a1400636c494bc8b115f61f550d03652_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a1400636c494bc8b115f61f550d03652_JaffaCakes118
Size

3.4MB
MD5

a1400636c494bc8b115f61f550d03652
SHA1

caccaa4c8da785f06e25dc6810ae1b913735b730
SHA256

cfc1b501e7d826cb7b854fee69544c7bbff2b2a23720215803da606b2e5c82c4
SHA512

15b2f00eed512ac524f5b3142edcad43392ef4b4308b51cc4c649d57b5aa1d6edbeb2ddd5a7b486a4cbe3b83900ca09b61d311a3b9de4946dd00270e3d136460
SSDEEP

98304:lsO/IJTzDyqJdjJAcXmgrtViLc8g0DJM8L1XK9TAIq:6O/QTzDyqXSgxViLcP38B+MIq

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/phptxt/imkefudata/themes/vista.zip
unpack001/phptxt/imkefudata/themes/zune.zip
unpack001/标准客户端/ImKefu.exe

Files

a1400636c494bc8b115f61f550d03652_JaffaCakes118
.rar
phptxt/ads/dialog.php
.html
phptxt/api/code.inc.php
.js
phptxt/api/debug.swf
phptxt/api/down.php
phptxt/api/download.swf
phptxt/api/getdata.php
phptxt/api/getfile.php
phptxt/api/imkefu.swf
phptxt/api/js/dialog.js
.js
phptxt/api/js/visitor.js
.js
phptxt/api/share.swf
phptxt/api/showpic.swf
phptxt/api/skins.swf
phptxt/api/skins.xml
phptxt/api/themes.php
phptxt/api/trylink.php
phptxt/api/visitor.inc.php
.js
phptxt/attachment/pic/Thumbs.db
phptxt/config.inc.php
phptxt/dialog.htm
.html .js polyglot
phptxt/download.htm
.html
phptxt/help.htm
.html
phptxt/im.php
.js
phptxt/images/Thumbs.db
phptxt/images/banner.jpg
.jpg
phptxt/images/bg.gif
.gif
phptxt/images/bottom_bg.gif
.gif
phptxt/images/defaultface.gif
.gif
phptxt/images/dialog_dot.gif
.gif
phptxt/images/dialog_info.gif
.gif
phptxt/images/dotx.gif
.gif
phptxt/images/info_01.gif
.gif
phptxt/images/info_02.gif
.gif
phptxt/images/info_03.gif
.gif
phptxt/images/info_04.gif
.gif
phptxt/images/info_05.gif
.gif
phptxt/images/info_06.gif
.gif
phptxt/images/info_07.gif
.gif
phptxt/images/info_08.gif
.gif
phptxt/images/info_09.gif
.gif
phptxt/images/info_10.gif
.gif
phptxt/images/list-bg.gif
.gif
phptxt/images/list-bg2.gif
.gif
phptxt/images/lm_bg.gif
.gif
phptxt/images/lm_bottom.gif
.gif
phptxt/images/lm_title.gif
.gif
phptxt/images/logo.gif
.gif
phptxt/images/nav_menu.gif
.gif
phptxt/images/new.gif
.gif
phptxt/images/new_bg.gif
.gif
phptxt/images/new_bottom.gif
.gif
phptxt/images/smiley/0.gif
.gif
phptxt/images/smiley/1.gif
.gif
phptxt/images/smiley/10.gif
.gif
phptxt/images/smiley/11.gif
.gif
phptxt/images/smiley/12.gif
.gif
phptxt/images/smiley/13.gif
.gif
phptxt/images/smiley/14.gif
.gif
phptxt/images/smiley/15.gif
.gif
phptxt/images/smiley/16.gif
.gif
phptxt/images/smiley/17.gif
.gif
phptxt/images/smiley/18.gif
.gif
phptxt/images/smiley/19.gif
.gif
phptxt/images/smiley/2.gif
.gif
phptxt/images/smiley/20.gif
.gif
phptxt/images/smiley/21.gif
.gif
phptxt/images/smiley/22.gif
.gif
phptxt/images/smiley/23.gif
.gif
phptxt/images/smiley/24.gif
.gif
phptxt/images/smiley/25.gif
.gif
phptxt/images/smiley/26.gif
.gif
phptxt/images/smiley/27.gif
.gif
phptxt/images/smiley/28.gif
.gif
phptxt/images/smiley/29.gif
.gif
phptxt/images/smiley/3.gif
.gif
phptxt/images/smiley/30.gif
.gif
phptxt/images/smiley/31.gif
.gif
phptxt/images/smiley/32.gif
.gif
phptxt/images/smiley/33.gif
.gif
phptxt/images/smiley/34.gif
.gif
phptxt/images/smiley/35.gif
.gif
phptxt/images/smiley/36.gif
.gif
phptxt/images/smiley/37.gif
.gif
phptxt/images/smiley/38.gif
.gif
phptxt/images/smiley/39.gif
.gif
phptxt/images/smiley/4.gif
.gif
phptxt/images/smiley/40.gif
.gif
phptxt/images/smiley/41.gif
.gif
phptxt/images/smiley/42.gif
.gif
phptxt/images/smiley/43.gif
.gif
phptxt/images/smiley/44.gif
.gif
phptxt/images/smiley/45.gif
.gif
phptxt/images/smiley/46.gif
.gif
phptxt/images/smiley/47.gif
.gif
phptxt/images/smiley/48.gif
.gif
phptxt/images/smiley/49.gif
.gif
phptxt/images/smiley/5.gif
.gif
phptxt/images/smiley/50.gif
.gif
phptxt/images/smiley/51.gif
.gif
phptxt/images/smiley/52.gif
.gif
phptxt/images/smiley/53.gif
.gif
phptxt/images/smiley/54.gif
.gif
phptxt/images/smiley/55.gif
.gif
phptxt/images/smiley/56.gif
.gif
phptxt/images/smiley/57.gif
.gif
phptxt/images/smiley/58.gif
.gif
phptxt/images/smiley/59.gif
.gif
phptxt/images/smiley/6.gif
.gif
phptxt/images/smiley/60.gif
.gif
phptxt/images/smiley/61.gif
.gif
phptxt/images/smiley/62.gif
.gif
phptxt/images/smiley/63.gif
.gif
phptxt/images/smiley/64.gif
.gif
phptxt/images/smiley/65.gif
.gif
phptxt/images/smiley/66.gif
.gif
phptxt/images/smiley/67.gif
.gif
phptxt/images/smiley/68.gif
.gif
phptxt/images/smiley/69.gif
.gif
phptxt/images/smiley/7.gif
.gif
phptxt/images/smiley/70.gif
.gif
phptxt/images/smiley/71.gif
.gif
phptxt/images/smiley/72.gif
.gif
phptxt/images/smiley/73.gif
.gif
phptxt/images/smiley/74.gif
.gif
phptxt/images/smiley/75.gif
.gif
phptxt/images/smiley/76.gif
.gif
phptxt/images/smiley/77.gif
.gif
phptxt/images/smiley/78.gif
.gif
phptxt/images/smiley/79.gif
.gif
phptxt/images/smiley/8.gif
.gif
phptxt/images/smiley/80.gif
.gif
phptxt/images/smiley/81.gif
.gif
phptxt/images/smiley/82.gif
.gif
phptxt/images/smiley/83.gif
.gif
phptxt/images/smiley/84.gif
.gif
phptxt/images/smiley/85.gif
.gif
phptxt/images/smiley/86.gif
.gif
phptxt/images/smiley/87.gif
.gif
phptxt/images/smiley/88.gif
.gif
phptxt/images/smiley/89.gif
.gif
phptxt/images/smiley/9.gif
.gif
phptxt/images/smiley/90.gif
.gif
phptxt/images/smiley/91.gif
.gif
phptxt/images/smiley/92.gif
.gif
phptxt/images/smiley/93.gif
.gif
phptxt/images/smiley/94.gif
.gif
phptxt/images/smiley/95.gif
.gif
phptxt/images/smiley/Thumbs.db
phptxt/images/style.css
phptxt/images/top_news.gif
.gif
phptxt/imkefudata/citylist.inc.php
phptxt/imkefudata/patch/imkefu.exe
.jpg
phptxt/imkefudata/patch/version.txt
phptxt/imkefudata/themes/Office2007.zip
.dll windows:4 windows x86 arch:x86

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2009, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7c:77:8f:22:eb:93:3a:28:79:c9:0b:a2:ec:17:18:f5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

30/11/2006, 00:00

Not After

20/10/2008, 23:59

Subject

CN=Codejock Technologies\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Codejock Software,O=Codejock Technologies\, LLC,L=Owosso,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

68:dc:ca:b4:82:02:29:91:3b:fa:b5:ff:e5:99:7e:af:8d:7f:7c:b9
Signer

Actual PE Digest

68:dc:ca:b4:82:02:29:91:3b:fa:b5:ff:e5:99:7e:af:8d:7f:7c:b9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 478KB - Virtual size: 477KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
phptxt/imkefudata/themes/Vista2.jpg
.jpg
phptxt/imkefudata/themes/Vista2.zip
.dll windows:4 windows x86 arch:x86

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2009, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7c:77:8f:22:eb:93:3a:28:79:c9:0b:a2:ec:17:18:f5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

30/11/2006, 00:00

Not After

20/10/2008, 23:59

Subject

CN=Codejock Technologies\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Codejock Software,O=Codejock Technologies\, LLC,L=Owosso,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ee:ba:fa:a2:be:ab:a8:95:6a:07:a6:3e:be:3b:42:f2:4b:6b:e9:5d
Signer

Actual PE Digest

ee:ba:fa:a2:be:ab:a8:95:6a:07:a6:3e:be:3b:42:f2:4b:6b:e9:5d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 703KB - Virtual size: 702KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
phptxt/imkefudata/themes/WinXP.Luna.jpg
.jpg
phptxt/imkefudata/themes/WinXP.Luna.zip
.dll windows:4 windows x86 arch:x86

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2009, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7c:77:8f:22:eb:93:3a:28:79:c9:0b:a2:ec:17:18:f5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

30/11/2006, 00:00

Not After

20/10/2008, 23:59

Subject

CN=Codejock Technologies\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Codejock Software,O=Codejock Technologies\, LLC,L=Owosso,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f2:70:0f:b5:f2:7f:3f:65:fd:db:a2:89:07:5a:4b:78:fa:ea:c9:2d
Signer

Actual PE Digest

f2:70:0f:b5:f2:7f:3f:65:fd:db:a2:89:07:5a:4b:78:fa:ea:c9:2d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
phptxt/imkefudata/themes/WinXP.Royale.jpg
.jpg
phptxt/imkefudata/themes/WinXP.Royale.zip
.dll windows:4 windows x86 arch:x86

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2009, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7c:77:8f:22:eb:93:3a:28:79:c9:0b:a2:ec:17:18:f5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

30/11/2006, 00:00

Not After

20/10/2008, 23:59

Subject

CN=Codejock Technologies\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Codejock Software,O=Codejock Technologies\, LLC,L=Owosso,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

49:55:57:75:7f:69:94:04:a5:73:3d:b7:4d:34:2f:84:24:9b:01:61
Signer

Actual PE Digest

49:55:57:75:7f:69:94:04:a5:73:3d:b7:4d:34:2f:84:24:9b:01:61

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 502KB - Virtual size: 501KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
phptxt/imkefudata/themes/vista.jpg
.jpg
phptxt/imkefudata/themes/vista.zip
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
phptxt/imkefudata/themes/zune.jpg
.jpg
phptxt/imkefudata/themes/zune.zip
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
phptxt/imkefudata/userdata/200001/info.php
phptxt/imkefudata/users.php
phptxt/imkefudata/visitor.php
phptxt/imkefudata/visitorIndex.php
phptxt/imkefudata/wry.dat
phptxt/include/cal.func.php
phptxt/include/common.inc.php
phptxt/include/global.func.php
.js
phptxt/include/ip.class.php
.js
phptxt/include/javascript/ajax.js
.js
phptxt/include/javascript/charset.js
.js
phptxt/include/javascript/common.js
.js
phptxt/include/javascript/selectdate.js
.js
phptxt/include/javascript/title.js
.js
phptxt/index.htm
.html
phptxt/index.html
.html
phptxt/plugin/visitor/menus.php
phptxt/plugin/visitor/menus/bbs.gif
.gif
phptxt/plugin/visitor/menus/bbs.php
phptxt/plugin/visitor/menus/download.gif
.gif
phptxt/plugin/visitor/menus/download.php
phptxt/plugin/visitor/menus/home.gif
.gif
phptxt/plugin/visitor/menus/home.php
phptxt/plugin/visitor/menus/list.txt
phptxt/plugin/visitor/toolbar.php
phptxt/plugin/visitor/toolbar/clear.gif
.gif
phptxt/plugin/visitor/toolbar/clear.php
phptxt/plugin/visitor/toolbar/image.gif
.gif
phptxt/plugin/visitor/toolbar/image.php
phptxt/plugin/visitor/toolbar/list.txt
phptxt/plugin/visitor/toolbar/quake.gif
.gif
phptxt/plugin/visitor/toolbar/quake.php
phptxt/plugin/visitor/toolbar/save.gif
.gif
phptxt/plugin/visitor/toolbar/save.php
.js
phptxt/plugin/visitor/toolbar/smiley.gif
.gif
phptxt/plugin/visitor/toolbar/smiley.php
.js
phptxt/plugin/visitor/toolbar/upload.gif
.gif
phptxt/plugin/visitor/toolbar/upload.php
phptxt/solutions.htm
.html
phptxt/sound/visitor/msg.mp3
phptxt/sound/visitor/ring.mp3
phptxt/sound/visitor/system.mp3
phptxt/themes/kefu/icon/default/Thumbs.db
phptxt/themes/kefu/icon/default/offline.gif
.gif
phptxt/themes/kefu/icon/default/online.gif
.gif
phptxt/themes/kefu/list/qq2006/Thumbs.db
phptxt/themes/kefu/list/qq2006/close_hover.gif
.gif
phptxt/themes/kefu/list/qq2006/close_normal.gif
.gif
phptxt/themes/kefu/list/qq2006/demo.jpg
.jpg
phptxt/themes/kefu/list/qq2006/dotx.gif
.gif
phptxt/themes/kefu/list/qq2006/frame_border_left.gif
.gif
phptxt/themes/kefu/list/qq2006/frame_border_right.gif
.gif
phptxt/themes/kefu/list/qq2006/frame_bottom_left.gif
.gif
phptxt/themes/kefu/list/qq2006/frame_bottom_mid.gif
.gif
phptxt/themes/kefu/list/qq2006/frame_bottom_right.gif
.gif
phptxt/themes/kefu/list/qq2006/frame_title_left.gif
.gif
phptxt/themes/kefu/list/qq2006/frame_title_mid.gif
.gif
phptxt/themes/kefu/list/qq2006/frame_title_right.gif
.gif
phptxt/themes/kefu/list/qq2006/icon.gif
.gif
phptxt/themes/kefu/list/qq2006/max_down.gif
.gif
phptxt/themes/kefu/list/qq2006/max_hover.gif
.gif
phptxt/themes/kefu/list/qq2006/max_normal.gif
.gif
phptxt/themes/kefu/list/qq2006/min_down.gif
.gif
phptxt/themes/kefu/list/qq2006/min_hover.gif
.gif
phptxt/themes/kefu/list/qq2006/min_normal.gif
.gif
phptxt/themes/kefu/list/qq2006/sortbtl.gif
.gif
phptxt/themes/kefu/list/qq2006/sortbtm.gif
.gif
phptxt/themes/kefu/list/qq2006/sortbtr.gif
.gif
phptxt/themes/kefu/list/qq2006/style.css
phptxt/themes/kefu/list/qq2006/w_offline.gif
.gif
phptxt/themes/kefu/list/qq2006/w_online.gif
.gif
phptxt/themes/kefu/tip/001/Thumbs.db
phptxt/themes/kefu/tip/001/accept.gif
.gif
phptxt/themes/kefu/tip/001/bottom_center.gif
.gif
phptxt/themes/kefu/tip/001/bottom_left.gif
.gif
phptxt/themes/kefu/tip/001/bottom_right.gif
.gif
phptxt/themes/kefu/tip/001/demo.jpg
.jpg
phptxt/themes/kefu/tip/001/icon.gif
.gif
phptxt/themes/kefu/tip/001/next.gif
.gif
phptxt/themes/kefu/tip/001/style.css
phptxt/themes/kefu/tip/001/top_center.gif
.gif
phptxt/themes/kefu/tip/001/top_left.gif
.gif
phptxt/themes/kefu/tip/001/top_right.gif
.gif
phptxt/themes/kefu/tip/002/Thumbs.db
phptxt/themes/kefu/tip/002/background.gif
.gif
phptxt/themes/kefu/tip/002/close_hover.gif
.gif
phptxt/themes/kefu/tip/002/demo.jpg
.jpg
phptxt/themes/kefu/tip/002/style.css
phptxt/themes/kefu/visitor/default/Thumbs.db
phptxt/themes/kefu/visitor/default/dia_ad_bg.gif
.gif
phptxt/themes/kefu/visitor/default/dia_ad_icon.gif
.gif
phptxt/themes/kefu/visitor/default/dia_b_bg.gif
.gif
phptxt/themes/kefu/visitor/default/dia_b_bg_l.gif
.gif
phptxt/themes/kefu/visitor/default/dia_b_bg_r.gif
.gif
phptxt/themes/kefu/visitor/default/dia_buttons_bg.gif
.gif
phptxt/themes/kefu/visitor/default/dia_d_bg.gif
.gif
phptxt/themes/kefu/visitor/default/dia_d_bg_sel.gif
.gif
phptxt/themes/kefu/visitor/default/dia_m_bg.gif
.gif
phptxt/themes/kefu/visitor/default/dia_s_bg.gif
.gif
phptxt/themes/kefu/visitor/default/dia_s_bg_l.gif
.gif
phptxt/themes/kefu/visitor/default/dia_s_bg_r.gif
.gif
phptxt/themes/kefu/visitor/default/dia_t_bg.gif
.gif
phptxt/themes/kefu/visitor/default/dot.gif
.gif
phptxt/themes/kefu/visitor/default/dotx.gif
.gif
phptxt/themes/kefu/visitor/default/ico_list_close.gif
.gif
phptxt/themes/kefu/visitor/default/im_info.gif
.gif
phptxt/themes/kefu/visitor/default/info_logo.gif
.gif
phptxt/themes/kefu/visitor/default/input_tip.gif
.gif
phptxt/themes/kefu/visitor/default/inputstatus.gif
phptxt/themes/kefu/visitor/default/keyboard.gif
.gif
phptxt/themes/kefu/visitor/default/memu_upbg.gif
.gif
phptxt/themes/kefu/visitor/default/public.gif
.gif
phptxt/themes/kefu/visitor/default/s_t_bg_nosel.gif
.gif
phptxt/themes/kefu/visitor/default/s_t_bg_sel.gif
.gif
phptxt/themes/kefu/visitor/default/send1.gif
.gif
phptxt/themes/kefu/visitor/default/send2.gif
.gif
phptxt/themes/kefu/visitor/default/style.css
phptxt/themes/kefu/visitor/default/toolbar_spliter.gif
.gif
phptxt/themes/kefu/visitor/default/toolber_hover.gif
.gif
phptxt/themes/kefu/visitor/default/u_offline.gif
.gif
phptxt/themes/kefu/visitor/default/u_online.gif
.gif
phptxt/themes/kefu/visitor/default/url.gif
.gif
phptxt/themes/kefu/visitor/default/web_title.gif
.gif
phptxt/xieyi.htm
.html
phptxt/新云软件.url
.url
标准客户端/ImKefu.exe
.exe windows:4 windows x86 arch:x86

3619d115dfffe50953e55672b09b127a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
__vbaVarTstGt
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
ord693
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
ord695
ord588
__vbaLineInputStr
__vbaLateIdCall
__vbaStrVarMove
__vbaLenBstr
__vbaVarIdiv
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaPut4
__vbaVarIndexStore
__vbaRaiseEvent
__vbaFreeObjList
ord516
__vbaStrErrVarCopy
_adj_fprem1
ord518
__vbaRecAnsiToUni
__vbaResume
__vbaCopyBytes
__vbaForEachCollAd
ord629
__vbaStrCat
__vbaError
__vbaLsetFixstr
__vbaStrDate
__vbaSetSystemError
__vbaHresultCheckObj
ord662
__vbaVargVarCopy
__vbaLenVar
_adj_fdiv_m32
__vbaAryVar
__vbaVarXor
__vbaAryDestruct
__vbaLateMemSt
__vbaVarIndexLoadRefLock
__vbaVarForInit
ord593
__vbaExitProc
__vbaForEachCollObj
ord594
__vbaObjSet
ord595
__vbaOnError
_adj_fdiv_m16i
ord303
ord702
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
ord598
ord305
__vbaFpR4
__vbaStrFixstr
__vbaBoolVar
ord520
ord309
__vbaVarTstLt
__vbaRefVarAry
__vbaFpR8
__vbaBoolVarNull
_CIsin
__vbaVargVarMove
__vbaVarZero
ord632
__vbaVarCmpGt
__vbaNextEachCollObj
__vbaChkstk
ord526
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaExitEachColl
ord529
__vbaStrCmp
__vbaAryConstruct2
__vbaVarTstEq
__vbaPutOwner4
ord561
__vbaObjVar
__vbaI2I4
DllFunctionCall
__vbaVarLateMemSt
__vbaVarOr
__vbaCastObjVar
__vbaStrR4
__vbaRedimPreserve
_adj_fpatan
__vbaR4Var
__vbaFixstrConstruct
__vbaLateIdCallLd
__vbaStrR8
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord600
__vbaUI1I2
_CIsqrt
__vbaObjIs
__vbaVarAnd
ord311
EVENT_SINK_QueryInterface
__vbaStr2Vec
__vbaVarMul
__vbaUI1I4
__vbaStrUI1
__vbaExceptHandler
ord711
ord313
__vbaStrToUnicode
ord712
__vbaPrintFile
__vbaDateStr
_adj_fprem
_adj_fdivr_m64
ord607
__vbaI2Str
__vbaLateIdStAd
ord608
ord716
ord531
__vbaFPException
ord717
__vbaInStrVar
__vbaUbound
__vbaStrVarVal
__vbaGetOwner3
__vbaVarCat
ord535
__vbaDateVar
__vbaI2Var
__vbaFileSeek
ord644
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
ord570
__vbaVarLateMemCallLdRf
__vbaVar2Vec
__vbaR8Str
__vbaNew2
__vbaInStr
ord648
ord571
_adj_fdiv_m32i
_adj_fdivr_m32i
ord573
__vbaStrCopy
__vbaI4Str
ord681
__vbaVarCmpLt
__vbaVarNot
__vbaFreeStrList
ord576
_adj_fdivr_m32
__vbaPowerR8
_adj_fdiv_r
ord685
ord578
ord100
ord579
__vbaVarTstNe
__vbaVarSetVar
__vbaI4Var
__vbaVarCmpEq
__vbaVarAdd
__vbaLateMemCall
__vbaAryLock
ord612
__vbaStrToAnsi
__vbaVarDup
__vbaVerifyVarObj
__vbaFpI2
__vbaVarMod
__vbaVarTstGe
__vbaVarLateMemCallLd
ord616
__vbaVarCopy
__vbaFpI4
__vbaRecDestructAnsi
ord617
__vbaLateMemCallLd
_CIatan
__vbaStrMove
__vbaCastObj
__vbaAryCopy
__vbaStrVarCopy
ord619
_allmul
__vbaLenVarB
__vbaLateIdSt
_CItan
__vbaNextEachCollAd
ord546
__vbaUI1Var
__vbaFPInt
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaFreeStr
__vbaFreeObj
__vbaRecAssign
ord581

Sections

.text
Size: 708KB - Virtual size: 707KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
标准客户端/Plugins/Account.xml
.xml
标准客户端/Plugins/WebForms.xml
.xml
标准客户端/Plugins/search.xml
.xml
标准客户端/Plugins/share.xml
.xml
标准客户端/Plugins/words.xml
.xml
标准客户端/Setting.ini
标准客户端/bin/skin.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

c23d46fed70f1c10f4bb80827e2f478b

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7c:77:8f:22:eb:93:3a:28:79:c9:0b:a2:ec:17:18:f5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

30/11/2006, 00:00

Not After

20/10/2008, 23:59

Subject

CN=Codejock Technologies\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Codejock Software,O=Codejock Technologies\, LLC,L=Owosso,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

67:bf:71:5f:bb:14:c4:1d:ff:4d:05:54:a9:c2:63:00:99:2c:4e:d3
Signer

Actual PE Digest

67:bf:71:5f:bb:14:c4:1d:ff:4d:05:54:a9:c2:63:00:99:2c:4e:d3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord4081
ord4624
ord5825
ord423
ord723
ord5163
ord1614
ord3797
ord4299
ord3474
ord5008
ord800
ord2764
ord6877
ord5572
ord2915
ord2818
ord540
ord939
ord924
ord537
ord1168
ord1567
ord665
ord5442
ord353
ord268
ord6874
ord535
ord3262
ord1206
ord1223
ord2486
ord3237
ord860
ord1601
ord858
ord4278
ord5683
ord2514
ord2385
ord6374
ord4627
ord640
ord4160
ord2450
ord6199
ord1640
ord323
ord641
ord801
ord2640
ord2623
ord541
ord1177
ord6467
ord5861
ord4042
ord2613
ord1706
ord6570
ord1799
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord4077
ord5237
ord5282
ord2649
ord1665
ord4436
ord4427
ord366
ord1842
ord4242
ord4793
ord5805
ord2379
ord4123
ord5252
ord2393
ord6197
ord2233
ord5228
ord1721
ord4589
ord4588
ord4899
ord4370
ord4892
ord4535
ord5076
ord4341
ord4348
ord4887
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4963
ord4960
ord4108
ord5240
ord3748
ord1725
ord5260
ord4432
ord761
ord480
ord1904
ord4256
ord4894
ord3495
ord3874
ord5981
ord4723
ord5121
ord3092
ord2859
ord2860
ord6880
ord5575
ord3525
ord433
ord861
ord539
ord674
ord815
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord3401
ord3670
ord561
ord3952
ord2724
ord6354
ord1216
ord1227
ord6364
ord3326
ord6365
ord4472
ord5498
ord3278
ord3681
ord446
ord743
ord6440
ord1214
ord4249
ord2687
ord1226
ord1210
ord922
ord3946
ord2956
ord2556
ord3571
ord3626
ord4668
ord1146
ord5314
ord324
ord6030
ord1269
ord3663
ord941
ord668
ord5710
ord3178
ord3181
ord4058
ord2781
ord2770
ord356
ord4277
ord2763
ord3080
ord4129
ord6282
ord536
ord5440
ord6383
ord5450
ord6394
ord2740
ord2801
ord686
ord2096
ord384
ord2971
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord6021
ord6172
ord5873
ord5789
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord3596
ord3706
ord5781
ord3693
ord3573
ord2405
ord2753
ord2754
ord6648
ord3138
ord2919
ord3517
ord3619
ord5875
ord764
ord3028
ord2863
ord824
ord826
ord2107
ord2841
ord2452
ord1265
ord703
ord603
ord1969
ord2454
ord273
ord403
ord1259
ord1770
ord462
ord3115
ord3315
ord3470
ord452
ord6307
ord521
ord4167
ord4275
ord3742
ord567
ord818
ord6157
ord699
ord3938
ord397
ord5593
ord3438
ord6876
ord912
ord4188
ord6283
ord4204
ord834
ord836
ord2814
ord2813
ord5216
ord1572
ord849
ord850
ord906
ord845
ord404
ord957
ord1860
ord5449
ord6393
ord909
ord4205
ord3986
ord1777
ord884
ord886
ord463
ord882
ord876
ord878
ord879
ord2890
ord6572
ord857
ord940
ord6779
ord6385
ord6389
ord1979
ord3318
ord5186
ord354
ord926
ord2868
ord4202
ord1644
ord4163
ord805
ord3030
ord2381
ord1153
ord1176
ord6493
ord533
ord923
ord2567
ord1270
ord3402
ord2867
ord6662
ord5631
ord4284
ord4287
ord2714
ord1949
ord4226
ord3884
ord755
ord470
ord3920
ord1229
ord2380
ord3089
ord2862
ord3752
ord3754
ord6194
ord289
ord613
ord1262
ord1132
ord3376
ord1116
ord1575
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord269
ord2986
ord3269
ord4908
ord4909
ord4659
ord4935
ord4930
ord4925
ord4988
ord4594
ord4521
ord4548
ord4903
ord4650
ord4768
ord4660
ord4661
ord4113
ord5649
ord2998
ord2876
ord4707
ord4705
ord5150
ord3868
ord2953
ord5213
ord1963
ord2137
ord6002
ord3133
ord4920
ord4856
ord2156
ord5674
ord4639
ord4687
ord4342
ord4466
ord3260
ord3148
ord2983
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5290
ord4353
ord6370
ord2384
ord5241
ord4407
ord1776
ord4078
ord6055
ord2954
ord2541
ord4949
ord4534
ord4539
ord3404
ord2488
ord4979
ord4992
ord4415
ord4603
ord4409
ord4738
ord4741
ord4739
ord4356
ord4361
ord4371
ord4584
ord5060
ord4636
ord4637
ord4649
ord4780
ord4354
ord4643
ord4654
ord5023
ord4689
ord4648
ord4666
ord2614
ord4667
ord1693
ord2439
ord3530
ord1877
ord1133
ord2414
ord1641
ord1099
ord2864
ord562
ord1113
ord816
ord3258
ord1114
ord4021
ord823
ord2729
ord2730
ord2727
ord4003
ord614
ord825

msvcrt

_CxxThrowException
_ftol
_mbsrchr
_strdup
free
_mbscmp
wcsncpy
wcslen
_mbsicmp
_CIpow
wcscmp
wcsstr
_wcslwr
atoi
__CxxFrameHandler
malloc
memmove
sscanf
strtod
mbstowcs
strrchr
wcschr
_mbsstr
sprintf
strncpy
longjmp
fprintf
_iob
abort
_setjmp3
fread
??1type_info@@UAE@XZ
__dllonexit
_onexit
_initterm
_adjust_fdiv
_purecall

kernel32

LocalSize
OpenProcess
LoadLibraryExW
LoadLibraryExA
LoadLibraryW
CreateThread
VirtualQuery
VirtualProtect
GetSystemInfo
GetCurrentProcessId
GetVersionExA
EnumResourceLanguagesA
EnumResourceTypesA
MultiByteToWideChar
WideCharToMultiByte
lstrcmpA
EnumResourceNamesA
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
LocalFree
InitializeCriticalSection
SetFilePointer
SizeofResource
FindResourceA
LoadResource
LockResource
CreateFileA
ReadFile
CloseHandle
GetModuleHandleA
LoadLibraryA
GetProcAddress
GetCurrentThreadId
InterlockedDecrement
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
InterlockedIncrement
GetModuleFileNameA
lstrcpyA
GetFileAttributesA
MulDiv
lstrlenA
DeleteCriticalSection
LocalAlloc

user32

DispatchMessageA
ReleaseCapture
GetClientRect
SetRectEmpty
GetCursorPos
ScreenToClient
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
GetSysColor
LoadStringA
LoadBitmapA
GetWindowRect
EqualRect
InvalidateRect
SystemParametersInfoA
AdjustWindowRectEx
IsWindow
EnableWindow
SetTimer
KillTimer
GetKeyState
SetRect
CopyRect
ClientToScreen
InflateRect
MoveWindow
GetParent
GetWindowLongA
SendMessageA
GetSystemMetrics
PtInRect
GetDC
GetSystemMenu
RegisterClassW
RegisterClassA
DefMDIChildProcW
DefMDIChildProcA
DefDlgProcW
DefDlgProcA
DefFrameProcW
DefFrameProcA
DefWindowProcW
CallWindowProcW
GetScrollInfo
EnableScrollBar
SetScrollInfo
SetScrollPos
GetSysColorBrush
CallWindowProcA
GetClassNameA
GetClassLongA
FillRect
LoadMenuIndirectA
OffsetRect
GetMessageA
LookupIconIdFromDirectoryEx
LoadMenuA
CopyImage
RegisterWindowMessageA
DestroyIcon
CopyIcon
CreateIconIndirect
GetIconInfo
DrawIconEx
DrawStateA
CreateIconFromResourceEx
LoadImageA
RegisterClipboardFormatA
GrayStringA
GetMenuState
GetMenu
GetMenuItemCount
IsWindowVisible
GetDoubleClickTime
GetDesktopWindow
TranslateMessage
SetWindowRgn
SetClassLongA
GetFocus
DrawFocusRect
EnumWindows
GetWindowThreadProcessId
PostMessageA
GetWindow
IsWindowUnicode
GetWindowLongW
SetWindowLongW
SetWindowLongA
EndPaint
BeginPaint
SendMessageTimeoutA
LoadIconA
DrawFrameControl
ReleaseDC
DrawEdge
DrawTextA
TabbedTextOutA
GetWindowTextLengthA
GetWindowTextA
DefWindowProcA
LoadCursorA
IntersectRect
SetCapture
IsRectEmpty
GetCapture

gdi32

Polygon
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
DeleteDC
StretchBlt
CreateBitmap
SetTextColor
SetBkColor
CreateDIBSection
SetStretchBltMode
GetDIBits
CreateDIBitmap
SelectPalette
GetObjectType
GetTextColor
ExtSelectClipRgn
IntersectClipRect
GetClipRgn
CreateRectRgn
GetTextCharsetInfo
CombineRgn
OffsetRgn
SetBrushOrgEx
SetBkMode
CreatePatternBrush
SetPixel
PatBlt
CreateSolidBrush
CreatePen
DeleteObject
CreateCompatibleBitmap
SelectObject
GetPixel
BitBlt
CreateCompatibleDC
GetTextExtentPoint32A
CreateFontIndirectA
CreatePalette
GetObjectA
GetDeviceCaps

advapi32

RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegQueryValueExA

shell32

DragQueryFileA

comctl32

ImageList_Add
ImageList_DrawEx
ImageList_GetImageInfo
ImageList_GetImageCount
ImageList_Destroy
ImageList_AddMasked
ImageList_GetIcon
_TrackMouseEvent
FlatSB_GetScrollProp
ImageList_Draw
ImageList_GetBkColor
ImageList_GetIconSize
ImageList_DrawIndirect

ole32

CoCreateInstance
ReleaseStgMedium
OleRun

olepro32

ord254
ord253
ord252

oleaut32

SysAllocString
VariantChangeTypeEx
OleLoadPicturePath
SafeArrayGetDim
SafeArrayCreate
VarI4FromCy
VarI4FromR4
VarI4FromR8
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
VariantInit
VariantChangeType
VariantClear
LoadRegTypeLi
SysFreeString

imagehlp

ImageDirectoryEntryToData

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 328KB - Virtual size: 327KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
标准客户端/smiley/0.gif
.gif
标准客户端/smiley/1.gif
.gif
标准客户端/smiley/10.gif
.gif
标准客户端/smiley/11.gif
.gif
标准客户端/smiley/12.gif
.gif
标准客户端/smiley/13.gif
.gif
标准客户端/smiley/14.gif
.gif
标准客户端/smiley/15.gif
.gif
标准客户端/smiley/16.gif
.gif
标准客户端/smiley/17.gif
.gif
标准客户端/smiley/18.gif
.gif
标准客户端/smiley/19.gif
.gif
标准客户端/smiley/2.gif
.gif
标准客户端/smiley/20.gif
.gif
标准客户端/smiley/21.gif
.gif
标准客户端/smiley/22.gif
.gif
标准客户端/smiley/23.gif
.gif
标准客户端/smiley/24.gif
.gif
标准客户端/smiley/25.gif
.gif
标准客户端/smiley/26.gif
.gif
标准客户端/smiley/27.gif
.gif
标准客户端/smiley/28.gif
.gif
标准客户端/smiley/29.gif
.gif
标准客户端/smiley/3.gif
.gif
标准客户端/smiley/30.gif
.gif
标准客户端/smiley/31.gif
.gif
标准客户端/smiley/32.gif
.gif
标准客户端/smiley/33.gif
.gif
标准客户端/smiley/34.gif
.gif
标准客户端/smiley/35.gif
.gif
标准客户端/smiley/36.gif
.gif
标准客户端/smiley/37.gif
.gif
标准客户端/smiley/38.gif
.gif
标准客户端/smiley/39.gif
.gif
标准客户端/smiley/4.gif
.gif
标准客户端/smiley/40.gif
.gif
标准客户端/smiley/41.gif
.gif
标准客户端/smiley/42.gif
.gif
标准客户端/smiley/43.gif
.gif
标准客户端/smiley/44.gif
.gif
标准客户端/smiley/45.gif
.gif
标准客户端/smiley/46.gif
.gif
标准客户端/smiley/47.gif
.gif
标准客户端/smiley/48.gif
.gif
标准客户端/smiley/49.gif
.gif
标准客户端/smiley/5.gif
.gif
标准客户端/smiley/50.gif
.gif
标准客户端/smiley/51.gif
.gif
标准客户端/smiley/52.gif
.gif
标准客户端/smiley/53.gif
.gif
标准客户端/smiley/54.gif
.gif
标准客户端/smiley/55.gif
.gif
标准客户端/smiley/56.gif
.gif
标准客户端/smiley/57.gif
.gif
标准客户端/smiley/58.gif
.gif
标准客户端/smiley/59.gif
.gif
标准客户端/smiley/6.gif
.gif
标准客户端/smiley/60.gif
.gif
标准客户端/smiley/61.gif
.gif
标准客户端/smiley/62.gif
.gif
标准客户端/smiley/63.gif
.gif
标准客户端/smiley/64.gif
.gif
标准客户端/smiley/65.gif
.gif
标准客户端/smiley/66.gif
.gif
标准客户端/smiley/67.gif
.gif
标准客户端/smiley/68.gif
.gif
标准客户端/smiley/69.gif
.gif
标准客户端/smiley/7.gif
.gif
标准客户端/smiley/70.gif
.gif
标准客户端/smiley/71.gif
.gif
标准客户端/smiley/72.gif
.gif
标准客户端/smiley/73.gif
.gif
标准客户端/smiley/74.gif
.gif
标准客户端/smiley/75.gif
.gif
标准客户端/smiley/76.gif
.gif
标准客户端/smiley/77.gif
.gif
标准客户端/smiley/78.gif
.gif
标准客户端/smiley/79.gif
.gif
标准客户端/smiley/8.gif
.gif
标准客户端/smiley/80.gif
.gif
标准客户端/smiley/81.gif
.gif
标准客户端/smiley/82.gif
.gif
标准客户端/smiley/83.gif
.gif
标准客户端/smiley/84.gif
.gif
标准客户端/smiley/85.gif
.gif
标准客户端/smiley/86.gif
.gif
标准客户端/smiley/87.gif
.gif
标准客户端/smiley/88.gif
.gif
标准客户端/smiley/89.gif
.gif
标准客户端/smiley/9.gif
.gif
标准客户端/smiley/90.gif
.gif
标准客户端/smiley/91.gif
.gif
标准客户端/smiley/92.gif
.gif
标准客户端/smiley/93.gif
.gif
标准客户端/smiley/94.gif
.gif
标准客户端/smiley/95.gif
.gif
标准客户端/smiley/Thumbs.db
标准客户端/themes/Office2007.jpg
.jpg
标准客户端/themes/Office2007.skn
.dll windows:4 windows x86 arch:x86

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2009, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7c:77:8f:22:eb:93:3a:28:79:c9:0b:a2:ec:17:18:f5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

30/11/2006, 00:00

Not After

20/10/2008, 23:59

Subject

CN=Codejock Technologies\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Codejock Software,O=Codejock Technologies\, LLC,L=Owosso,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

68:dc:ca:b4:82:02:29:91:3b:fa:b5:ff:e5:99:7e:af:8d:7f:7c:b9
Signer

Actual PE Digest

68:dc:ca:b4:82:02:29:91:3b:fa:b5:ff:e5:99:7e:af:8d:7f:7c:b9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 478KB - Virtual size: 477KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
标准客户端/themes/Vista2.jpg
.jpg
标准客户端/themes/Vista2.skn
.dll windows:4 windows x86 arch:x86

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2009, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7c:77:8f:22:eb:93:3a:28:79:c9:0b:a2:ec:17:18:f5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

30/11/2006, 00:00

Not After

20/10/2008, 23:59

Subject

CN=Codejock Technologies\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Codejock Software,O=Codejock Technologies\, LLC,L=Owosso,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ee:ba:fa:a2:be:ab:a8:95:6a:07:a6:3e:be:3b:42:f2:4b:6b:e9:5d
Signer

Actual PE Digest

ee:ba:fa:a2:be:ab:a8:95:6a:07:a6:3e:be:3b:42:f2:4b:6b:e9:5d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 703KB - Virtual size: 702KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0aCertificate

Extended Key Usages

Key Usages

7c:77:8f:22:eb:93:3a:28:79:c9:0b:a2:ec:17:18:f5Certificate

Extended Key Usages

Key Usages

68:dc:ca:b4:82:02:29:91:3b:fa:b5:ff:e5:99:7e:af:8d:7f:7c:b9Signer

Headers

File Characteristics

Sections

.rsrc Size: 478KB - Virtual size: 477KB

.reloc Size: 512B - Virtual size: 12B

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0aCertificate

Extended Key Usages

Key Usages

7c:77:8f:22:eb:93:3a:28:79:c9:0b:a2:ec:17:18:f5Certificate

Extended Key Usages

Key Usages

ee:ba:fa:a2:be:ab:a8:95:6a:07:a6:3e:be:3b:42:f2:4b:6b:e9:5dSigner

Headers

File Characteristics

Sections

.rsrc Size: 703KB - Virtual size: 702KB

.reloc Size: 512B - Virtual size: 12B

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0aCertificate

Extended Key Usages

Key Usages

7c:77:8f:22:eb:93:3a:28:79:c9:0b:a2:ec:17:18:f5Certificate

Extended Key Usages

Key Usages

f2:70:0f:b5:f2:7f:3f:65:fd:db:a2:89:07:5a:4b:78:fa:ea:c9:2dSigner

Headers

File Characteristics

Sections

.rsrc Size: 1.5MB - Virtual size: 1.5MB

.reloc Size: 512B - Virtual size: 12B

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

7c:77:8f:22:eb:93:3a:28:79:c9:0b:a2:ec:17:18:f5
Certificate

68:dc:ca:b4:82:02:29:91:3b:fa:b5:ff:e5:99:7e:af:8d:7f:7c:b9
Signer

.rsrc
Size: 478KB - Virtual size: 477KB

.reloc
Size: 512B - Virtual size: 12B

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

7c:77:8f:22:eb:93:3a:28:79:c9:0b:a2:ec:17:18:f5
Certificate

ee:ba:fa:a2:be:ab:a8:95:6a:07:a6:3e:be:3b:42:f2:4b:6b:e9:5d
Signer

.rsrc
Size: 703KB - Virtual size: 702KB

.reloc
Size: 512B - Virtual size: 12B

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

7c:77:8f:22:eb:93:3a:28:79:c9:0b:a2:ec:17:18:f5
Certificate

f2:70:0f:b5:f2:7f:3f:65:fd:db:a2:89:07:5a:4b:78:fa:ea:c9:2d
Signer

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

.reloc
Size: 512B - Virtual size: 12B

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

7c:77:8f:22:eb:93:3a:28:79:c9:0b:a2:ec:17:18:f5
Certificate

49:55:57:75:7f:69:94:04:a5:73:3d:b7:4d:34:2f:84:24:9b:01:61
Signer

.rsrc
Size: 502KB - Virtual size: 501KB

.reloc
Size: 512B - Virtual size: 12B

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

.reloc
Size: 4KB - Virtual size: 8B

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 4KB - Virtual size: 8B

.text
Size: 708KB - Virtual size: 707KB

.data
Size: 4KB - Virtual size: 32KB

.rsrc
Size: 2.1MB - Virtual size: 2.1MB

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

7c:77:8f:22:eb:93:3a:28:79:c9:0b:a2:ec:17:18:f5
Certificate

67:bf:71:5f:bb:14:c4:1d:ff:4d:05:54:a9:c2:63:00:99:2c:4e:d3
Signer