7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ekrnEcp.pdb

Imports

protobuflite

?Done@ParseContext@internal@protobuf@google@@QAE_NPAPBD@Z
?Get@CachedSize@internal@protobuf@google@@QBEHXZ
?Set@CachedSize@internal@protobuf@google@@QAEXH@Z
??0CachedSize@internal@protobuf@google@@QAE@XZ
?AllocateAlignedWithCleanup@Arena@protobuf@google@@AAE?AU?$pair@PAXPAUCleanupNode@SerialArena@internal@protobuf@google@@@std@@IPBVtype_info@@@Z
?InitializationErrorString@MessageLite@protobuf@google@@UBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?VerifyUtf8String@WireFormatLite@internal@protobuf@google@@SA_NPBDHW4Operation@1234@0@Z
?VerifyUTF8@internal@protobuf@google@@YA_NVStringPiece@stringpiece_internal@23@PBD@Z
?ReadTagFallback@internal@protobuf@google@@YA?AU?$pair@PBDI@std@@PBDI@Z
?Set@ArenaStringPtr@internal@protobuf@google@@QAEXUEmptyDefault@1234@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PAVArena@34@@Z
?Mutable@ArenaStringPtr@internal@protobuf@google@@QAEPAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEmptyDefault@1234@PAVArena@34@@Z
?ClearToEmpty@ArenaStringPtr@internal@protobuf@google@@QAEXXZ
?DestroyProtos@RepeatedPtrFieldBase@internal@protobuf@google@@IAEXXZ
?AddOutOfLineHelper@RepeatedPtrFieldBase@internal@protobuf@google@@AAEPAXPAX@Z
??$DoClear@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@InternalMetadata@internal@protobuf@google@@AAEXXZ
??$DoMergeFrom@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@InternalMetadata@internal@protobuf@google@@AAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?InlineGreedyStringParser@internal@protobuf@google@@YAPBDPAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PBDPAVParseContext@123@@Z
?fixed_address_empty_string@internal@protobuf@google@@3V?$ExplicitlyConstructed@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@123@A
?VarintParseSlow64@internal@protobuf@google@@YA?AU?$pair@PBD_K@std@@PBDI@Z
?VarintParseSlow32@internal@protobuf@google@@YA?AU?$pair@PBDI@std@@PBDI@Z
?ParseMessage@ParseContext@internal@protobuf@google@@QAEPBDPAVMessageLite@34@PBD@Z
?UnknownFieldParse@internal@protobuf@google@@YAPBDIPAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PBDPAVParseContext@123@@Z
?LengthDelimitedSize@WireFormatLite@internal@protobuf@google@@SAII@Z
?ShutdownProtobufLibrary@protobuf@google@@YAXXZ
?BytesSize@WireFormatLite@internal@protobuf@google@@SAIABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?StringSize@WireFormatLite@internal@protobuf@google@@SAIABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?UInt32SizePlusOne@WireFormatLite@internal@protobuf@google@@SAII@Z
?EnumSize@WireFormatLite@internal@protobuf@google@@SAIH@Z
?MergeFromInternal@RepeatedPtrFieldBase@internal@protobuf@google@@AAEXABV1234@P81234@AEXPAPAX1HH@Z@Z
??1RepeatedPtrFieldBase@internal@protobuf@google@@IAE@XZ
??1MessageLite@protobuf@google@@UAE@XZ
?InternalGetTable@MessageLite@protobuf@google@@EBEPBXXZ
?GetArenaForAllocation@MessageLite@protobuf@google@@IBEPAVArena@23@XZ
??0MessageLite@protobuf@google@@IAE@PAVArena@12@_N@Z
??0MessageLite@protobuf@google@@QAE@XZ
?GetEmptyStringAlreadyInited@internal@protobuf@google@@YAABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?DestroyNoArena@ArenaStringPtr@internal@protobuf@google@@QAEXPBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?UnsafeSetDefault@ArenaStringPtr@internal@protobuf@google@@QAEXPBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0ArenaStringPtr@internal@protobuf@google@@QAE@PBV?$ExplicitlyConstructed@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@123@@Z
?AllocateAlignedWithHook@Arena@protobuf@google@@AAEPAXIIPBVtype_info@@@Z
?WriteVarint32SignExtendedToArray@CodedOutputStream@io@protobuf@google@@SAPAEHPAE@Z
?WriteVarint64ToArray@CodedOutputStream@io@protobuf@google@@SAPAE_KPAE@Z
?WriteVarint32ToArrayOutOfLine@CodedOutputStream@io@protobuf@google@@SAPAEIPAE@Z
?WriteVarint32ToArray@CodedOutputStream@io@protobuf@google@@SAPAEIPAE@Z
?WriteBytesMaybeAliased@EpsCopyOutputStream@io@protobuf@google@@QAEPAEIABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PAE@Z
?WriteStringMaybeAliased@EpsCopyOutputStream@io@protobuf@google@@QAEPAEIABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PAE@Z
?WriteRaw@EpsCopyOutputStream@io@protobuf@google@@QAEPAEPBXHPAE@Z
?EnsureSpace@EpsCopyOutputStream@io@protobuf@google@@QAEPAEPAE@Z
?UInt64SizePlusOne@WireFormatLite@internal@protobuf@google@@SAI_K@Z

kernel32

UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
WaitForSingleObjectEx
MultiByteToWideChar
WideCharToMultiByte
GetFileInformationByHandle
FlushFileBuffers
InitializeSListHead
SetLastError
ResetEvent
SetEvent
WaitForSingleObject
SwitchToThread
GetCurrentProcessId
GetTickCount
FindFirstFileExW
FindNextFileW
FindClose
CreateDirectoryW
GetLastError
LoadLibraryW
FreeLibrary
GetProcAddress
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
GetExitCodeThread
GetSystemTime
SystemTimeToFileTime
VerSetConditionMask
VerifyVersionInfoW
GetCurrentProcess
LocalFree
GetCurrentThread
Sleep
FindResourceExW
LoadResource
LockResource
CreateTimerQueueTimer
DeleteTimerQueueTimer
GetModuleHandleW
ReadFile
WriteFile
SetEndOfFile
SetFilePointer
GetFileSize
DeleteFileW

ws2_32

getservbyname
htons
gethostbyname
inet_ntoa
connect
ntohs
getservbyport
gethostbyaddr
WSAStartup
WSACleanup
socket
closesocket
recv
send
getsockopt
setsockopt
htonl
ioctlsocket
inet_addr
__WSAFDIsSet
select
WSAGetLastError

advapi32

CryptReleaseContext
CryptDestroyHash
CryptAcquireContextW
CryptCreateHash
OpenThreadToken
SetThreadToken
RevertToSelf
CryptDestroyKey
CryptImportKey
LsaNtStatusToWinError

crypt32

CertVerifyCertificateChainPolicy
CryptVerifyCertificateSignatureEx

msvcp140

??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
_Unlock_shared_ptr_spin_lock
_Lock_shared_ptr_spin_lock
_Mtx_destroy_in_situ
_Mtx_init_in_situ
?_Xinvalid_argument@std@@YAXPBD@Z
_Mtx_unlock
_Mtx_lock
?_Throw_C_error@std@@YAXH@Z
_Query_perf_counter
_Query_perf_frequency
_Xtime_get_ticks
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
?uncaught_exception@std@@YA_NXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xbad_function_call@std@@YAXXZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z

vcruntime140

strchr
memcpy
memmove
__std_type_info_destroy_list
memset
_CxxThrowException
_except_handler4_common
__current_exception_context
__current_exception
__std_type_info_compare
strstr
wcschr
wcsrchr
_purecall
__std_exception_destroy
__std_exception_copy
__CxxFrameHandler3
memchr

api-ms-win-crt-heap-l1-1-0

calloc
realloc
_callnewh
malloc
free

api-ms-win-crt-convert-l1-1-0

strtoul
mbtowc
atoi
strtod
wcstod
strtol
_ultoa_s
strtoll
wcstoll

api-ms-win-crt-string-l1-1-0

isalpha
isspace
_strdup
wcscat_s
strncpy_s
wcsncpy_s
strncmp
toupper
wcsncmp
wcscpy_s
wcspbrk
_stricmp
_strnicmp
isdigit
_wcsdup
strcat_s
strcpy_s

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll
_initialize_narrow_environment
_initialize_onexit_table
_initterm_e
_invalid_parameter_noinfo_noreturn
_invalid_parameter_noinfo
terminate
abort
_initterm
_errno
_cexit
_register_onexit_function
_execute_onexit_table
_crt_atexit
_configure_narrow_argv

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s
__stdio_common_vsnprintf_s
__stdio_common_vswprintf
__stdio_common_vswscanf
__stdio_common_vsnwprintf_s
__stdio_common_vsprintf
__stdio_common_vswprintf_s

api-ms-win-crt-utility-l1-1-0

qsort
bsearch

api-ms-win-crt-time-l1-1-0

_time64
_localtime64_s
strftime
_mkgmtime64

Exports

Exports

NODIoctl
NODIoctlV2

Sections

.text
Size: 547KB - Virtual size: 547KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

40d5f1a60f7446e24d13120b45a5481a

Code Sign

87:82:52:60:00:00:00:00:51:d3:73:d9Certificate

Extended Key Usages

Key Usages

05:f9:7d:05:4a:9b:fc:bf:9d:5e:12:f8:d0:ab:be:07Certificate

Extended Key Usages

Key Usages

33:00:00:00:42:00:ba:5e:23:b0:a1:f3:99:00:00:00:00:00:42Certificate

Extended Key Usages

Key Usages

1b:29:d3:29:19:c8:62:38:6a:b7:77:91:f7:e5:bb:b4:de:78:7b:29Certificate

Extended Key Usages

Key Usages

7d:90:d1:7c:6b:36:ca:f6:8f:b9:b7:2f:65:68:b8:22:3d:30:2d:a8Certificate

Extended Key Usages

Key Usages

69:79:73:ba:c8:77:a9:31:6b:52:06:18:77:49:4b:9f:1a:b2:6c:bcCertificate

Extended Key Usages

Key Usages

76:79:fc:14:55:72:11:3a:f7:92:d1:f4:af:3c:4e:3a:8a:8a:6e:38Certificate

Extended Key Usages

Key Usages

61:1c:b2:8a:00:00:00:00:00:26Certificate

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

28:d6:c2:12:58:43:51:9e:f3:b4:43:5a:d9:ee:bf:ef:88:b5:6f:7f:3c:23:13:2c:9d:48:55:c6:ad:fd:8d:f7Signer

28:d6:c2:12:58:43:51:9e:f3:b4:43:5a:d9:ee:bf:ef:88:b5:6f:7f:3c:23:13:2c:9d:48:55:c6:ad:fd:8d:f7Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

protobuflite

kernel32

ws2_32

advapi32

crypt32

msvcp140

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

Exports

Exports

Sections

.text Size: 547KB - Virtual size: 547KB

.rdata Size: 92KB - Virtual size: 91KB

.data Size: 7KB - Virtual size: 9KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 26KB - Virtual size: 26KB

87:82:52:60:00:00:00:00:51:d3:73:d9
Certificate

05:f9:7d:05:4a:9b:fc:bf:9d:5e:12:f8:d0:ab:be:07
Certificate

33:00:00:00:42:00:ba:5e:23:b0:a1:f3:99:00:00:00:00:00:42
Certificate

1b:29:d3:29:19:c8:62:38:6a:b7:77:91:f7:e5:bb:b4:de:78:7b:29
Certificate

7d:90:d1:7c:6b:36:ca:f6:8f:b9:b7:2f:65:68:b8:22:3d:30:2d:a8
Certificate

69:79:73:ba:c8:77:a9:31:6b:52:06:18:77:49:4b:9f:1a:b2:6c:bc
Certificate

76:79:fc:14:55:72:11:3a:f7:92:d1:f4:af:3c:4e:3a:8a:8a:6e:38
Certificate

61:1c:b2:8a:00:00:00:00:00:26
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

28:d6:c2:12:58:43:51:9e:f3:b4:43:5a:d9:ee:bf:ef:88:b5:6f:7f:3c:23:13:2c:9d:48:55:c6:ad:fd:8d:f7
Signer

28:d6:c2:12:58:43:51:9e:f3:b4:43:5a:d9:ee:bf:ef:88:b5:6f:7f:3c:23:13:2c:9d:48:55:c6:ad:fd:8d:f7
Signer

.text
Size: 547KB - Virtual size: 547KB

.rdata
Size: 92KB - Virtual size: 91KB

.data
Size: 7KB - Virtual size: 9KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 26KB - Virtual size: 26KB