setup[.]zip | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

setup.zip
Size

15.6MB
MD5

6f275e8dedde7f0d475c454df6da9db3
SHA1

8ef7b71463322c4f109a6e21b7123718c2dae598
SHA256

f90867879e21c9d25daa3e434a25cd0288048a154896f58ec3ce28d3870b9653
SHA512

965ba8465c455cf3d85d24cbb927dd1dc9a273be4bae9941193f88e595fcc08d8f09840eb685d0d027691fe9ee8e16454bb275f26a99c16778f3f93113bcd2c5
SSDEEP

393216:e/4FV0uFyRuQ5FdsWyTRncFjDKhT8ejXaI+zmFevf9cqDdemY:e/4FRyRuQ5FdNASKhT8S0yFK9bxex

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/setup/Default.SFX
unpack001/setup/Default32.SFX
unpack001/setup/RUXIMUXResources.dll.mui
unpack001/setup/SetupV8/IEShims.dll
unpack001/setup/SetupV8/hmmapi.dll

Files

setup.zip
.zip
setup/7zxa.dll
.dll windows:4 windows x64 arch:x64

1353ce6b26348ac6f792fe77a59eff9d

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:8b:08:39:9e:c7:03:62:3c:72:cd:20:77:ad:65:d9
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

08-08-2023 00:00

Not After

07-08-2026 23:59

Subject

SERIALNUMBER=HRB 109885,CN=win.rar GmbH,O=win.rar GmbH,L=Berlin,ST=Berlin,C=DE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#130e436861726c6f7474656e62757267,1.3.6.1.4.1.311.60.2.1.2=#13064265726c696e,1.3.6.1.4.1.311.60.2.1.3=#13024445

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:4d:6b:fe:0f:68:dc:4f:a4:75:e7:28:77:76:4d:38:65:53:e9:37:6f:3b:e8:f9:8d:b8:86:95:a9:4a:63:8d
Signer

Actual PE Digest

03:4d:6b:fe:0f:68:dc:4f:a4:75:e7:28:77:76:4d:38:65:53:e9:37:6f:3b:e8:f9:8d:b8:86:95:a9:4a:63:8d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

oleaut32

SysFreeString
SysAllocStringByteLen
SysStringLen
VariantClear
SysAllocStringLen

msvcrt

__dllonexit
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
__C_specific_handler
_beginthreadex
_purecall
memset
strlen
_initterm
malloc
__CxxFrameHandler
_CxxThrowException
memmove
memcpy
memcmp
free
_onexit

kernel32

GetProcessAffinityMask
GetCurrentProcess
GetSystemInfo
GlobalMemoryStatusEx
Sleep
InitializeCriticalSection
ReleaseSemaphore
CreateSemaphoreW
ResetEvent
SetEvent
CreateEventW
WaitForSingleObject
CloseHandle
IsProcessorFeaturePresent
GetLargePageMinimum
VirtualFree
VirtualAlloc
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetLastError

Exports

Exports

CreateDecoder
CreateEncoder
CreateObject
GetHandlerProperty
GetHandlerProperty2
GetHashers
GetIsArc
GetMethodProperty
GetModuleProp
GetNumberOfFormats
GetNumberOfMethods
SetCaseSensitive
SetCodecs
SetLargePageMode

Sections

.text
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setup/Default.SFX
.exe windows:5 windows x64 arch:x64

b1c5b1beabd90d9fdabd1df0779ea832

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Projects\WinRAR\sfx\build\sfxrar64\Release\sfxrar.pdb

Imports

kernel32

LocalFree
GetLastError
SetLastError
FormatMessageW
GetCurrentProcess
DeviceIoControl
SetFileTime
CloseHandle
RemoveDirectoryW
CreateFileW
DeleteFileW
CreateHardLinkW
GetShortPathNameW
GetLongPathNameW
MoveFileW
GetFileType
GetStdHandle
WriteFile
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
GetCurrentProcessId
CreateDirectoryW
SetFileAttributesW
GetFileAttributesW
FindClose
FindFirstFileW
FindNextFileW
GetVersionExW
GetModuleFileNameW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetFullPathNameW
FoldStringW
GetModuleHandleW
FindResourceW
FreeLibrary
GetProcAddress
ExpandEnvironmentStringsW
ExitProcess
SetThreadExecutionState
Sleep
LoadLibraryW
GetSystemDirectoryW
CompareStringW
AllocConsole
FreeConsole
AttachConsole
WriteConsoleW
GetProcessAffinityMask
CreateThread
SetThreadPriority
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventW
CreateSemaphoreW
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetCPInfo
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
LockResource
GlobalLock
GlobalUnlock
GlobalFree
GlobalMemoryStatusEx
LoadResource
SizeofResource
GetTimeFormatW
GetDateFormatW
GetExitCodeProcess
GetLocalTime
GetTickCount
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetCommandLineW
SetEnvironmentVariableW
GetTempPathW
MoveFileExW
GetLocaleInfoW
GetNumberFormatW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapSize
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlPcToFileHeader
RtlUnwindEx
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
QueryPerformanceFrequency
GetModuleHandleExW
GetModuleFileNameA
GetACP
HeapFree
HeapAlloc
GetStringTypeW
HeapReAlloc
LCMapStringW
FindFirstFileExA

oleaut32

SysAllocString
SysFreeString
VariantClear

gdiplus

GdipCloneImage
GdipFree
GdipDisposeImage
GdipCreateBitmapFromStream
GdipCreateHBITMAPFromBitmap
GdiplusStartup
GdiplusShutdown
GdipAlloc

Sections

.text
Size: 282KB - Virtual size: 281KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setup/Default32.SFX
.exe windows:5 windows x86 arch:x86

99ee65c2db82c04251a5c24f214c8892

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb

Imports

kernel32

LocalFree
GetLastError
SetLastError
FormatMessageW
GetCurrentProcess
DeviceIoControl
SetFileTime
CloseHandle
RemoveDirectoryW
CreateFileW
DeleteFileW
CreateHardLinkW
GetShortPathNameW
GetLongPathNameW
MoveFileW
GetFileType
GetStdHandle
WriteFile
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
GetCurrentProcessId
CreateDirectoryW
SetFileAttributesW
GetFileAttributesW
FindClose
FindFirstFileW
FindNextFileW
InterlockedDecrement
GetVersionExW
GetModuleFileNameW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetFullPathNameW
FoldStringW
GetModuleHandleW
FindResourceW
FreeLibrary
GetProcAddress
ExpandEnvironmentStringsW
ExitProcess
SetThreadExecutionState
Sleep
LoadLibraryW
GetSystemDirectoryW
CompareStringW
AllocConsole
FreeConsole
AttachConsole
WriteConsoleW
GetProcessAffinityMask
CreateThread
SetThreadPriority
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventW
CreateSemaphoreW
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetCPInfo
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
LockResource
GlobalLock
GlobalUnlock
GlobalFree
GlobalMemoryStatusEx
LoadResource
SizeofResource
GetTimeFormatW
GetDateFormatW
GetExitCodeProcess
GetLocalTime
GetTickCount
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetCommandLineW
SetEnvironmentVariableW
GetTempPathW
MoveFileExW
GetLocaleInfoW
GetNumberFormatW
DecodePointer
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapSize
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
QueryPerformanceFrequency
GetModuleHandleExW
GetModuleFileNameA
GetACP
HeapFree
HeapAlloc
GetStringTypeW
HeapReAlloc
LCMapStringW
FindFirstFileExA
FindNextFileA

oleaut32

SysAllocString
SysFreeString
VariantClear

gdiplus

GdipAlloc
GdipDisposeImage
GdipCloneImage
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateHBITMAPFromBitmap
GdiplusStartup
GdiplusShutdown
GdipFree

Sections

.text
Size: 233KB - Virtual size: 232KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setup/RUXIMUXResources.dll.mui
.dll windows:10 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
setup/SetupV8/IEShims.dll
.dll windows:10 windows x64 arch:x64

d28b3ab417795ac0656fb3b981127d8a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ieshims.pdb

Imports

msvcrt

_stricmp
__C_specific_handler
calloc
_XcptFilter
_amsg_exit
fclose
_wfopen
?terminate@@YAXXZ
memmove
memcmp
_CxxThrowException
fputws
wcsncmp
_wcsicmp
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
_vsnprintf_s
_vscwprintf
_vsnwprintf
wcsrchr
_initterm
wcsstr
_wcslwr
wcspbrk
wcschr
memmove_s
towlower
iswctype
wcsspn
memcpy_s
realloc
free
wcstok_s
iswspace
_wcsnicmp
malloc
??1type_info@@UEAA@XZ
_lock
_unlock
__dllonexit
_onexit
memset
__CxxFrameHandler3
wcscmp

kernel32

InitializeCriticalSectionAndSpinCount
DelayLoadFailureHook
ResolveDelayLoadedAPI
RaiseException
QueryFullProcessImageNameW
GetLogicalDriveStringsW
QueryDosDeviceW
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
OpenFileMappingW
IsWow64Process
GetTickCount64
OpenProcess
CreateMutexW
InitializeCriticalSection
InitializeSRWLock
GetTickCount
GetSystemTimeAsFileTime
QueryPerformanceCounter
SleepConditionVariableSRW
WakeAllConditionVariable
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
Sleep
OutputDebugStringA
GetModuleHandleA
SetEnvironmentVariableW
GetCurrentProcess
DuplicateHandle
CopyFileExW
SetFileAttributesW
DeviceIoControl
GetFileInformationByHandle
CreateDirectoryW
lstrcmpiW
EncodePointer
FindClose
FindNextFileW
FindFirstFileW
TlsFree
VirtualProtect
GetCurrentThreadId
GetModuleHandleExW
GetModuleFileNameW
SearchPathW
GetFileAttributesW
SetLastError
LocalAlloc
VirtualQuery
GetCurrentDirectoryW
LocalFree
MultiByteToWideChar
WideCharToMultiByte
GetProcAddress
GetCurrentProcessId
GetProcessId
GetLastError
TlsSetValue
ExitThread
GetProcessIdOfThread
GetThreadId
HeapAlloc
GetProcessHeap
HeapFree
FormatMessageW
GetSystemDirectoryW
GetWindowsDirectoryW
GetLongPathNameW
GetFullPathNameW
GetEnvironmentVariableW
ExpandEnvironmentStringsW
GetModuleFileNameA
DebugBreak
GetModuleHandleW
IsDebuggerPresent
OutputDebugStringW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
CloseHandle
ReleaseSemaphore
ReleaseMutex
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
WaitForSingleObjectEx
EnterCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
WaitForSingleObject
OpenSemaphoreW
CreateThreadpoolTimer
CreateMutexExW
LeaveCriticalSection
CreateSemaphoreExW
LoadLibraryA
RaiseFailFastException
TlsGetValue
TlsAlloc
OpenEventW
InitializeProcThreadAttributeList
DeleteProcThreadAttributeList
TerminateProcess
DecodePointer
CreateFileW
GetFileSizeEx

api-ms-win-downlevel-shlwapi-l1-1-0

StrCmpNIA
StrCmpNCW
PathSkipRootW
PathIsUNCW
StrCmpICW
StrCmpCW
StrCmpICA
StrDupW
StrCmpNICW
PathGetArgsW
PathFindFileNameW
StrCmpIW

api-ms-win-downlevel-advapi32-l1-1-0

RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegGetValueW
RegSetValueExW
RegCreateKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegEnumValueW

ntdll

RtlNtStatusToDosError
NtQueryObject

iertutil

ord137
ord45
ord58
ord793
ord916
ord791
ord820
ord170
ord50
ord134
ord101

Exports

Exports

AcRedirNotify
AcRedirNotifySetEnabled
AcRedirSetEnabled
IEShims_AdminCheckAndLaunch
IEShims_CreateWindowEx
IEShims_GetOriginatingThreadId
IEShims_InDllMainContext
IEShims_Initialize
IEShims_SetRedirectRegistryForThread
IEShims_Uninitialize

Sections

.text
Size: 282KB - Virtual size: 281KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 376B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mrdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setup/SetupV8/hmmapi.dll
.dll regsvr32 windows:10 windows x64 arch:x64

92778fcf898ae2a7ad2db80bb9e09c45

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

hmmapi.pdb

Imports

msvcrt

__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
_vsnprintf
memset

api-ms-win-core-libraryloader-l1-1-0

DisableThreadLibraryCalls
LoadStringA
GetModuleFileNameA

api-ms-win-core-registry-l1-1-0

RegCreateKeyExA
RegCloseKey
RegQueryValueExA
RegEnumKeyExA
RegSetValueExA
RegOpenKeyExA

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsA

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-file-l1-1-0

GetFileTime
GetFileSize
SetFileAttributesA
CreateFileA

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetVersionExA

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-localization-l1-2-0

FormatMessageA

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

advapi32

RegDeleteKeyA

kernel32

GetShortPathNameA
lstrlenA
lstrcmpA
GetTempPathA
CompareStringA
LocalFree
MoveFileA

shell32

ShellExecuteA

shlwapi

StrChrA
PathRemoveBackslashA
PathIsPrefixA
SHGetValueA

urlmon

CreateUriFromMultiByteString

user32

MessageBoxA

wininet

GetUrlCacheConfigInfoA

Exports

Exports

AddService
BMAPIAddress
BMAPIDetails
BMAPIFindNext
BMAPIGetAddress
BMAPIGetReadMail
BMAPIReadMail
BMAPIResolveName
BMAPISaveMail
BMAPISendMail
DllRegisterServer
DllUnregisterServer
MAPIAddress
MAPIDeleteMail
MAPIDetails
MAPIFindNext
MAPIFreeBuffer
MAPILogoff
MAPILogon
MAPIReadMail
MAPIResolveName
MAPISaveMail
MAPISendDocuments
MAPISendMail
MailToProtocolHandler
OpenInboxHandler
RemoveService

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setup/SetupV8/sqmapi.dll
.dll windows:10 windows x64 arch:x64

d6cca9daf1f9f60889b9b319d3ded266

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-11-2023 19:20

Not After

14-11-2024 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3a:a4:34:84:2a:a4:11:84:c6:da:f0:69:3e:49:ef:ef:90:f6:5e:72:d6:7d:32:42:f7:8e:cc:75:35:ab:c9:71
Signer

Actual PE Digest

3a:a4:34:84:2a:a4:11:84:c6:da:f0:69:3e:49:ef:ef:90:f6:5e:72:d6:7d:32:42:f7:8e:cc:75:35:ab:c9:71

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

sqmapi.pdb

Imports

msvcrt

_unlock
_lock
__dllonexit
_onexit
_initterm
_amsg_exit
_XcptFilter
memcpy_s
__C_specific_handler
wcsrchr
_vsnwprintf
__CxxFrameHandler3
_callnewh
malloc
free
memset

advapi32

RegDeleteKeyW
RegEnumKeyW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

kernel32

OpenSemaphoreW
HeapAlloc
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
DebugBreak
IsDebuggerPresent
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
OutputDebugStringW
ReleaseMutex
GetCurrentThreadId
WaitForSingleObject
GetModuleHandleExW
ReleaseSemaphore
HeapFree
CreateSemaphoreExW
GetModuleFileNameA
GetModuleHandleW
GetProcAddress
DisableThreadLibraryCalls
SetLastError
GetLastError
GetCurrentProcess
CloseHandle
LocalFree
ExpandEnvironmentStringsW
FindFirstFileW
DeleteFileW
FindNextFileW
GetSystemDirectoryW
Sleep
CreateDirectoryW
GetTickCount
WaitForSingleObjectEx
GetSystemTimeAsFileTime
FormatMessageW
FindClose

ntdll

EtwTraceMessage

Exports

Exports

SqmAddToAverage
SqmAddToStream
SqmAddToStreamDWord
SqmAddToStreamDWord64
SqmAddToStreamString
SqmAddToStreamV
SqmCheckEscalationAddToStreamDWord
SqmCheckEscalationAddToStreamDWord64
SqmCheckEscalationAddToStreamString
SqmCheckEscalationSetDWord
SqmCheckEscalationSetDWord64
SqmCheckEscalationSetString
SqmCleanup
SqmClearFlags
SqmCreateNewId
SqmEndSession
SqmEndSessionEx
SqmFlushSession
SqmGetEnabled
SqmGetEscalationRuleStatus
SqmGetFlags
SqmGetInstrumentationProperty
SqmGetLastUploadTime
SqmGetMachineId
SqmGetSession
SqmGetSessionStartTime
SqmGetUserId
SqmIncrement
SqmIsNamespaceEnabled
SqmIsWindowsOptedIn
SqmLoadEscalationManifest
SqmReadSharedMachineId
SqmReadSharedUserId
SqmSet
SqmSetAppId
SqmSetAppVersion
SqmSetBits
SqmSetBool
SqmSetCurrentTimeAsUploadTime
SqmSetDWord64
SqmSetEnabled
SqmSetEscalationInfo
SqmSetFlags
SqmSetIfMax
SqmSetIfMin
SqmSetMachineId
SqmSetString
SqmSetUserId
SqmStartSession
SqmStartUpload
SqmStartUploadEx
SqmSysprepCleanup
SqmSysprepGeneralize
SqmTimerAccumulate
SqmTimerAddToAverage
SqmTimerRecord
SqmTimerStart
SqmUnattendedSetup
SqmUnloadEscalationManifest
SqmWaitForUploadComplete
SqmWriteSharedMachineId
SqmWriteSharedUserId

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setup/setup.exe
.exe windows:6 windows x64 arch:x64

07361a3a7f515bf56ca93120b2aca73b

Code Sign

0e:4d:67:f6:43:16:c9:2a:3b:7a:17:cc:46:97:6a:8f
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

28-07-2021 00:00

Not After

27-07-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA256 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:e3:0b:b0:3e:42:1b:33:bc:87:cd:a5:3e:84:27:95
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA256 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16-03-2023 00:00

Not After

25-02-2025 23:59

Subject

SERIALNUMBER=6543638,CN=Krisp Technologies\, Inc,O=Krisp Technologies\, Inc,L=Berkeley,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b6:b6:33:ae:2e:cb:75:a6:4d:a5:f0:d9:bb:05:f4:b2:f4:b0:35:13:e5:87:fb:e0:b7:c8:bb:5b:0b:6f:e5:6c
Signer

Actual PE Digest

b6:b6:33:ae:2e:cb:75:a6:4d:a5:f0:d9:bb:05:f4:b2:f4:b0:35:13:e5:87:fb:e0:b7:c8:bb:5b:0b:6f:e5:6c

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

WriteFile
WriteConsoleW
WerSetFlags
WerGetFlags
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
TlsAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetThreadPriority
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
RtlVirtualUnwind
RtlLookupFunctionEntry
ResumeThread
RaiseFailFastException
PostQueuedCompletionStatus
LoadLibraryW
LoadLibraryExW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetErrorMode
GetEnvironmentStringsW
GetCurrentThreadId
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerExW
CreateWaitableTimerA
CreateThread
CreateIoCompletionPort
CreateFileA
CreateEventA
CloseHandle
AddVectoredExceptionHandler
AddVectoredContinueHandler

Sections

.text
Size: 22.3MB - Virtual size: 22.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27.6MB - Virtual size: 27.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.6MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 620KB - Virtual size: 619KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 364KB - Virtual size: 363KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.symtab
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1353ce6b26348ac6f792fe77a59eff9d

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

04:8b:08:39:9e:c7:03:62:3c:72:cd:20:77:ad:65:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

03:4d:6b:fe:0f:68:dc:4f:a4:75:e7:28:77:76:4d:38:65:53:e9:37:6f:3b:e8:f9:8d:b8:86:95:a9:4a:63:8dSigner

Headers

DLL Characteristics

File Characteristics

Imports

oleaut32

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 156KB - Virtual size: 156KB

.rdata Size: 35KB - Virtual size: 34KB

.data Size: 512B - Virtual size: 23KB

.pdata Size: 10KB - Virtual size: 9KB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 2KB - Virtual size: 1KB

b1c5b1beabd90d9fdabd1df0779ea832

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

oleaut32

gdiplus

Sections

.text Size: 282KB - Virtual size: 281KB

.rdata Size: 74KB - Virtual size: 74KB

.data Size: 6KB - Virtual size: 57KB

.pdata Size: 12KB - Virtual size: 12KB

.didat Size: 1024B - Virtual size: 864B

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 57KB - Virtual size: 56KB

.reloc Size: 2KB - Virtual size: 2KB

99ee65c2db82c04251a5c24f214c8892

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

oleaut32

gdiplus

Sections

.text Size: 233KB - Virtual size: 232KB

.rdata Size: 51KB - Virtual size: 50KB

.data Size: 4KB - Virtual size: 53KB

.didat Size: 512B - Virtual size: 424B

.rsrc Size: 57KB - Virtual size: 56KB

.reloc Size: 11KB - Virtual size: 10KB

Headers

DLL Characteristics

File Characteristics

Sections

.rdata Size: 512B - Virtual size: 176B

.rsrc Size: 11KB - Virtual size: 12KB

d28b3ab417795ac0656fb3b981127d8a

Headers

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

04:8b:08:39:9e:c7:03:62:3c:72:cd:20:77:ad:65:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

03:4d:6b:fe:0f:68:dc:4f:a4:75:e7:28:77:76:4d:38:65:53:e9:37:6f:3b:e8:f9:8d:b8:86:95:a9:4a:63:8d
Signer

.text
Size: 156KB - Virtual size: 156KB

.rdata
Size: 35KB - Virtual size: 34KB

.data
Size: 512B - Virtual size: 23KB

.pdata
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 282KB - Virtual size: 281KB

.rdata
Size: 74KB - Virtual size: 74KB

.data
Size: 6KB - Virtual size: 57KB

.pdata
Size: 12KB - Virtual size: 12KB

.didat
Size: 1024B - Virtual size: 864B

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 57KB - Virtual size: 56KB

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 233KB - Virtual size: 232KB

.rdata
Size: 51KB - Virtual size: 50KB

.data
Size: 4KB - Virtual size: 53KB

.didat
Size: 512B - Virtual size: 424B

.rsrc
Size: 57KB - Virtual size: 56KB

.reloc
Size: 11KB - Virtual size: 10KB

.rdata
Size: 512B - Virtual size: 176B

.rsrc
Size: 11KB - Virtual size: 12KB

.text
Size: 282KB - Virtual size: 281KB

.rdata
Size: 115KB - Virtual size: 115KB

.data
Size: 1024B - Virtual size: 7KB

.pdata
Size: 15KB - Virtual size: 14KB

.didat
Size: 512B - Virtual size: 376B

.mrdata
Size: 35KB - Virtual size: 34KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 2KB

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 480B

.rsrc
Size: 31KB - Virtual size: 31KB

.reloc
Size: 512B - Virtual size: 28B

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

3a:a4:34:84:2a:a4:11:84:c6:da:f0:69:3e:49:ef:ef:90:f6:5e:72:d6:7d:32:42:f7:8e:cc:75:35:ab:c9:71
Signer