X-VPN_Installer76[.]4_4386_da4eeb6d_2024-08-15-05-50-58[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

X-VPN_Installer76.4_4386_da4eeb6d_2024-08-15-05-50-58.exe
Size

36.8MB
MD5

9f57c009b64bfaa0d55445f07cd8c34a
SHA1

e9827cea1f6907c129a2ae31ad1153812669167e
SHA256

75ba740fc658a31ebf081d368e4fade4584e89b9108cbe6cdd6ea2b44ccb0d6a
SHA512

148ecc5e454e95da7591dc110314587dc8cb9e07ceadd1322cd3761ca1b012486ac90c54e982a387f306eadffc016a03d24a173f8bad387c8fc0f1534f389675
SSDEEP

786432:AfDiEbIvOEBnckuTJ1igLYX1Ihv4zWg1kiZNjKiyplOCKP5NuyRAvX:AfGEbFAhuFV8124H1/TKiyHc5N6vX

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsDialogs.dll

Files

X-VPN_Installer76.4_4386_da4eeb6d_2024-08-15-05-50-58.exe
.exe windows:4 windows x86 arch:x86

Password: 33

61259b55b8912888e90f516ca08dc514

Code Sign

6e:dd:4f:25:e7:31:7d:39:81:57:31:34:cf:c1:dc:a0
Certificate

Issuer

CN=SSL.com EV Root Certification Authority ECC,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

07/03/2019, 19:37

Not After

03/03/2034, 19:37

Subject

CN=SSL.com EV Code Signing Intermediate CA ECC R2,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

47:02:13:ca:a6:02:2b:24:64:f5:9f:ad:eb:2a:00:70
Certificate

Issuer

CN=SSL.com EV Code Signing Intermediate CA ECC R2,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

29/11/2023, 16:13

Not After

28/11/2026, 16:13

Subject

SERIALNUMBER=2553621,CN=Free Connected Limited,O=Free Connected Limited,L=Admiralty,C=HK,1.3.6.1.4.1.311.60.2.1.3=#1302484b,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5a:5a:ac:e8:1a:35:6e:b4:62:86:8d:57:7d:e0:3d:c7
Certificate

Issuer

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

19/02/2024, 16:18

Not After

16/02/2034, 16:18

Subject

CN=SSL.com Timestamping Unit 2024 E1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

Issuer

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

13/11/2019, 18:50

Not After

12/11/2034, 18:50

Subject

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f7:02:39:6c:15:dc:01:56:d3:1d:3c:bb:d6:9f:16:eb:43:97:ed:1d:1e:45:5e:16:29:68:ab:88:21:3e:af:c3
Signer

Actual PE Digest

f7:02:39:6c:15:dc:01:56:d3:1d:3c:bb:d6:9f:16:eb:43:97:ed:1d:1e:45:5e:16:29:68:ab:88:21:3e:af:c3

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW

shell32

SHGetSpecialFolderLocation
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

GetClientRect
EndPaint
DrawTextW
IsWindowEnabled
DispatchMessageW
wsprintfA
CharNextA
CharPrevW
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
GetSystemMetrics
FillRect
AppendMenuW
TrackPopupMenu
OpenClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetSysColor
SetWindowPos
GetWindowLongW
PeekMessageW
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
EmptyClipboard
CreatePopupMenu

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
lstrcatW
Sleep
lstrcpyA
WriteFile
GetTempFileNameW
lstrcmpiA
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
CopyFileW
ExitProcess
GetCurrentProcess
GetModuleFileNameW
GetFileSize
CreateFileW
GetTickCount
MulDiv
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
MoveFileExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 160KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

Password: 33

fc0224e99e736751432961db63a41b76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GlobalAlloc
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 662B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

Password: 33

6b5c4f7d679059f68f1269aad3a5cecd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesW
lstrcpyW
MulDiv
lstrlenW
HeapFree
GetCurrentDirectoryW
lstrcmpiW
GetProcessHeap
HeapReAlloc
GlobalFree
lstrcpynW
GlobalAlloc
SetCurrentDirectoryW
HeapAlloc

user32

DestroyWindow
CallWindowProcW
SetCursor
LoadCursorW
GetPropW
CharPrevW
DrawFocusRect
GetWindowLongW
DrawTextW
GetClientRect
SetWindowLongW
GetDlgItem
GetSysColor
SetWindowPos
CreateDialogParamW
MapDialogRect
GetWindowRect
SetPropW
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
CharNextW
SendMessageW
MapWindowPoints
RemovePropW
GetWindowTextW

gdi32

SetTextColor

shell32

SHBrowseForFolderW
SHGetPathFromIDListW

comdlg32

GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 638B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
X-VPN.exe
.exe windows:6 windows x86 arch:x86

Password: 33

997be463f3a2ca83a36d9497e4b92b1d

Code Sign

6e:dd:4f:25:e7:31:7d:39:81:57:31:34:cf:c1:dc:a0
Certificate

Issuer

CN=SSL.com EV Root Certification Authority ECC,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

07/03/2019, 19:37

Not After

03/03/2034, 19:37

Subject

CN=SSL.com EV Code Signing Intermediate CA ECC R2,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

47:02:13:ca:a6:02:2b:24:64:f5:9f:ad:eb:2a:00:70
Certificate

Issuer

CN=SSL.com EV Code Signing Intermediate CA ECC R2,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

29/11/2023, 16:13

Not After

28/11/2026, 16:13

Subject

SERIALNUMBER=2553621,CN=Free Connected Limited,O=Free Connected Limited,L=Admiralty,C=HK,1.3.6.1.4.1.311.60.2.1.3=#1302484b,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5a:5a:ac:e8:1a:35:6e:b4:62:86:8d:57:7d:e0:3d:c7
Certificate

Issuer

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

19/02/2024, 16:18

Not After

16/02/2034, 16:18

Subject

CN=SSL.com Timestamping Unit 2024 E1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

Issuer

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

13/11/2019, 18:50

Not After

12/11/2034, 18:50

Subject

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d0:8e:25:b1:26:0b:2b:b3:65:4b:5f:17:73:80:34:03:a7:a6:43:30:16:70:d6:2c:9e:f6:82:06:bf:00:ed:94
Signer

Actual PE Digest

d0:8e:25:b1:26:0b:2b:b3:65:4b:5f:17:73:80:34:03:a7:a6:43:30:16:70:d6:2c:9e:f6:82:06:bf:00:ed:94

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

AddVectoredExceptionHandler
AreFileApisANSI
CloseHandle
CreateEventA
CreateFileA
CreateFileMappingA
CreateFileMappingW
CreateFileW
CreateIoCompletionPort
CreateMutexW
CreateThread
CreateWaitableTimerA
CreateWaitableTimerExW
DeleteCriticalSection
DeleteFileA
DeleteFileW
DuplicateHandle
EnterCriticalSection
ExitProcess
FlushFileBuffers
FlushViewOfFile
FormatMessageA
FormatMessageW
FreeEnvironmentStringsW
GetConsoleMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetEnvironmentStringsW
GetErrorMode
GetFileAttributesA
GetFileAttributesExW
GetFileAttributesW
GetFileSize
GetFullPathNameA
GetFullPathNameW
GetLastError
GetProcAddress
GetProcessAffinityMask
GetProcessHeap
GetQueuedCompletionStatusEx
GetStartupInfoA
GetStdHandle
GetSystemDirectoryA
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathA
GetTempPathW
GetThreadContext
GetTickCount
GetVersionExA
GetVersionExW
HeapAlloc
HeapCompact
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
HeapValidate
InitializeCriticalSection
InterlockedCompareExchange
LeaveCriticalSection
LoadLibraryExW
LoadLibraryW
LocalFree
LockFile
LockFileEx
MapViewOfFile
MultiByteToWideChar
OutputDebugStringA
OutputDebugStringW
PostQueuedCompletionStatus
QueryPerformanceCounter
RaiseFailFastException
ReadFile
ResumeThread
SetConsoleCtrlHandler
SetEndOfFile
SetErrorMode
SetEvent
SetFilePointer
SetProcessPriorityBoost
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
SetWaitableTimer
Sleep
SuspendThread
SwitchToThread
SystemTimeToFileTime
TerminateProcess
TlsAlloc
TlsGetValue
UnhandledExceptionFilter
UnlockFile
UnlockFileEx
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualLock
VirtualProtect
VirtualQuery
VirtualUnlock
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
WerGetFlags
WerSetFlags
WideCharToMultiByte
WriteConsoleW
WriteFile

msvcrt

__dllonexit
__getmainargs
__initenv
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_beginthread
_cexit
_errno
_exit
_fmode
_initterm
_iob
_lock
_onexit
_unlock
abort
atoi
calloc
exit
fopen
fprintf
free
fwrite
malloc
memcmp
memcpy
memmove
puts
raise
realloc
remove
signal
strcmp
strlen
strncmp
vfprintf

user32

BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetClientRect
GetWindow
GetWindowRect

Exports

Exports

_cgo_dummy_export
cefStringSetByCString

Sections

.text
Size: 9.1MB - Virtual size: 9.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5.7MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8.1MB - Virtual size: 8.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 110B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 465KB - Virtual size: 464KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
X-VPN.ico
lib1/casz8hnj8b.dll
.dll windows:5 windows x86 arch:x86

Password: 33

c6632c8f0eb343465a563cc9baa26284

Code Sign

8a:b9:d6:9e:7c:2b:74:54:51:04:21:7f:47:63:d2:d1
Certificate

Issuer

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

04/01/2021, 00:00

Not After

04/01/2024, 23:59

Subject

SERIALNUMBER=2553621,CN=FREE CONNECTED LIMITED,O=FREE CONNECTED LIMITED,STREET=Admiralty+STREET=Rm 1003 10/F LIPPO CTR TWR 1 89 QUEENSWAY,L=Hong Kong,C=HK,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302484b

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/12/2014, 00:00

Not After

02/12/2029, 23:59

Subject

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1a:d6:08:a7:d6:34:b5:cd:de:97:cb:a3:cc:f0:d0:4b
Certificate

Issuer

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

09/12/2022, 18:30

Not After

06/12/2032, 18:30

Subject

CN=SSL.com Timestamping Unit 2022,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e4:27:04:95:f6:8c:91:d6:d0:ec:7b:49:4e:a4:df:1c
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

11/09/2018, 09:26

Not After

11/09/2023, 09:26

Subject

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

Issuer

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

13/11/2019, 18:50

Not After

12/11/2034, 18:50

Subject

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:88:22:5b:8a:fb:1c:0f:fa:33:36:69:18:a3:96:c0:5f:98:c0:57:f1:f8:16:e2:c1:e6:e1:f9:d5:58:c8:e4
Signer

Actual PE Digest

30:88:22:5b:8a:fb:1c:0f:fa:33:36:69:18:a3:96:c0:5f:98:c0:57:f1:f8:16:e2:c1:e6:e1:f9:d5:58:c8:e4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Y:\work\CEF3_git\chromium\src\out\Release_GN_x86\casz8hnj8b.dll.pdb

Imports

kernel32

VerSetConditionMask
GetModuleHandleW
GetProcAddress
VerifyVersionInfoW
CreateRemoteThread
ReleaseSRWLockExclusive
GetCurrentProcessId
LoadLibraryExA
ReadConsoleW
VirtualProtect
GetProcessId
GetLastError
GetCurrentProcess
VirtualQuery
GetCommandLineW
GetEnvironmentVariableW
GetNativeSystemInfo
SetEnvironmentVariableW
CreateDirectoryW
GetFileAttributesW
OutputDebugStringW
MultiByteToWideChar
WideCharToMultiByte
GetModuleFileNameW
GetTempPathW
GetComputerNameExW
FreeLibrary
LoadLibraryW
ReadProcessMemory
WriteProcessMemory
GetModuleHandleExW
CreateFileW
CloseHandle
VirtualProtectEx
HeapCreate
HeapDestroy
AcquireSRWLockExclusive
SetLastError
WriteFile
DeleteFileW
GetLocalTime
GetCurrentDirectoryW
FormatMessageA
GetTickCount
HeapFree
HeapSize
HeapReAlloc
HeapAlloc
IsDebuggerPresent
WaitForSingleObject
GetCurrentThreadId
Sleep
RaiseException
CreateThread
TerminateProcess
OpenProcess
QueryPerformanceFrequency
GetSystemTimeAsFileTime
QueryPerformanceCounter
TlsGetValue
ReadFile
GetFileSizeEx
SetEndOfFile
SetFilePointerEx
FlushFileBuffers
TlsSetValue
TlsAlloc
TlsFree
GetSystemInfo
RtlCaptureStackBackTrace
SetUnhandledExceptionFilter
FindClose
CreateEventW
SetEvent
ResetEvent
GetStdHandle
GetFileType
SleepEx
CreateProcessW
GetVersion
LockFileEx
UnlockFileEx
InitializeCriticalSection
SetNamedPipeHandleState
TransactNamedPipe
CreateNamedPipeW
WaitNamedPipeW
GetUserDefaultLCID
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
InitializeCriticalSectionAndSpinCount
LCMapStringW
GetLocaleInfoW
GetCPInfo
WaitForSingleObjectEx
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
RtlUnwind
LoadLibraryExW
InterlockedFlushSList
GetFullPathNameW
GetConsoleCP
GetConsoleMode
ExitProcess
SetStdHandle
SetConsoleCtrlHandler
GetModuleFileNameA
GetACP
IsValidLocale
EnumSystemLocalesW
GetDriveTypeW
WriteConsoleW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW

Exports

Exports

AddDllToBlacklist
ClearCrashKeyValueImpl
ClearCrashKeyValueImplEx
CrashForException
DumpProcessWithoutCrash
GetBlacklistIndex
GetCrashKeyCountImpl
GetCrashKeyImpl
GetCrashReportsImpl
GetHandleVerifier
GetInstallDetailsPayload
GetUserDataDirectoryThunk
InjectDumpForHungInput
InjectDumpForHungInputNoCrashKeys
IsBlacklistInitialized
RequestSingleCrashUploadImpl
SetCrashKeyValueImpl
SetCrashKeyValueImplEx
SetMetricsClientId
SetUploadConsentImpl
SignalChromeElf
SignalInitializeCrashReporting
SuccessfullyBlocked

Sections

.text
Size: 317KB - Virtual size: 317KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crthunk
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CPADinfo
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 828B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lib1/cef.pak
.js
lib1/cef_100_percent.pak
.js
lib1/cef_200_percent.pak
.js
lib1/en-US.pak
lib1/icudtl.dat
lib1/libcef.dll
.dll windows:5 windows x86 arch:x86

Password: 33

805733f3466aa188ee970339e85e7363

Code Sign

8a:b9:d6:9e:7c:2b:74:54:51:04:21:7f:47:63:d2:d1
Certificate

Issuer

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

04/01/2021, 00:00

Not After

04/01/2024, 23:59

Subject

SERIALNUMBER=2553621,CN=FREE CONNECTED LIMITED,O=FREE CONNECTED LIMITED,STREET=Admiralty+STREET=Rm 1003 10/F LIPPO CTR TWR 1 89 QUEENSWAY,L=Hong Kong,C=HK,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302484b

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/12/2014, 00:00

Not After

02/12/2029, 23:59

Subject

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1a:d6:08:a7:d6:34:b5:cd:de:97:cb:a3:cc:f0:d0:4b
Certificate

Issuer

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

09/12/2022, 18:30

Not After

06/12/2032, 18:30

Subject

CN=SSL.com Timestamping Unit 2022,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e4:27:04:95:f6:8c:91:d6:d0:ec:7b:49:4e:a4:df:1c
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

11/09/2018, 09:26

Not After

11/09/2023, 09:26

Subject

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

Issuer

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

13/11/2019, 18:50

Not After

12/11/2034, 18:50

Subject

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3e:57:88:d7:9a:90:2b:af:42:d1:c9:2e:86:43:e3:f9:b8:2c:db:bd:81:e2:d4:39:c4:96:cd:00:60:a0:cf:45
Signer

Actual PE Digest

3e:57:88:d7:9a:90:2b:af:42:d1:c9:2e:86:43:e3:f9:b8:2c:db:bd:81:e2:d4:39:c4:96:cd:00:60:a0:cf:45

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Y:\work\CEF3_git\chromium\src\out\Release_GN_x86\libcef.dll.pdb

Imports

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
OpenProcessToken
GetTokenInformation
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
OpenTraceW
ProcessTrace
CloseTrace
LookupAccountNameW
ConvertSidToStringSidA
ConvertSidToStringSidW
CreateWellKnownSid
EqualSid
GetAce
SetSecurityDescriptorDacl
SetEntriesInAclW
LogonUserW
GetUserNameW
GetSecurityInfo
SetThreadToken
LookupPrivilegeValueW
DuplicateTokenEx
DuplicateToken
CreateRestrictedToken
CopySid
RegDisablePredefinedCache
ConvertStringSidToSidW
SetSecurityInfo
SetTokenInformation
SetKernelObjectSecurity
GetSecurityDescriptorSacl
GetLengthSid
GetKernelObjectSecurity
CryptGenRandom
CryptAcquireContextW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptGetHashParam
CryptSetHashParam
CryptReleaseContext
RevertToSelf
ImpersonateAnonymousToken
RegQueryValueExA
RegOpenKeyExA
EventWrite
EventRegister
EventUnregister
StartTraceW
ControlTraceW
RegNotifyChangeKeyValue
RegEnumValueW
DeregisterEventSource
ReportEventA
RegisterEventSourceA
CreateProcessAsUserW
SystemFunction036
InitializeSecurityDescriptor
InitializeAcl
AdjustTokenPrivileges
ImpersonateNamedPipeClient
ConvertSecurityDescriptorToStringSecurityDescriptorW
SetFileSecurityW
GetFileSecurityW

gdi32

MoveToEx
ExtCreatePen
WidenPath
StrokePath
StrokeAndFillPath
SetMiterLimit
SelectClipPath
FillPath
EndPath
CloseFigure
BeginPath
SetPolyFillMode
LineTo
GetObjectType
GetClipBox
CreatePen
CreateFontA
EnumFontFamiliesExA
GetCharWidthW
CreateFontIndirectA
SaveDC
RestoreDC
IntersectClipRect
PtInRegion
SetEnhMetaFileBits
PlayEnhMetaFileRecord
PlayEnhMetaFile
GetEnhMetaFileHeader
GetEnhMetaFileBits
StretchDIBits
ExtEscape
GetWorldTransform
StretchBlt
EndPage
StartPage
SetAbortProc
EndDoc
StartDocW
CancelDC
SetRectRgn
SwapBuffers
PolyBezierTo
ChoosePixelFormat
GetDIBits
GetRgnBox
EqualRgn
CreateRectRgn
CombineRgn
CreateDCW
SetDIBitsToDevice
CreateCompatibleBitmap
EnumEnhMetaFile
DeleteEnhMetaFile
CreateEnhMetaFileW
CloseEnhMetaFile
GetStockObject
ModifyWorldTransform
GetDeviceCaps
SetMapMode
GetTextExtentPoint32W
SetDIBits
CreateBitmap
GetICMProfileW
AddFontMemResourceEx
GetFontUnicodeRanges
GdiFlush
GetTextExtentPointI
GetGlyphIndicesW
GetCharABCWidthsW
GetGlyphOutlineW
RemoveFontMemResourceEx
GetOutlineTextMetricsW
SetTextAlign
ExtTextOutW
SetBrushOrgEx
BitBlt
CreateDIBSection
GdiAlphaBlend
SetBkMode
SetArcDirection
SetDCBrushColor
SetStretchBltMode
SetROP2
GetCurrentObject
SetDCPenColor
GetClipRgn
GetTextFaceA
GetRegionData
SetPixelFormat
SetWorldTransform
SetGraphicsMode
CreateRectRgnIndirect
SelectClipRgn
SetTextColor
SetBkColor
GetBkColor
CreateSolidBrush
CreateFontIndirectW
DeleteObject
SelectObject
GetTextMetricsW
EnumFontFamiliesExW
CreateCompatibleDC
DeleteDC
CreateFontW
GetFontData
GetObjectW
GetTextFaceW
GdiComment

kernel32

ResumeThread
GetCurrentProcess
GetLongPathNameW
CloseHandle
WriteFile
ReadFile
FlushFileBuffers
CreateFileW
RegisterWaitForSingleObject
UnregisterWaitEx
GetCurrentThreadId
LoadLibraryExW
GetProcAddress
ExpandEnvironmentStringsW
ResetEvent
WaitForMultipleObjects
CreateEventW
SetEvent
SetLastError
GetLastError
ReleaseSRWLockExclusive
GetModuleHandleW
ExitProcess
GetConsoleMode
SetStdHandle
ExitThread
GetModuleFileNameA
ReadConsoleW
HeapQueryInformation
GetDateFormatW
GetTimeFormatW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
IsValidLocale
EnumSystemLocalesW
FreeLibraryAndExitThread
UnregisterWait
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
LoadLibraryExA
FlushInstructionCache
IsValidCodePage
GetOEMCP
FindFirstFileExA
GetStdHandle
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
IsProcessInJob
LoadResource
SizeofResource
FindResourceW
lstrcmpiW
MultiByteToWideChar
PowerCreateRequest
PowerSetRequest
PowerClearRequest
GetSystemPowerStatus
LoadLibraryA
WideCharToMultiByte
WriteConsoleW
GetOverlappedResult
CancelIo
CreateFileA
GetComputerNameW
GetSystemTimeAsFileTime
ReleaseMutex
WaitForSingleObject
CreateMutexW
GetVolumeInformationW
GetSystemDirectoryW
GetModuleHandleA
FormatMessageW
VirtualAlloc
VirtualFree
QueryInformationJobObject
GetModuleFileNameW
GetCurrentProcessId
CreateNamedPipeW
GetConsoleCP
LocalFree
ConnectNamedPipe
AttachConsole
SuspendThread
GetThreadContext
OpenThread
GetUserDefaultUILanguage
lstrcmpiA
GetEnvironmentVariableA
WTSGetActiveConsoleSessionId
DisconnectNamedPipe
GetFileInformationByHandleEx
SetNamedPipeHandleState
TransactNamedPipe
GetVersion
TlsGetValue
TlsSetValue
TlsAlloc
OpenProcess
GetUserDefaultLangID
GetUserDefaultLCID
EnumSystemLocalesEx
FreeLibrary
DuplicateHandle
GetFileType
DecodePointer
RaiseException
EnterCriticalSection
LeaveCriticalSection
InterlockedFlushSList
QueryDepthSList
CreateTimerQueue
FindNextFileA
RtlUnwind
CreateThread
GetSystemTime
IsWow64Process
SwitchToThread
WaitNamedPipeW
GetCommandLineW
HeapCreate
HeapDestroy
OutputDebugStringA
DeleteFileW
GetLocalTime
GetCurrentDirectoryW
FormatMessageA
GetTickCount
GetDiskFreeSpaceExW
GlobalMemoryStatusEx
SetThreadPriority
QueryThreadCycleTime
Sleep
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
GetCurrentThread
QueryPerformanceFrequency
GetThreadPriority
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
QueryPerformanceCounter
GetThreadId
IsDebuggerPresent
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
VirtualQuery
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
HeapSetInformation
GetFileSizeEx
SetFileTime
LockFile
SetEndOfFile
GetFileInformationByHandle
UnlockFile
SetFilePointerEx
PeekNamedPipe
LoadLibraryW
GetModuleHandleExA
SetPriorityClass
TerminateProcess
GetPriorityClass
GetExitCodeProcess
CreateDirectoryW
QueryDosDeviceW
RemoveDirectoryW
GetTempPathW
GetVolumePathNameW
GetFileAttributesW
SetFileAttributesW
GetLogicalDriveStringsW
GetFileAttributesExW
SetCurrentDirectoryW
MoveFileExW
ReplaceFileW
CopyFileW
MoveFileW
GetProcessId
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GetVersionExW
GetNativeSystemInfo
SetInformationJobObject
SetHandleInformation
AssignProcessToJobObject
CreateProcessW
AllocConsole
GetSystemInfo
GetProcessTimes
VirtualQueryEx
SetEnvironmentVariableW
GetEnvironmentVariableW
FindFirstFileExW
FindNextFileW
FindClose
FindFirstChangeNotificationW
FindCloseChangeNotification
lstrlenW
FlushViewOfFile
HeapFree
HeapSize
HeapReAlloc
HeapAlloc
GetModuleHandleExW
HeapLock
HeapWalk
HeapUnlock
TlsFree
RtlCaptureStackBackTrace
SetUnhandledExceptionFilter
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
GetWindowsDirectoryW
QueueUserWorkItem
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
SleepConditionVariableSRW
ReleaseSRWLockShared
AcquireSRWLockShared
LockResource
ReleaseSemaphore
CreateSemaphoreW
FindFirstFileW
InitOnceExecuteOnce
GetUserDefaultLocaleName
InitializeCriticalSection
GetTimeZoneInformation
GetGeoInfoW
GetUserGeoID
TryEnterCriticalSection
InitializeSRWLock
GetLocaleInfoEx
GetNumberFormatEx
GetCurrencyFormatEx
ResolveLocaleName
GetTimeFormatEx
GetDateFormatEx
GlobalAlloc
GlobalSize
GlobalLock
GlobalUnlock
GlobalFree
GetPrivateProfileStringW
SetFilePointer
GetComputerNameExW
GetThreadTimes
QueryUnbiasedInterruptTime
GetProcessAffinityMask
InitializeCriticalSectionEx
InitOnceBeginInitialize
InitOnceComplete
SleepConditionVariableCS
WaitForSingleObjectEx
OutputDebugStringW
GetProcessHeap
GetFileSize
LockFileEx
HeapCompact
DeleteFileA
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapValidate
UnlockFileEx
GetFullPathNameA
GetDiskFreeSpaceW
GetFullPathNameW
AreFileApisANSI
LocalAlloc
SetThreadAffinityMask
CreateSemaphoreA
SleepEx
VirtualAllocEx
TerminateJobObject
WriteProcessMemory
ProcessIdToSessionId
GetProcessHandleCount
GetProcessHeaps
SignalObjectAndWait
VirtualProtectEx
ReadProcessMemory
VirtualFreeEx
CreateJobObjectW
CreateRemoteThread
DebugBreak
SearchPathW
QueueUserAPC
ClearCommBreak
ClearCommError
EscapeCommFunction
GetCommModemStatus
GetCommState
PurgeComm
SetCommBreak
SetCommMask
SetCommState
SetCommTimeouts
WaitCommEvent
GetDriveTypeW
GetThreadLocale
GetSystemDefaultLCID
SetProcessShutdownParameters
SetConsoleCtrlHandler
GetStartupInfoW
VirtualProtect
Module32FirstW
Module32NextW
GetTempFileNameA
GetACP
GetLocaleInfoW
LocaleNameToLCID
SetErrorMode
GetWindowsDirectoryA
GetSystemDirectoryA
EncodePointer
GetStringTypeW
CompareStringW
LCMapStringW
GetCPInfo
UnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList

ole32

CoInitialize
OleInitialize
StringFromGUID2
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateGuid
OleUninitialize
ReleaseStgMedium
OleDuplicateData
RevokeDragDrop
DoDragDrop
GetHGlobalFromStream
CreateStreamOnHGlobal
RegisterDragDrop
CoAllowSetForegroundWindow
CoCreateInstance
CoUninitialize
CoInitializeEx
CoTaskMemFree
PropVariantClear
CLSIDFromString

oleaut32

VariantClear
LoadRegTypeLi
LoadTypeLi
SysStringLen
VariantInit
SysAllocString
VarUI4FromStr
SysFreeString

psapi

GetModuleInformation
QueryWorkingSet
GetProcessMemoryInfo
GetPerformanceInfo
GetMappedFileNameW
QueryWorkingSetEx
EnumProcessModules

shell32

SHGetFileInfoW
DragQueryFileW
ShellExecuteW
SHGetPropertyStoreForWindow
SHGetKnownFolderPath
ShellExecuteExW
SHOpenFolderAndSelectItems
SHChangeNotify
CommandLineToArgvW
SHGetSpecialFolderPathW
SHFileOperationW
SHOpenWithDialog
ord680
SHGetDesktopFolder
SHGetFolderPathW
SHBrowseForFolderW
ShellExecuteA
SHGetPathFromIDListW

shlwapi

AssocQueryStringW
PathMatchSpecW
ord437
PathFindExtensionW
PathFindFileNameW
PathRemoveExtensionW

user32

GetKeyState
MapVirtualKeyW
GetMenu
GetClientRect
AdjustWindowRectEx
SendMessageW
GetActiveWindow
SendInput
FindWindowW
GetTopWindow
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
CreateDialogParamW
GetDlgItem
SetDlgItemTextW
GetDlgItemTextW
EnableWindow
IsWindowEnabled
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
IsDialogMessageW
DrawEdge
GetMenuState
GetSystemMenu
CreatePopupMenu
DestroyMenu
GetSubMenu
GetMenuItemCount
TrackPopupMenu
GetMenuInfo
SetMenuInfo
EndMenu
InsertMenuItemW
GetMenuItemInfoW
SetMenuItemInfoW
DrawTextExW
GetSysColor
FillRect
ValidateRect
SetPropW
PostQuitMessage
KillTimer
TranslateMessage
GetQueueStatus
MsgWaitForMultipleObjectsEx
PeekMessageW
SetTimer
DispatchMessageW
LoadImageW
DrawIconEx
CreateIconIndirect
GetIconInfo
IsRectEmpty
GetClassNameW
MonitorFromWindow
InvalidateRect
OpenClipboard
CloseClipboard
GetClipboardSequenceNumber
SetClipboardData
GetClipboardData
RegisterClipboardFormatW
EmptyClipboard
IsClipboardFormatAvailable
GetMessageTime
RegisterDeviceNotificationW
OpenInputDesktop
CloseDesktop
GetUserObjectInformationW
MonitorFromPoint
EnumDisplayMonitors
EnumDisplaySettingsW
GetMessageExtraInfo
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
SetKeyboardState
SetCapture
ReleaseCapture
SetCursor
CloseWindowStation
CreateDesktopW
GetThreadDesktop
CreateWindowStationW
SetProcessWindowStation
GetProcessWindowStation
PostThreadMessageW
GetCaretBlinkTime
ShowCursor
SetCursorPos
SetRectEmpty
GetMessagePos
FlashWindowEx
GetWindowPlacement
SetWindowPlacement
IsIconic
GetFocus
CloseTouchInputHandle
EnableMenuItem
SetMenuDefaultItem
SetForegroundWindow
GetWindowDC
SetWindowRgn
GetWindowRgn
RedrawWindow
OffsetRect
EnumChildWindows
GetGuiResources
GetCursorInfo
DrawFrameControl
GetSysColorBrush
DrawFocusRect
FrameRect
InvertRect
InflateRect
GetRawInputDeviceInfoW
GetRawInputDeviceList
PrintWindow
GetLayeredWindowAttributes
EnumWindows
EnumDisplaySettingsExW
BringWindowToTop
SetThreadDesktop
MessageBeep
PtInRect
GetClassLongW
UnregisterDeviceNotification
DefWindowProcW
RegisterHotKey
UnregisterClassW
RegisterClassExW
CreateWindowExW
DestroyWindow
GetWindowLongW
SetWindowLongW
MessageBoxW
LoadCursorW
DestroyIcon
GetDC
ReleaseDC
GetSystemMetrics
GetDoubleClickTime
GetAsyncKeyState
GetCursorPos
ClientToScreen
ScreenToClient
MapWindowPoints
SystemParametersInfoW
CharNextW
NotifyWinEvent
GetWindowThreadProcessId
GetRawInputData
EnumDisplayDevicesW
DefRawInputProc
RegisterRawInputDevices
ExitWindowsEx
UnregisterHotKey
RegisterClassW
MoveWindow
IsChild
GetKeyboardLayoutNameW
GetKeyboardLayoutList
CreateCaret
DestroyCaret
SetCaretPos
GetMessageW
MessageBoxA
TrackMouseEvent
CallWindowProcW
GetClassInfoExW
IsWindow
ShowWindow
SetWindowPos
RegisterTouchWindow
GetCapture
BeginPaint
EndPaint
GetPropW
RemovePropW
WindowFromPoint
GetDesktopWindow
GetParent
SetParent
IsZoomed
GetWindowRect
ClipCursor
PostMessageW
IsWindowVisible
SetFocus
EnumThreadWindows
GetWindow
GetAncestor
UpdateLayeredWindow
RegisterPowerSettingNotification
UnregisterPowerSettingNotification
GetForegroundWindow
IntersectRect
MonitorFromRect
GetMonitorInfoW
LoadIconW
GetLastInputInfo

winmm

waveInMessage
waveOutReset
waveOutRestart
waveOutPause
midiInClose
midiInPrepareHeader
midiInUnprepareHeader
waveOutWrite
waveOutUnprepareHeader
waveOutPrepareHeader
waveOutOpen
waveInGetNumDevs
waveOutGetNumDevs
waveOutClose
timeEndPeriod
timeGetTime
timeBeginPeriod
midiOutGetNumDevs
midiOutGetDevCapsW
midiOutOpen
midiOutClose
midiOutPrepareHeader
midiOutUnprepareHeader
midiOutShortMsg
midiOutLongMsg
midiOutReset
midiInGetNumDevs
midiInGetDevCapsW
midiInReset
midiInStart
midiInAddBuffer
midiInOpen

ws2_32

ioctlsocket
gethostname
bind
closesocket
connect
getpeername
getsockname
getsockopt
recvfrom
sendto
getaddrinfo
setsockopt
WSAGetLastError
WSACloseEvent
WSCEnumProtocols
WSCGetProviderPath
freeaddrinfo
socket
WSASetServiceW
htons
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAGetOverlappedResult
WSASocketW
WSALookupServiceEnd
WSALookupServiceNextW
WSARecvFrom
WSAResetEvent
WSASendTo
WSAStartup
accept
listen
recv
ntohl
htonl
shutdown
WSAIoctl
WSASend
ntohs
WSAEnumNameSpaceProvidersW
send
WSASetEvent
WSAWaitForMultipleEvents
WSALookupServiceBeginW

comctl32

InitCommonControlsEx

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

wintrust

CryptCATAdminEnumCatalogFromHash
CryptCATAdminAcquireContext
CryptCATAdminReleaseContext
CryptCATAdminReleaseCatalogContext
CryptCATAdminCalcHashFromFileHandle
CryptCATCatalogInfoFromContext

casz8hnj8b

SignalInitializeCrashReporting
SignalChromeElf
InjectDumpForHungInputNoCrashKeys
GetCrashReportsImpl
InjectDumpForHungInput

comdlg32

GetOpenFileNameW
GetSaveFileNameW
ChooseColorW
PrintDlgExW

dbghelp

SymInitialize
SymSetSearchPathW
SymGetLineFromAddr64
SymGetSearchPathW
SymSetOptions
SymFromAddr

usp10

ScriptStringOut
ScriptStringFree
ScriptStringAnalyse
ScriptShape
ScriptItemize
ScriptFreeCache

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

cryptui

CryptUIDlgViewCertificateW
CryptUIDlgCertMgr

dwmapi

DwmDefWindowProc
DwmGetWindowAttribute
DwmSetWindowAttribute
DwmExtendFrameIntoClientArea
DwmGetCompositionTimingInfo
DwmIsCompositionEnabled

netapi32

NetUserGetInfo
NetApiBufferFree

dwrite

DWriteCreateFactory

crypt32

CryptVerifyCertificateSignatureEx
CryptAcquireCertificatePrivateKey
CryptDecodeObjectEx
CryptInstallOIDFunctionAddress
CertGetIssuerCertificateFromStore
CertDuplicateCertificateContext
CertFindExtension
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertCompareCertificateName
CertCreateCertificateChainEngine
CertSetCertificateContextProperty
CertFreeCertificateContext
CertCloseStore
CertOpenStore
CertFindChainInStore
CryptMsgClose
CryptMsgGetParam
CertFindCertificateInStore
CertGetNameStringW
CryptQueryObject
CryptUnprotectData
CryptProtectData
CertOpenSystemStoreW
CertGetIntendedKeyUsage
CertVerifyTimeValidity
CertAddCertificateContextToStore
CertAddEncodedCertificateToStore
CertGetCertificateContextProperty

dhcpcsvc

DhcpCApiInitialize
DhcpRequestParams

iphlpapi

FreeMibTable
IpRenewAddress
IpReleaseAddress
GetInterfaceInfo
CancelIPChangeNotify
NotifyAddrChange
GetAdaptersAddresses
GetIfTable2

ncrypt

NCryptFreeObject
NCryptSignHash

secur32

InitializeSecurityContextA
AcquireCredentialsHandleA
AcquireCredentialsHandleW
FreeCredentialsHandle
InitializeSecurityContextW
DeleteSecurityContext
FreeContextBuffer
QuerySecurityPackageInfoW
CompleteAuthToken
GetUserNameExW

urlmon

CoInternetCreateSecurityManager

winhttp

WinHttpReceiveResponse
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpOpenRequest
WinHttpGetProxyForUrl
WinHttpSetTimeouts
WinHttpCloseHandle
WinHttpOpen
WinHttpGetIEProxyConfigForCurrentUser
WinHttpCrackUrl
WinHttpConnect
WinHttpReadData
WinHttpWriteData
WinHttpQueryHeaders

d3d9

Direct3DCreate9Ex

d3d11

D3D11CreateDevice

dxva2

DXVA2CreateVideoService
DXVA2CreateDirect3DDeviceManager9

wtsapi32

WTSRegisterSessionNotification
WTSUnRegisterSessionNotification
WTSQueryUserToken

dxgi

CreateDXGIFactory1

winspool.drv

ord203
GetPrinterW
GetPrinterDriverW
DeviceCapabilitiesW
ClosePrinter
OpenPrinterW
EnumPrintersW
DocumentPropertiesW

imm32

ImmSetCompositionWindow
ImmNotifyIME
ImmSetOpenStatus
ImmSetConversionStatus
ImmGetConversionStatus
ImmGetCompositionStringW
ImmAssociateContextEx
ImmReleaseContext
ImmGetContext
ImmSetCandidateWindow

Exports

Exports

GetCrashKeyCountImpl
GetCrashKeyImpl
GetHandleVerifier
IsSandboxedProcess
RelaunchChromeBrowserWithNewCommandLineIfNeeded
cef_add_cross_origin_whitelist_entry
cef_api_hash
cef_base64decode
cef_base64encode
cef_begin_tracing
cef_binary_value_create
cef_browser_host_create_browser
cef_browser_host_create_browser_sync
cef_browser_view_create
cef_browser_view_get_for_browser
cef_clear_cross_origin_whitelist
cef_clear_scheme_handler_factories
cef_command_line_create
cef_command_line_get_global
cef_cookie_manager_create_manager
cef_cookie_manager_get_global_manager
cef_crash_reporting_enabled
cef_create_context_shared
cef_create_directory
cef_create_new_temp_directory
cef_create_temp_directory_in_directory
cef_create_url
cef_currently_on
cef_delete_file
cef_dictionary_value_create
cef_directory_exists
cef_display_get_alls
cef_display_get_count
cef_display_get_matching_bounds
cef_display_get_nearest_point
cef_display_get_primary
cef_do_message_loop_work
cef_drag_data_create
cef_enable_highdpi_support
cef_end_tracing
cef_execute_java_script_with_user_gesture_for_tests
cef_execute_process
cef_format_url_for_security_display
cef_get_current_platform_thread_handle
cef_get_current_platform_thread_id
cef_get_extensions_for_mime_type
cef_get_geolocation
cef_get_mime_type
cef_get_min_log_level
cef_get_path
cef_get_temp_directory
cef_get_vlog_level
cef_image_create
cef_initialize
cef_is_cert_status_error
cef_is_cert_status_minor_error
cef_is_web_plugin_unstable
cef_label_button_create
cef_launch_process
cef_list_value_create
cef_load_crlsets_file
cef_log
cef_menu_button_create
cef_menu_model_create
cef_now_from_system_trace_time
cef_panel_create
cef_parse_json
cef_parse_jsonand_return_error
cef_parse_url
cef_post_data_create
cef_post_data_element_create
cef_post_delayed_task
cef_post_task
cef_print_settings_create
cef_process_message_create
cef_quit_message_loop
cef_refresh_web_plugins
cef_register_extension
cef_register_scheme_handler_factory
cef_register_web_plugin_crash
cef_register_widevine_cdm
cef_remove_cross_origin_whitelist_entry
cef_request_context_create_context
cef_request_context_get_global_context
cef_request_create
cef_resource_bundle_get_global
cef_response_create
cef_run_message_loop
cef_scroll_view_create
cef_set_crash_key_value
cef_set_osmodal_loop
cef_shutdown
cef_stream_reader_create_for_data
cef_stream_reader_create_for_file
cef_stream_reader_create_for_handler
cef_stream_writer_create_for_file
cef_stream_writer_create_for_handler
cef_string_ascii_to_utf16
cef_string_ascii_to_wide
cef_string_list_alloc
cef_string_list_append
cef_string_list_clear
cef_string_list_copy
cef_string_list_free
cef_string_list_size
cef_string_list_value
cef_string_map_alloc
cef_string_map_append
cef_string_map_clear
cef_string_map_find
cef_string_map_free
cef_string_map_key
cef_string_map_size
cef_string_map_value
cef_string_multimap_alloc
cef_string_multimap_append
cef_string_multimap_clear
cef_string_multimap_enumerate
cef_string_multimap_find_count
cef_string_multimap_free
cef_string_multimap_key
cef_string_multimap_size
cef_string_multimap_value
cef_string_userfree_utf16_alloc
cef_string_userfree_utf16_free
cef_string_userfree_utf8_alloc
cef_string_userfree_utf8_free
cef_string_userfree_wide_alloc
cef_string_userfree_wide_free
cef_string_utf16_clear
cef_string_utf16_cmp
cef_string_utf16_set
cef_string_utf16_to_lower
cef_string_utf16_to_upper
cef_string_utf16_to_utf8
cef_string_utf16_to_wide
cef_string_utf8_clear
cef_string_utf8_cmp
cef_string_utf8_set
cef_string_utf8_to_utf16
cef_string_utf8_to_wide
cef_string_wide_clear
cef_string_wide_cmp
cef_string_wide_set
cef_string_wide_to_utf16
cef_string_wide_to_utf8
cef_task_runner_get_for_current_thread
cef_task_runner_get_for_thread
cef_textfield_create
cef_thread_create
cef_time_delta
cef_time_from_doublet
cef_time_from_timet
cef_time_now
cef_time_to_doublet
cef_time_to_timet
cef_trace_counter
cef_trace_counter_id
cef_trace_event_async_begin
cef_trace_event_async_end
cef_trace_event_async_step_into
cef_trace_event_async_step_past
cef_trace_event_begin
cef_trace_event_end
cef_trace_event_instant
cef_translator_test_create
cef_translator_test_ref_ptr_library_child_child_create
cef_translator_test_ref_ptr_library_child_create
cef_translator_test_ref_ptr_library_create
cef_translator_test_scoped_library_child_child_create
cef_translator_test_scoped_library_child_create
cef_translator_test_scoped_library_create
cef_unregister_internal_web_plugin
cef_uridecode
cef_uriencode
cef_urlrequest_create
cef_v8context_get_current_context
cef_v8context_get_entered_context
cef_v8context_in_context
cef_v8stack_trace_get_current
cef_v8value_create_array
cef_v8value_create_bool
cef_v8value_create_date
cef_v8value_create_double
cef_v8value_create_function
cef_v8value_create_int
cef_v8value_create_null
cef_v8value_create_object
cef_v8value_create_string
cef_v8value_create_uint
cef_v8value_create_undefined
cef_value_create
cef_version_info
cef_visit_web_plugin_info
cef_waitable_event_create
cef_window_create_top_level
cef_write_json
cef_xml_reader_create
cef_zip_directory
cef_zip_reader_create

Sections

.text
Size: 54.0MB - Virtual size: 54.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_text32
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10.4MB - Virtual size: 10.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 316KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 29B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.crthunk
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.gfids
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

CPADinfo
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lib1/natives_blob.bin
.js
lib1/snapshot_blob.bin

Sharing

General

Malware Config

Signatures

Files

Password: 33

61259b55b8912888e90f516ca08dc514

Code Sign

6e:dd:4f:25:e7:31:7d:39:81:57:31:34:cf:c1:dc:a0Certificate

Extended Key Usages

Key Usages

47:02:13:ca:a6:02:2b:24:64:f5:9f:ad:eb:2a:00:70Certificate

Extended Key Usages

Key Usages

5a:5a:ac:e8:1a:35:6e:b4:62:86:8d:57:7d:e0:3d:c7Certificate

Extended Key Usages

Key Usages

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56Certificate

Extended Key Usages

Key Usages

f7:02:39:6c:15:dc:01:56:d3:1d:3c:bb:d6:9f:16:eb:43:97:ed:1d:1e:45:5e:16:29:68:ab:88:21:3e:af:c3Signer

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shell32

ole32

comctl32

user32

gdi32

kernel32

Sections

.text Size: 26KB - Virtual size: 25KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 128KB

.ndata Size: - Virtual size: 160KB

.rsrc Size: 51KB - Virtual size: 50KB

Password: 33

fc0224e99e736751432961db63a41b76

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 1024B - Virtual size: 867B

.data Size: 512B - Virtual size: 120B

.reloc Size: 1024B - Virtual size: 662B

Password: 33

6b5c4f7d679059f68f1269aad3a5cecd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 8KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 638B

Password: 33

997be463f3a2ca83a36d9497e4b92b1d

Code Sign

6e:dd:4f:25:e7:31:7d:39:81:57:31:34:cf:c1:dc:a0Certificate

Extended Key Usages

Key Usages

6e:dd:4f:25:e7:31:7d:39:81:57:31:34:cf:c1:dc:a0
Certificate

47:02:13:ca:a6:02:2b:24:64:f5:9f:ad:eb:2a:00:70
Certificate

5a:5a:ac:e8:1a:35:6e:b4:62:86:8d:57:7d:e0:3d:c7
Certificate

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

f7:02:39:6c:15:dc:01:56:d3:1d:3c:bb:d6:9f:16:eb:43:97:ed:1d:1e:45:5e:16:29:68:ab:88:21:3e:af:c3
Signer

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 128KB

.ndata
Size: - Virtual size: 160KB

.rsrc
Size: 51KB - Virtual size: 50KB

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 1024B - Virtual size: 867B

.data
Size: 512B - Virtual size: 120B

.reloc
Size: 1024B - Virtual size: 662B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 8KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 638B

6e:dd:4f:25:e7:31:7d:39:81:57:31:34:cf:c1:dc:a0
Certificate

47:02:13:ca:a6:02:2b:24:64:f5:9f:ad:eb:2a:00:70
Certificate

5a:5a:ac:e8:1a:35:6e:b4:62:86:8d:57:7d:e0:3d:c7
Certificate

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

d0:8e:25:b1:26:0b:2b:b3:65:4b:5f:17:73:80:34:03:a7:a6:43:30:16:70:d6:2c:9e:f6:82:06:bf:00:ed:94
Signer

.text
Size: 9.1MB - Virtual size: 9.1MB

.data
Size: 5.7MB - Virtual size: 5.7MB

.rdata
Size: 8.1MB - Virtual size: 8.1MB

.bss
Size: - Virtual size: 4.5MB

.edata
Size: 512B - Virtual size: 110B

.idata
Size: 5KB - Virtual size: 4KB

.CRT
Size: 512B - Virtual size: 52B

.tls
Size: 512B - Virtual size: 32B

.rsrc
Size: 25KB - Virtual size: 24KB

.reloc
Size: 465KB - Virtual size: 464KB

8a:b9:d6:9e:7c:2b:74:54:51:04:21:7f:47:63:d2:d1
Certificate

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

1a:d6:08:a7:d6:34:b5:cd:de:97:cb:a3:cc:f0:d0:4b
Certificate

e4:27:04:95:f6:8c:91:d6:d0:ec:7b:49:4e:a4:df:1c
Certificate

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

30:88:22:5b:8a:fb:1c:0f:fa:33:36:69:18:a3:96:c0:5f:98:c0:57:f1:f8:16:e2:c1:e6:e1:f9:d5:58:c8:e4
Signer

.text
Size: 317KB - Virtual size: 317KB

.rdata
Size: 80KB - Virtual size: 79KB

.data
Size: 4KB - Virtual size: 17KB

.crthunk
Size: 512B - Virtual size: 64B

CPADinfo
Size: 512B - Virtual size: 36B

.gfids
Size: 1024B - Virtual size: 828B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 13KB - Virtual size: 13KB

8a:b9:d6:9e:7c:2b:74:54:51:04:21:7f:47:63:d2:d1
Certificate