afaca069cbe07f55a52cc1caf46f90cd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

afaca069cbe07f55a52cc1caf46f90cd_JaffaCakes118
Size

783KB
MD5

afaca069cbe07f55a52cc1caf46f90cd
SHA1

f4edcd7b049acd62f7c59ed1c7f23590308a66db
SHA256

fe5f130fb802721db4210a7b570e08e37f8856659f2eb182336ee7899f3b4ffb
SHA512

1785758ceba8508d50f69ec1c595c9d773e4337446bd0bb6c125ebbd341971096c6b7a0127164b67e931edac5adec907165779544fc2e0f061b9ed9a1bd82b61
SSDEEP

12288:0/Pk1R3fVFqaxz9sZslbRGPSMH9uBFDcCsJt+xlQa9P50862Eqw8yoaX:0/ENfV9omcfEBF4F+JtUoaX

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ha_WinFlash-v1.92/WinFlash/WinFlash.exe
unpack001/ha_WinFlash-v1.92/WinFlash/soft2cn汉化说明.exe
unpack001/ha_WinFlash-v1.92/WinFlash/winhlp32.exe

Files

afaca069cbe07f55a52cc1caf46f90cd_JaffaCakes118
.rar
ha_WinFlash-v1.92/WinFlash/WINFLASH.HLP
ha_WinFlash-v1.92/WinFlash/WinFlash.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 173KB - Virtual size: 512KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 16KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 7KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 13KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

heatray
Size: 363KB - Virtual size: 364KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ha_WinFlash-v1.92/WinFlash/WinFlash.sys
.sys windows:5 windows x86 arch:x86

2e0e012f6447f505993fb349a392f4c4

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2c:a9:ca:93:cd:9b:19:a9:6d:da:d6:8a:ff:3a:66:8d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

17/10/2006, 00:00

Not After

17/10/2007, 23:59

Subject

CN=Phoenix Technology Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=CSS Core Features Development,O=Phoenix Technology Ltd.,L=Milpitas,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

18:f6:4c:0c:4d:65:ed:54:a9:19:2f:e6:ad:f8:8d:9e:b6:89:db:21
Signer

Actual PE Digest

18:f6:4c:0c:4d:65:ed:54:a9:19:2f:e6:ad:f8:8d:9e:b6:89:db:21

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoDeleteDevice
RtlFreeUnicodeString
IoCreateSymbolicLink
IoCreateDevice
RtlAnsiStringToUnicodeString
RtlInitString
IofCompleteRequest
MmMapLockedPages
IoDeleteSymbolicLink
RtlInitUnicodeString
ExFreePool
ExAllocatePoolWithTag
MmUnmapIoSpace
MmMapIoSpace

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 416B - Virtual size: 408B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 160B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ha_WinFlash-v1.92/WinFlash/WinFlash64.sys
.sys windows:5 windows x64 arch:x64

7a4a0df0bde1f8da6547a580d5bee7c3

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2c:a9:ca:93:cd:9b:19:a9:6d:da:d6:8a:ff:3a:66:8d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

17/10/2006, 00:00

Not After

17/10/2007, 23:59

Subject

CN=Phoenix Technology Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=CSS Core Features Development,O=Phoenix Technology Ltd.,L=Milpitas,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

da:21:f5:88:9f:83:74:c3:96:18:56:d6:81:ad:ec:3d:66:3d:29:64
Signer

Actual PE Digest

da:21:f5:88:9f:83:74:c3:96:18:56:d6:81:ad:ec:3d:66:3d:29:64

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

d:\winddk\3790~1.183\src\drivers\amd64\WinFlash64.pdb

Imports

ntoskrnl.exe

IoDeleteDevice
RtlFreeUnicodeString
IoCreateSymbolicLink
IoCreateDevice
RtlAnsiStringToUnicodeString
RtlInitString
IofCompleteRequest
MmMapLockedPages
IoDeleteSymbolicLink
RtlInitUnicodeString
ExFreePoolWithTag
ExAllocatePoolWithTag
MmUnmapIoSpace
MmMapIoSpace
KeBugCheckEx

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 380B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 610B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ha_WinFlash-v1.92/WinFlash/soft2cn汉化说明.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

HH_By_Soft2CN
RefreshDesktop

Sections

.Ray
Size: - Virtual size: 104KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Ray
Size: 37KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Ray
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ha_WinFlash-v1.92/WinFlash/winhlp32.exe
.exe windows:5 windows x86 arch:x86

6a8de8772de38bd81eb16c604a66176c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

winhlp32.pdb

Imports

msvcrt

isalpha
strtol
strtoul
_strcmpi
strstr
strncpy
strchr
_stricmp
atoi
_fullpath
_except_handler3
strrchr
atol
tolower
_exit
_strnicmp
strncmp
??3@YAXPAX@Z
??2@YAPAXI@Z
remove
_itoa
toupper
isspace
_chdrive
_c_exit
_XcptFilter
_cexit
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
isdigit
memmove

advapi32

RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA

kernel32

MultiByteToWideChar
GlobalFree
GlobalUnlock
GlobalLock
GetProfileStringA
GetSystemDefaultLangID
GlobalReAlloc
GlobalAlloc
GetTimeZoneInformation
FindClose
FindFirstFileA
GetFileInformationByHandle
_llseek
GetSystemDirectoryA
GetModuleHandleW
GetProfileIntA
CloseHandle
GetVersionExA
GetStartupInfoA
MapViewOfFile
CreateFileMappingA
GetCurrentThread
GetModuleFileNameA
IsValidLocale
GlobalSize
VirtualAlloc
VirtualFree
_lclose
_lcreat
_lwrite
_lread
GetLastError
_lopen
SetEndOfFile
SetFilePointer
DeleteFileA
FindNextFileA
GetTickCount
SetCurrentDirectoryA
CopyFileA
MoveFileA
SetFileAttributesA
FileTimeToLocalFileTime
SystemTimeToFileTime
GetSystemTime
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
ExpandEnvironmentStringsA
SearchPathA
GetPrivateProfileStringA
GetTempPathA
GetTempFileNameA
CreateDirectoryA
GetCurrentDirectoryA
GetSystemWindowsDirectoryA
GetWindowsDirectoryA
lstrcmpiA
GetFileAttributesA
GetModuleHandleA
SetErrorMode
LoadLibraryA
GetBinaryTypeA
FreeLibrary
Sleep
GetProcAddress
WinExec
GetUserDefaultLCID
CompareStringA
MulDiv
LocalSize
lstrcpynA
IsDBCSLeadByte
lstrcpyA
lstrlenA
LocalAlloc
LocalReAlloc
LocalFree
GetLocaleInfoA

gdi32

EnumFontFamiliesExA
GetTextAlign
SetTextAlign
GetTextColor
GetBkColor
Escape
SetAbortProc
StartDocA
EndDoc
CreateDCA
StartPage
EndPage
GetSystemPaletteEntries
CreatePen
IntersectClipRect
UnrealizeObject
SetBrushOrgEx
CreatePatternBrush
GetTextExtentPoint32A
CreateFontA
CreateRectRgn
SetRectRgn
CombineRgn
InvertRgn
PatBlt
ExtTextOutA
GetTextExtentPointW
GetTextExtentPointA
SetBkMode
TextOutW
TextOutA
GetTextCharset
GetTextMetricsA
MoveToEx
LineTo
Rectangle
GetStockObject
SetPixel
CreateCompatibleBitmap
GetTextFaceA
SetROP2
TranslateCharsetInfo
GetObjectA
DeleteObject
GetNearestColor
CreateCompatibleDC
SelectObject
SetTextColor
SetBkColor
SetViewportOrgEx
SetWindowExtEx
SetViewportExtEx
PlayMetaFile
DeleteDC
CreateDiscardableBitmap
CreateSolidBrush
BitBlt
SetStretchBltMode
StretchBlt
CreateICA
GetDeviceCaps
CreatePalette
SaveDC
SetMapMode
SetWindowOrgEx
LPtoDP
RestoreDC
SetMetaFileBitsEx
CreateBitmap
SetDIBits
CreateDIBitmap
SelectPalette
RealizePalette
DeleteMetaFile
CreateFontIndirectA

user32

CheckDlgButton
EnumWindows
RegisterClassA
UnregisterClassA
DrawFocusRect
GetAsyncKeyState
ValidateRect
EnumChildWindows
GetWindowDC
CopyRect
CreateDialogParamA
IsDialogMessageA
ScrollWindow
SetScrollRange
GetScrollPos
SetScrollPos
ReleaseCapture
GetClassNameA
EnumThreadWindows
DialogBoxParamA
OffsetRect
KillTimer
GetFocus
PeekMessageA
GetSysColorBrush
BeginPaint
EndPaint
ChildWindowFromPoint
GetMessagePos
MonitorFromPoint
GetMonitorInfoA
SetWindowPos
SetCursor
ClientToScreen
FrameRect
InflateRect
SetCapture
SetMessageQueue
GetMessageA
TranslateAcceleratorA
wsprintfA
CallWindowProcA
PostMessageA
GetParent
GetClientRect
SetDlgItemTextA
GetWindowLongA
GetDlgItemTextA
GetWindowTextLengthA
IsWindowEnabled
EndDialog
SetWindowLongA
SetFocus
EnableWindow
IsClipboardFormatAvailable
GetDlgItem
SendDlgItemMessageA
CharNextA
CharPrevA
WinHelpA
CharLowerA
GetSysColor
InvertRect
SetRect
GetActiveWindow
IsWindow
FillRect
SetTimer
ShowWindow
IsWindowVisible
SetActiveWindow
InvalidateRect
SendMessageA
GetWindowRect
SetForegroundWindow
IsIconic
FindWindowA
CreatePopupMenu
AppendMenuA
GetKeyState
DrawMenuBar
GetMenu
DeleteMenu
EnableMenuItem
CheckMenuItem
DestroyWindow
SetWindowTextA
VkKeyScanA
GetWindow
GetSystemMetrics
TranslateMessage
IsDlgButtonChecked
MoveWindow
DestroyMenu
InsertMenuA
CreateMenu
GetWindowTextA
CreateWindowExA
TrackPopupMenu
GetCursorPos
GetMenuItemCount
GetSubMenu
SetMenu
LoadMenuA
LoadStringA
CharUpperA
GetDesktopWindow
MessageBoxA
LoadBitmapA
PtInRect
ShowScrollBar
InvalidateRgn
UpdateWindow
ReleaseDC
GetDC
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
ScreenToClient
CharNextW
RegisterClassExA
LoadIconA
LoadImageA
IsRectEmpty
SetRectEmpty
SystemParametersInfoA
EqualRect
IsZoomed
RegisterWindowMessageA
SetProcessDefaultLayout
GetProcessDefaultLayout
LoadCursorA
LoadAcceleratorsA
PostQuitMessage
DefWindowProcA
DispatchMessageA

shell32

SHGetSpecialFolderPathA

Sections

.text
Size: 227KB - Virtual size: 226KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

Size: 173KB - Virtual size: 512KB

Size: 16KB - Virtual size: 88KB

Size: 7KB - Virtual size: 76KB

Size: 13KB - Virtual size: 20KB

.rsrc Size: 9KB - Virtual size: 36KB

Size: - Virtual size: 40KB

Size: 512B - Virtual size: 4KB

heatray Size: 363KB - Virtual size: 364KB

.adata Size: - Virtual size: 4KB

2e0e012f6447f505993fb349a392f4c4

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

2c:a9:ca:93:cd:9b:19:a9:6d:da:d6:8a:ff:3a:66:8dCertificate

Extended Key Usages

Key Usages

18:f6:4c:0c:4d:65:ed:54:a9:19:2f:e6:ad:f8:8d:9e:b6:89:db:21Signer

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 160B - Virtual size: 148B

.data Size: 32B - Virtual size: 12B

INIT Size: 416B - Virtual size: 408B

.reloc Size: 160B - Virtual size: 140B

7a4a0df0bde1f8da6547a580d5bee7c3

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

2c:a9:ca:93:cd:9b:19:a9:6d:da:d6:8a:ff:3a:66:8dCertificate

Extended Key Usages

Key Usages

da:21:f5:88:9f:83:74:c3:96:18:56:d6:81:ad:ec:3d:66:3d:29:64Signer

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 512B - Virtual size: 380B

.data Size: 512B - Virtual size: 288B

.pdata Size: 512B - Virtual size: 120B

INIT Size: 1024B - Virtual size: 610B

Headers

File Characteristics

Exports

Exports

Sections

.Ray Size: - Virtual size: 104KB

.Ray Size: 37KB - Virtual size: 40KB

.Ray Size: 15KB - Virtual size: 16KB

.rsrc
Size: 9KB - Virtual size: 36KB

heatray
Size: 363KB - Virtual size: 364KB

.adata
Size: - Virtual size: 4KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

2c:a9:ca:93:cd:9b:19:a9:6d:da:d6:8a:ff:3a:66:8d
Certificate

18:f6:4c:0c:4d:65:ed:54:a9:19:2f:e6:ad:f8:8d:9e:b6:89:db:21
Signer

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 160B - Virtual size: 148B

.data
Size: 32B - Virtual size: 12B

INIT
Size: 416B - Virtual size: 408B

.reloc
Size: 160B - Virtual size: 140B

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

2c:a9:ca:93:cd:9b:19:a9:6d:da:d6:8a:ff:3a:66:8d
Certificate

da:21:f5:88:9f:83:74:c3:96:18:56:d6:81:ad:ec:3d:66:3d:29:64
Signer

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 512B - Virtual size: 380B

.data
Size: 512B - Virtual size: 288B

.pdata
Size: 512B - Virtual size: 120B

INIT
Size: 1024B - Virtual size: 610B

.Ray
Size: - Virtual size: 104KB

.Ray
Size: 37KB - Virtual size: 40KB

.Ray
Size: 15KB - Virtual size: 16KB

.text
Size: 227KB - Virtual size: 226KB

.data
Size: 5KB - Virtual size: 14KB

.rsrc
Size: 44KB - Virtual size: 43KB