c8336212271fc0dbcd279d13e4c91117_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

c8336212271fc0dbcd279d13e4c91117_JaffaCakes118
Size

2.9MB
MD5

c8336212271fc0dbcd279d13e4c91117
SHA1

5321adaeb72a2a1e565e5c0cab0f2c951ef53f2c
SHA256

dbead88cdebc80c6a2cfad0714d024604acaf9702d0b132b76943f405ca3da0b
SHA512

e7307b8f1e6ae6de57a5f3f8baba24336c487a48816d479a0648951289c8753775070c7deddc4084029e87199c0b9c392a7845107b50b08723bc3eacafee89ac
SSDEEP

49152:7oSsxa6uhZzqB7g9483GNIbEiWEHyM2wLMh/RNJ52ArhEJv/7DxcKuzPVA71GJ:CxaDmKeOGibEipSMHuRNJAkhMv/xHuJj

Score

9^/10

upx

Malware Config

Signatures

Detected Nirsoft tools 6 IoCs

Free utilities often used by attackers which can steal passwords, product keys, etc.

resource	yara_rule
static1/unpack001/JumpListsView.exe	Nirsoft
static1/unpack001/LastActivityView.exe	Nirsoft
static1/unpack002/out.upx	Nirsoft
static1/unpack001/RegScanner.exe	Nirsoft
static1/unpack003/out.upx	Nirsoft
static1/unpack004/out.upx	Nirsoft

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/RecentFilesView.exe	upx
static1/unpack001/USBDeview.exe	upx
static1/unpack001/UserAssistView.exe	upx

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack002/out.upx
unpack003/out.upx
unpack001/UserAssistView.exe
unpack004/out.upx

Files

c8336212271fc0dbcd279d13e4c91117_JaffaCakes118
.rar
JumpListsView.exe
.exe windows:4 windows x86 arch:x86

d0faef4f30a486dd1300a7acd0c85b75

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/09/2014, 00:00

Not After

12/09/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

bd:1b:1e:45:0b:bd:d5:df:88:67:8e:7d:da:22:3d:17
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

30/03/2016, 00:00

Not After

30/06/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

2c:74:00:47:85:71:32:fd:9e:ae:4c:83:8f:76:fa:2e:82:8b:31:16:a5:3d:04:66:db:d1:63:42:11:69:aa:c0
Signer

Actual PE Digest

2c:74:00:47:85:71:32:fd:9e:ae:4c:83:8f:76:fa:2e:82:8b:31:16:a5:3d:04:66:db:d1:63:42:11:69:aa:c0

Digest Algorithm

sha256

PE Digest Matches

true

8e:c6:6f:fc:4a:a1:e5:fe:44:cc:2e:f8:cf:c3:7a:51:fe:7e:cd:4f
Signer

Actual PE Digest

8e:c6:6f:fc:4a:a1:e5:fe:44:cc:2e:f8:cf:c3:7a:51:fe:7e:cd:4f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Projects\VS2005\JumpListsView\Release\JumpListsView.pdb

Imports

msvcrt

__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_XcptFilter
__p__fmode
_c_exit
_onexit
__dllonexit
strlen
qsort
_wcslwr
_itow
wcstoul
wcsrchr
malloc
__set_app_type
_controlfp
_except_handler3
_exit
_wcsicmp
wcscmp
wcschr
free
modf
_memicmp
memcmp
??2@YAPAXI@Z
??3@YAXPAX@Z
memcpy
wcslen
_wtoi
_purecall
wcscpy
memset
wcscat
_snwprintf
wcsncat

comctl32

ImageList_Add
ImageList_Create
ord17
ImageList_AddMasked
ImageList_SetImageCount
CreateStatusWindowW
CreateToolbarEx

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

ReadProcessMemory
GetCurrentProcess
ExitProcess
GetCurrentProcessId
OpenProcess
EnumResourceTypesW
GetTickCount
GetModuleHandleA
GetStartupInfoW
LoadResource
SetErrorMode
DeleteFileW
GetStdHandle
GetPrivateProfileStringW
FileTimeToSystemTime
SystemTimeToFileTime
CompareFileTime
LoadLibraryW
GetProcAddress
FreeLibrary
GetModuleHandleW
MultiByteToWideChar
lstrlenW
lstrcpyW
GlobalAlloc
SystemTimeToTzSpecificLocalTime
GlobalUnlock
LoadLibraryExW
WideCharToMultiByte
GetTempPathW
GetLastError
GetLocaleInfoW
FindNextFileW
SizeofResource
GlobalLock
GetDateFormatW
GetTempFileNameW
FormatMessageW
FindClose
GetVersionExW
GetFileSize
FindFirstFileW
GetTimeFormatW
CloseHandle
GetFileAttributesW
GetWindowsDirectoryW
FileTimeToLocalFileTime
ReadFile
WriteFile
GetModuleFileNameW
GetNumberFormatW
CreateFileW
LockResource
LocalFree
FindResourceW
WritePrivateProfileStringW
GetPrivateProfileIntW
EnumResourceNamesW

user32

GetMessageW
PostQuitMessage
TrackPopupMenu
RegisterWindowMessageW
KillTimer
DispatchMessageW
SetCursor
LoadCursorW
GetSysColorBrush
ShowWindow
DrawTextExW
DeferWindowPos
GetClientRect
CreateWindowExW
SendDlgItemMessageW
EndDialog
GetWindow
SetWindowLongW
GetDlgItem
GetWindowRect
DrawFrameControl
GetDlgItemInt
SetWindowTextW
InvalidateRect
UpdateWindow
SendMessageW
SetWindowPlacement
SetDlgItemTextW
GetDlgItemTextW
EndPaint
GetWindowPlacement
SetDlgItemInt
GetSystemMetrics
BeginPaint
SetMenu
LoadAcceleratorsW
PostMessageW
DefWindowProcW
TranslateAcceleratorW
RegisterClassW
MessageBoxW
LoadImageW
GetWindowLongW
GetSysColor
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
GetSubMenu
GetDC
EmptyClipboard
EnableMenuItem
ReleaseDC
GetClassNameW
OpenClipboard
MoveWindow
GetMenuStringW
GetMenuItemCount
CheckMenuItem
CloseClipboard
GetCursorPos
GetParent
SetClipboardData
EnableWindow
MapWindowPoints
GetMenu
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
DialogBoxParamW
CreateDialogParamW
EnumChildWindows
LoadStringW
DestroyWindow
SetWindowPos
GetDesktopWindow
GetWindowTextW
LoadIconW
DestroyIcon
SetTimer
IsDialogMessageW
TranslateMessage
ChildWindowFromPoint

gdi32

GetStockObject
GetTextExtentPoint32W
SetBkColor
GetDeviceCaps
GetObjectW
GetPixel
DeleteDC
SetPixel
SelectObject
CreateCompatibleDC
SetTextColor
CreateFontIndirectW
SetBkMode
DeleteObject

comdlg32

FindTextW
GetSaveFileNameW

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

SHGetMalloc
SHBrowseForFolderW
SHGetFileInfoW
ShellExecuteW
SHGetPathFromIDListW

ole32

CoUninitialize
CoInitialize
StgOpenStorageEx

Sections

.text
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
LastActivityView.exe
.exe windows:4 windows x86 arch:x86

c9180e9bfc9792e5439f26c42955beab

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/09/2014, 00:00

Not After

12/09/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

bd:1b:1e:45:0b:bd:d5:df:88:67:8e:7d:da:22:3d:17
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

30/03/2016, 00:00

Not After

30/06/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

83:23:a8:9d:d6:b5:5a:30:7f:b9:b2:0e:af:aa:4e:46:dc:01:8b:d0:34:6b:ce:9e:83:3d:df:9f:4b:92:5f:33
Signer

Actual PE Digest

83:23:a8:9d:d6:b5:5a:30:7f:b9:b2:0e:af:aa:4e:46:dc:01:8b:d0:34:6b:ce:9e:83:3d:df:9f:4b:92:5f:33

Digest Algorithm

sha256

PE Digest Matches

true

9a:1c:a2:4f:a4:d5:17:d9:b2:e1:e4:24:95:46:c0:5f:ae:23:26:65
Signer

Actual PE Digest

9a:1c:a2:4f:a4:d5:17:d9:b2:e1:e4:24:95:46:c0:5f:ae:23:26:65

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Projects\VS2005\LastActivityView\Release\LastActivityView.pdb

Imports

msvcrt

_except_handler3
_controlfp
__set_app_type
__wgetmainargs
_wcmdln
exit
_cexit
_XcptFilter
_exit
__p__fmode
_onexit
__dllonexit
_msize
calloc
realloc
_wcslwr
strlen
_purecall
_itow
_wcsnicmp
qsort
modf
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
_c_exit
_memicmp
_wtoi
memcmp
wcstoul
wcsrchr
swscanf
malloc
_ultow
wcscmp
free
??3@YAXPAX@Z
??2@YAPAXI@Z
memcpy
wcslen
wcscpy
memset
_wcsicmp
wcschr
wcscat
_snwprintf
wcsncat

comctl32

ImageList_SetImageCount
CreateStatusWindowW
ImageList_Create
ord17
ImageList_Add
ImageList_AddMasked
CreateToolbarEx

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

kernel32

UnmapViewOfFile
EnumResourceNamesW
MapViewOfFile
GetStartupInfoW
GetModuleHandleA
EnumResourceTypesW
OpenProcess
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetStdHandle
DeleteFileW
SetErrorMode
GetCurrentProcessId
ExitProcess
GetLongPathNameW
GetLogicalDrives
GetVolumeInformationW
QueryDosDeviceW
CloseHandle
GetFileSize
SystemTimeToFileTime
FileTimeToSystemTime
CompareFileTime
GetSystemTimeAsFileTime
GetDriveTypeW
GetProcAddress
FreeLibrary
GetModuleHandleW
LoadLibraryW
GetTickCount
GetWindowsDirectoryW
ExpandEnvironmentStringsW
GetLastError
GetTempPathW
GetCurrentProcess
GetDateFormatW
FindNextFileW
SizeofResource
GetTempFileNameW
GlobalLock
FormatMessageW
FindFirstFileW
GetVersionExW
FindClose
GetTimeFormatW
GetFileAttributesW
FileTimeToLocalFileTime
ReadFile
FindResourceW
WriteFile
GetModuleFileNameW
LocalFree
LoadResource
CreateFileW
LockResource
SystemTimeToTzSpecificLocalTime
lstrcpyW
MultiByteToWideChar
lstrlenW
LoadLibraryExW
GlobalAlloc
GetSystemDirectoryW
GlobalUnlock
WideCharToMultiByte
CreateFileMappingW
ReadProcessMemory

user32

GetMenuItemInfoW
CallWindowProcW
CreatePopupMenu
TrackPopupMenu
RegisterWindowMessageW
GetKeyState
DrawTextExW
ChildWindowFromPoint
LoadCursorW
TranslateMessage
GetSysColorBrush
ShowWindow
GetDlgItemInt
SetDlgItemInt
DeferWindowPos
CreateWindowExW
BeginPaint
EndPaint
GetWindow
GetClientRect
SendDlgItemMessageW
DrawFrameControl
EndDialog
SetWindowLongW
GetDlgItem
SetWindowTextW
UpdateWindow
SendMessageW
SetDlgItemTextW
InvalidateRect
GetDlgItemTextW
GetWindowRect
GetSystemMetrics
RegisterClassW
PostMessageW
MessageBoxW
TranslateAcceleratorW
SetMenu
SetWindowPos
GetWindowPlacement
LoadAcceleratorsW
DefWindowProcW
LoadImageW
GetSysColor
GetWindowLongW
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
GetParent
KillTimer
SetTimer
EnableMenuItem
ReleaseDC
GetClassNameW
MoveWindow
OpenClipboard
CheckMenuItem
GetMenuStringW
GetMenuItemCount
CloseClipboard
CheckMenuRadioItem
SetClipboardData
EnableWindow
GetCursorPos
MapWindowPoints
GetMenu
GetSubMenu
GetDC
EmptyClipboard
ModifyMenuW
SetCursor
GetDlgCtrlID
DestroyMenu
DialogBoxParamW
CreateDialogParamW
EnumChildWindows
DestroyWindow
LoadStringW
GetDesktopWindow
GetWindowTextW
LoadMenuW
LoadIconW
DestroyIcon
PostQuitMessage
GetMessageW
DispatchMessageW
IsDialogMessageW

gdi32

SetBkMode
DeleteObject
SetBkColor
GetStockObject
GetTextExtentPoint32W
GetDeviceCaps
SelectObject
CreateCompatibleDC
GetObjectW
DeleteDC
GetPixel
SetPixel
SetTextColor
CreateFontIndirectW

comdlg32

FindTextW
GetSaveFileNameW

advapi32

RegCloseKey
RegEnumValueW
RegOpenKeyExW
RegEnumKeyExW
RegQueryValueExW
RegQueryInfoKeyW

shell32

ShellExecuteW
SHGetFileInfoW
SHGetMalloc
SHGetPathFromIDListW
SHBindToParent
SHGetDesktopFolder

ole32

CoCreateInstance
CoUninitialize
CoInitialize

Sections

.text
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
LastActivityView_lng.ini
RecentFilesView.exe
.exe windows:4 windows x86 arch:x86

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/09/2014, 00:00

Not After

12/09/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

bd:1b:1e:45:0b:bd:d5:df:88:67:8e:7d:da:22:3d:17
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

30/03/2016, 00:00

Not After

30/06/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

18:30:04:81:57:f7:64:ab:79:f0:db:42:ad:23:c7:4b:fb:ec:e8:e2:f1:d4:07:77:ad:ce:ab:fd:52:a5:53:73
Signer

Actual PE Digest

18:30:04:81:57:f7:64:ab:79:f0:db:42:ad:23:c7:4b:fb:ec:e8:e2:f1:d4:07:77:ad:ce:ab:fd:52:a5:53:73

Digest Algorithm

sha256

PE Digest Matches

true

8a:ba:65:93:92:48:ce:e9:49:47:12:09:31:f9:0c:8d:8b:1f:27:f9
Signer

Actual PE Digest

8a:ba:65:93:92:48:ce:e9:49:47:12:09:31:f9:0c:8d:8b:1f:27:f9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
RecentFilesView_lng.ini
RegScanner.exe
.exe windows:4 windows x64 arch:x64

786d65acf4e9f4d4421049b069e9c8cb

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/09/2014, 00:00

Not After

12/09/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

bd:1b:1e:45:0b:bd:d5:df:88:67:8e:7d:da:22:3d:17
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

30/03/2016, 00:00

Not After

30/06/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

2f:dd:c4:f4:28:7b:f4:82:f3:58:82:27:ff:f6:b2:29:51:ef:9a:f0:53:4c:b3:f3:68:1e:05:66:83:c4:90:bd
Signer

Actual PE Digest

2f:dd:c4:f4:28:7b:f4:82:f3:58:82:27:ff:f6:b2:29:51:ef:9a:f0:53:4c:b3:f3:68:1e:05:66:83:c4:90:bd

Digest Algorithm

sha256

PE Digest Matches

true

9c:fb:a0:d4:5d:a0:7c:e2:ab:d1:55:d7:89:c1:34:48:63:d6:73:f3
Signer

Actual PE Digest

9c:fb:a0:d4:5d:a0:7c:e2:ab:d1:55:d7:89:c1:34:48:63:d6:73:f3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\Projects\VS2005\RegScanner\x64\Release\RegScanner.pdb

Imports

msvcrt

_initterm
__getmainargs
_acmdln
exit
_cexit
_exit
_c_exit
_XcptFilter
__C_specific_handler
_onexit
__dllonexit
calloc
__setusermatherr
strncmp
??_U@YAPEAX_K@Z
??_V@YAXPEAX@Z
_strlwr
_purecall
_itoa
_strnicmp
_memicmp
_mbctoupper
strrchr
strcmp
malloc
_commode
_fmode
__set_app_type
isdigit
strtol
free
_snprintf
atoi
strtoul
_strcmpi
strchr
_mbschr
_ultoa
??2@YAPEAX_K@Z
??3@YAXPEAX@Z
memmove
_mbsicmp
_stricmp
memcpy
strlen
memcmp
strcpy
memset
strncat
sprintf
strcat

comctl32

ImageList_SetImageCount
ImageList_AddMasked
ord6
CreateToolbarEx
ImageList_Create
ord17
ImageList_ReplaceIcon

kernel32

GetModuleHandleA
RaiseException
ReadProcessMemory
GetCurrentProcess
ExitProcess
GetCurrentProcessId
GetSystemTime
GetCurrentDirectoryA
CreateProcessA
DeleteFileA
ExpandEnvironmentStringsA
WritePrivateProfileStringA
OpenProcess
Sleep
GetCurrentThreadId
WinExec
GetStartupInfoA
GetProcAddress
SystemTimeToFileTime
GetLocalTime
CompareFileTime
MultiByteToWideChar
GetTickCount
CloseHandle
GetSystemTimeAsFileTime
FileTimeToSystemTime
LoadLibraryA
FreeLibrary
GetFileAttributesA
SetFilePointer
GetLastError
lstrcpyA
GetModuleFileNameA
lstrlenA
GetNumberFormatA
GetLocaleInfoA
FormatMessageA
LoadLibraryExA
GetWindowsDirectoryA
GetTempFileNameA
ReadFile
GetDateFormatA
WriteFile
SystemTimeToTzSpecificLocalTime
GlobalAlloc
GlobalLock
GetVersionExA
CreateFileA
GlobalUnlock
GetFileSize
GetTimeFormatA
FileTimeToLocalFileTime
GetTempPathA
LocalFree
WideCharToMultiByte
EnumResourceNamesA
GetPrivateProfileIntA
GetPrivateProfileStringA

user32

AttachThreadInput
EnumWindows
GetWindowThreadProcessId
GetClipboardData
SetForegroundWindow
BeginDeferWindowPos
DeleteMenu
GetFocus
ChildWindowFromPoint
ReleaseDC
GetDC
GetSysColorBrush
LoadCursorA
ShowWindow
SetCursor
InvalidateRect
SetDlgItemInt
BeginPaint
GetWindow
GetClientRect
SetDlgItemTextA
DrawFrameControl
GetDlgItemTextA
SetWindowTextA
GetSystemMetrics
DeferWindowPos
SendDlgItemMessageA
GetWindowRect
GetDlgItemInt
EndDialog
GetDlgItem
CreateWindowExA
EndPaint
MessageBoxA
GetWindowPlacement
SendMessageA
RegisterClassA
UpdateWindow
PostMessageA
SetMenu
LoadAcceleratorsA
SetWindowPos
DefWindowProcA
TranslateAcceleratorA
PeekMessageA
LoadImageA
LoadIconA
DispatchMessageA
TranslateMessage
GetWindowLongA
SetWindowLongA
SetFocus
GetMenuStringA
GetCursorPos
SetClipboardData
EnableWindow
MapWindowPoints
GetSysColor
InsertMenuItemA
GetMenu
OpenClipboard
GetParent
MoveWindow
EmptyClipboard
GetClassNameA
EnableMenuItem
CloseClipboard
CheckMenuItem
GetSubMenu
GetMenuItemCount
CreateDialogParamA
EnumChildWindows
DestroyWindow
GetMenuItemInfoA
GetWindowTextA
LoadMenuA
ModifyMenuA
LoadStringA
DialogBoxParamA
GetDlgCtrlID
DestroyMenu
IsDialogMessageA
TrackPopupMenu
PostQuitMessage
GetMessageA
RegisterWindowMessageA
EndDeferWindowPos

gdi32

GetStockObject
GetTextExtentPoint32A
SetBkColor
CreateFontIndirectA
SetBkMode
DeleteObject
SetTextColor
GetDeviceCaps

comdlg32

GetOpenFileNameA
GetSaveFileNameA
FindTextA

advapi32

RegDeleteKeyA
RegDeleteValueA
RegEnumValueA
RegConnectRegistryA
RegCloseKey
RegQueryValueExA
RegEnumKeyExA
RegCreateKeyA
RegQueryValueExW
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegQueryInfoKeyA

shell32

ShellExecuteExA
ShellExecuteA

Sections

.text
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
USBDeview.exe
.exe windows:4 windows x86 arch:x86

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/09/2014, 00:00

Not After

12/09/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ad:22:7e:36:0a:bc:77:cd:e6:ba:f4:5c:16:e1:87:09:4e:43:b7:ad
Signer

Actual PE Digest

ad:22:7e:36:0a:bc:77:cd:e6:ba:f4:5c:16:e1:87:09:4e:43:b7:ad

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 84KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 49KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
UserAssistView.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 25KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
processhacker-2.39-setup.exe
.exe windows:1 windows x86 arch:x86

Code Sign

0f:f1:ef:66:bd:62:1c:65:b7:4b:4d:e4:14:25:71:7f
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

83:33:12:d6:73:40:58:da:f9:36:91:31:58:17:af:f2:3f:e7:11:0a:e3:31:bd:85:7b:43:70:47:90:53:db:12
Signer

Actual PE Digest

83:33:12:d6:73:40:58:da:f9:36:91:31:58:17:af:f2:3f:e7:11:0a:e3:31:bd:85:7b:43:70:47:90:53:db:12

Digest Algorithm

sha256

PE Digest Matches

true

b1:cd:ff:77:4a:7c:de:e6:76:24:73:fd:3c:9a:c6:c7:05:79:d7:d3
Signer

Actual PE Digest

b1:cd:ff:77:4a:7c:de:e6:76:24:73:fd:3c:9a:c6:c7:05:79:d7:d3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
z.exe
.exe windows:4 windows x86 arch:x86

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

4b:b7:84:d6:57:96:16:65:19:fc:3d:9d:4a:6d:aa:55
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

20/01/2016, 00:00

Not After

19/01/2018, 23:59

Subject

CN=Goversoft,O=Goversoft,POSTALCODE=19958,STREET=16192 Coastal Hwy,L=Lewes,ST=Delaware,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

93:3e:2b:6e:8c:63:67:2d:cc:d9:d9:c9:05:10:3d:02:d6:4e:51:10
Signer

Actual PE Digest

93:3e:2b:6e:8c:63:67:2d:cc:d9:d9:c9:05:10:3d:02:d6:4e:51:10

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 963KB - Virtual size: 962KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 5KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 36B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 507KB - Virtual size: 507KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
проверка.bat

Sharing

General

Malware Config

Signatures

Files

d0faef4f30a486dd1300a7acd0c85b75

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8Certificate

Extended Key Usages

Key Usages

bd:1b:1e:45:0b:bd:d5:df:88:67:8e:7d:da:22:3d:17Certificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

2c:74:00:47:85:71:32:fd:9e:ae:4c:83:8f:76:fa:2e:82:8b:31:16:a5:3d:04:66:db:d1:63:42:11:69:aa:c0Signer

8e:c6:6f:fc:4a:a1:e5:fe:44:cc:2e:f8:cf:c3:7a:51:fe:7e:cd:4fSigner

Headers

File Characteristics

PDB Paths

Imports

msvcrt

comctl32

version

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 47KB - Virtual size: 46KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 1KB - Virtual size: 6KB

.rsrc Size: 20KB - Virtual size: 20KB

c9180e9bfc9792e5439f26c42955beab

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8Certificate

Extended Key Usages

Key Usages

bd:1b:1e:45:0b:bd:d5:df:88:67:8e:7d:da:22:3d:17Certificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

83:23:a8:9d:d6:b5:5a:30:7f:b9:b2:0e:af:aa:4e:46:dc:01:8b:d0:34:6b:ce:9e:83:3d:df:9f:4b:92:5f:33Signer

9a:1c:a2:4f:a4:d5:17:d9:b2:e1:e4:24:95:46:c0:5f:ae:23:26:65Signer

Headers

File Characteristics

PDB Paths

Imports

msvcrt

comctl32

version

kernel32

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

bd:1b:1e:45:0b:bd:d5:df:88:67:8e:7d:da:22:3d:17
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

2c:74:00:47:85:71:32:fd:9e:ae:4c:83:8f:76:fa:2e:82:8b:31:16:a5:3d:04:66:db:d1:63:42:11:69:aa:c0
Signer

8e:c6:6f:fc:4a:a1:e5:fe:44:cc:2e:f8:cf:c3:7a:51:fe:7e:cd:4f
Signer

.text
Size: 47KB - Virtual size: 46KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 1KB - Virtual size: 6KB

.rsrc
Size: 20KB - Virtual size: 20KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

bd:1b:1e:45:0b:bd:d5:df:88:67:8e:7d:da:22:3d:17
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

83:23:a8:9d:d6:b5:5a:30:7f:b9:b2:0e:af:aa:4e:46:dc:01:8b:d0:34:6b:ce:9e:83:3d:df:9f:4b:92:5f:33
Signer

9a:1c:a2:4f:a4:d5:17:d9:b2:e1:e4:24:95:46:c0:5f:ae:23:26:65
Signer

.text
Size: 66KB - Virtual size: 66KB

.rdata
Size: 22KB - Virtual size: 22KB

.data
Size: 3KB - Virtual size: 62KB

.rsrc
Size: 21KB - Virtual size: 21KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

bd:1b:1e:45:0b:bd:d5:df:88:67:8e:7d:da:22:3d:17
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

18:30:04:81:57:f7:64:ab:79:f0:db:42:ad:23:c7:4b:fb:ec:e8:e2:f1:d4:07:77:ad:ce:ab:fd:52:a5:53:73
Signer

8a:ba:65:93:92:48:ce:e9:49:47:12:09:31:f9:0c:8d:8b:1f:27:f9
Signer

UPX0
Size: - Virtual size: 48KB

UPX1
Size: 29KB - Virtual size: 32KB

.rsrc
Size: 4KB - Virtual size: 8KB

.text
Size: 39KB - Virtual size: 39KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 1024B - Virtual size: 5KB

.rsrc
Size: 11KB - Virtual size: 10KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

bd:1b:1e:45:0b:bd:d5:df:88:67:8e:7d:da:22:3d:17
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate