c96f98e8ac01dd812b9d23c8d62e77ba_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

c96f98e8ac01dd812b9d23c8d62e77ba_JaffaCakes118
Size

3.2MB
MD5

c96f98e8ac01dd812b9d23c8d62e77ba
SHA1

b3302a428eb59a8aeaa61f0e415ac246a3a6918c
SHA256

df2de4422d293d51de0184f28eb89ea5d39ba9cafb3c94d37b9efc21ec458945
SHA512

de82b19a9d165f345678faafbf007c1b9418553fe949cffc74e16533f16329c065b98ffee64a427aabf3490487bffc43ae9fb007bff7dd3913d9782f7f0ac094
SSDEEP

49152:pMn3Q6VErTpmSeLDFDDLqDWDeWWymuaHbYJBurCccBD5dZEqYkd+OVijVD0UXwy:KguEHsLRGDUeHyUHbQA2c0FdmIEjJZXJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/NXPowerLite/Office2007.cjstyles

Files

c96f98e8ac01dd812b9d23c8d62e77ba_JaffaCakes118
.rar
NXPowerLite/NXPLiteOutlookExpress.dll
.dll regsvr32 windows:4 windows x86 arch:x86

2503ef0e96068b55df4d631838f517b8

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6e:57:70:08:8b:7a:27:94:31:78:e8:4d:b3:a8:17:d9
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

23/09/2008, 00:00

Not After

24/09/2009, 23:59

Subject

CN=Neuxpower Solutions Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Software,O=Neuxpower Solutions Ltd,L=London,ST=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:e2:ba:23:3a:1d:95:6f:66:b5:9b:0b:31:f7:00:e7:f0:1b:13:51
Signer

Actual PE Digest

61:e2:ba:23:3a:1d:95:6f:66:b5:9b:0b:31:f7:00:e7:f0:1b:13:51

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\nxpowerlite_source\code\outlookexpressaddin\release\NXPLiteOutlookExpress.pdb

Imports

kernel32

SetThreadLocale
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
FreeLibrary
InterlockedIncrement
InterlockedDecrement
GetLastError
DeleteCriticalSection
InitializeCriticalSection
RaiseException
WriteFile
WaitForSingleObject
CloseHandle
FindClose
LoadResource
LockResource
InterlockedCompareExchange
SetEnvironmentVariableA
GetThreadLocale
WriteConsoleA
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetLocaleInfoA
GetStringTypeA
GetConsoleMode
GetConsoleCP
SetCurrentDirectoryA
LCMapStringA
GetOEMCP
GetACP
GetTimeZoneInformation
GetSystemTimeAsFileTime
QueryPerformanceCounter
SetLastError
MulDiv
LocalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalFree
GetModuleHandleA
FileTimeToSystemTime
FileTimeToLocalFileTime
VirtualProtect
InterlockedExchange
CompareStringA
EnumResourceLanguagesW
GetVersion
ConvertDefaultLocale
GetCurrentThread
GlobalDeleteAtom
FormatMessageA
GetSystemTime
MoveFileA
CreateDirectoryA
SetFileAttributesA
FileTimeToDosDateTime
GetFileAttributesA
GetLocalTime
DosDateTimeToFileTime
GetCurrentProcessId
LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
SetErrorMode
GlobalFlags
SystemTimeToFileTime
GetVersionExA
LoadLibraryA
FreeResource
ReadFile
SetFilePointer
FlushFileBuffers
GetSystemDirectoryA
GetWindowsDirectoryA
GetModuleFileNameA
GetFileTime
LocalFileTimeToFileTime
GetCurrentProcess
GetFileSize
SetEndOfFile
GetConsoleOutputCP
GetEnvironmentStrings
FreeEnvironmentStringsA
SizeofResource
GetStartupInfoA
GetFileType
SetHandleCount
HeapCreate
HeapDestroy
VirtualAlloc
VirtualFree
Sleep
DeleteFileA
HeapSize
ExitProcess
GetProcessHeap
GetCommandLineA
HeapReAlloc
HeapFree
HeapAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
IsDBCSLeadByteEx
CreateFileA
GetFullPathNameA
GetStdHandle
GetCurrentDirectoryA
GetTickCount
GetTempFileNameA
GetTempPathA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegEnumKeyExA
RegSetValueExA
RegCreateKeyExA
GetUserNameA
RegCloseKey

user32

GetClientRect
CopyRect
GetDlgItem
IsWindow
GetSysColor
EndPaint
BeginPaint
ClientToScreen
ScreenToClient
GetMenuState
GetParent
IsWindowEnabled
GetMenuItemID
DestroyMenu
GetMenuItemCount
GetNextDlgTabItem
EndDialog
SendDlgItemMessageA
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
UpdateWindow
UnregisterClassA
WindowFromPoint
GetMenu
AdjustWindowRectEx
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetDesktopWindow
PtInRect
GetDlgCtrlID
GetWindow
GetSystemMetrics
GetSysColorBrush
UnhookWindowsHookEx
GetLastActivePopup
SetCursor
CallNextHookEx
TranslateMessage
IsWindowVisible
GetKeyState
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetWindowRect
SetFocus
GetFocus
GetAsyncKeyState
ShowWindow
SetWindowPos
MapDialogRect
SetActiveWindow
GetActiveWindow
GetCapture
PostQuitMessage
CheckMenuItem
EnableMenuItem
GetSubMenu
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
ReleaseDC
GetDC

gdi32

GetStockObject
CreateBitmap
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
RectVisible
PtVisible
DeleteObject
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
GetDeviceCaps

winspool.drv

ClosePrinter

shlwapi

PathRemoveFileSpecW
PathFindExtensionW
PathFindFileNameW

ole32

CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
StringFromGUID2
PropVariantClear
StgOpenStorage
CoTaskMemAlloc

oleaut32

VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
SysFreeString
VarBstrCat
SysAllocStringLen
SysAllocString
SysAllocStringByteLen
SysStringByteLen
OleCreatePictureIndirect
VarUI4FromStr
VariantInit
VariantClear
DispCallFunc
LoadRegTypeLi
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VariantChangeType
GetErrorInfo

ws2_32

closesocket

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 892KB - Virtual size: 890KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 268KB - Virtual size: 297KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NXPowerLite/NXPLiteShell.dll
.dll regsvr32 windows:4 windows x86 arch:x86

00a420bdea0174b785b7cf9d843cf776

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6e:57:70:08:8b:7a:27:94:31:78:e8:4d:b3:a8:17:d9
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

23/09/2008, 00:00

Not After

24/09/2009, 23:59

Subject

CN=Neuxpower Solutions Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Software,O=Neuxpower Solutions Ltd,L=London,ST=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

99:31:07:3a:6b:f2:6d:c3:32:cc:21:1b:11:ff:c2:c2:91:4c:98:b1
Signer

Actual PE Digest

99:31:07:3a:6b:f2:6d:c3:32:cc:21:1b:11:ff:c2:c2:91:4c:98:b1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\nxpowerlite_source\code\shellext\release\NXPLiteShell.pdb

Imports

kernel32

LockResource
LoadResource
GetLastError
InterlockedIncrement
InterlockedDecrement
LoadLibraryA
GetModuleFileNameA
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
CloseHandle
WriteFile
SizeofResource
GlobalLock
SetThreadLocale
GetThreadLocale
CompareStringA
GetModuleHandleA
GetWindowsDirectoryA
GetSystemDirectoryA
InterlockedExchange
SetLastError
DeleteCriticalSection
InitializeCriticalSection
GlobalUnlock
RaiseException
LCMapStringA
GetStringTypeA
GetOEMCP
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
Sleep
GetACP
GetLocaleInfoA
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
GetCurrentThreadId
GetCommandLineA
VirtualFree
VirtualAlloc
HeapCreate
ExitProcess
GetStdHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree

advapi32

RegCloseKey

user32

SetMenuItemBitmaps
UnregisterClassA

gdi32

DeleteObject

ole32

StringFromCLSID
CoTaskMemFree
ReleaseStgMedium
StringFromGUID2
CoCreateInstance

oleaut32

RegisterTypeLi
UnRegisterTypeLi
VarUI4FromStr
LoadRegTypeLi
VariantInit
SysStringByteLen
SysAllocStringByteLen
SysAllocString
SysAllocStringLen
VarBstrCat
SysFreeString
SysStringLen
LoadTypeLi

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NXPowerLite/NXPowerLite.exe
.exe windows:4 windows x86 arch:x86

2a6c8c13c70222ff3e63375adeb0c370

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6e:57:70:08:8b:7a:27:94:31:78:e8:4d:b3:a8:17:d9
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

23/09/2008, 00:00

Not After

24/09/2009, 23:59

Subject

CN=Neuxpower Solutions Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Software,O=Neuxpower Solutions Ltd,L=London,ST=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

22:fe:79:21:59:47:14:7f:c5:db:c7:d6:56:83:f9:f2:3d:b1:8d:77
Signer

Actual PE Digest

22:fe:79:21:59:47:14:7f:c5:db:c7:d6:56:83:f9:f2:3d:b1:8d:77

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\nxpowerlite_source\code\gui\unicode release\NXPowerLite.pdb

Imports

ws2_32

closesocket

advapi32

RegEnumKeyExA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
GetUserNameA
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW

oleaut32

VariantCopy
VariantClear
SysStringByteLen
SysAllocStringByteLen
SysFreeString
SysStringLen
SysAllocStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantInit
OleLoadPicturePath
VariantChangeTypeEx
VarUdateFromDate
LoadTypeLi
OleCreateFontIndirect
VarBstrFromDate
SysAllocString
VarDateFromStr
SafeArrayDestroy
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
VariantChangeType

ole32

StgCreateDocfile
StgOpenStorage
PropVariantClear
CoTaskMemFree
OleRun
CoCreateInstance
CoUninitialize
CoInitialize
CoDisconnectObject
CLSIDFromProgID
CLSIDFromString
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CoTaskMemAlloc

kernel32

RaiseException
GetDateFormatA
ExitProcess
ExitThread
SetStdHandle
GetFileType
HeapSize
GetSystemInfo
VirtualQuery
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetStartupInfoA
HeapDestroy
HeapCreate
QueryPerformanceCounter
GetCPInfo
IsValidCodePage
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetDriveTypeA
SetEnvironmentVariableA
GetExitCodeThread
TerminateThread
GetTimeFormatA
RtlUnwind
GetSystemTimeAsFileTime
HeapReAlloc
VirtualAlloc
VirtualFree
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
GetProcessHeap
HeapAlloc
HeapFree
FindResourceExW
LocalFileTimeToFileTime
SetErrorMode
GlobalGetAtomNameW
GlobalFlags
VirtualProtect
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetVolumeInformationW
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetThreadLocale
InterlockedIncrement
CreateEventW
SuspendThread
ResumeThread
SetThreadPriority
InterlockedDecrement
GlobalAlloc
GetCurrentProcessId
GlobalFree
GlobalLock
GlobalUnlock
GetModuleHandleA
FreeResource
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
lstrcmpW
GlobalHandle
GetTempFileNameA
FormatMessageW
UnmapViewOfFile
GetLocalTime
CreateFileMappingW
MapViewOfFile
GetFileInformationByHandle
SystemTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrlenA
GetTempFileNameW
CreateThread
LoadLibraryA
GetTimeZoneInformation
GetSystemTime
GetVersionExA
CreateFileA
Sleep
GetTickCount
WriteFile
SetFilePointer
SetFileAttributesA
SetFileAttributesW
SetCurrentDirectoryA
SetCurrentDirectoryW
CreateDirectoryA
IsDBCSLeadByteEx
CreateDirectoryW
DeleteFileA
MoveFileA
MoveFileW
GetModuleFileNameW
GetModuleFileNameA
GetTempPathA
GetTempPathW
GetCurrentDirectoryA
GetFullPathNameA
GetFullPathNameW
GetFileSize
ReadFile
FormatMessageA
LocalFree
GetOEMCP
GetACP
GetFileAttributesW
WaitForSingleObject
CopyFileW
GetCurrentDirectoryW
SetFileTime
GetFileTime
ResetEvent
SetEvent
GetModuleHandleW
SetLastError
ReleaseMutex
CreateMutexW
SetThreadLocale
GetVersion
MulDiv
WideCharToMultiByte
GetProcAddress
LoadLibraryW
GetVersionExW
MultiByteToWideChar
lstrlenW
DeleteFileW
CloseHandle
CreateFileW
GetCurrentProcess
GetLastError
GetCurrentThreadId
GetCommandLineW
FindClose
FindNextFileW
FindFirstFileW
FindResourceW
LoadResource
LockResource
SizeofResource
FreeLibrary
GetPrivateProfileSectionNamesW
EnumResourceNamesW
EnumResourceTypesW
LoadLibraryExA
LoadLibraryExW
OpenProcess
LocalSize
lstrcpynW
InterlockedCompareExchange
FileTimeToDosDateTime
GetFileAttributesA
DosDateTimeToFileTime
GetDriveTypeW

user32

SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageW
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
FillRect
MapWindowPoints
TrackPopupMenuEx
TrackPopupMenu
GetKeyState
SetScrollPos
GetScrollPos
GetMenu
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
ClientToScreen
GetWindowDC
BeginPaint
EndPaint
EndDialog
GetNextDlgTabItem
CreateDialogIndirectParamW
GetMenuItemID
GetMenuItemCount
IsDialogMessageW
SetWindowTextW
PeekMessageW
MoveWindow
MessageBoxW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
GetActiveWindow
CheckMenuItem
GetMenuState
ModifyMenuW
AdjustWindowRectEx
ScreenToClient
GetScrollInfo
SetScrollInfo
GetMenuCheckMarkDimensions
PtInRect
SetWindowPlacement
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetWindowLongW
SetWindowLongW
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindow
GetDesktopWindow
LoadBitmapW
IsWindowVisible
EnableMenuItem
DeleteMenu
KillTimer
DrawFocusRect
InflateRect
MessageBeep
DeferWindowPos
ShowScrollBar
EndDeferWindowPos
BeginDeferWindowPos
RedrawWindow
EqualRect
EnumThreadWindows
GetWindowThreadProcessId
SetRectEmpty
GetSubMenu
LoadMenuW
AppendMenuW
GetSystemMenu
DrawIcon
ShowWindow
IsIconic
SetForegroundWindow
EnumWindows
SendMessageTimeoutW
SetFocus
IsWindow
IsWindowEnabled
SetWindowPos
GetSystemMetrics
GetWindowRect
LoadCursorW
SetCursor
ReleaseDC
GetDC
GetParent
GetThreadDesktop
GetUserObjectInformationW
GetFocus
LoadIconW
SetTimer
PostMessageW
GetClientRect
SendMessageW
UpdateWindow
LoadImageW
InvalidateRect
RegisterWindowMessageW
SetMenuItemBitmaps
InsertMenuW
GetMenuStringW
ValidateRect
GetCursorPos
TranslateMessage
GetMessageW
GetKeyNameTextW
MapVirtualKeyW
CharUpperW
MapDialogRect
SetWindowContextHelpId
GetNextDlgGroupItem
PostQuitMessage
RegisterClipboardFormatW
ShowOwnedPopups
GetMenuItemInfoW
DestroyMenu
WindowFromPoint
GetAsyncKeyState
GetSysColorBrush
UnregisterClassW
DestroyIcon
IsClipboardFormatAvailable
SetRect
CharNextW
CopyAcceleratorTableW
IsRectEmpty
InvalidateRgn
SetCapture
TranslateMDISysAccel
UnregisterClassA
GetTabbedTextExtentA
SetMenuDefaultItem
GetDoubleClickTime
DrawMenuBar
DrawEdge
RegisterClassA
DefMDIChildProcW
DefMDIChildProcA
DefDlgProcW
DefDlgProcA
DefFrameProcW
DefFrameProcA
DefWindowProcA
CallWindowProcA
EnableScrollBar
IsWindowUnicode
GetWindowLongA
SetWindowLongA
SetClassLongW
SetCursorPos
DrawFrameControl
LookupIconIdFromDirectoryEx
EnableWindow
SystemParametersInfoW
ReleaseCapture
PostThreadMessageW
TranslateAcceleratorW
SetMenu
BringWindowToTop
CreatePopupMenu
InsertMenuItemW
LoadAcceleratorsW
ReuseDDElParam
UnpackDDElParam
SetParent
UnionRect
CreateIconIndirect
CopyRect
GetDCEx
CreateIconFromResourceEx
SendDlgItemMessageW
LockWindowUpdate
wsprintfW
ToUnicodeEx
GetKeyboardState
GetKeyboardLayoutList
IsCharLowerW
MapVirtualKeyExW
GetKeyboardLayout
WaitMessage
DrawStateW
GetIconInfo
GetCursor
SetWindowRgn
GetWindowRgn
IsMenu
ShowCaret
HideCaret
GetMenuDefaultItem
InvertRect
CopyIcon
DrawIconEx

gdi32

ScaleWindowExtEx
GetCurrentPositionEx
PolyBezierTo
ExtSelectClipRgn
DeleteDC
CreatePatternBrush
CreateBitmap
SelectPalette
GetObjectType
CreatePen
GetObjectW
CreateSolidBrush
CreateRectRgnIndirect
PatBlt
GetTextExtentPoint32W
GetTextMetricsW
SetRectRgn
CombineRgn
GetMapMode
DPtoLP
SetWindowExtEx
GetBkColor
GetTextColor
GetRgnBox
EnumFontFamiliesExW
CreateDIBitmap
CreateFontW
StretchDIBits
RoundRect
CreatePolygonRgn
GetWindowOrgEx
Polyline
GetViewportOrgEx
GetTextCharsetInfo
OffsetRgn
GetCurrentObject
GetDIBits
CreateDIBSection
Ellipse
StretchBlt
SetPixel
Polygon
PtInRegion
ExtCreateRegion
GetBitmapBits
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetPixel
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
GetClipRgn
SelectClipRgn
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
SetMapMode
SetStretchBltMode
SetBrushOrgEx
GetCharWidthW
CreatePalette
SelectObject
GetTextAlign
GetTextExtentPoint32A
StrokePath
FillPath
StrokeAndFillPath
EndPath
CloseFigure
BeginPath
CreateCompatibleDC
DeleteObject
SetBkMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
CreateCompatibleBitmap
GetStockObject
BitBlt
CreateFontIndirectW
Rectangle

msimg32

AlphaBlend

comdlg32

GetFileTitleW
CommDlgExtendedError

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

shell32

SHFileOperationW
SHGetFileInfoW
DragAcceptFiles
DragFinish
DragQueryFileW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetMalloc
ShellExecuteW
SHGetSpecialFolderLocation

comctl32

ImageList_DrawIndirect
ImageList_GetBkColor
FlatSB_GetScrollProp
ImageList_Destroy
ImageList_DrawEx
ImageList_GetIconSize
ImageList_GetImageCount
_TrackMouseEvent
InitCommonControlsEx
ImageList_GetImageInfo

shlwapi

PathIsUNCW
PathStripToRootW
PathFindExtensionW
PathStripPathW
PathCompactPathW
PathFindFileNameW

oledlg

OleUIAddVerbMenuW
OleUIBusyW

imagehlp

ImageDirectoryEntryToData

winmm

PlaySoundW
waveOutGetNumDevs

Sections

.text
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 296KB - Virtual size: 335KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 740KB - Virtual size: 738KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
NXPowerLite/Office2007.cjstyles
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 275KB - Virtual size: 275KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NXPowerLite/loadnxploeaddin.exe
.exe windows:4 windows x86 arch:x86

a1102b86b1a29402eab5c97a0025ecd4

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6e:57:70:08:8b:7a:27:94:31:78:e8:4d:b3:a8:17:d9
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

23/09/2008, 00:00

Not After

24/09/2009, 23:59

Subject

CN=Neuxpower Solutions Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Software,O=Neuxpower Solutions Ltd,L=London,ST=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

45:c6:25:82:75:18:6d:b1:a5:42:2d:5b:88:ad:1e:75:ee:60:c7:f0
Signer

Actual PE Digest

45:c6:25:82:75:18:6d:b1:a5:42:2d:5b:88:ad:1e:75:ee:60:c7:f0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
GetVersionExA
WideCharToMultiByte
GetCurrentThreadId
GetLastError
FlushFileBuffers
CloseHandle
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetProcAddress
FreeLibrary
LoadLibraryA
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
MultiByteToWideChar
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
HeapAlloc
GetProcessHeap
GetStartupInfoA
LCMapStringA
LCMapStringW
GetCPInfo
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapSize
ExitProcess
WriteFile
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
SetFilePointer
GetConsoleCP
GetConsoleMode

user32

GetMessageA
DispatchMessageA
TranslateMessage

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
NXPowerLite/oeapiinitcom.dll
.dll regsvr32 windows:4 windows x86 arch:x86

273f8b233881bf03ce79a1d8babd49a6

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6e:57:70:08:8b:7a:27:94:31:78:e8:4d:b3:a8:17:d9
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

23/09/2008, 00:00

Not After

24/09/2009, 23:59

Subject

CN=Neuxpower Solutions Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Software,O=Neuxpower Solutions Ltd,L=London,ST=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

99:b0:5a:21:fd:5a:c9:17:7e:90:41:67:66:4a:bd:31:e0:4a:e0:41
Signer

Actual PE Digest

99:b0:5a:21:fd:5a:c9:17:7e:90:41:67:66:4a:bd:31:e0:4a:e0:41

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentThreadId
InitializeCriticalSection
DeleteCriticalSection
CloseHandle
WaitForSingleObject
CreateEventA
EnterCriticalSection
LeaveCriticalSection
CreateMutexA
ReleaseMutex
MultiByteToWideChar
SetEvent
ResetEvent
InterlockedIncrement
InterlockedDecrement
LocalFree
FormatMessageA
OutputDebugStringA
CreateThread
TerminateThread
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
WideCharToMultiByte
GetVersionExA
GetModuleFileNameA
GetLastError
LoadLibraryA
GetProcAddress
DisableThreadLibraryCalls
FreeLibrary
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
InterlockedExchange
Sleep
HeapFree
RtlUnwind
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
HeapAlloc
GetProcessHeap
LCMapStringA
LCMapStringW
GetCPInfo
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapSize
ExitProcess
WriteFile
GetStdHandle
SetHandleCount
GetFileType

user32

GetWindowLongA
GetClassNameA
GetWindowThreadProcessId
RegisterWindowMessageA
DestroyWindow
SetWindowLongA
IsWindow
RegisterClassExA
CreateWindowExA
DefWindowProcA
PostMessageA
GetDesktopWindow
EnumChildWindows

gdi32

GetStockObject

advapi32

RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegDeleteKeyA

ole32

CoTaskMemFree
StringFromCLSID

oleaut32

SysAllocStringLen
SetErrorInfo
CreateErrorInfo
LoadRegTypeLi
SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
SysStringLen
SysFreeString

rpcrt4

UuidCreateNil

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SharedDa
Size: 4KB - Virtual size: 612B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NXPowerLite/oecom.dll
.dll regsvr32 windows:4 windows x86 arch:x86

f38c2927f8efadcca72a9bc5b8335614

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6e:57:70:08:8b:7a:27:94:31:78:e8:4d:b3:a8:17:d9
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

23/09/2008, 00:00

Not After

24/09/2009, 23:59

Subject

CN=Neuxpower Solutions Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Software,O=Neuxpower Solutions Ltd,L=London,ST=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

d7:30:4d:32:30:d6:0a:47:94:8e:f3:94:a3:b5:da:76:53:e2:c4:6c
Signer

Actual PE Digest

d7:30:4d:32:30:d6:0a:47:94:8e:f3:94:a3:b5:da:76:53:e2:c4:6c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TryEnterCriticalSection
GlobalUnlock
GlobalLock
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
GetVersionExA
GetStartupInfoA
GetFileType
SetHandleCount
SetEvent
HeapSize
GetStdHandle
WriteFile
IsValidCodePage
GetOEMCP
GetACP
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetCPInfo
LCMapStringW
LCMapStringA
GetProcessHeap
HeapAlloc
GetCommandLineA
RaiseException
IsDebuggerPresent
SetUnhandledExceptionFilter
MulDiv
VirtualProtect
GetModuleFileNameA
OutputDebugStringA
ExpandEnvironmentStringsA
GetCurrentThreadId
FormatMessageA
LocalFree
InterlockedDecrement
InterlockedIncrement
GetLastError
CreateThread
GetCurrentProcessId
CreateEventA
FreeEnvironmentStringsA
ResetEvent
WaitForSingleObject
InitializeCriticalSection
GetExitCodeThread
WideCharToMultiByte
CloseHandle
FreeLibrary
LoadLibraryA
GetProcAddress
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RtlUnwind
HeapFree
InterlockedExchange
MultiByteToWideChar
Sleep
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ExitProcess

user32

GetMessageA
PeekMessageA
PostMessageA
SetPropA
SendMessageA
PostThreadMessageA
CallWindowProcA
GetPropA
IsWindow
GetDlgItem
DispatchMessageA
GetWindow
SendMessageTimeoutA
GetParent
EnumChildWindows
GetWindowThreadProcessId
UnhookWindowsHookEx
SetWindowsHookExA
GetClassNameA
IsChild
CallNextHookEx
KillTimer
SetTimer
IsWindowVisible
ModifyMenuA
SetMenuItemInfoA
GetMenuItemCount
GetMenuItemInfoA
DeleteMenu
IntersectRect
EqualRect
SendMessageW
CreatePopupMenu
ClientToScreen
TrackPopupMenu
DestroyMenu
InsertMenuItemA
GetSystemMetrics
UpdateWindow
GetForegroundWindow
SetForegroundWindow
keybd_event
FindWindowExA
LoadImageA
GetDesktopWindow
GetDC
GetSysColor
ReleaseDC
RegisterWindowMessageA
RegisterClassExA
CreateWindowExA
DefWindowProcA
RemovePropA
DestroyWindow
GetWindowLongA
SetWindowLongA
IsMenu

gdi32

CreateDIBSection
CreateSolidBrush
CreateCompatibleBitmap
MaskBlt
DeleteObject
GetObjectA
CreateBitmap
CreateCompatibleDC
SelectObject
GetPixel
SetBkColor
BitBlt
DeleteDC
GetStockObject
GetDeviceCaps

advapi32

RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegCloseKey

ole32

CLSIDFromProgID
CoRevokeClassObject
CoTaskMemAlloc
PropVariantClear
CoRegisterClassObject
CoTaskMemFree
StringFromCLSID
CoUninitialize
CoInitialize
ReleaseStgMedium
CoCreateInstance

oleaut32

SysAllocStringLen
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
GetErrorInfo
CreateErrorInfo
SetErrorInfo
LoadRegTypeLi
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreateVector
SysStringLen
SysFreeString

rpcrt4

UuidCreateNil

comctl32

ImageList_Add
ImageList_AddMasked
ImageList_Create
ImageList_Replace
ImageList_GetIconSize

Exports

Exports

DllRegisterServer
DllUnregisterServer
ExitServer
GetLibraryVersion
StartServer

Sections

.text
Size: 296KB - Virtual size: 292KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NXPowerLite/oehook.dll
.dll windows:4 windows x86 arch:x86

5b81b7a674932017c178d0af7de50e14

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6e:57:70:08:8b:7a:27:94:31:78:e8:4d:b3:a8:17:d9
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

23/09/2008, 00:00

Not After

24/09/2009, 23:59

Subject

CN=Neuxpower Solutions Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Software,O=Neuxpower Solutions Ltd,L=London,ST=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c2:1f:aa:cd:80:ad:2c:52:2d:eb:f2:d7:df:29:9c:e7:9f:93:1e:ca
Signer

Actual PE Digest

c2:1f:aa:cd:80:ad:2c:52:2d:eb:f2:d7:df:29:9c:e7:9f:93:1e:ca

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentThreadId
CloseHandle
WaitForSingleObject
CreateEventA
ResetEvent
OpenProcess
GetModuleHandleA
WideCharToMultiByte
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetVersionExA
GetModuleFileNameA
GetLastError
LoadLibraryA
GetProcAddress
GetVersion
FreeLibrary
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
MultiByteToWideChar
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
RtlUnwind
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
HeapAlloc
GetProcessHeap
LCMapStringA
LCMapStringW
GetCPInfo
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapSize
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode

user32

SetWindowsHookExA
CallNextHookEx
UnhookWindowsHookEx
GetClassNameA

advapi32

RegCreateKeyA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegDeleteValueA

Sections

.text
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SharedDa
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NXPowerLite/oestore.dll
.dll regsvr32 windows:4 windows x86 arch:x86

65b37d130b369def087c44f8d5681d02

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6e:57:70:08:8b:7a:27:94:31:78:e8:4d:b3:a8:17:d9
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

23/09/2008, 00:00

Not After

24/09/2009, 23:59

Subject

CN=Neuxpower Solutions Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Software,O=Neuxpower Solutions Ltd,L=London,ST=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

55:0a:11:fa:db:6c:ae:2a:13:ef:db:9d:25:f0:6e:b5:3a:63:18:76
Signer

Actual PE Digest

55:0a:11:fa:db:6c:ae:2a:13:ef:db:9d:25:f0:6e:b5:3a:63:18:76

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
SetEvent
ResetEvent
InterlockedIncrement
InterlockedDecrement
GetCurrentThreadId
Sleep
CreateThread
CloseHandle
WriteFile
CreateFileA
ReadFile
SetFilePointer
CreateFileW
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleFileNameA
GetVersionExA
LeaveCriticalSection
OutputDebugStringA
DisableThreadLibraryCalls
GetModuleHandleA
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
DeleteCriticalSection
EnterCriticalSection
InitializeCriticalSection
FormatMessageA
LocalFree
WideCharToMultiByte
GetLastError
MultiByteToWideChar
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
ExitProcess
InterlockedExchange
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
HeapFree
GetCommandLineA
HeapAlloc
GetProcessHeap
LCMapStringA
LCMapStringW
GetCPInfo
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetStdHandle
HeapSize

user32

GetClassNameA
PostMessageA
GetWindowLongA
DestroyWindow
CreateWindowExA
RegisterClassExA
SetWindowLongA
GetDesktopWindow
EnumChildWindows
GetWindowThreadProcessId
GetPropA
RegisterWindowMessageA
DefWindowProcA

gdi32

GetStockObject

advapi32

RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegDeleteKeyA

ole32

CoCreateInstance
PropVariantClear
CoInitialize
CoTaskMemFree
CreateStreamOnHGlobal
StringFromCLSID
CoUninitialize

oleaut32

GetErrorInfo
SysStringLen
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
SetErrorInfo
CreateErrorInfo
SafeArrayCreateVectorEx
SafeArrayLock
LoadRegTypeLi
SysAllocStringLen
SysAllocString
SafeArrayUnlock
SafeArrayDestroy
SysFreeString

rpcrt4

UuidCreateNil

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 196KB - Virtual size: 194KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NXPowerLite/新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

2503ef0e96068b55df4d631838f517b8

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

6e:57:70:08:8b:7a:27:94:31:78:e8:4d:b3:a8:17:d9Certificate

Extended Key Usages

Key Usages

61:e2:ba:23:3a:1d:95:6f:66:b5:9b:0b:31:f7:00:e7:f0:1b:13:51Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

advapi32

user32

gdi32

winspool.drv

shlwapi

ole32

oleaut32

ws2_32

Exports

Exports

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 892KB - Virtual size: 890KB

.data Size: 268KB - Virtual size: 297KB

.rsrc Size: 116KB - Virtual size: 114KB

.reloc Size: 180KB - Virtual size: 179KB

00a420bdea0174b785b7cf9d843cf776

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

6e:57:70:08:8b:7a:27:94:31:78:e8:4d:b3:a8:17:d9Certificate

Extended Key Usages

Key Usages

99:31:07:3a:6b:f2:6d:c3:32:cc:21:1b:11:ff:c2:c2:91:4c:98:b1Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

advapi32

user32

gdi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 64KB - Virtual size: 63KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 8KB - Virtual size: 8KB

.rsrc Size: 12KB - Virtual size: 9KB

.reloc Size: 12KB - Virtual size: 9KB

2a6c8c13c70222ff3e63375adeb0c370

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

6e:57:70:08:8b:7a:27:94:31:78:e8:4d:b3:a8:17:d9
Certificate

61:e2:ba:23:3a:1d:95:6f:66:b5:9b:0b:31:f7:00:e7:f0:1b:13:51
Signer

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 892KB - Virtual size: 890KB

.data
Size: 268KB - Virtual size: 297KB

.rsrc
Size: 116KB - Virtual size: 114KB

.reloc
Size: 180KB - Virtual size: 179KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

6e:57:70:08:8b:7a:27:94:31:78:e8:4d:b3:a8:17:d9
Certificate

99:31:07:3a:6b:f2:6d:c3:32:cc:21:1b:11:ff:c2:c2:91:4c:98:b1
Signer

.text
Size: 64KB - Virtual size: 63KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 12KB - Virtual size: 9KB

.reloc
Size: 12KB - Virtual size: 9KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

6e:57:70:08:8b:7a:27:94:31:78:e8:4d:b3:a8:17:d9
Certificate

22:fe:79:21:59:47:14:7f:c5:db:c7:d6:56:83:f9:f2:3d:b1:8d:77
Signer

.text
Size: 4.0MB - Virtual size: 4.0MB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 296KB - Virtual size: 335KB

.rsrc
Size: 740KB - Virtual size: 738KB

.rsrc
Size: 275KB - Virtual size: 275KB

.reloc
Size: 512B - Virtual size: 8B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

6e:57:70:08:8b:7a:27:94:31:78:e8:4d:b3:a8:17:d9
Certificate

45:c6:25:82:75:18:6d:b1:a5:42:2d:5b:88:ad:1e:75:ee:60:c7:f0
Signer

.text
Size: 44KB - Virtual size: 43KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 16KB - Virtual size: 14KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate