dad8fd29732646fce23529c26edadcf0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

dad8fd29732646fce23529c26edadcf0N.exe
Size

512KB
MD5

dad8fd29732646fce23529c26edadcf0
SHA1

2106d3e3f3e909daed9b72f005e911411ba3dfa8
SHA256

0a6f2be666aecb421a44fd54125c33f176c5f3c519984adfeee18a9db09f902b
SHA512

43bf93cc1ccc5318d2be2e2cd81c4fc4b228ba2e9935103fbc7ffc6c8c2391c10fcfb1a2f083d46b1450da6b3264e021834b22c8f60b95ad47b2391d264980fa
SSDEEP

12288:gyKUDSeZ34JuEQyLu2XCcFY9vRrPcC2tW0C:gkDSeZ3Mu/Yu2XCC6Rbcc0C

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
dad8fd29732646fce23529c26edadcf0N.exe
unpack001/$PLUGINSDIR/FindProcDLL.dll
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/KillProcDLL.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsExec.dll

Files

dad8fd29732646fce23529c26edadcf0N.exe
.exe windows:5 windows x86 arch:x86

44f8248bd15d423f552d4b722979da53

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
GetPrivateProfileStringW
WritePrivateProfileStringW
MoveFileW
MultiByteToWideChar
WideCharToMultiByte
CreateFileW
GetFileSize
GetTickCount
GetModuleFileNameW
GetCommandLineW
SetEnvironmentVariableW
GetTempPathW
SetErrorMode
GetCurrentProcess
ExitProcess
GetVersion
GetWindowsDirectoryW
CopyFileW
lstrcmpiW
CreateThread
GlobalLock
GlobalUnlock
lstrcpynW
lstrlenW
CreateDirectoryW
GetTempFileNameW
RemoveDirectoryW
WriteFile
CreateProcessW
GetSystemDirectoryW
GetModuleHandleA
GetProcAddress
lstrcmpiA
lstrcpyA
lstrcpyW
lstrcatW
MoveFileExW
lstrcmpW
MulDiv
GlobalFree
GlobalAlloc
LoadLibraryExW
GetModuleHandleW
FreeLibrary
GetExitCodeProcess
Sleep
WaitForSingleObject
GetLastError
CloseHandle
SetFileTime
SetFilePointer
SetFileAttributesW
ReadFile
GetShortPathNameW
GetFullPathNameW
ExpandEnvironmentStringsW
GetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
CompareFileTime
SearchPathW
SetCurrentDirectoryW
GetDiskFreeSpaceW

user32

EndDialog
CheckDlgButton
IsDlgButtonChecked
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
GetAsyncKeyState
IsWindowEnabled
GetSystemMetrics
GetSystemMenu
CreatePopupMenu
EnableMenuItem
AppendMenuW
TrackPopupMenu
GetWindowRect
SetCursor
ScreenToClient
GetSysColor
GetWindowLongW
SetClassLongW
DialogBoxParamW
LoadCursorW
SystemParametersInfoW
wvsprintfW
wsprintfA
DispatchMessageW
PeekMessageW
SetDlgItemTextW
GetDlgItemTextW
CharNextA
CharPrevW
MessageBoxIndirectW
GetMessagePos
CharNextW
ExitWindowsEx
SetWindowTextW
SetTimer
CreateDialogParamW
DestroyWindow
LoadImageW
FindWindowExW
IsWindowVisible
SetWindowPos
CreateWindowExW
GetClassInfoW
RegisterClassW
LoadBitmapW
CallWindowProcW
InvalidateRect
ReleaseDC
GetDC
SetForegroundWindow
EnableWindow
GetDlgItem
ShowWindow
IsWindow
PostQuitMessage
SendMessageTimeoutW
SendMessageW
wsprintfW
FillRect
GetClientRect
EndPaint
BeginPaint
DrawTextW
DefWindowProcW
SetWindowLongW

gdi32

SetBkColor
GetDeviceCaps
SetTextColor
SetBkMode
SelectObject
DeleteObject
CreateFontIndirectW
CreateBrushIndirect

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
SHFileOperationW
ShellExecuteW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegQueryValueExW
RegOpenKeyExW
RegEnumValueW
SetFileSecurityW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW

comctl32

ImageList_Create
ImageList_Destroy
ord17
ImageList_AddMasked

ole32

OleInitialize
OleUninitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 413KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 640KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/FindProcDLL.dll
.dll windows:4 windows x86 arch:x86

e26d7460d0c04056b9226a899477ba4d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FreeLibrary
CloseHandle
OpenProcess
LoadLibraryW
GetProcAddress
GetVersionExW
GlobalFree
lstrcpyW
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
MultiByteToWideChar
WideCharToMultiByte
LCMapStringA
LCMapStringW
HeapReAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
HeapSize
HeapDestroy
HeapCreate
VirtualFree
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
DisableThreadLibraryCalls
WriteFile
VirtualAlloc
RtlUnwind
GetStringTypeA
GetStringTypeW
GetLastError
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
SetStdHandle
FlushFileBuffers

Exports

Exports

FindProc

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:6 windows x86 arch:x86

4bbab23b29f0c30446fbe291374fb962

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
lstrcmpiW
lstrcpynW
lstrcpyW
lstrcatW
GlobalUnlock
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
MultiByteToWideChar
GlobalLock
GlobalAlloc
GetModuleHandleW
CloseHandle
WriteFile
SetFilePointer
SetEndOfFile
ReadFile
GetFileSize
CreateFileW
GetCurrentDirectoryW
lstrlenW
SetCurrentDirectoryW

user32

EnableWindow
GetSystemMenu
EnableMenuItem
DrawTextW
SetWindowRgn
SetWindowTextW
GetWindowTextW
GetClientRect
GetWindowRect
MessageBoxW
SetCursor
MapWindowPoints
GetSysColor
DrawFocusRect
PtInRect
GetWindowLongW
GetDlgItem
LoadCursorW
LoadIconW
DestroyIcon
LoadImageW
IsDialogMessageW
MapDialogRect
CreateDialogParamW
SetWindowPos
ShowWindow
DestroyWindow
CreateWindowExW
CallWindowProcW
PostMessageW
SendMessageW
DispatchMessageW
GetClipboardData
CloseClipboard
OpenClipboard
SetWindowLongW
GetDlgCtrlID
TranslateMessage
GetMessageW
wsprintfW
CharNextW

gdi32

SelectObject
DeleteObject
GetObjectW
CreateRectRgn
CreateCompatibleDC
SetTextColor
GetDIBits
CombineRgn

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteW
SHGetDesktopFolder

comdlg32

GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
make_unicode
show

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/KillProcDLL.dll
.dll windows:4 windows x86 arch:x86

d806a080e21508dd768fa70be247d2ae

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateProcess
CloseHandle
OpenProcess
FreeLibrary
LoadLibraryW
GetProcAddress
GetVersionExW
GlobalFree
lstrcpyW
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
WideCharToMultiByte
LCMapStringA
LCMapStringW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetCurrentProcess
HeapReAlloc
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
RtlUnwind
GetCPInfo
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP
LoadLibraryA

Exports

Exports

KillProc

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:6 windows x86 arch:x86

127a02894b36e3dd18bd638b1758f9f7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalSize
GlobalFree
lstrcpynW
lstrcpyW
VirtualAlloc
VirtualFree
VirtualProtect
FreeLibrary
GetModuleHandleW
GetProcAddress
lstrlenW
LoadLibraryW
MultiByteToWideChar
WideCharToMultiByte
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 899B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 612B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsExec.dll
.dll windows:6 windows x86 arch:x86

015dbcff99ae1b873284b243382fbf6d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetTempFileNameW
ReadFile
CloseHandle
CreatePipe
PeekNamedPipe
WaitForSingleObject
Sleep
GetCurrentProcess
ExitProcess
TerminateProcess
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
GetVersion
GetTickCount
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
DeleteFileW
GetModuleHandleW
GetProcAddress
GlobalAlloc
GlobalReAlloc
GlobalSize
GlobalLock
GlobalUnlock
GlobalFree
lstrcmpiW
lstrcpynW
lstrcpyW
lstrcatW
lstrlenA
lstrlenW
CopyFileW
MultiByteToWideChar
CreateFileW
GetModuleFileNameW
GetCommandLineW

user32

FindWindowExW
SendMessageW
wsprintfW
CharPrevW
CharNextW

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$WINDIR/Temp/9show-virtual/obs-virtualsource.dll
.dll regsvr32 windows:6 windows x86 arch:x86

7de7ae88973cbcc9faa3dae852853797

Code Sign

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/01/2004, 00:00

Not After

31/12/2028, 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b1:93:46:df:b2:41:d1:44:f6:45:a7:79:1e:c2:08:e6
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

28/12/2022, 00:00

Not After

27/12/2024, 23:59

Subject

CN=北京中润互联信息技术有限公司,O=北京中润互联信息技术有限公司,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cf:45:a2:2c:3b:1d:de:53:0e:f3:05:18:19:3e:ed:3e:81:52:5c:55:ac:fd:e0:f2:23:e2:a0:b4:0d:42:07:65
Signer

Actual PE Digest

cf:45:a2:2c:3b:1d:de:53:0e:f3:05:18:19:3e:ed:3e:81:52:5c:55:ac:fd:e0:f2:23:e2:a0:b4:0d:42:07:65

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\9shownew\nslive-ml\NSLive\9xiu\plugins\obs-virtual-cam\virtual-source\Release\obs-virtualsource.pdb

Imports

swscale-4

sws_freeContext
sws_getContext
sws_scale

kernel32

GetLastError
GetModuleFileNameA
lstrcmpW
lstrlenA
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
Sleep
CloseHandle
MapViewOfFile
UnmapViewOfFile
OpenFileMappingA
lstrlenW
GetVersionExW
DisableThreadLibraryCalls
FreeLibrary
InitializeCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObject
CreateEventW
GetCurrentProcess
GetCurrentThreadId
SetFilePointerEx
CreateThread
GetModuleHandleW
GetProcAddress
GetConsoleCP
WriteFile
FlushFileBuffers
SetStdHandle
CreateFileW
GetProcessHeap
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
GetStringTypeW
HeapSize
SetEndOfFile
DecodePointer
WriteConsoleW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
EncodePointer
RaiseException
RtlUnwind
InterlockedFlushSList
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapFree
HeapAlloc
HeapReAlloc
ReadFile
GetConsoleMode
ReadConsoleW
GetStdHandle
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW

user32

SetRectEmpty

ole32

CoTaskMemFree
CoCreateInstance
StringFromGUID2
CoFreeUnusedLibraries
CoInitialize
CoTaskMemAlloc
CoUninitialize

advapi32

RegSetValueW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyW
RegCloseKey

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bin/32bit/obs-virtualsource.dll
.dll regsvr32 windows:6 windows x86 arch:x86

7de7ae88973cbcc9faa3dae852853797

Code Sign

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/01/2004, 00:00

Not After

31/12/2028, 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b1:93:46:df:b2:41:d1:44:f6:45:a7:79:1e:c2:08:e6
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

28/12/2022, 00:00

Not After

27/12/2024, 23:59

Subject

CN=北京中润互联信息技术有限公司,O=北京中润互联信息技术有限公司,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cf:45:a2:2c:3b:1d:de:53:0e:f3:05:18:19:3e:ed:3e:81:52:5c:55:ac:fd:e0:f2:23:e2:a0:b4:0d:42:07:65
Signer

Actual PE Digest

cf:45:a2:2c:3b:1d:de:53:0e:f3:05:18:19:3e:ed:3e:81:52:5c:55:ac:fd:e0:f2:23:e2:a0:b4:0d:42:07:65

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\9shownew\nslive-ml\NSLive\9xiu\plugins\obs-virtual-cam\virtual-source\Release\obs-virtualsource.pdb

Imports

swscale-4

sws_freeContext
sws_getContext
sws_scale

kernel32

GetLastError
GetModuleFileNameA
lstrcmpW
lstrlenA
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
Sleep
CloseHandle
MapViewOfFile
UnmapViewOfFile
OpenFileMappingA
lstrlenW
GetVersionExW
DisableThreadLibraryCalls
FreeLibrary
InitializeCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObject
CreateEventW
GetCurrentProcess
GetCurrentThreadId
SetFilePointerEx
CreateThread
GetModuleHandleW
GetProcAddress
GetConsoleCP
WriteFile
FlushFileBuffers
SetStdHandle
CreateFileW
GetProcessHeap
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
GetStringTypeW
HeapSize
SetEndOfFile
DecodePointer
WriteConsoleW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
EncodePointer
RaiseException
RtlUnwind
InterlockedFlushSList
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapFree
HeapAlloc
HeapReAlloc
ReadFile
GetConsoleMode
ReadConsoleW
GetStdHandle
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW

user32

SetRectEmpty

ole32

CoTaskMemFree
CoCreateInstance
StringFromGUID2
CoFreeUnusedLibraries
CoInitialize
CoTaskMemAlloc
CoUninitialize

advapi32

RegSetValueW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyW
RegCloseKey

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/libobs/bicubic_scale.effect
data/libobs/bilinear_lowres_scale.effect
data/libobs/default.effect
data/libobs/default_rect.effect
data/libobs/deinterlace_base.effect
data/libobs/deinterlace_blend.effect
data/libobs/deinterlace_blend_2x.effect
data/libobs/deinterlace_discard.effect
data/libobs/deinterlace_discard_2x.effect
data/libobs/deinterlace_linear.effect
data/libobs/deinterlace_linear_2x.effect
data/libobs/deinterlace_yadif.effect
data/libobs/deinterlace_yadif_2x.effect
data/libobs/format_conversion.effect
data/libobs/lanczos_scale.effect
data/libobs/opaque.effect
data/libobs/premultiplied_alpha.effect
data/libobs/repeat.effect
data/libobs/solid.effect
data/obs-plugins/coreaudio-encoder/locale/en-US.ini
data/obs-plugins/coreaudio-encoder/locale/zh-CN.ini
data/obs-plugins/image-source/locale/en-US.ini
data/obs-plugins/image-source/locale/zh-CN.ini
data/obs-plugins/obs-ffmpeg/ffmpeg-mux32.exe
.exe windows:6 windows x86 arch:x86

45625a8c877ff478b221648a2a8ef4ff

Code Sign

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/01/2004, 00:00

Not After

31/12/2028, 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b1:93:46:df:b2:41:d1:44:f6:45:a7:79:1e:c2:08:e6
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

28/12/2022, 00:00

Not After

27/12/2024, 23:59

Subject

CN=北京中润互联信息技术有限公司,O=北京中润互联信息技术有限公司,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

43:3f:f8:22:ab:a9:23:62:52:cb:99:6f:dd:53:dc:69:bf:fa:70:47:cd:a0:09:83:cd:5f:0a:49:68:c6:9f:b8
Signer

Actual PE Digest

43:3f:f8:22:ab:a9:23:62:52:cb:99:6f:dd:53:dc:69:bf:fa:70:47:cd:a0:09:83:cd:5f:0a:49:68:c6:9f:b8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetErrorMode
WideCharToMultiByte
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleW

avcodec-57

av_init_packet
avcodec_descriptor_get_by_name
avcodec_find_encoder

avutil-55

av_dict_count
av_dict_free
av_dict_get
av_dict_parse_string
av_dict_set
av_get_channel_layout
av_get_default_channel_layout
av_memdup
av_rescale_q_rnd
av_strerror

avformat-57

av_guess_format
av_interleaved_write_frame
av_register_all
av_write_trailer
avformat_alloc_output_context2
avformat_free_context
avformat_new_stream
avformat_write_header
avio_close
avio_open

vcruntime140

memcpy
_except_handler4_common
memset

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf
__p__commode
_set_fmode
puts
fread
_fileno
__acrt_iob_func
_setmode
setvbuf

api-ms-win-crt-string-l1-1-0

strncpy

api-ms-win-crt-heap-l1-1-0

malloc
_set_new_mode
calloc
free
realloc

api-ms-win-crt-convert-l1-1-0

atoi

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_register_onexit_function
terminate
_register_thread_local_exe_atexit_callback
_controlfp_s
_c_exit
_cexit
__p___wargv
__p___argc
_initterm_e
_exit
_seh_filter_exe
_set_app_type
_initialize_onexit_table
_configure_wide_argv
_initialize_wide_environment
_get_initial_wide_environment
_initterm
exit

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/obs-plugins/obs-ffmpeg/locale/en-US.ini
data/obs-plugins/obs-ffmpeg/locale/zh-CN.ini
data/obs-plugins/obs-filters/LUTs/black_and_white.png
.png
data/obs-plugins/obs-filters/LUTs/original.png
.png
data/obs-plugins/obs-filters/LUTs/posterize.png
.png
data/obs-plugins/obs-filters/LUTs/red_isolated.png
.png
data/obs-plugins/obs-filters/LUTs/teal_lows_orange_highs.png
.png
data/obs-plugins/obs-filters/blend_add_filter.effect
data/obs-plugins/obs-filters/blend_mul_filter.effect
data/obs-plugins/obs-filters/blend_sub_filter.effect
data/obs-plugins/obs-filters/chroma_key_filter.effect
data/obs-plugins/obs-filters/color_correction_filter.effect
data/obs-plugins/obs-filters/color_grade_filter.effect
data/obs-plugins/obs-filters/color_key_filter.effect
data/obs-plugins/obs-filters/crop_filter.effect
data/obs-plugins/obs-filters/locale/en-US.ini
data/obs-plugins/obs-filters/locale/zh-CN.ini
data/obs-plugins/obs-filters/mask_alpha_filter.effect
data/obs-plugins/obs-filters/mask_color_filter.effect
data/obs-plugins/obs-filters/sharpness.effect
data/obs-plugins/obs-outputs/locale/en-US.ini
data/obs-plugins/obs-outputs/locale/zh-CN.ini
data/obs-plugins/obs-text/locale/en-US.ini
data/obs-plugins/obs-text/locale/zh-CN.ini
data/obs-plugins/obs-transitions/fade_to_color_transition.effect
data/obs-plugins/obs-transitions/fade_transition.effect
data/obs-plugins/obs-transitions/locale/en-US.ini
data/obs-plugins/obs-transitions/locale/zh-CN.ini
data/obs-plugins/obs-transitions/luma_wipe_transition.effect
data/obs-plugins/obs-transitions/luma_wipes/barndoor-botleft.png
.png
data/obs-plugins/obs-transitions/luma_wipes/barndoor-h.png
.png
data/obs-plugins/obs-transitions/luma_wipes/barndoor-topleft.png
.png
data/obs-plugins/obs-transitions/luma_wipes/barndoor-v.png
.png
data/obs-plugins/obs-transitions/luma_wipes/blinds-h.png
.png
data/obs-plugins/obs-transitions/luma_wipes/box-botleft.png
.png
data/obs-plugins/obs-transitions/luma_wipes/box-botright.png
.png
data/obs-plugins/obs-transitions/luma_wipes/box-topleft.png
.png
data/obs-plugins/obs-transitions/luma_wipes/box-topright.png
.png
data/obs-plugins/obs-transitions/luma_wipes/burst.png
.png
data/obs-plugins/obs-transitions/luma_wipes/checkerboard-small.png
.png
data/obs-plugins/obs-transitions/luma_wipes/circles.png
.png
data/obs-plugins/obs-transitions/premultiplied.inc
data/obs-plugins/obs-transitions/slide_transition.effect
data/obs-plugins/obs-transitions/swipe_transition.effect

Sharing

General

Malware Config

Signatures

Files

44f8248bd15d423f552d4b722979da53

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 413KB

.ndata Size: - Virtual size: 640KB

.rsrc Size: 81KB - Virtual size: 81KB

e26d7460d0c04056b9226a899477ba4d

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 19KB - Virtual size: 19KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 7KB

.reloc Size: 2KB - Virtual size: 1KB

4bbab23b29f0c30446fbe291374fb962

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 1024B - Virtual size: 17KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

d806a080e21508dd768fa70be247d2ae

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 17KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 2KB

127a02894b36e3dd18bd638b1758f9f7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 899B

.data Size: 512B - Virtual size: 68B

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 413KB

.ndata
Size: - Virtual size: 640KB

.rsrc
Size: 81KB - Virtual size: 81KB

.text
Size: 19KB - Virtual size: 19KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 7KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 1024B - Virtual size: 17KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 20KB - Virtual size: 17KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 2KB

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 899B

.data
Size: 512B - Virtual size: 68B

.reloc
Size: 1024B - Virtual size: 612B

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 456B

01
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

b1:93:46:df:b2:41:d1:44:f6:45:a7:79:1e:c2:08:e6
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

cf:45:a2:2c:3b:1d:de:53:0e:f3:05:18:19:3e:ed:3e:81:52:5c:55:ac:fd:e0:f2:23:e2:a0:b4:0d:42:07:65
Signer

.text
Size: 134KB - Virtual size: 134KB

.rdata
Size: 36KB - Virtual size: 36KB

.data
Size: 3KB - Virtual size: 6KB

.gfids
Size: 512B - Virtual size: 276B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 7KB - Virtual size: 7KB

01
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

b1:93:46:df:b2:41:d1:44:f6:45:a7:79:1e:c2:08:e6
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate