Random Bootkit[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Random Bootkit.zip
Size

226KB
MD5

635081b87b626fff6e972ec533f51ca0
SHA1

2928353b755ff6e0eaa511122f20ffbfab94eb6c
SHA256

26cd4b88e77d3ce5d25e21900abab90bb74a2225ff2ead8dd123a525acf2d6b4
SHA512

3cf7a005980a901d6dbf0a4f2b9bfddad8b7c8cbd04367d34e9aadfd03f01d989e48a6502d00d054002a0294cfc9bb06879a06a0a2bcd63db6b082f3a4c10cf8
SSDEEP

6144:6jsTSSIwCFrKGbP0oiDS8XoVGk+/GCr5AYe2q:6js2soeGb8xDzXqsPe2q

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/5ef62c780d7c9f82dea098972f66d5b3367841913444933cdb779adaecd06d1a.exe
unpack001/8adbbce057b86be80f590e726943d836b8125e53aa0a28a948ac9f29c4afd542.exe

Files

Random Bootkit.zip
.zip
5ef62c780d7c9f82dea098972f66d5b3367841913444933cdb779adaecd06d1a.exe
.exe windows:4 windows x86 arch:x86

f6899eb0c1456c845aee20b591c73298

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CreateFileA
GetEnvironmentVariableA
lstrcatA
lstrcpyA
GetShortPathNameA
GetModuleFileNameA
CopyFileA
GetSystemDirectoryA
GetWindowsDirectoryA
VirtualFree
WriteFile
ReadFile
SetFilePointer
VirtualAlloc
SetFilePointerEx
LockResource
LoadResource
FindResourceA
GetVersionExA
GetStartupInfoA
GetModuleHandleA

shell32

ShellExecuteA

msvcrt

??3@YAXPAX@Z
??2@YAPAXI@Z
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_strcmpi

Sections

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
6b0cd074a6c556f4d1fe0088c15160eb13f847974c4307f9eeeea4dc33d49286.exe
.exe windows:4 windows x86 arch:x86

298dcf923984bab305f7bca926228b11

Code Sign

4b:f9:fc:cd:90:8c:24:4d:bb:fe:bb:b7:75:73:81:55
Certificate

Issuer

CN=VMware INC.

Not Before

19/11/2013, 08:45

Not After

31/12/2039, 23:59

Subject

CN=VMware INC.

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

08:8c:ab:60:f7:d8:b2:02:e8:04:2c:fb:51:ac:3a:ba:b1:a3:d6:17
Signer

Actual PE Digest

08:8c:ab:60:f7:d8:b2:02:e8:04:2c:fb:51:ac:3a:ba:b1:a3:d6:17

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
CopyFileA
GetSystemDirectoryA
GetWindowsDirectoryA
GetProcAddress
LoadLibraryA
WriteFile
GetShortPathNameA
SetFilePointer
GetVersionExA
CloseHandle
CreateFileA
GetModuleHandleA
GetCurrentProcess
lstrcpyA
lstrcatA
ReadFile
GetEnvironmentVariableA
GetStartupInfoA

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

shell32

ShellExecuteA
StrStrA

msvcrt

_acmdln
printf
strcat
strcpy
memset
memcpy
strstr
_except_handler3
_exit
_XcptFilter
exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
8adbbce057b86be80f590e726943d836b8125e53aa0a28a948ac9f29c4afd542.exe
.exe windows:6 windows x64 arch:x64

356e1c50558d604bf308cdcb99bc878a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CreateFileA
CloseHandle
GetFileSize
GetLastError
GetModuleFileNameW
Sleep
GetTempPathA
CopyFileA
QueryPerformanceCounter
LocalFree
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTempPathW
FindClose
GetConsoleWindow
FindNextFileA
GetDriveTypeA
FindFirstFileA
GetCurrentProcessId
GetModuleHandleW
IsDebuggerPresent
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead

user32

SystemParametersInfoA
ShowWindow

advapi32

CryptDestroyKey
CryptAcquireContextW
CryptGenRandom
CryptGenKey
CryptReleaseContext
CryptExportKey

shell32

SHGetFolderPathA

ole32

CoUninitialize
CoInitialize
CoInitializeEx
CoInitializeSecurity
CoCreateInstance

oleaut32

SysStringLen
SysFreeString
SysAllocString
VariantClear
VariantInit

libcurl

curl_easy_setopt
curl_easy_init
curl_easy_cleanup
curl_global_cleanup
curl_easy_perform
curl_global_init

opencv_core4

??1Mat@cv@@QEAA@XZ
??0Mat@cv@@QEAA@XZ
?empty@Mat@cv@@QEBA_NXZ

opencv_imgcodecs4

?imwrite@cv@@YA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBV_InputArray@1@AEBV?$vector@HV?$allocator@H@std@@@3@@Z

opencv_videoio4

??1VideoCapture@cv@@UEAA@XZ
??0VideoCapture@cv@@QEAA@HH@Z
?isOpened@VideoCapture@cv@@UEBA_NXZ

msvcp140

?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?_Xlength_error@std@@YAXPEBD@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?uncaught_exceptions@std@@YAHXZ
?_Xout_of_range@std@@YAXPEBD@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?good@ios_base@std@@QEBA_NXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??7ios_base@std@@QEBA_NXZ
?set_new_handler@std@@YAP6AXXZP6AXXZ@Z

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_exception_destroy
__std_terminate
__std_type_info_compare
_purecall
__std_type_info_name
_CxxThrowException
memcpy
memmove
memset
__RTDynamicCast
memcmp
__C_specific_handler
__current_exception
__current_exception_context
__std_exception_copy
memchr

api-ms-win-crt-heap-l1-1-0

_aligned_malloc
_callnewh
malloc
_set_new_mode
_aligned_free
free

api-ms-win-crt-runtime-l1-1-0

_errno
_invalid_parameter_noinfo
_seh_filter_exe
_invalid_parameter_noinfo_noreturn
_c_exit
__p___argv
__p___argc
_exit
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_set_app_type
terminate
_cexit
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_register_thread_local_exe_atexit_callback

api-ms-win-crt-string-l1-1-0

tolower
strcmp

api-ms-win-crt-stdio-l1-1-0

setvbuf
fwrite
__p__commode
fflush
fsetpos
fread
ungetc
fclose
_set_fmode
fputc
_fseeki64
_get_stream_buffer_pointers
fgetpos
fgetc

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
rename
_lock_file

api-ms-win-crt-time-l1-1-0

_time64
strftime
_localtime64_s

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.0Dev
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
f428b4d0673ae67472fbe212086e70eeb5b6876e80a74b59ff8ba3e6def5e9b1.exe
.exe windows:4 windows x86 arch:x86

b9cd9f330c63bf88f4256d6a13e4217d

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

55:21:db:26:ce:0c:b3:e4
Certificate

Issuer

CN=TrustAsia.com Code Signing CA,O=Dotsoft Technologies\, Inc.,C=CN

Not Before

01/03/2011, 01:07

Not After

01/03/2014, 01:07

Subject

CN=亚洲诚信数字签名测试证书,O=上海域联软件技术有限公司,L=上海市,ST=上海市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04
Certificate

Issuer

CN=TrustAsia.com Root CA,O=Dotsoft Technologies\, Inc.,C=CN

Not Before

15/02/2010, 16:37

Not After

15/02/2020, 16:37

Subject

CN=TrustAsia.com Code Signing CA,O=Dotsoft Technologies\, Inc.,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

bd:0f:5e:71:6a:dc:aa:d0:ec:59:a8:e9:77:da:b8:93:8b:fd:12:b3
Signer

Actual PE Digest

bd:0f:5e:71:6a:dc:aa:d0:ec:59:a8:e9:77:da:b8:93:8b:fd:12:b3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpyA
GetShortPathNameA
GetModuleFileNameA
CopyFileA
GetSystemDirectoryA
GetWindowsDirectoryA
lstrcatA
WriteFile
ReadFile
SetFilePointer
VirtualAlloc
SetFilePointerEx
GetVersionExA
GetEnvironmentVariableA
CreateFileA
VirtualFree
CloseHandle
GetStartupInfoA
GetModuleHandleA

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

shell32

ShellExecuteA

msvcrt

??3@YAXPAX@Z
??2@YAPAXI@Z
strstr
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_strcmpi

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f6899eb0c1456c845aee20b591c73298

Headers

File Characteristics

Imports

kernel32

shell32

msvcrt

Sections

.data Size: 7KB - Virtual size: 7KB

.rsrc Size: 28KB - Virtual size: 28KB

298dcf923984bab305f7bca926228b11

Code Sign

4b:f9:fc:cd:90:8c:24:4d:bb:fe:bb:b7:75:73:81:55Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

08:8c:ab:60:f7:d8:b2:02:e8:04:2c:fb:51:ac:3a:ba:b1:a3:d6:17Signer

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

msvcrt

Sections

.text Size: 4KB - Virtual size: 2KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 64KB - Virtual size: 60KB

.rsrc Size: 4KB - Virtual size: 1KB

356e1c50558d604bf308cdcb99bc878a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

libcurl

opencv_core4

opencv_imgcodecs4

opencv_videoio4

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 162KB - Virtual size: 161KB

.rdata Size: 73KB - Virtual size: 72KB

.data Size: 9KB - Virtual size: 15KB

.pdata Size: 8KB - Virtual size: 8KB

.rsrc Size: 45KB - Virtual size: 45KB

.reloc Size: 3KB - Virtual size: 3KB

.0Dev Size: 8KB - Virtual size: 8KB

b9cd9f330c63bf88f4256d6a13e4217d

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

55:21:db:26:ce:0c:b3:e4Certificate

.data
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 28KB - Virtual size: 28KB

4b:f9:fc:cd:90:8c:24:4d:bb:fe:bb:b7:75:73:81:55
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

08:8c:ab:60:f7:d8:b2:02:e8:04:2c:fb:51:ac:3a:ba:b1:a3:d6:17
Signer

.text
Size: 4KB - Virtual size: 2KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 64KB - Virtual size: 60KB

.rsrc
Size: 4KB - Virtual size: 1KB

.text
Size: 162KB - Virtual size: 161KB

.rdata
Size: 73KB - Virtual size: 72KB

.data
Size: 9KB - Virtual size: 15KB

.pdata
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 45KB - Virtual size: 45KB

.reloc
Size: 3KB - Virtual size: 3KB

.0Dev
Size: 8KB - Virtual size: 8KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

55:21:db:26:ce:0c:b3:e4
Certificate

04
Certificate

bd:0f:5e:71:6a:dc:aa:d0:ec:59:a8:e9:77:da:b8:93:8b:fd:12:b3
Signer

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 36KB - Virtual size: 32KB

.rsrc
Size: 4KB - Virtual size: 1KB