c84150b270275d35aa37d28b88df56d7_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

c84150b270275d35aa37d28b88df56d7_JaffaCakes118
Size

526KB
MD5

c84150b270275d35aa37d28b88df56d7
SHA1

20b3e3464ab2f6f0193d6b827339322849730117
SHA256

3e273b7c14cb839b3ebb12e27b881a77ba059d07e999209ded1a516a00290dae
SHA512

38d7342f3a035fb4acfaaddaed0e56d55c50125cc09b563b9c791ee60f07ee999c700ba7ad60dfd2898f6610195e6683e62a6e2ac4f4ae882da5fb096e0e3e23
SSDEEP

6144:syeeGoYo5M7R87ct8s6RV4s8U2p3OAKOW3Bn9Mn5saD+M3WAORoCc0Ucs9nK6gsV:syeJoY/87cthjlLa3M3WpRyfntvt4w

Score

1^/10

Malware Config

Signatures

Files

c84150b270275d35aa37d28b88df56d7_JaffaCakes118
.dll windows:6 windows x86 arch:x86

eff82cb56d81ce3717b06feb393cdd70

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

2c:63:9a:e7:a9:4e:2f:34:ff:39:2d:6c:4b:e2:24:12
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

10-06-2019 00:00

Not After

09-06-2021 23:59

Subject

CN=LULU Software,O=LULU Software,L=Saint-Laurent,ST=Quebec,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2c:63:9a:e7:a9:4e:2f:34:ff:39:2d:6c:4b:e2:24:12
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

10-06-2019 00:00

Not After

09-06-2021 23:59

Subject

CN=LULU Software,O=LULU Software,L=Saint-Laurent,ST=Quebec,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

dd:84:9f:94:63:81:e0:90:d2:55:c4:93:d0:15:b6:c8:b5:4f:6c:3e:01:e9:92:10:9d:f3:81:e2:46:5a:10:e1
Signer

Actual PE Digest

dd:84:9f:94:63:81:e0:90:d2:55:c4:93:d0:15:b6:c8:b5:4f:6c:3e:01:e9:92:10:9d:f3:81:e2:46:5a:10:e1

Digest Algorithm

sha256

PE Digest Matches

true

00:08:42:16:52:03:7d:ed:e3:88:9f:70:c8:66:20:f2:e0:67:11:79
Signer

Actual PE Digest

00:08:42:16:52:03:7d:ed:e3:88:9f:70:c8:66:20:f2:e0:67:11:79

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\TemporaryBuilds\main_app_builder_1\19\s\App\_bin\soda\Win32\Release\win-specific-services.pdb

Imports

msi

ord173
ord41
ord111
ord70
ord45
ord205

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

encoding-conversion

_SLConvertACPToUnicode@16

winhttp

WinHttpCloseHandle
WinHttpSetTimeouts
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpOpen

user32

IsClipboardFormatAvailable
UnregisterClassW
OpenClipboard
CloseClipboard
LoadCursorW
SetWindowLongW
GetWindowLongW
DestroyWindow
IsWindow
CreateWindowExW
SetClipboardData
GetClipboardData
RegisterClipboardFormatA
EnableWindow
GetMessageW
TranslateMessage
DispatchMessageW
PostMessageW
DefWindowProcW
CallWindowProcW
RegisterClassExW
GetClassInfoExW
EmptyClipboard

crypt32

CertGetNameStringW

wintrust

WTHelperGetProvSignerFromChain
WTHelperGetProvCertFromChain
WTHelperProvDataFromStateData
WinVerifyTrust

netapi32

NetApiBufferFree
NetWkstaUserGetInfo

kernel32

GetSystemTimeAsFileTime
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitializeSListHead
CreateEventW
Sleep
CloseHandle
CreateEventA
SetEvent
GetCurrentThreadId
WaitForSingleObjectEx
GetModuleHandleW
GetProcAddress
LocalAlloc
LocalFree
RaiseException
GetLastError
InitializeCriticalSectionEx
DeleteCriticalSection
DecodePointer
GetCurrentProcess
GetSystemTime
SystemTimeToFileTime
GetProcessHeap
HeapFree
ReleaseSemaphore
DuplicateHandle
ResetEvent
HeapAlloc
GlobalAlloc
GlobalSize
GlobalLock
GlobalUnlock
QueryPerformanceCounter
QueryPerformanceFrequency
SetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GlobalFree
GetShortPathNameW
FreeLibrary
LoadLibraryW
WideCharToMultiByte
GetModuleFileNameW
CreateFileW
FormatMessageA
TlsFree
GetFileAttributesW
DeviceIoControl
AreFileApisANSI
MultiByteToWideChar
OutputDebugStringW
EncodePointer
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
VirtualAlloc
VirtualFree
LoadLibraryExA
TlsSetValue
TlsGetValue
TlsAlloc
ResumeThread
GetCurrentProcessId
SetWaitableTimer
OpenEventA
WaitForMultipleObjectsEx
FormatMessageW
CreateSemaphoreA
InitializeCriticalSectionAndSpinCount
CreateWaitableTimerA
GetModuleHandleA

advapi32

GetSecurityInfo
LookupAccountSidW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
SetEntriesInAclW
SetNamedSecurityInfoW
GetSecurityDescriptorDacl
GetNamedSecurityInfoW
ConvertStringSidToSidW
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW
ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken

shell32

ShellExecuteW
SHGetDesktopFolder
SHChangeNotify

ole32

CoTaskMemFree
CoUninitialize
OleRun
CoInitializeEx
CoCreateInstance

oleaut32

SysStringLen
SysFreeString
GetErrorInfo
SysAllocString

atom

_GetSingletonStaticData@12
_CreateSingletonStaticData@16
_SLGetAtomFromString@8
_IsSingletonStaticDataStorageAvailable@0
_CalculateSequenceHash@12
_SLGetStringFromAtom@8

msvcp140

??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z
?_Locimp_Addfac@_Locimp@locale@std@@CAXPAV123@PAVfacet@23@I@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QAE@I@Z
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MAE@XZ
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
_Mtx_lock
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@I@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?toupper@?$ctype@_W@std@@QBE_W_W@Z
?id@?$numpunct@_W@std@@2V0locale@2@A
?_Incref@facet@locale@std@@UAEXXZ
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?classic@locale@std@@SAABV12@XZ
??1facet@locale@std@@MAE@XZ
??0facet@locale@std@@IAE@I@Z
?c_str@?$_Yarn@D@std@@QBEPBDXZ
?_Gettrue@_Locinfo@std@@QBEPBDXZ
?_Getfalse@_Locinfo@std@@QBEPBDXZ
?_Getlconv@_Locinfo@std@@QBEPBUlconv@@XZ
??1_Locinfo@std@@QAE@XZ
?_Xlength_error@std@@YAXPBD@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?clear@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?flags@ios_base@std@@QBEHXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?width@ios_base@std@@QAE_J_J@Z
?width@ios_base@std@@QBE_JXZ
?_Xout_of_range@std@@YAXPBD@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??Bid@locale@std@@QAEIXZ
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?is@?$ctype@_W@std@@QBE_NF_W@Z
?id@?$ctype@_W@std@@2V0locale@2@A
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?good@ios_base@std@@QBE_NXZ
?uncaught_exception@std@@YA_NXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?pptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
?gptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
?widen@?$ctype@_W@std@@QBE_WD@Z
?exceptions@ios_base@std@@QAEXH@Z
?imbue@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAE?AVlocale@2@ABV32@@Z
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBE_WD@Z
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?narrow@?$ctype@_W@std@@QBED_WD@Z
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
?_Throw_C_error@std@@YAXH@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PB_W1AAPB_WPAD3AAPAD@Z
_Mtx_unlock
_Cnd_wait
_Cnd_broadcast
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Cnd_init_in_situ
_Cnd_destroy_in_situ
?_Xbad_function_call@std@@YAXXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z
?tolower@?$ctype@_W@std@@QBE_W_W@Z
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
?_BADOFF@std@@3_JB
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
_Mbrtowc
?_Xbad_alloc@std@@YAXXZ
?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@J@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
_Thrd_start
_Thrd_join
_Thrd_id
_Mtx_init
_Mtx_destroy
_Cnd_init
_Cnd_destroy
_Cnd_signal
_Cnd_do_broadcast_at_thread_exit
?_Throw_Cpp_error@std@@YAXH@Z
??0_Locinfo@std@@QAE@PBD@Z

vcruntime140

memset
memmove
memcpy
__std_type_info_destroy_list
_except_handler4_common
_CxxThrowException
__std_type_info_name
__std_type_info_compare
__std_exception_copy
_purecall
__std_exception_destroy
__CxxFrameHandler3
__std_terminate

api-ms-win-crt-string-l1-1-0

strncpy
strnlen
wcscpy_s
wcsnlen

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_initterm
_execute_onexit_table
terminate
_crt_atexit
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_invalid_parameter_noinfo_noreturn
_beginthreadex
strerror
_initialize_onexit_table
abort
_cexit

api-ms-win-crt-heap-l1-1-0

calloc
malloc
_recalloc
_callnewh
free

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
__stdio_common_vswprintf_s

api-ms-win-crt-math-l1-1-0

_except1

root-service-provider

_ServiceProviderGetServiceObject@12

Exports

Exports

CreateServiceObject
ReflectServiceObjectInfo
ServiceObjectModuleInitialize
ServiceObjectModuleOnCleanup
ServiceObjectModuleOnFree
_CreateServiceObject@8
_ReflectServiceObjectInfo@8
_ServiceObjectModuleInitialize@0
_ServiceObjectModuleOnCleanup@0
_ServiceObjectModuleOnFree@0

Sections

.text
Size: 355KB - Virtual size: 355KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eff82cb56d81ce3717b06feb393cdd70

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

2c:63:9a:e7:a9:4e:2f:34:ff:39:2d:6c:4b:e2:24:12Certificate

Extended Key Usages

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

2c:63:9a:e7:a9:4e:2f:34:ff:39:2d:6c:4b:e2:24:12Certificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

dd:84:9f:94:63:81:e0:90:d2:55:c4:93:d0:15:b6:c8:b5:4f:6c:3e:01:e9:92:10:9d:f3:81:e2:46:5a:10:e1Signer

00:08:42:16:52:03:7d:ed:e3:88:9f:70:c8:66:20:f2:e0:67:11:79Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msi

version

encoding-conversion

winhttp

user32

crypt32

wintrust

netapi32

kernel32

advapi32

shell32

ole32

oleaut32

atom

msvcp140

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

root-service-provider

Exports

Exports

Sections

.text Size: 355KB - Virtual size: 355KB

.rdata Size: 115KB - Virtual size: 115KB

.data Size: 14KB - Virtual size: 15KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 26KB - Virtual size: 25KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

2c:63:9a:e7:a9:4e:2f:34:ff:39:2d:6c:4b:e2:24:12
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

2c:63:9a:e7:a9:4e:2f:34:ff:39:2d:6c:4b:e2:24:12
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

dd:84:9f:94:63:81:e0:90:d2:55:c4:93:d0:15:b6:c8:b5:4f:6c:3e:01:e9:92:10:9d:f3:81:e2:46:5a:10:e1
Signer

00:08:42:16:52:03:7d:ed:e3:88:9f:70:c8:66:20:f2:e0:67:11:79
Signer

.text
Size: 355KB - Virtual size: 355KB

.rdata
Size: 115KB - Virtual size: 115KB

.data
Size: 14KB - Virtual size: 15KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 26KB - Virtual size: 25KB