西昌飓源风电开发有限公司电力平台需求文档(1)[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

西昌飓源风电开发有限公司电力平台需求文档(1).rar
Size

2.7MB
MD5

10b64203a159ac2a171524a68f9a4001
SHA1

538bed9580bc5b75376b7d27c0595a43cbf12174
SHA256

6798bee90fd60a74f3696a2e8419783cf17d4df29e45a38916bf1c1ed8c040e9
SHA512

3212933f29066b6112cb5410c0e1ccfa31caf62779e33162c58cda466b358e882bb8c8ace6a1dd7240f47b437abd3ef25f710bee13840b2c1226abd893aab1ed
SSDEEP

49152:hbBGD0W8RS3mxRXYzc3t6ReuaC0szVN6JtHjf0U0TPWvEwSuWqMwF5y:hbBQ0K3mxRXYg3UR0LJtDcz1wSBC5y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/西昌飓源风电开发有限公司电力平台需求文档/._MacOS_/onnxruntime.dll

Files

西昌飓源风电开发有限公司电力平台需求文档(1).rar
.rar
西昌飓源风电开发有限公司电力平台需求文档/._MacOS_/a2service.exe
.exe windows:5 windows x64 arch:x64

bab9519aabc801abc6d3fba56a93e151

Code Sign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

53:bd:da:e1:3b:b3:9b:0f:b3:45:a9:1c
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

05/09/2023, 07:05

Not After

05/09/2024, 07:05

Subject

SERIALNUMBER=9429041331842,CN=Emsisoft Limited,O=Emsisoft Limited,STREET=315a Hardy St,L=Nelson,ST=Nelson,C=NZ,1.2.840.113549.1.9.1=#0c0f6d6340656d7369736f66742e636f6d,1.3.6.1.4.1.311.60.2.1.3=#13024e5a,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:45

Not After

08/05/2033, 07:45

Subject

CN=Globalsign TSA for CodeSign1 - R6,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

91:4e:50:29:a4:bc:19:d1:2d:d7:0c:1c:c2:6f:af:da:c0:05:83:4f:4f:e1:c1:99:44:02:37:de:3f:9d:6b:8f
Signer

Actual PE Digest

91:4e:50:29:a4:bc:19:d1:2d:d7:0c:1c:c2:6f:af:da:c0:05:83:4f:4f:e1:c1:99:44:02:37:de:3f:9d:6b:8f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Buildserver\agent\_work\7\s\a-squared64\a2service.pdb

Imports

shlwapi

PathMatchSpecW

shell32

DoEnvironmentSubstW
SHGetSpecialFolderPathW
ShellExecuteW

user32

GetMessageW
DrawTextExW
CharLowerBuffW
PeekMessageW
RegisterDeviceNotificationW
GetSystemMetrics
PostMessageW
MessageBoxW
GetSysColor
CharUpperBuffW
CopyIcon
DrawIconEx
MsgWaitForMultipleObjects
FrameRect
GetClassNameW
DestroyIcon
GetIconInfo
FillRect
DispatchMessageW
GetClipboardData
EnumWindows
EnumThreadWindows
CharUpperW
LoadIconW
UnregisterDeviceNotification
PostThreadMessageW
DrawFocusRect
DestroyWindow
GetWindowThreadProcessId
CharNextW
GetDC
CreateIcon
LoadStringW
CreateIconIndirect
ReleaseDC
ExitWindowsEx

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

oleaut32

SafeArrayPutElement
SetErrorInfo
GetErrorInfo
VariantInit
VariantClear
SysFreeString
SafeArrayAccessData
SysReAllocStringLen
SafeArrayCreate
CreateErrorInfo
SafeArrayGetElement
SysAllocStringLen
SafeArrayUnaccessData
SafeArrayPtrOfIndex
VariantCopy
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopyInd
VariantChangeType

advapi32

ControlService
GetAce
CryptDestroyKey
CryptImportKey
CreateServiceW
OpenThreadToken
CryptDestroyHash
RegisterServiceCtrlHandlerExW
RegUnLoadKeyW
CryptReleaseContext
RegSaveKeyW
CryptVerifySignatureW
DeleteService
EqualSid
BuildExplicitAccessWithNameA
RegReplaceKeyW
UnlockServiceDatabase
QueryServiceStatusEx
GetTokenInformation
LookupAccountSidW
ChangeServiceConfigW
RegCreateKeyExW
CryptAcquireContextW
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
SetEntriesInAclW
SetEntriesInAclA
RevertToSelf
RegEnumKeyExW
AdjustTokenPrivileges
QueryServiceConfigW
LookupPrivilegeValueW
OpenSCManagerW
RegOpenKeyExW
AllocateAndInitializeSid
RegDeleteValueW
ImpersonateLoggedOnUser
RegFlushKey
RegEnumValueW
RegQueryValueExW
SetServiceObjectSecurity
CryptHashData
InitializeSecurityDescriptor
RegRestoreKeyW
EnumServicesStatusW
CloseServiceHandle
RegSetValueExW
RegConnectRegistryW
ConvertStringSidToSidW
StartServiceCtrlDispatcherW
GetUserNameW
QueryServiceObjectSecurity
DeregisterEventSource
RegQueryInfoKeyW
CryptGenRandom
SetServiceStatus
CryptGetHashParam
IsValidSid
DuplicateTokenEx
StartServiceW
RegisterEventSourceW
CreateProcessAsUserW
LockServiceDatabase
ChangeServiceConfig2W
OpenServiceW
ImpersonateNamedPipeClient
CreateProcessWithLogonW
RegLoadKeyW
QueryServiceStatus
RegDeleteKeyW
OpenProcessToken
FreeSid
ReportEventW
SetNamedSecurityInfoW
ConvertSidToStringSidW
RegCloseKey
CryptCreateHash
LogonUserW

netapi32

NetWkstaGetInfo
NetApiBufferFree

msvcrt

isupper
isalpha
isalnum
toupper
memchr
memcmp
memcpy
memset
isprint
isspace
iscntrl
isxdigit
ispunct
isgraph
islower
tolower

wevtapi

EvtClose
EvtCreateRenderContext
EvtSubscribe
EvtRender

kernel32

SetFileTime
FlushViewOfFile
GetACP
DeleteAtom
GetExitCodeProcess
LocalFree
CloseHandle
SizeofResource
GetCurrentProcessId
TerminateThread
IsDebuggerPresent
SetHandleInformation
GetFullPathNameW
FindNextFileW
ReplaceFileW
GetCPInfoExW
GetSystemTime
FindAtomW
GetTempPathA
EnumSystemLocalesW
CreateWaitableTimerW
GetTimeZoneInformation
FileTimeToLocalFileTime
SystemTimeToTzSpecificLocalTime
FreeLibrary
HeapDestroy
GetUserDefaultLCID
GetDiskFreeSpaceA
SetLastError
GetModuleFileNameW
GetLastError
OpenMutexW
CompareStringW
CreateThread
GetFileSizeEx
HeapValidate
LoadLibraryA
CreateMutexW
ResetEvent
GetVolumeInformationW
OpenEventW
RaiseException
FormatMessageW
GetCurrentThread
FoldStringW
GetLogicalDrives
HeapReAlloc
LoadLibraryExW
FileTimeToSystemTime
VirtualQuery
GlobalFindAtomW
VirtualQueryEx
Sleep
SetFilePointer
FlushFileBuffers
LoadResource
SuspendThread
GetTickCount
WritePrivateProfileStringW
HeapCompact
WaitForMultipleObjects
GetFileSize
GetStartupInfoW
GetFileAttributesW
GetThreadPriority
SetThreadPriority
VirtualAlloc
GetSystemInfo
GetTempPathW
LeaveCriticalSection
GetVolumePathNamesForVolumeNameW
SetWaitableTimer
GetLogicalDriveStringsW
HeapCreate
VerSetConditionMask
GetDiskFreeSpaceW
GetUserDefaultUILanguage
WaitForSingleObjectEx
HeapFree
WideCharToMultiByte
MultiByteToWideChar
FindClose
LoadLibraryW
SetEvent
GetLocaleInfoW
FormatMessageA
ConnectNamedPipe
GetLocalTime
WaitForSingleObject
OpenThread
DeleteCriticalSection
SetErrorMode
TzSpecificLocalTimeToSystemTime
GetComputerNameW
IsValidLocale
FindNextVolumeW
LocalAlloc
GetPrivateProfileStringW
SetFileAttributesW
QueryDosDeviceW
RtlUnwindEx
VirtualProtect
UnlockFile
CreateSemaphoreW
ReadProcessMemory
QueryPerformanceFrequency
SetProcessWorkingSetSize
VirtualFree
GetProcessHeap
ExitProcess
HeapAlloc
GetFileAttributesA
GetLongPathNameW
RtlUnwind
GetCPInfo
GetStdHandle
DisconnectNamedPipe
GetModuleHandleW
TryEnterCriticalSection
ReadFile
FileTimeToDosDateTime
CreateProcessW
HeapSize
FindResourceW
LockFileEx
CopyFileW
MapViewOfFile
AreFileApisANSI
MulDiv
CreateFileA
GetVersion
GetDriveTypeW
GetComputerNameExW
FreeResource
DeleteFileA
SetThreadExecutionState
MoveFileW
GlobalAddAtomW
GetSystemTimeAsFileTime
OpenProcess
SwitchToThread
FindVolumeClose
GetExitCodeThread
OutputDebugStringW
GetFileAttributesExW
SetThreadUILanguage
TerminateProcess
LockResource
FindFirstVolumeW
CancelIo
GetCurrentThreadId
UnhandledExceptionFilter
MoveFileExW
EnterCriticalSection
ReleaseMutex
AddAtomW
GetFullPathNameA
GlobalDeleteAtom
SetCurrentDirectoryW
GetCurrentDirectoryW
InitializeCriticalSection
GetCurrentProcess
GetCommandLineW
ResumeThread
GetProcAddress
DuplicateHandle
GetVersionExW
GetThreadTimes
VerifyVersionInfoW
GetProcessTimes
GetWindowsDirectoryW
UnlockFileEx
GetProcessAffinityMask
LCMapStringW
DeviceIoControl
FindFirstFileW
LockFile
UnmapViewOfFile
lstrlenW
SetEndOfFile
QueryPerformanceCounter
ReleaseSemaphore
CreateFileW
SystemTimeToFileTime
GetSystemDirectoryW
DeleteFileW
GetEnvironmentVariableW
OutputDebugStringA
WriteFile
ExitThread
CreateNamedPipeW
CreateFileMappingW
CreatePipe
TlsGetValue
GetDateFormatW
TlsSetValue
CreateDirectoryW
GetSystemDefaultUILanguage
GetOverlappedResult
EnumCalendarInfoW
RemoveDirectoryW
CreateEventW
SetThreadLocale
GetThreadLocale

wintrust

CryptCATCatalogInfoFromContext
CryptCATAdminAcquireContext
CryptCATAdminEnumCatalogFromHash
WinVerifyTrust
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminReleaseContext
CryptCATAdminReleaseCatalogContext

crypt32

CertGetNameStringW
CryptQueryObject
CertFindCertificateInStore
CertCloseStore
CryptMsgGetParam
CryptMsgClose

sfc

SfcIsFileProtected

ole32

IsEqualGUID
CoInitializeEx
CreateBindCtx
MkParseDisplayName
CoInitialize
CoCreateGuid
CoCreateInstance
CoUninitialize

userenv

GetAllUsersProfileDirectoryW

iphlpapi

GetNetworkParams

secur32

GetUserNameExW

gdi32

Arc
Pie
SetBkMode
SelectPalette
CreateCompatibleBitmap
GetEnhMetaFileHeader
MaskBlt
AngleArc
DeleteEnhMetaFile
ResizePalette
Chord
SetTextColor
StretchBlt
SetDIBits
RealizePalette
SetDIBColorTable
GetDIBColorTable
RoundRect
GetTextMetricsW
GetWindowOrgEx
CreatePalette
CreateBrushIndirect
PatBlt
SetEnhMetaFileBits
PolyBezierTo
GetStockObject
Polygon
Rectangle
MoveToEx
DeleteDC
PlayEnhMetaFile
BitBlt
Ellipse
GetDeviceCaps
GetBitmapBits
GetTextExtentPoint32W
GetClipBox
Polyline
GetSystemPaletteEntries
GetEnhMetaFileBits
CreateBitmap
SetWinMetaFileBits
CreateDIBitmap
GetStretchBltMode
CreateDIBSection
CreatePenIndirect
SetStretchBltMode
GetEnhMetaFilePaletteEntries
GetDIBits
CreateFontIndirectW
PolyBezier
LineTo
CreateHalftonePalette
DeleteObject
SelectObject
ExtFloodFill
UnrealizeObject
CopyEnhMetaFileW
SetBkColor
CreateCompatibleDC
GetObjectW
GetBrushOrgEx
GetCurrentPositionEx
GetWinMetaFileBits
SetROP2
GetNearestPaletteIndex
ExtTextOutW
SetBrushOrgEx
GetEnhMetaFileDescriptionW
GetPixel
ArcTo
GdiFlush
SetPixel
StretchDIBits
GetPaletteEntries

ntdll

NtQuerySymbolicLinkObject
NtQueryInformationFile
NtClose
RtlInitUnicodeString
NtOpenDirectoryObject
NtOpenSymbolicLinkObject

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 8.8MB - Virtual size: 8.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 76KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 155B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 600B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 109B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 352KB - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.pdata
Size: 486KB - Virtual size: 485KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 365KB - Virtual size: 365KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.debug
Size: 109B - Virtual size: 109B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
西昌飓源风电开发有限公司电力平台需求文档/._MacOS_/onnxruntime.dll
.dll windows:6 windows x64 arch:x64

95d57e972dc2bd89f31cca591d71ecb5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateFileW
DeleteCriticalSection
EncodePointer
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileExW
FindNextFileW
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetConsoleOutputCP
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStringsW
GetFileType
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
InitializeSListHead
InterlockedFlushSList
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
LCMapStringW
LeaveCriticalSection
LoadLibraryExW
MultiByteToWideChar
QueryPerformanceCounter
RaiseException
RtlCaptureContext
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwindEx
RtlVirtualUnwind
SetFilePointerEx
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
WideCharToMultiByte
WriteConsoleW
WriteFile

Exports

Exports

OrtGetApiBase
OrtGetWinMLAdapter
OrtSessionOptionsAppendExecutionProviderEx_DML
OrtSessionOptionsAppendExecutionProvider_CPU
OrtSessionOptionsAppendExecutionProvider_DML

Sections

.text
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gxfg
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.retplne
Size: 512B - Virtual size: 140B

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
西昌飓源风电开发有限公司电力平台需求文档/西昌飓源风电开发有限公司电力平台需求文档.lnk
.lnk

Sharing

General

Malware Config

Signatures

Files

bab9519aabc801abc6d3fba56a93e151

Code Sign

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

53:bd:da:e1:3b:b3:9b:0f:b3:45:a9:1cCertificate

Extended Key Usages

Key Usages

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6aCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

91:4e:50:29:a4:bc:19:d1:2d:d7:0c:1c:c2:6f:af:da:c0:05:83:4f:4f:e1:c1:99:44:02:37:de:3f:9d:6b:8fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

shell32

user32

version

oleaut32

advapi32

netapi32

msvcrt

wevtapi

kernel32

wintrust

crypt32

sfc

ole32

userenv

iphlpapi

secur32

gdi32

ntdll

Exports

Exports

Sections

.text Size: 8.8MB - Virtual size: 8.8MB

.data Size: 1.1MB - Virtual size: 1.1MB

.bss Size: - Virtual size: 76KB

.idata Size: 17KB - Virtual size: 16KB

.didata Size: 2KB - Virtual size: 1KB

.edata Size: 512B - Virtual size: 155B

.tls Size: - Virtual size: 600B

.rdata Size: 512B - Virtual size: 109B

.reloc Size: 352KB - Virtual size: 352KB

.pdata Size: 486KB - Virtual size: 485KB

.rsrc Size: 365KB - Virtual size: 365KB

.debug Size: 109B - Virtual size: 109B

95d57e972dc2bd89f31cca591d71ecb5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 161KB - Virtual size: 161KB

.rdata Size: 36KB - Virtual size: 36KB

.data Size: 7KB - Virtual size: 11KB

.pdata Size: 4KB - Virtual size: 4KB

.00cfg Size: 512B - Virtual size: 56B

.gxfg Size: 4KB - Virtual size: 3KB

04:00:00:00:00:01:21:58:53:08:a2
Certificate

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

53:bd:da:e1:3b:b3:9b:0f:b3:45:a9:1c
Certificate

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

91:4e:50:29:a4:bc:19:d1:2d:d7:0c:1c:c2:6f:af:da:c0:05:83:4f:4f:e1:c1:99:44:02:37:de:3f:9d:6b:8f
Signer

.text
Size: 8.8MB - Virtual size: 8.8MB

.data
Size: 1.1MB - Virtual size: 1.1MB

.bss
Size: - Virtual size: 76KB

.idata
Size: 17KB - Virtual size: 16KB

.didata
Size: 2KB - Virtual size: 1KB

.edata
Size: 512B - Virtual size: 155B

.tls
Size: - Virtual size: 600B

.rdata
Size: 512B - Virtual size: 109B

.reloc
Size: 352KB - Virtual size: 352KB

.pdata
Size: 486KB - Virtual size: 485KB

.rsrc
Size: 365KB - Virtual size: 365KB

.debug
Size: 109B - Virtual size: 109B

.text
Size: 161KB - Virtual size: 161KB

.rdata
Size: 36KB - Virtual size: 36KB

.data
Size: 7KB - Virtual size: 11KB

.pdata
Size: 4KB - Virtual size: 4KB

.00cfg
Size: 512B - Virtual size: 56B

.gxfg
Size: 4KB - Virtual size: 3KB

.retplne
Size: 512B - Virtual size: 140B

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 512B - Virtual size: 424B

.reloc
Size: 2KB - Virtual size: 1KB