ada33e080628c479a7d01239ac672435_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ada33e080628c479a7d01239ac672435_JaffaCakes118
Size

874KB
MD5

ada33e080628c479a7d01239ac672435
SHA1

8a9228ba79ad4acb89f87eaef94025ea671cfa44
SHA256

3a8c7abafb29c9418b81d43215108166429ceca2f6a65d97f76e37dcc2630bf2
SHA512

4b85973cef07aee98d4fb2a934bf47d9dd81de03e94ca97351dcda93eefae31c41e1265873562ede2e93a805b740b425748355d14725f72fda823f527531817c
SSDEEP

12288:rq0i6Symr+r1WeIZb0GzwqSHhPGFw87CvMSUIsrL9pGHNu4B2UQQE9vC9e:rq0b6+rIe+7UqSHgK87CRUIrI4rhEwc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/SPIOUninstall.exe

Files

ada33e080628c479a7d01239ac672435_JaffaCakes118
.zip
ADPopupSPIO.dll
.dll regsvr32 windows:4 windows x86 arch:x86

706b73b40d41dd77b48f69ae0f97c11b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:a6:b9:5a:4c:f0:84:84:e2:28:91:d5:35:e0:82:5e
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

15/06/2011, 00:00

Not After

14/06/2012, 23:59

Subject

CN=(주)인아이티원,O=(주)인아이티원,L=Gangnam-gu\ ,ST=SEOUL,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

PathFileExistsA

wininet

DeleteUrlCacheEntry

mfc42

ord6394
ord2841
ord5440
ord6383
ord858
ord2107
ord801
ord941
ord6883
ord541
ord6215
ord6199
ord6442
ord2864
ord665
ord1979
ord3318
ord5186
ord354
ord5710
ord551
ord4278
ord922
ord3811
ord798
ord1997
ord4277
ord4129
ord2764
ord5465
ord5194
ord533
ord924
ord2818
ord535
ord6648
ord861
ord6663
ord1601
ord6385
ord6779
ord926
ord4202
ord6877
ord537
ord3337
ord6392
ord6407
ord939
ord2763
ord6055
ord4078
ord1776
ord5450
ord5241
ord2385
ord5163
ord6374
ord4353
ord5290
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord3742
ord818
ord567
ord4275
ord6197
ord6379
ord2379
ord6453
ord6876
ord6143
ord5778
ord5448
ord5861
ord1228
ord540
ord2135
ord1949
ord860
ord1105
ord800
ord3663
ord823
ord6467
ord1131
ord2725
ord1134
ord3953
ord825
ord561
ord3738
ord4424
ord4622
ord4080
ord3079
ord269
ord826
ord600
ord1578
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1168
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord815
ord4274
ord1575
ord1176
ord1116
ord4407
ord3402

msvcrt

??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
_mbsrev
_mbsstr
strstr
strtoul
_mbsnbcpy
_strdup
sprintf
malloc
free
strcmp
strcpy
strlen
srand
rand
atoi
_mbscmp
_mbsicmp
strcat
_stricmp
memcmp
memset
__CxxFrameHandler
_purecall
memcpy
_wcsicmp

kernel32

CreateToolhelp32Snapshot
Process32First
Process32Next
CloseHandle
lstrlenW
InterlockedDecrement
EnterCriticalSection
GetCurrentProcessId
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LocalFree
LocalAlloc
GetTempPathA
CreateDirectoryA
lstrlenA
DeleteFileA
CopyFileA
GetTickCount
MultiByteToWideChar
CreateProcessA
WideCharToMultiByte
WritePrivateProfileStringA
GetPrivateProfileStringA
InterlockedIncrement

user32

DestroyWindow
IsWindow
GetWindowRect
EnableWindow
KillTimer
SetForegroundWindow
WaitForInputIdle
EnumWindows
GetParent
SetTimer
GetWindowThreadProcessId
GetClassNameA
GetSystemMetrics
GetClientRect
SendMessageA
CreateWindowExA
GetWindowLongA
SetWindowLongA
ShowWindow
IsWindowVisible
SetWindowPos

advapi32

RegCloseKey
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA

shell32

SHGetSpecialFolderPathA

ole32

CoCreateInstance

oleaut32

SysStringLen
VariantClear
SysFreeString
LoadRegTypeLi

urlmon

URLDownloadToFileA
URLOpenStreamA

atl

ord15
ord21
ord23
ord18
ord57
ord32
ord58
ord30
ord11
ord10
ord39
ord47
ord16

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SPIOUninstall.exe
.exe windows:5 windows x86 arch:x86

8426ee63d6a6c08ea5d4b72088315ea6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentDirectoryA
GlobalFlags
GetCPInfo
GetOEMCP
SetErrorMode
GetFileAttributesA
GetFileSizeEx
GetFileTime
HeapAlloc
RtlUnwind
HeapFree
GetSystemTimeAsFileTime
GetCommandLineA
GetStartupInfoA
RaiseException
VirtualAlloc
HeapReAlloc
ExitProcess
ExitThread
CreateThread
HeapSize
VirtualFree
HeapCreate
GetStdHandle
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetACP
IsValidCodePage
CompareStringW
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
GetDriveTypeA
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
WritePrivateProfileStringA
GetProcessHeap
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
InterlockedIncrement
GetModuleHandleW
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateFileA
GetFullPathNameA
GetVolumeInformationA
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetVersionExA
GetModuleFileNameW
FreeResource
GlobalAddAtomA
CreateEventA
SuspendThread
SetEvent
ResumeThread
SetThreadPriority
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
LoadLibraryA
CompareStringA
InterlockedExchange
lstrcmpA
FreeLibrary
GetModuleHandleA
GetProcAddress
GetLastError
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
MulDiv
lstrlenA
CreateDirectoryA
GetSystemDirectoryA
CreateProcessA
WaitForSingleObject
InterlockedDecrement
MultiByteToWideChar
FindFirstFileA
FindNextFileA
FindClose
GetCurrentProcessId
CreateToolhelp32Snapshot
Process32First
Sleep
CloseHandle
OpenProcess
TerminateProcess
Process32Next
DeleteFileA
MoveFileExA
RemoveDirectoryA
GetModuleFileNameA
GetTempPathA
CopyFileA
WinExec
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
IsDebuggerPresent
SizeofResource

user32

DestroyMenu
UnregisterClassA
LoadCursorA
GetSysColorBrush
CharUpperA
EndPaint
BeginPaint
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ShowWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
UpdateWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
ScreenToClient
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
SetWindowPos
SystemParametersInfoA
GetWindowPlacement
GetWindow
UnhookWindowsHookEx
MessageBoxA
DrawIcon
SendMessageA
PostMessageA
ReleaseDC
GetDC
CopyRect
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
GetWindowThreadProcessId
IsIconic
GetWindowRect
GetClientRect
InvalidateRect
LoadIconA
EnableWindow
GetSystemMetrics
FindWindowA
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
PostQuitMessage
CheckMenuItem
EnableMenuItem
ModifyMenuA
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus

gdi32

DeleteDC
GetStockObject
ExtTextOutA
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
GetDeviceCaps
TextOutA
RectVisible
PtVisible
DeleteObject
SetMapMode
RestoreDC
SaveDC
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
Escape

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegCreateKeyExA
RegQueryValueA
RegEnumKeyA
GetUserNameA
RegOpenKeyA
RegDeleteValueA
RegDeleteKeyA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegSetValueExA

shell32

SHGetSpecialFolderPathA

shlwapi

PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathFileExistsA
PathFindExtensionA

ole32

CoInitializeEx
CoInitializeSecurity
CoUninitialize
CoCreateInstance

oleaut32

SysAllocString
SysFreeString
VariantInit
VariantClear
SysAllocStringLen
VariantChangeType

urlmon

URLOpenStreamA

Sections

.text
Size: 169KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SearchPackItOne.dll
.dll regsvr32 windows:4 windows x86 arch:x86

8eeb3ab8c1c63b5fde0945c1f3cc0733

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:a6:b9:5a:4c:f0:84:84:e2:28:91:d5:35:e0:82:5e
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

15/06/2011, 00:00

Not After

14/06/2012, 23:59

Subject

CN=(주)인아이티원,O=(주)인아이티원,L=Gangnam-gu\ ,ST=SEOUL,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

PathFileExistsA

msimg32

TransparentBlt

wininet

InternetCloseHandle
InternetOpenA
InternetReadFile
InternetOpenUrlA

mfc42

ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4424
ord609
ord567
ord3626
ord3663
ord2414
ord4275
ord6880
ord2864
ord640
ord2405
ord941
ord858
ord4278
ord5875
ord5785
ord6157
ord1640
ord323
ord2859
ord4299
ord1641
ord1168
ord2078
ord6453
ord2379
ord6215
ord6197
ord1146
ord922
ord924
ord926
ord6442
ord2818
ord6648
ord6222
ord6467
ord1228
ord3811
ord4129
ord6877
ord4407
ord3742
ord818
ord3573
ord755
ord6172
ord5789
ord470
ord1776
ord1105
ord6379
ord465
ord466
ord541
ord801
ord6779
ord4274
ord815
ord6375
ord4486
ord2554
ord2512
ord2976
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord3953
ord2725
ord1131
ord5450
ord6394
ord5440
ord6383
ord4202
ord665
ord5710
ord6662
ord5442
ord1979
ord3318
ord1116
ord354
ord4277
ord6663
ord2763
ord1255
ord1578
ord600
ord826
ord269
ord4078
ord6055
ord3619
ord3571
ord3574
ord3402
ord2385
ord2575
ord1795
ord5861
ord939
ord6143
ord2764
ord823
ord861
ord825
ord540
ord860
ord537
ord940
ord535
ord800
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5290
ord4353
ord6374
ord5163
ord5241
ord5731
ord4396
ord1577
ord1575
ord1176
ord1601
ord5186

msvcrt

rand
atoi
free
strlen
__CxxFrameHandler
malloc
sprintf
strcpy
memset
_strdup
_mbsnbcpy
strtoul
_mbscmp
_mbsicmp
_mbsstr
srand
strcat
memcmp
memcpy
_purecall
_except_handler3
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
_onexit
__dllonexit

kernel32

LocalFree
FindResourceA
LoadResource
LockResource
CreateDirectoryA
lstrlenA
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetTickCount
GetTempPathA
DeleteFileA
GetPrivateProfileStringA
MultiByteToWideChar
lstrlenW
WideCharToMultiByte
LocalAlloc

user32

DestroyCursor
InvalidateRect
SetCursor
GetParent
GetWindowRect
ReleaseDC
GetDC
LoadStringA
KillTimer
DestroyWindow
FillRect
DrawTextA
CreateWindowExA
GetWindowLongA
SetWindowLongA
SendMessageA
FindWindowExA
MoveWindow
IsWindowVisible
SetTimer
GetSystemMetrics
SetWindowPos
SetForegroundWindow
IsWindow
EnableWindow
LoadBitmapA
LoadCursorA
PostMessageA
GetClientRect

gdi32

CreatePatternBrush
CreateCompatibleBitmap
BitBlt
CreateFontA
GetObjectA
CreateCompatibleDC
SelectObject
StretchBlt

advapi32

RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

ShellExecuteA
SHGetSpecialFolderPathA

comctl32

_TrackMouseEvent

oleaut32

SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreateVector
LoadRegTypeLi
SafeArrayDestroy
SysFreeString
VariantClear
SysStringLen

urlmon

URLDownloadToFileA

atl

ord16
ord21
ord15
ord18
ord57
ord32
ord23
ord47
ord39
ord11
ord10
ord30
ord58

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 144KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SearchPackItOneUpdate.exe
.exe windows:4 windows x86 arch:x86

bc93399ec38b1cf7b9e1dae283d7f8a1

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:a6:b9:5a:4c:f0:84:84:e2:28:91:d5:35:e0:82:5e
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

15/06/2011, 00:00

Not After

14/06/2012, 23:59

Subject

CN=(주)인아이티원,O=(주)인아이티원,L=Gangnam-gu\ ,ST=SEOUL,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFileExistsA

mfc42

ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4425
ord3597
ord641
ord540
ord324
ord825
ord4234
ord1105
ord4710
ord668
ord1980
ord5710
ord3181
ord2781
ord2770
ord356
ord3337
ord3811
ord2818
ord922
ord858
ord924
ord2379
ord823
ord939
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3262
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord4424
ord3738
ord561
ord815
ord818
ord326
ord567
ord4129
ord2621
ord1134
ord926
ord1168
ord1832
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord4853
ord4376
ord5265
ord860
ord537
ord940
ord535
ord800
ord1576
ord3922

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
_stricmp
_setmbcp
free
__CxxFrameHandler
strtoul
_mbsnbcpy
_strdup
_mbscmp
atol
atoi
_mbsicmp
malloc

kernel32

WaitForSingleObject
GetSystemDirectoryA
CreateDirectoryA
CloseHandle
CreateMutexA
Process32First
CreateToolhelp32Snapshot
LocalFree
OpenProcess
GetModuleHandleA
GetStartupInfoA
GetLastError
GetPrivateProfileStringA
GetTempPathA
DeleteFileA
Sleep
Process32Next
CreateProcessA
WinExec

user32

EnableWindow
PostMessageA

advapi32

GetTokenInformation
ConvertSidToStringSidA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
OpenProcessToken

shell32

SHGetSpecialFolderPathA

urlmon

URLOpenStreamA
URLDownloadToFileA

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
spiohelp.exe
.exe windows:5 windows x86 arch:x86

e92ba91c13d87bd6334e56fc7fa44f2f

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:a6:b9:5a:4c:f0:84:84:e2:28:91:d5:35:e0:82:5e
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

15/06/2011, 00:00

Not After

14/06/2012, 23:59

Subject

CN=(주)인아이티원,O=(주)인아이티원,L=Gangnam-gu\ ,ST=SEOUL,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Work\JYWWorkspace\ToolBar\ADPopupApp\SearchPackItOne\spiohelp.pdb

Imports

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA
UrlUnescapeA
PathFileExistsA

kernel32

SetErrorMode
GetFileAttributesA
GetFileSizeEx
GetFileTime
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
GetCommandLineA
GetStartupInfoA
HeapReAlloc
RtlUnwind
RaiseException
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
ExitProcess
ExitThread
CreateThread
SetStdHandle
GetFileType
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetTimeZoneInformation
GetACP
GetOEMCP
LCMapStringA
LCMapStringW
HeapCreate
VirtualFree
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
GetCPInfo
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
GetModuleHandleW
LocalAlloc
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FileTimeToLocalFileTime
FileTimeToSystemTime
InterlockedIncrement
CreateFileA
GetFullPathNameA
GetVolumeInformationA
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetVersionExA
InterlockedDecrement
GetModuleFileNameW
GetCurrentProcessId
GlobalAddAtomA
SuspendThread
ResumeThread
SetThreadPriority
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetModuleFileNameA
GetLocaleInfoA
LoadLibraryA
CompareStringA
InterlockedExchange
lstrcmpA
FreeLibrary
GetModuleHandleA
GetProcAddress
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
MulDiv
FreeResource
LocalFree
GetTempPathA
CloseHandle
CreateToolhelp32Snapshot
Process32Next
FindClose
FindFirstFileA
OpenProcess
Process32First
GetPrivateProfileStringA
WritePrivateProfileStringA
lstrlenW
MultiByteToWideChar
FindResourceA
LoadResource
LockResource
SizeofResource
SetEvent
Sleep
WaitForSingleObject
WideCharToMultiByte
GetTickCount
CreateDirectoryA
lstrlenA
DeleteFileA
CopyFileA
ResetEvent
CreateEventA
GetLastError
CreateMutexA
IsValidCodePage

user32

PostThreadMessageA
RegisterClipboardFormatA
DestroyMenu
UnregisterClassA
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
SetRect
IsRectEmpty
CopyAcceleratorTableA
ReleaseCapture
SetCapture
GetSysColorBrush
CharNextA
CharUpperA
RegisterWindowMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
UpdateWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
CopyRect
PtInRect
DefWindowProcA
CallWindowProcA
GetMenu
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetSysColor
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
ScreenToClient
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetWindowTextA
SetFocus
ShowWindow
MoveWindow
SetWindowLongA
GetDlgCtrlID
SetWindowTextA
IsDialogMessageA
LoadIconA
SendMessageA
SetTimer
IsIconic
SendDlgItemMessageA
UnhookWindowsHookEx
GetWindowThreadProcessId
GetLastActivePopup
MessageBoxA
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetFocus
GetSystemMetrics
GetClientRect
DrawIcon
IsWindow
GetForegroundWindow
GetWindowRect
KillTimer
SetParent
EnableWindow
InvalidateRect
DestroyCursor
SetCursor
GetParent
GetDC
ReleaseDC
LoadBitmapA
LoadCursorA
PostMessageA
SetLayeredWindowAttributes
IsWindowVisible
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
PostQuitMessage
SetWindowPos
MapDialogRect
SetWindowContextHelpId
GetWindow
EndDialog
GetNextDlgTabItem
IsWindowEnabled
GetDlgItem
GetWindowLongA
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow

gdi32

GetMapMode
GetRgnBox
GetTextColor
CreateRectRgnIndirect
GetBkColor
GetStockObject
DeleteDC
StretchBlt
ScaleWindowExtEx
SetWindowExtEx
CreateCompatibleDC
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
DeleteObject
GetClipBox
SetMapMode
SetTextColor
SetStretchBltMode
SetBkMode
SetBkColor
RestoreDC
SaveDC
CreateBitmap
GetDeviceCaps
GetObjectA
CreateFontA
SelectObject
ExtSelectClipRgn

msimg32

TransparentBlt

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegCreateKeyExA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegCloseKey
GetTokenInformation
ConvertSidToStringSidA
OpenProcessToken
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA

shell32

SHAppBarMessage
SHGetSpecialFolderPathA

comctl32

InitCommonControlsEx

oledlg

ord8

ole32

CoUninitialize
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CoInitialize
CLSIDFromString

oleaut32

SysAllocString
VariantClear
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
SysAllocStringLen
SysStringLen
SysFreeString
SysAllocStringByteLen
VariantChangeType
VariantInit
OleCreateFontIndirect
VariantCopy
VariantTimeToSystemTime
SystemTimeToVariantTime

urlmon

URLDownloadToFileA
URLOpenStreamA

wininet

InternetCanonicalizeUrlA
InternetCrackUrlA
DeleteUrlCacheEntry

Sections

.text
Size: 279KB - Virtual size: 278KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

706b73b40d41dd77b48f69ae0f97c11b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

20:a6:b9:5a:4c:f0:84:84:e2:28:91:d5:35:e0:82:5eCertificate

Extended Key Usages

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6dCertificate

Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

shlwapi

wininet

mfc42

msvcrt

kernel32

user32

advapi32

shell32

ole32

oleaut32

urlmon

atl

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 45KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 8KB - Virtual size: 9KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 8KB - Virtual size: 4KB

8426ee63d6a6c08ea5d4b72088315ea6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

urlmon

Sections

.text Size: 169KB - Virtual size: 168KB

.rdata Size: 42KB - Virtual size: 41KB

.data Size: 8KB - Virtual size: 22KB

.rsrc Size: 14KB - Virtual size: 14KB

8eeb3ab8c1c63b5fde0945c1f3cc0733

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

20:a6:b9:5a:4c:f0:84:84:e2:28:91:d5:35:e0:82:5eCertificate

Extended Key Usages

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6dCertificate

Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

20:a6:b9:5a:4c:f0:84:84:e2:28:91:d5:35:e0:82:5e
Certificate

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

.text
Size: 48KB - Virtual size: 45KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 8KB - Virtual size: 9KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 8KB - Virtual size: 4KB

.text
Size: 169KB - Virtual size: 168KB

.rdata
Size: 42KB - Virtual size: 41KB

.data
Size: 8KB - Virtual size: 22KB

.rsrc
Size: 14KB - Virtual size: 14KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

20:a6:b9:5a:4c:f0:84:84:e2:28:91:d5:35:e0:82:5e
Certificate

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

.text
Size: 60KB - Virtual size: 58KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 8KB - Virtual size: 10KB

.rsrc
Size: 144KB - Virtual size: 141KB

.reloc
Size: 8KB - Virtual size: 5KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

20:a6:b9:5a:4c:f0:84:84:e2:28:91:d5:35:e0:82:5e
Certificate

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

.text
Size: 24KB - Virtual size: 21KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 8KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 3KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

20:a6:b9:5a:4c:f0:84:84:e2:28:91:d5:35:e0:82:5e
Certificate

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate