8532c4dcf479280bb6a4df8aac267534_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8532c4dcf479280bb6a4df8aac267534_JaffaCakes118
Size

9.3MB
MD5

8532c4dcf479280bb6a4df8aac267534
SHA1

3cff9ab1890b4f48430e9c4512d07c835758a799
SHA256

4d6c7a890abb3c0fd3aa96da85eeca09a12dd9e7adb6328a02e5da20589115db
SHA512

685f79afa7c9cb017260067a2e01e0f1c39b32f67a3f32d48020de69544feb6ad0f4de1e5d8d20a5a1c71661d3ae7a1535bb3c2e9a63a497a35390bce0e2484d
SSDEEP

196608:W+5HU8wsNF1OTQBhscHJ601tL2n4hXevictRp6EqTUN17n54BFALl1IQaD:W++8wY1O8Mx01w4oqKwEqTUN55CIl1I5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/OneKey Ghost 14.5.8.215 - HoangTueBlog.Blogspot.Com/OneKeyGhost.HoangTueBlog.Blogspot.Com.exe

Files

8532c4dcf479280bb6a4df8aac267534_JaffaCakes118
.rar
OneKey Ghost 14.5.8.215 - HoangTueBlog.Blogspot.Com/Ghost.115
OneKey Ghost 14.5.8.215 - HoangTueBlog.Blogspot.Com/Ghost32.exe
.exe windows:4 windows x86 arch:x86

8ef7521c837f8112d99489882cc9d341

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ed:f8:34:0c:df:06:0c:09:9e:1a:64:72:f7:6d:b4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

11/09/2006, 00:00

Not After

24/11/2007, 23:59

Subject

CN=Symantec Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Symantec Research Labs,O=Symantec Corporation,L=Santa Monica,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

94:de:09:52:09:0d:e9:13:b1:ae:5d:8a:70:78:42:bd:fb:ae:19:30
Signer

Actual PE Digest

94:de:09:52:09:0d:e9:13:b1:ae:5d:8a:70:78:42:bd:fb:ae:19:30

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\depot\ghost\gsstrunk\ghost\ghost\src\core\vs2005\win32\release\Ghost32.pdb

Imports

kernel32

GetVersionExA
GetProcessHeap
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetCPInfo
GetProcAddress
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetCurrentThread
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
GetTimeZoneInformation
WriteFile
GetStdHandle
GetModuleFileNameA
ExitProcess
CloseHandle
HeapSize
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
GetTimeFormatA
GetDateFormatA
GetACP
GetCommandLineA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
GetStringTypeW
LoadLibraryA
GetLocaleInfoW
FreeLibrary
SetStdHandle
CreateFileA
ReadFile
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
SetUnhandledExceptionFilter
CompareStringW
SetEnvironmentVariableA
ResumeThread
ExitThread
LocalFree
LocalAlloc
BackupRead
BackupSeek
SetFileAttributesA
SetFileTime
FindFirstFileA
GetBinaryTypeA
MoveFileA
RemoveDirectoryA
DeleteFileA
CreateDirectoryA
GetDiskFreeSpaceA
GetVolumeInformationA
QueryPerformanceFrequency
SetEvent
ReadProcessMemory
GetLogicalDriveStringsA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
HeapAlloc
SetConsoleCtrlHandler
GetOEMCP
IsDebuggerPresent
RaiseException
HeapFree
GetLastError
VirtualQuery
GetSystemInfo
VirtualLock
SetProcessWorkingSetSize
GetProcessWorkingSetSize
CreateFileW
GetFileSize
DeviceIoControl
SetErrorMode
CreateEventA
GetOverlappedResult
WaitForSingleObject
FreeConsole
FormatMessageA
CreateThread
GlobalMemoryStatus
IsBadWritePtr
GetThreadContext
GetLogicalDrives
GetDriveTypeA
DefineDosDeviceW
ResetEvent
GetCurrentDirectoryA
FindClose
FindNextFileA
FileTimeToLocalFileTime
IsDBCSLeadByteEx
GetEnvironmentVariableW
SystemTimeToFileTime
FileTimeToSystemTime
LocalFileTimeToFileTime
InterlockedCompareExchange
ReadConsoleInputA
SetConsoleMode
GetFileAttributesA
GetFullPathNameA
GetSystemTimeAsFileTime
RtlUnwind
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedExchange
Sleep
InterlockedDecrement
CompareStringA
InterlockedIncrement

ws2_32

recvfrom
WSAAddressToStringA
sendto
WSASocketA
getsockopt
getsockname
ntohl
WSASendTo
send
WSARecvFrom
WSARecv
WSAIoctl
setsockopt
shutdown
recv
WSAEventSelect
WSAWaitForMultipleEvents
ioctlsocket
WSAEnumNetworkEvents
WSASend
inet_ntoa
gethostname
gethostbyname
WSAStartup
WSACleanup
closesocket
WSACloseEvent
htons
htonl
WSACreateEvent
socket
connect
WSAGetLastError
accept
bind
listen
inet_addr
WSASetLastError

imm32

ImmDisableIME

imagehlp

ImageRemoveCertificate
ImageGetCertificateHeader

user32

SetWindowPos
GetWindowRect
GetDesktopWindow
GetDC
CreateWindowExA
RegisterClassA
SetWindowTextW
ScreenToClient
GetCursorPos
FindWindowExW
GetUpdateRect
DefWindowProcA
GetKeyboardState
ToAscii
GetKeyState
ReleaseDC
DestroyWindow
PeekMessageA
TranslateMessage
DispatchMessageA
CharToOemA
ExitWindowsEx
ValidateRect
GetCapture
SetCapture
LoadCursorA
SetCursor
TrackMouseEvent
ReleaseCapture
GetFocus
SetFocus
AdjustWindowRect

gdi32

GetPixel
StretchDIBits
CreatePalette
SelectPalette
RealizePalette
CreateSolidBrush
DeleteObject
SelectObject

advapi32

LookupPrivilegeValueA
RegOpenKeyExA
RegOpenKeyA
RegQueryValueExA
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
OpenProcessToken
AdjustTokenPrivileges

rpcrt4

UuidCreate

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

ole32

CoUninitialize
CoInitialize
OleRun
CoCreateInstance

oleaut32

SysAllocString
SysFreeString

Sections

.text
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 732KB - Virtual size: 731KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 240KB - Virtual size: 653KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
OneKey Ghost 14.5.8.215 - HoangTueBlog.Blogspot.Com/Ghost64.exe
.exe windows:4 windows x64 arch:x64

d86ee39b6c67269678de2774bad4250a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

75:8f:5e:e8:26:3b:66:94:71:9d:84:34:eb:99:86:08
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

31/10/2007, 00:00

Not After

24/11/2010, 23:59

Subject

CN=Symantec Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Symantec Research Labs,O=Symantec Corporation,L=Santa Monica,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:5b:4f:70:52:1e:1e:65:93:6c:67:49:14:5d:97:1a:03:d9:1a:0f
Signer

Actual PE Digest

30:5b:4f:70:52:1e:1e:65:93:6c:67:49:14:5d:97:1a:03:d9:1a:0f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

r:\depot_cont\ghost\gsstrunk\ghost\ghost\src\core\vs2005\x64\release\Ghost64.pdb

Imports

ws2_32

recvfrom
WSASetLastError
gethostname
gethostbyname
inet_ntoa
WSACloseEvent
WSACleanup
WSAStartup
WSACreateEvent
WSASend
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
htonl
listen
htons
inet_addr
closesocket
WSAEventSelect
WSAGetLastError
ioctlsocket
shutdown
setsockopt
recv
accept
WSAAddressToStringA
WSASocketA
getsockopt
getsockname
send
ntohl
WSASendTo
WSARecvFrom
WSARecv
WSAIoctl
socket
connect
bind
sendto

imm32

ImmDisableIME

imagehlp

ImageGetCertificateHeader
ImageRemoveCertificate

kernel32

CreateFileA
CloseHandle
GetLocaleInfoA
GetModuleFileNameA
FreeLibrary
GetProcAddress
LoadLibraryA
GetLastError
GetModuleHandleA
GetVersionExA
IsValidCodePage
IsDBCSLeadByteEx
MultiByteToWideChar
WideCharToMultiByte
GetOEMCP
GetConsoleCP
GetConsoleOutputCP
GetACP
SystemTimeToFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
RtlCaptureStackBackTrace
IsDebuggerPresent
DebugBreak
DeleteCriticalSection
OutputDebugStringA
WriteFile
SetFilePointer
SetEndOfFile
ReadFile
GetStdHandle
VirtualAlloc
GetSystemInfo
VirtualFree
CreateFileW
LockResource
GetCurrentThreadId
DeleteFileW
GetThreadContext
GetModuleHandleW
VirtualQuery
FindResourceW
LoadLibraryW
LoadResource
Sleep
SizeofResource
ResumeThread
CreateThread
WaitForSingleObject
SetEvent
CreateEventW
FindNextFileA
GetFileAttributesExA
GetFileAttributesW
GetLocalTime
GetSystemTime
GetStringTypeA
GetLocaleInfoW
GetFileAttributesA
GetDiskFreeSpaceA
CreateDirectoryA
DeleteFileA
RemoveDirectoryA
MoveFileA
GetBinaryTypeA
GetFileInformationByHandle
GetVolumeInformationA
GetDriveTypeA
GetFullPathNameA
GetCurrentDirectoryA
GetDiskFreeSpaceW
FindFirstFileA
GetTickCount
SetFileAttributesA
LocalFree
LocalAlloc
BackupSeek
BackupRead
QueryPerformanceCounter
QueryPerformanceFrequency
CreateEventA
ResetEvent
InitializeCriticalSection
DefineDosDeviceW
GetCurrentProcess
GetCurrentThread
FormatMessageA
SetUnhandledExceptionFilter
GetCurrentProcessId
RaiseException
GlobalMemoryStatus
FreeConsole
DeviceIoControl
HeapFree
HeapAlloc
GetProcessHeap
ReadProcessMemory
VirtualLock
SetProcessWorkingSetSize
GetProcessWorkingSetSize
VirtualUnlock
FindClose
GetLogicalDriveStringsA
SetLastError
GetFileSize
GetOverlappedResult
TerminateProcess
UnhandledExceptionFilter
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlPcToFileHeader
ExitProcess
GetDateFormatA
GetTimeFormatA
SetConsoleCtrlHandler
GetCommandLineA
ExitThread
LCMapStringA
LCMapStringW
GetCPInfo
GetStringTypeW
GetTimeZoneInformation
RtlVirtualUnwind
FlsGetValue
FlsSetValue
TlsFree
FlsFree
TlsSetValue
FlsAlloc
SetHandleCount
GetFileType
GetStartupInfoA
GetConsoleMode
FlushFileBuffers
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleA
WriteConsoleW
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetLogicalDrives
SetFileTime
SetConsoleMode
ReadConsoleInputA
GetDriveTypeW
GetVolumeNameForVolumeMountPointW
GetEnvironmentVariableW
SetErrorMode
GetVolumePathNameW

rpcrt4

UuidCreate

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

user32

RegisterDeviceNotificationA
KillTimer
UnregisterClassA
SetTimer
ExitWindowsEx
GetUpdateRect
ValidateRect
LoadCursorA
FindWindowExW
GetFocus
SetFocus
AdjustWindowRect
DefWindowProcA
GetKeyboardState
ToAscii
GetKeyState
ReleaseDC
DestroyWindow
GetCursorPos
ScreenToClient
PeekMessageA
TranslateMessage
DispatchMessageA
SetWindowTextW
ShowWindow
RegisterClassA
CreateWindowExA
GetDC
GetDesktopWindow
GetWindowRect
SetWindowPos
SetCursor

gdi32

SelectObject
GetPixel
StretchDIBits
CreatePalette
SelectPalette
RealizePalette
CreateSolidBrush
DeleteObject

advapi32

RegOpenKeyExW
RegEnumValueW
RegQueryInfoKeyA
RegOpenKeyExA
RegDeleteKeyA
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA
RegQueryInfoKeyW
StartServiceW
CreateServiceA
ControlService
StartServiceA
OpenSCManagerA
OpenServiceA
DeleteService
CloseServiceHandle
LookupPrivilegeValueW
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyA
SetFileSecurityW
GetFileSecurityW
RegCloseKey
RegEnumKeyExW
RegGetKeySecurity
OpenSCManagerW
OpenServiceW
QueryServiceStatus
RegSetKeySecurity
RegDeleteKeyW
RegQueryValueExA
RegSetValueExW
RegDeleteValueW
RegCreateKeyExW
RegQueryValueExW
RegLoadKeyW
RegUnLoadKeyW
RegEnumValueA
RegEnumKeyExA
RegUnLoadKeyA
RegLoadKeyA

ole32

CoSetProxyBlanket
CoCreateInstance
OleRun
CoInitializeEx
CoUninitialize
CoInitialize
CoInitializeSecurity
CoTaskMemFree

oleaut32

SysAllocString
SysFreeString
SafeArrayDestroy
SafeArrayAccessData

Sections

.text
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 298KB - Virtual size: 918KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 371KB - Virtual size: 371KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mixcrt
Size: 512B - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
OneKey Ghost 14.5.8.215 - HoangTueBlog.Blogspot.Com/Hoàng Tuệ Blog.url
OneKey Ghost 14.5.8.215 - HoangTueBlog.Blogspot.Com/OneKeyGhost.HoangTueBlog.Blogspot.Com.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

B3tHjV4a
Size: - Virtual size: 816KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SR9uhkj2
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

MF7sHnMy
Size: 454KB - Virtual size: 456KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

AeGrAapq
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

D5fdzIz2
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
OneKey Ghost 14.5.8.215 - HoangTueBlog.Blogspot.Com/Readme.txt

Sharing

General

Malware Config

Signatures

Files

8ef7521c837f8112d99489882cc9d341

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

01:ed:f8:34:0c:df:06:0c:09:9e:1a:64:72:f7:6d:b4Certificate

Extended Key Usages

Key Usages

94:de:09:52:09:0d:e9:13:b1:ae:5d:8a:70:78:42:bd:fb:ae:19:30Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

ws2_32

imm32

imagehlp

user32

gdi32

advapi32

rpcrt4

version

ole32

oleaut32

Sections

.text Size: 4.1MB - Virtual size: 4.1MB

.rdata Size: 732KB - Virtual size: 731KB

.data Size: 240KB - Virtual size: 653KB

.rsrc Size: 12KB - Virtual size: 11KB

d86ee39b6c67269678de2774bad4250a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

75:8f:5e:e8:26:3b:66:94:71:9d:84:34:eb:99:86:08Certificate

Extended Key Usages

Key Usages

30:5b:4f:70:52:1e:1e:65:93:6c:67:49:14:5d:97:1a:03:d9:1a:0fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

imm32

imagehlp

kernel32

rpcrt4

version

user32

gdi32

advapi32

ole32

oleaut32

Sections

.text Size: 4.7MB - Virtual size: 4.7MB

.rdata Size: 1.7MB - Virtual size: 1.7MB

.data Size: 298KB - Virtual size: 918KB

.pdata Size: 371KB - Virtual size: 371KB

.mixcrt Size: 512B - Virtual size: 1B

.rsrc Size: 12KB - Virtual size: 11KB

Headers

DLL Characteristics

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

01:ed:f8:34:0c:df:06:0c:09:9e:1a:64:72:f7:6d:b4
Certificate

94:de:09:52:09:0d:e9:13:b1:ae:5d:8a:70:78:42:bd:fb:ae:19:30
Signer

.text
Size: 4.1MB - Virtual size: 4.1MB

.rdata
Size: 732KB - Virtual size: 731KB

.data
Size: 240KB - Virtual size: 653KB

.rsrc
Size: 12KB - Virtual size: 11KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

75:8f:5e:e8:26:3b:66:94:71:9d:84:34:eb:99:86:08
Certificate

30:5b:4f:70:52:1e:1e:65:93:6c:67:49:14:5d:97:1a:03:d9:1a:0f
Signer

.text
Size: 4.7MB - Virtual size: 4.7MB

.rdata
Size: 1.7MB - Virtual size: 1.7MB

.data
Size: 298KB - Virtual size: 918KB

.pdata
Size: 371KB - Virtual size: 371KB

.mixcrt
Size: 512B - Virtual size: 1B

.rsrc
Size: 12KB - Virtual size: 11KB

B3tHjV4a
Size: - Virtual size: 816KB

SR9uhkj2
Size: 5KB - Virtual size: 8KB

MF7sHnMy
Size: 454KB - Virtual size: 456KB

AeGrAapq
Size: 1024B - Virtual size: 4KB

D5fdzIz2
Size: 17KB - Virtual size: 20KB