BreakawayPipeline_installer_4[.]66 (1)[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

BreakawayPipeline_installer_4.66 (1).exe
Size

340KB
MD5

31891b2fa8cd7ec1adc11e59b43b0406
SHA1

e98a57c3bae9e61ffcaf197cc2907b4b3d800799
SHA256

398eeb3dcdbdd6661a76c9b4092e63c2ce870441c6679564615c58a215171987
SHA512

85b073f10d6694449735e16ca0b417b3e503dcee23f27d5439775b457c4184f5a3605478345247f7e5191291bf68623b85e5957631c4a77c484ad0b8d18058a8
SSDEEP

6144:oVU1qh66/jB+SYJp8j6f2muuBl4DTlYqdhsSqJNT0XzOek93HjEj0oMb:oPB+FJp8j6l4Cqbsj+x23Dx

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsDialogs.dll

NSIS installer 4 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/BreakawayPipeline_Uninstaller.exe	nsis_installer_1
static1/unpack001/BreakawayPipeline_Uninstaller.exe	nsis_installer_2

Files

BreakawayPipeline_installer_4.66 (1).exe
.exe windows:4 windows x86 arch:x86

ee7948bab5387659eb4dcc65e050e6af

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

34:a5:e9:38:d0:53:af:4c:cd:de:51:83
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

20/03/2020, 15:57

Not After

21/03/2023, 15:57

Subject

SERIALNUMBER=200728510164,CN=Claesson Edwards Audio LLC,O=Claesson Edwards Audio LLC,STREET=5136 Prewett Ranch Dr,L=Antioch,ST=California,C=US,1.3.6.1.4.1.311.60.2.1.2=#130a43616c69666f726e6961,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

a0:45:60:52:b6:5c:e9:60:81:ec:20:c0:88:70:64:68:9e:e9:44:85
Signer

Actual PE Digest

a0:45:60:52:b6:5c:e9:60:81:ec:20:c0:88:70:64:68:9e:e9:44:85

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
SetCurrentDirectoryA
GetFileAttributesA
CopyFileA
ExitProcess
SetEnvironmentVariableA
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
lstrlenA
ReadFile
GetLastError
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
WriteFile
lstrcpyA
MoveFileExA
lstrcatA
GetSystemDirectoryA
GetProcAddress
CloseHandle
lstrcmpiA
MoveFileA
GetFullPathNameA
GetShortPathNameA
SearchPathA
CompareFileTime
SetFileTime
lstrcmpA
ExpandEnvironmentStringsA
SetErrorMode
GetVersion
GlobalFree
DeleteFileA
FindFirstFileA
FindNextFileA
FindClose
SetFilePointer
GetPrivateProfileStringA
WritePrivateProfileStringA
MultiByteToWideChar
FreeLibrary
MulDiv
LoadLibraryExA
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
GlobalAlloc

user32

GetSystemMenu
SetClassLongA
IsWindowEnabled
EnableMenuItem
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
ScreenToClient
GetWindowRect
GetDlgItem
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
EndDialog
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
LoadImageA
ExitWindowsEx
DestroyWindow
CreateDialogParamA
SetWindowTextA
PostQuitMessage
SetWindowLongA
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
IsWindow
TrackPopupMenu
OpenClipboard
AppendMenuA
DrawTextA
EndPaint
CharNextA
SetForegroundWindow
SetTimer

gdi32

SelectObject
SetTextColor
SetBkMode
CreateFontIndirectA
CreateBrushIndirect
DeleteObject
GetDeviceCaps
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA

advapi32

RegDeleteKeyA
SetFileSecurityA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegEnumValueA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_AddMasked
ord17
ImageList_Destroy

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

8c8a576201f68de1a3f26fc723b9f30f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GlobalFree
GlobalSize
lstrcpynA
lstrcpyA
GetProcAddress
VirtualFree
FreeLibrary
lstrlenA
LoadLibraryA
GetModuleHandleA
GlobalAlloc
WideCharToMultiByte
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 851B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
.ps1
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

ddbd50fe6279559edf7d1f1d89b42c2c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesA
lstrcpyA
MulDiv
lstrlenA
HeapFree
GetCurrentDirectoryA
lstrcmpiA
GetProcessHeap
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
SetCurrentDirectoryA
HeapAlloc

user32

DestroyWindow
CallWindowProcA
SetCursor
LoadCursorA
GetPropA
CharPrevA
DrawFocusRect
GetWindowLongA
DrawTextA
GetClientRect
GetDlgItem
GetSysColor
SetWindowLongA
SetWindowPos
CreateDialogParamA
MapDialogRect
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
CharNextA
SendMessageA
MapWindowPoints
RemovePropA
GetWindowTextA

gdi32

SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 620B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BreakawayPipeline_Uninstaller.exe
.exe windows:4 windows x86 arch:x86

93acf6b7ee07bd39e60132c2edfcea87

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

34:a5:e9:38:d0:53:af:4c:cd:de:51:83
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

20/03/2020, 15:57

Not After

21/03/2023, 15:57

Subject

SERIALNUMBER=200728510164,CN=Claesson Edwards Audio LLC,O=Claesson Edwards Audio LLC,STREET=5136 Prewett Ranch Dr,L=Antioch,ST=California,C=US,1.3.6.1.4.1.311.60.2.1.2=#130a43616c69666f726e6961,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

fb:d2:f2:1c:91:da:5d:25:c8:00:43:a9:c0:12:96:c3:c8:8f:b0:4a
Signer

Actual PE Digest

fb:d2:f2:1c:91:da:5d:25:c8:00:43:a9:c0:12:96:c3:c8:8f:b0:4a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
SetCurrentDirectoryA
GetFileAttributesA
SetEnvironmentVariableA
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
lstrlenA
GetVersion
SetErrorMode
CopyFileA
GetLastError
GlobalUnlock
GlobalLock
CreateThread
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
ReadFile
WriteFile
lstrcpyA
MoveFileExA
lstrcatA
GetSystemDirectoryA
GetProcAddress
CloseHandle
lstrcmpiA
MoveFileA
GetFullPathNameA
GetShortPathNameA
SearchPathA
CompareFileTime
SetFileTime
lstrcmpA
ExpandEnvironmentStringsA
GetDiskFreeSpaceA
lstrcpynA
GlobalFree
DeleteFileA
FindFirstFileA
FindNextFileA
FindClose
SetFilePointer
GetPrivateProfileStringA
WritePrivateProfileStringA
MultiByteToWideChar
FreeLibrary
MulDiv
LoadLibraryExA
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
GlobalAlloc

user32

GetSystemMenu
SetClassLongA
IsWindowEnabled
EnableMenuItem
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
ScreenToClient
GetWindowRect
GetDlgItem
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
EndDialog
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
LoadImageA
ExitWindowsEx
DestroyWindow
CreateDialogParamA
SetWindowTextA
PostQuitMessage
SetWindowLongA
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
IsWindow
TrackPopupMenu
OpenClipboard
AppendMenuA
DrawTextA
EndPaint
CharNextA
SetForegroundWindow
SetTimer

gdi32

SelectObject
SetTextColor
SetBkMode
CreateFontIndirectA
CreateBrushIndirect
DeleteObject
GetDeviceCaps
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA

advapi32

RegDeleteKeyA
SetFileSecurityA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegEnumValueA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_AddMasked
ord17
ImageList_Destroy

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
pipeline_icon.ico
vaclcscp.exe
.exe windows:6 windows x86 arch:x86

4ba4e5ccf1c421f311378767fba28163

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5b:98:bb:1d:56:df:0c:02:5d:55:b7:5d
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

26/05/2020, 12:18

Not After

26/08/2023, 12:18

Subject

SERIALNUMBER=316547600105556,CN=Muzychenko Evgenii Viktorovich\, IP,O=Muzychenko Evgenii Viktorovich\, IP,L=Novosibirsk,ST=Novosibirskaya oblast,C=RU,1.2.840.113549.1.9.1=#0c17736f667477617265406d757a796368656e6b6f2e6e6574,1.3.6.1.4.1.311.60.2.1.2=#13154e6f766f7369626972736b617961206f626c617374,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9f
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

27/05/2021, 09:55

Not After

28/06/2032, 09:55

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e0:c2:7d:cf:87:69:0a:e9:ad:dc:a0:e4:4a:65:33:a1:93:6c:2e:57:b8:97:87:db:7e:e8:a7:52:6f:e5:47:a6
Signer

Actual PE Digest

e0:c2:7d:cf:87:69:0a:e9:ad:dc:a0:e4:4a:65:33:a1:93:6c:2e:57:b8:97:87:db:7e:e8:a7:52:6f:e5:47:a6

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

vaclcscp.pdb

Imports

advapi32

CloseServiceHandle
StartServiceW
QueryServiceStatus
ControlService
OpenServiceW
OpenSCManagerW
ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegOpenKeyExW
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegQueryValueExW

kernel32

RtlMoveMemory
SetLastError
QueryPerformanceFrequency
GetCurrentProcess
OpenProcess
LocalFree
GetProcAddress
DeviceIoControl
GetLocalTime
lstrcmpiW
lstrcmpW
GetModuleHandleW
TerminateProcess
GetStartupInfoW
GetTickCount
CreateFileW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
HeapFree
GetProcessHeap
HeapAlloc
LoadLibraryW
FreeLibrary
lstrlenA
FormatMessageW
GetSystemInfo
GetCommandLineW
ExitProcess
LoadLibraryA
ExpandEnvironmentStringsA
WriteFile
GetVersionExW
CloseHandle
Sleep
RtlZeroMemory
GetModuleFileNameW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
lstrcatW
lstrcpyW
lstrlenW
CreateMutexW

gdi32

SetBkColor
ExcludeClipRect
RectVisible
MoveToEx
LineTo
CreateRectRgn
SetDCBrushColor
FrameRgn
CreateSolidBrush
CreateFontIndirectW
GetStockObject
GetTextExtentPoint32W
SelectObject
SetTextColor
SetBkMode
DeleteObject
GetObjectW

user32

GetFocus
GetDC
GetClientRect
SetDlgItemTextW
wsprintfW
IsWindowEnabled
EnableWindow
wvsprintfW
SendMessageW
GetDlgItemTextW
FillRect
ReleaseDC
SetFocus
IsWindow
SendDlgItemMessageW
CreateWindowExW
MapWindowPoints
GetClassNameW
GetComboBoxInfo
GetShellWindow
GetWindowThreadProcessId
IsDlgButtonChecked
CheckDlgButton
LoadIconW
GetDlgItemInt
GetSystemMetrics
GetWindowLongW
SetWindowLongW
ShowWindow
SetTimer
GetDesktopWindow
DialogBoxParamW
UpdateWindow
SetActiveWindow
GetDlgItem
EndDialog
SetWindowTextW
SystemParametersInfoW
LoadCursorW
GetParent
GetWindowRect
SetWindowPos
GetSysColorBrush
GetSysColor
GetWindowTextW
ChildWindowFromPoint
SetCursor
UnregisterClassW
GetPropW
RemovePropW
SetPropW
DefWindowProcW
MessageBoxW
DestroyWindow
CreateDialogParamW
DestroyIcon
SetDlgItemInt
GetMessagePos

comctl32

ImageList_Create
ImageList_ReplaceIcon
ord17
ord413
ord16

comdlg32

GetSaveFileNameW

shell32

ShellExecuteW
ShellExecuteExW

ole32

CoInitializeEx

setupapi

SetupDiGetClassDevsW
SetupDiGetDeviceInterfaceDetailW
SetupDiGetDeviceInstallParamsW
SetupDiSetClassInstallParamsW
SetupDiCallClassInstaller
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList

shlwapi

SHGetValueW

Sections

.text
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vaclcskd.cat
vaclcskd.inf
wdmdrvmgr.exe
.exe windows:6 windows x86 arch:x86

1a951182eaf601c4a1a608f45aeeacce

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5b:98:bb:1d:56:df:0c:02:5d:55:b7:5d
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

26/05/2020, 12:18

Not After

26/08/2023, 12:18

Subject

SERIALNUMBER=316547600105556,CN=Muzychenko Evgenii Viktorovich\, IP,O=Muzychenko Evgenii Viktorovich\, IP,L=Novosibirsk,ST=Novosibirskaya oblast,C=RU,1.2.840.113549.1.9.1=#0c17736f667477617265406d757a796368656e6b6f2e6e6574,1.3.6.1.4.1.311.60.2.1.2=#13154e6f766f7369626972736b617961206f626c617374,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9f
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

27/05/2021, 09:55

Not After

28/06/2032, 09:55

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

59:b8:74:89:34:9f:49:93:af:7d:2d:76:df:a0:08:f5:79:92:8e:9a:f9:7f:b9:de:b4:17:25:a0:01:f3:ea:14
Signer

Actual PE Digest

59:b8:74:89:34:9f:49:93:af:7d:2d:76:df:a0:08:f5:79:92:8e:9a:f9:7f:b9:de:b4:17:25:a0:01:f3:ea:14

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

wdmdrvmgr.pdb

Imports

advapi32

RegCloseKey
RegSetValueExW
RegQueryValueExW
RegCreateKeyW
CloseServiceHandle
OpenServiceW
OpenSCManagerW
QueryServiceStatus
DeleteService

kernel32

LocalAlloc
LocalFree
lstrcatW
GetWindowsDirectoryW
GetLastError
lstrlenW
lstrcpyW
GetFullPathNameW
GetCommandLineW
GetVersionExW
ExitProcess
SetLastError
FormatMessageW
DeleteFileW
SetFileAttributesW
GetFileAttributesW
FindNextVolumeW
CloseHandle
FlushFileBuffers
CreateFileW
GetDriveTypeW
FindFirstVolumeW
lstrcmpiW
Sleep
GetTickCount

user32

wvsprintfW
MessageBoxW
wsprintfW

newdev

UpdateDriverForPlugAndPlayDevicesW

setupapi

SetupDiCreateDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW
SetupDiSetClassInstallParamsW
SetupUninstallOEMInfW
SetupDiOpenDevRegKey
SetupDiGetDeviceRegistryPropertyW
SetupDiGetDeviceInstanceIdW
SetupDiCallClassInstaller
SetupDiSetDeviceRegistryPropertyW
SetupDiCreateDeviceInfoW
SetupDiGetINFClassW
SetupDiGetDeviceInstallParamsW

winmm

waveOutMessage
waveInGetDevCapsW
waveOutGetDevCapsW
waveInMessage

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/vaclcskd.sys
.sys windows:6 windows x86 arch:x86

56705f98dd0580b3898ef885ef50cfec

Code Sign

33:00:00:00:4e:59:56:10:83:2b:4e:0c:6c:00:00:00:00:00:4e
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

09/09/2021, 19:16

Not After

01/09/2022, 19:16

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cb:b1:fc:cf:08:d3:c4:bc:11:e6:15:1c:84:b4:49:df:2c:78:fe:26:9b:42:48:33:f4:30:c4:39:32:d5:1c:13
Signer

Actual PE Digest

cb:b1:fc:cf:08:d3:c4:bc:11:e6:15:1c:84:b4:49:df:2c:78:fe:26:9b:42:48:33:f4:30:c4:39:32:d5:1c:13

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

vaclcskd.pdb

Imports

ntoskrnl.exe

MmFreePagesFromMdl
MmUnmapLockedPages
wcschr
IoGetCurrentProcess
memset
MmMapLockedPagesSpecifyCache
MmAllocatePagesForMdl
KeInitializeEvent
KeWaitForSingleObject
RtlFreeUnicodeString
IoRegisterDeviceInterface
ZwClose
IoSetDeviceInterfaceState
wcsncpy
_wcsnicmp
srand
IofCompleteRequest
ProbeForRead
ProbeForWrite
wcsrchr
MmGetSystemRoutineAddress
InterlockedExchange
IoReleaseCancelSpinLock
ObfDereferenceObject
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
ZwOpenKey
ZwCreateKey
ZwQueryValueKey
ZwSetValueKey
ZwDeleteKey
IoOpenDeviceInterfaceRegistryKey
KeCancelTimer
ExSetTimerResolution
RtlCompareUnicodeString
ExFreePool
KeSetEvent
KeInitializeDpc
KeInitializeTimerEx
RtlFillMemory
wcsncmp
KeWaitForMultipleObjects
RtlZeroMemory
KeQueryPriorityThread
KeSetPriorityThread
ObReferenceObjectByHandle
PsCreateSystemThread
KeInitializeSemaphore
KeReleaseSemaphore
RtlInitUnicodeString
RtlUnwind
KeSetSystemAffinityThread
PsInitialSystemProcess
MmGetPhysicalAddress
PsGetCurrentProcessId
PsGetCurrentThreadId
ZwQueryInformationProcess
ZwQuerySystemInformation
MmUnmapViewInSystemSpace
MmMapViewOfSection
MmUnmapViewOfSection
MmMapViewInSystemSpace
MmCreateSection
KdDebuggerEnabled
KeNumberProcessors
ExFreePoolWithTag
ExAllocatePool
KeBugCheckEx
KeClearEvent
memcpy
KeQueryInterruptTime
RtlMoveMemory
KeInitializeMutex
KeReleaseMutex
KeSetTimer
KeGetCurrentThread
RtlGetVersion

hal

KfReleaseSpinLock
KfRaiseIrql
KfLowerIrql
KfAcquireSpinLock
KeQueryPerformanceCounter

portcls.sys

PcNewServiceGroup
PcRegisterPhysicalConnection
PcNewPort
PcRegisterSubdevice
PcInitializeAdapterDriver
PcAddAdapterDevice
PcDispatchIrp
PcRegisterAdapterPowerManagement

ks.sys

KsAcquireResetValue
KsProbeStreamIrp

Sections

.text
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 512B - Virtual size: 113B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ee7948bab5387659eb4dcc65e050e6af

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0fCertificate

Extended Key Usages

Key Usages

34:a5:e9:38:d0:53:af:4c:cd:de:51:83Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

a0:45:60:52:b6:5c:e9:60:81:ec:20:c0:88:70:64:68:9e:e9:44:85Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 25KB - Virtual size: 25KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 111KB

.ndata Size: - Virtual size: 64KB

.rsrc Size: 28KB - Virtual size: 28KB

8c8a576201f68de1a3f26fc723b9f30f

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 851B

.data Size: 512B - Virtual size: 104B

.reloc Size: 1024B - Virtual size: 608B

ddbd50fe6279559edf7d1f1d89b42c2c

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 620B

93acf6b7ee07bd39e60132c2edfcea87

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0fCertificate

Extended Key Usages

Key Usages

34:a5:e9:38:d0:53:af:4c:cd:de:51:83Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

34:a5:e9:38:d0:53:af:4c:cd:de:51:83
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

a0:45:60:52:b6:5c:e9:60:81:ec:20:c0:88:70:64:68:9e:e9:44:85
Signer

.text
Size: 25KB - Virtual size: 25KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 111KB

.ndata
Size: - Virtual size: 64KB

.rsrc
Size: 28KB - Virtual size: 28KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 851B

.data
Size: 512B - Virtual size: 104B

.reloc
Size: 1024B - Virtual size: 608B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 620B

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

34:a5:e9:38:d0:53:af:4c:cd:de:51:83
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

fb:d2:f2:1c:91:da:5d:25:c8:00:43:a9:c0:12:96:c3:c8:8f:b0:4a
Signer

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 154KB

.ndata
Size: - Virtual size: 64KB

.rsrc
Size: 28KB - Virtual size: 28KB

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

5b:98:bb:1d:56:df:0c:02:5d:55:b7:5d
Certificate

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9f
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

e0:c2:7d:cf:87:69:0a:e9:ad:dc:a0:e4:4a:65:33:a1:93:6c:2e:57:b8:97:87:db:7e:e8:a7:52:6f:e5:47:a6
Signer

.text
Size: 74KB - Virtual size: 74KB

.data
Size: 512B - Virtual size: 9KB

.rsrc
Size: 54KB - Virtual size: 53KB

.reloc
Size: 5KB - Virtual size: 5KB

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

5b:98:bb:1d:56:df:0c:02:5d:55:b7:5d
Certificate