d2326fe729c3598ffc872b253e9e356f_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d2326fe729c3598ffc872b253e9e356f_JaffaCakes118
Size

3.2MB
MD5

d2326fe729c3598ffc872b253e9e356f
SHA1

431ac0fc0ceab92a2b89bbb9bebbad94b30f4f48
SHA256

c4ebba8af2b04407d4e4a9654baf9556eee3f07fe9395f8b0eb64a411ef3439f
SHA512

d51ce041547323e66cd49deeaf4695b8a7d08dcb13c2ae5309f963df57193b57086e3ae05a424eb81587fef4dd706149ed5cbaaf21d6ce9536b714fa9c46cecc
SSDEEP

49152:+ku9YAQQTYWx+XQwG0M4xq/OGkfqxhs12TiWew5r4yu7JV9hD+2sgRw6QTWWYq19:vuVDV8X61eGxtTiur4yifsYw6conK

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/KillProcDLL.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsDialogs.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

d2326fe729c3598ffc872b253e9e356f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b78ecf47c0a3e24a6f4af114e2d1f5de

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

45:3b:5e:67:da:9e:2a:29:af:6d:96:d6:9a:9a:6e:9c
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

20-07-2015 00:00

Not After

17-09-2017 23:59

Subject

CN=(주)위너스톡,OU=IT Team,O=(주)위너스톡,L=Geumcheon-gu,ST=SEOUL,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ed:78:ba:05:e0:03:89:fd:f4:bb:7b:1a:37:69:5a:4b:b9:1d:87:ad
Signer

Actual PE Digest

ed:78:ba:05:e0:03:89:fd:f4:bb:7b:1a:37:69:5a:4b:b9:1d:87:ad

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEnvironmentVariableA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
GetFileAttributesA
SetFileAttributesA
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
lstrlenA
GetVersion
SetErrorMode
lstrcpynA
ExitProcess
GetFullPathNameA
GlobalLock
CreateThread
GetLastError
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
ReadFile
WriteFile
lstrcpyA
MoveFileExA
lstrcatA
GetSystemDirectoryA
GetProcAddress
CloseHandle
SetCurrentDirectoryA
MoveFileA
CompareFileTime
GetShortPathNameA
SearchPathA
lstrcmpiA
SetFileTime
lstrcmpA
ExpandEnvironmentStringsA
GlobalUnlock
GetDiskFreeSpaceA
GlobalFree
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
GetPrivateProfileStringA
FindClose
MultiByteToWideChar
FreeLibrary
MulDiv
WritePrivateProfileStringA
LoadLibraryExA
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
GlobalAlloc

user32

ScreenToClient
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
PostQuitMessage
GetWindowRect
EnableMenuItem
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndDialog
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
GetDC
CreateDialogParamA
SetTimer
GetDlgItem
SetWindowLongA
SetForegroundWindow
LoadImageA
IsWindow
SendMessageTimeoutA
FindWindowExA
OpenClipboard
TrackPopupMenu
AppendMenuA
EndPaint
DestroyWindow
wsprintfA
ShowWindow
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA

advapi32

RegDeleteKeyA
SetFileSecurityA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegEnumValueA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 80KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/KillProcDLL.dll
.dll windows:4 windows x86 arch:x86

153027ec3b10bcea606b777657dd3402

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
TerminateProcess
OpenProcess
LoadLibraryA
CloseHandle
GetProcAddress
FreeLibrary
GlobalFree
lstrcpyA
DisableThreadLibraryCalls

msvcrt

strcmp
_strupr
toupper
strlen
free
_initterm
malloc
_adjust_fdiv
strcpy
_itoa

Exports

Exports

KillProc

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

8c8a576201f68de1a3f26fc723b9f30f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GlobalFree
GlobalSize
lstrcpynA
lstrcpyA
GetProcAddress
VirtualFree
FreeLibrary
lstrlenA
LoadLibraryA
GetModuleHandleA
GlobalAlloc
WideCharToMultiByte
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 851B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

ddbd50fe6279559edf7d1f1d89b42c2c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesA
lstrcpyA
MulDiv
lstrlenA
HeapFree
GetCurrentDirectoryA
lstrcmpiA
GetProcessHeap
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
SetCurrentDirectoryA
HeapAlloc

user32

DestroyWindow
CallWindowProcA
SetCursor
LoadCursorA
GetPropA
CharPrevA
DrawFocusRect
GetWindowLongA
DrawTextA
GetClientRect
GetDlgItem
GetSysColor
SetWindowLongA
SetWindowPos
CreateDialogParamA
MapDialogRect
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
CharNextA
SendMessageA
MapWindowPoints
RemovePropA
GetWindowTextA

gdi32

SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 620B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sticker.exe
.exe windows:5 windows x86 arch:x86

3f1650e6ab075c7c2f729898a15e701d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

45:3b:5e:67:da:9e:2a:29:af:6d:96:d6:9a:9a:6e:9c
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

20-07-2015 00:00

Not After

17-09-2017 23:59

Subject

CN=(주)위너스톡,OU=IT Team,O=(주)위너스톡,L=Geumcheon-gu,ST=SEOUL,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c5:46:e4:33:f1:e7:e1:71:be:32:e2:4a:23:ba:47:62:55:4a:db:04
Signer

Actual PE Digest

c5:46:e4:33:f1:e7:e1:71:be:32:e2:4a:23:ba:47:62:55:4a:db:04

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\VS2010\WinnerFinder\Release\Sticker.pdb

Imports

kernel32

GetConsoleMode
ReadConsoleW
SetFilePointerEx
OutputDebugStringW
LCMapStringW
GetConsoleCP
WriteConsoleW
SetEnvironmentVariableA
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleW
GetLastError
WideCharToMultiByte
GetCurrentThreadId
MultiByteToWideChar
WritePrivateProfileStringW
GetFileSize
CreateFileW
ReadFile
CloseHandle
LoadLibraryW
FreeLibrary
GetProcAddress
SizeofResource
LockResource
LoadResource
FindResourceW
GetPrivateProfileStringW
GetPrivateProfileIntW
FreeResource
GetSystemDirectoryW
GetWindowsDirectoryW
WinExec
GetVersionExW
CreateProcessW
WaitForSingleObject
GetCurrentProcess
CreateMutexW
InitializeCriticalSectionAndSpinCount
HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
RaiseException
HeapSize
DecodePointer
GetModuleFileNameW
OpenFile
GetCommandLineW
GlobalAlloc
GlobalSize
GlobalLock
GlobalUnlock
GlobalFree
LocalFree
MulDiv
FormatMessageW
CopyFileW
SetLastError
GetCurrentProcessId
OutputDebugStringA
EncodePointer
GetModuleHandleA
LoadLibraryExW
GlobalDeleteAtom
lstrcmpW
LoadLibraryA
GlobalAddAtomW
GlobalFindAtomW
SetThreadPriority
ResumeThread
GlobalGetAtomNameW
FileTimeToLocalFileTime
LocalAlloc
FileTimeToSystemTime
lstrcmpA
GetThreadLocale
GetCurrentThread
GetTickCount
DeleteFileW
FindClose
FindFirstFileW
FlushFileBuffers
GetFullPathNameW
GetVolumeInformationW
LockFile
SetEndOfFile
SetFilePointer
UnlockFile
WriteFile
DuplicateHandle
lstrcmpiW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalReAlloc
GlobalFlags
CompareStringW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetFileAttributesW
GetFileAttributesExW
GetFileSizeEx
GetFileTime
VerSetConditionMask
lstrcpyW
VerifyVersionInfoW
GetCurrentDirectoryW
SetErrorMode
GetTempFileNameW
GetTempPathW
SearchPathW
GetProfileIntW
Sleep
VirtualProtect
FindResourceExW
GetSystemTimeAsFileTime
GetSystemInfo
VirtualAlloc
VirtualQuery
RtlUnwind
CreateThread
ExitThread
IsDebuggerPresent
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleExW
HeapQueryInformation
SetStdHandle
GetFileType
GetStdHandle
GetStartupInfoW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetTimeZoneInformation
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStringTypeW
InitializeCriticalSection

user32

SetWindowContextHelpId
RegisterClipboardFormatW
WaitMessage
PostQuitMessage
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
DrawStateW
CharNextW
SystemParametersInfoW
GetMenuItemInfoW
ReuseDDElParam
UnpackDDElParam
SetRectEmpty
InsertMenuItemW
DestroyMenu
CreatePopupMenu
TranslateAcceleratorW
LoadAcceleratorsW
ReleaseCapture
BringWindowToTop
IntersectRect
GetActiveWindow
TranslateMessage
GetMessageW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
IsDialogMessageW
SetWindowTextW
CheckDlgButton
MoveWindow
ShowWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetWindow
GetTopWindow
GetClassLongW
EqualRect
MapWindowPoints
AdjustWindowRectEx
GetWindowTextLengthW
GetWindowTextW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
ValidateRect
GetForegroundWindow
SetActiveWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
GetKeyState
GetFocus
SetFocus
GetDlgCtrlID
GetDlgItem
EndDeferWindowPos
DeferWindowPos
HideCaret
MapDialogRect
GetWindowPlacement
SetWindowPos
IsChild
GetClassInfoExW
CallWindowProcW
GetMessageTime
GetMessagePos
PeekMessageW
DispatchMessageW
GetSysColor
EndPaint
BeginPaint
ReleaseDC
GetWindowDC
GetDC
GetLastActivePopup
MessageBoxW
IsWindowEnabled
RemoveMenu
AppendMenuW
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetMenuState
GetMenuStringW
OffsetRect
SetForegroundWindow
IsIconic
FlashWindow
UpdateWindow
GetWindowThreadProcessId
DestroyIcon
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
UnregisterClassW
FillRect
InflateRect
CharUpperBuffW
LoadIconW
SendMessageTimeoutW
EnumChildWindows
RegisterWindowMessageW
CheckMenuItem
GetSubMenu
LoadMenuW
GetCursorPos
GetDesktopWindow
PtInRect
IsWindowVisible
GetIconInfo
FrameRect
CopyIcon
RegisterClassExW
CreateWindowExW
SetWindowLongW
ModifyMenuW
EmptyClipboard
IsWindow
FindWindowW
KillTimer
RegisterClassW
GetClassInfoW
SetTimer
SetWindowRgn
GetSystemMetrics
GetWindowRect
GetClassNameW
SendMessageW
ScreenToClient
ClientToScreen
GetParent
GetClientRect
LoadBitmapW
InvalidateRect
RedrawWindow
CopyRect
SetCursor
LoadImageW
LoadCursorW
CharUpperW
ShowOwnedPopups
GetSysColorBrush
DrawIcon
GetWindowRgn
GetComboBoxInfo
DestroyCursor
CreateMenu
SubtractRect
GetUpdateRect
IsClipboardFormatAvailable
EnableWindow
PostMessageW
DefWindowProcW
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
DrawMenuBar
MapVirtualKeyExW
IsCharLowerW
GetDoubleClickTime
SetWindowPlacement
InvertRect
SetClipboardData
CloseClipboard
DestroyWindow
GetWindowLongW
OpenClipboard
SetClassLongW
SetCursorPos
DestroyAcceleratorTable
CreateAcceleratorTableW
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
DrawIconEx
DrawFocusRect
DrawFrameControl
DrawEdge
LockWindowUpdate
GetNextDlgGroupItem
PostThreadMessageW
MonitorFromPoint
EnableScrollBar
UpdateLayeredWindow
IsMenu
SetMenuDefaultItem
GetMenuDefaultItem
NotifyWinEvent
WindowFromPoint
MessageBeep
GetAsyncKeyState
IsZoomed
TrackMouseEvent
EnumDisplayMonitors
SetLayeredWindowAttributes
SetRect
InvalidateRgn
CopyAcceleratorTableW
SetCapture
SetParent
DeleteMenu
GetSystemMenu
IsRectEmpty
UnionRect
MapVirtualKeyW
GetKeyNameTextW
SendDlgItemMessageA
CopyImage
BeginDeferWindowPos
RealChildWindowFromPoint

gdi32

GetObjectW
BitBlt
SelectObject
CreateBitmap
GetTextFaceW
SetPixelV
GetViewportOrgEx
GetWindowOrgEx
PtInRegion
GetBoundsRect
FrameRgn
FillRgn
EnumFontFamiliesExW
SetPaletteEntries
ExtFloodFill
RoundRect
GetSystemPaletteEntries
GetPaletteEntries
GetNearestPaletteIndex
CreatePalette
Rectangle
OffsetRgn
SetDIBColorTable
StretchBlt
SetPixel
RealizePalette
Polyline
Polygon
Ellipse
CreateEllipticRgn
CreateDIBSection
GetTextMetricsW
GetTextCharsetInfo
EnumFontFamiliesW
CreateDIBitmap
GetRgnBox
GetTextColor
GetTextExtentPoint32W
SetRectRgn
PatBlt
CreateRectRgnIndirect
CombineRgn
ScaleWindowExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
MoveToEx
SetTextAlign
SetTextColor
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetBkMode
SetBkColor
SelectPalette
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
LineTo
IntersectClipRect
GetStockObject
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CopyMetaFileW
CreateSolidBrush
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetBkColor
DPtoLP
GetViewportExtEx
GetWindowExtEx
GetMapMode
LPtoDP
DeleteDC
CreateFontIndirectW
DeleteObject
GetDeviceCaps
CreateCompatibleBitmap
CreateDCW
CreatePolygonRgn
CreateRoundRectRgn
CreateCompatibleDC

msimg32

TransparentBlt
AlphaBlend

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegDeleteValueW
RegCloseKey
GetUserNameW
OpenProcessToken
GetTokenInformation
CreateWellKnownSid
RegEnumKeyExW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
RegDeleteKeyW
RegCreateKeyExW
CheckTokenMembership

shell32

SHGetDesktopFolder
ShellExecuteExW
ord680
Shell_NotifyIconW
DragQueryFileW
DragFinish
SHGetFileInfoW
SHBrowseForFolderW
SHAppBarMessage
ShellExecuteW
SHGetSpecialFolderLocation
SHGetPathFromIDListW

comctl32

InitCommonControlsEx
_TrackMouseEvent

shlwapi

PathIsUNCW
PathStripToRootW
PathFindFileNameW
StrFormatKBSizeW
PathFindExtensionW
PathRemoveFileSpecW

uxtheme

OpenThemeData
CloseThemeData
GetThemePartSize
GetThemeColor
GetCurrentThemeName
GetThemeSysColor
GetWindowTheme
IsThemeBackgroundPartiallyTransparent
DrawThemeBackground
DrawThemeText
IsAppThemed
DrawThemeParentBackground

ole32

CoInitializeEx
CoInitialize
CoUninitialize
CoTaskMemAlloc
CoTaskMemFree
OleDuplicateData
ReleaseStgMedium
CoCreateGuid
CoCreateInstance
CoFreeUnusedLibraries
OleInitialize
OleUninitialize
CLSIDFromString
CLSIDFromProgID
CoDisconnectObject
CoGetClassObject
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoRegisterMessageFilter
DoDragDrop
CreateStreamOnHGlobal
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleLockRunning

oleaut32

VariantChangeType
OleCreateFontIndirect
LoadRegTypeLi
DispCallFunc
LoadTypeLi
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayCreate
SafeArrayDestroy
VariantCopy
SafeArrayGetElemsize
SafeArrayAccessData
SafeArrayUnaccessData
VarBstrFromDate
VariantClear
VariantInit
SysAllocString
SysAllocStringLen
SysStringByteLen
SysAllocStringByteLen
SysFreeString

oledlg

OleUIBusyW

gdiplus

GdipCloneImage
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdiplusStartup
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetInterpolationMode
GdipDrawImageRectI
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDrawImageI
GdipFree
GdipDisposeImage
GdiplusShutdown
GdipAlloc

ws2_32

ioctlsocket
accept
connect
WSAAsyncGetHostByName
send
recv
WSACancelAsyncRequest
closesocket
bind
setsockopt
WSAStartup
WSACleanup
inet_addr
htonl
socket
WSASetLastError
htons
WSAGetLastError
WSAAsyncSelect

iphlpapi

GetAdaptersInfo

winmm

PlaySoundW

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 342KB - Virtual size: 342KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 274KB - Virtual size: 274KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WF.ico
WUP.exe
.exe windows:5 windows x86 arch:x86

dd88680c5cb1a89e3a035c4b7d3cb203

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

45:3b:5e:67:da:9e:2a:29:af:6d:96:d6:9a:9a:6e:9c
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

20-07-2015 00:00

Not After

17-09-2017 23:59

Subject

CN=(주)위너스톡,OU=IT Team,O=(주)위너스톡,L=Geumcheon-gu,ST=SEOUL,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

bf:87:b2:85:5e:16:c7:3b:0e:6b:0d:03:54:f9:d0:32:7f:8a:91:61
Signer

Actual PE Digest

bf:87:b2:85:5e:16:c7:3b:0e:6b:0d:03:54:f9:d0:32:7f:8a:91:61

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\VS2010\WinnerFinder\Release\WUP.pdb

Imports

kernel32

IsValidCodePage
LCMapStringW
GetStringTypeW
IsProcessorFeaturePresent
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
UnhandledExceptionFilter
WriteConsoleW
SetEnvironmentVariableA
QueryPerformanceCounter
HeapCreate
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
SetUnhandledExceptionFilter
VirtualQuery
GetSystemInfo
VirtualAlloc
GetFileType
SetStdHandle
GetSystemTimeAsFileTime
HeapSize
HeapQueryInformation
GetFileSize
CreateThread
ExitThread
ExitProcess
RaiseException
RtlUnwind
HeapReAlloc
HeapAlloc
HeapFree
DecodePointer
GetOEMCP
GetStartupInfoW
HeapSetInformation
FindResourceExW
VirtualProtect
SearchPathW
GetProfileIntW
GetNumberFormatW
GetTempPathW
GetTempFileNameW
GetFileTime
GetFileSizeEx
GetFileAttributesExW
SetErrorMode
GlobalFlags
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
TlsGetValue
GlobalGetAtomNameW
lstrlenA
LocalAlloc
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
FileTimeToLocalFileTime
InterlockedDecrement
ReleaseActCtx
CreateActCtxW
GlobalFindAtomW
CompareStringW
GlobalAddAtomW
GetACP
GetCPInfo
EncodePointer
IsDebuggerPresent
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
WaitForSingleObject
ResumeThread
SetThreadPriority
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetCurrentProcess
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
lstrcmpiW
GetThreadLocale
GetCurrentProcessId
lstrcpyW
FreeResource
lstrcmpA
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoW
LoadLibraryExW
ActivateActCtx
DeactivateActCtx
lstrcmpW
GetModuleHandleW
InterlockedExchange
GlobalFree
CopyFileW
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
LocalFree
MulDiv
SetLastError
lstrlenW
GetTickCount
FileTimeToSystemTime
SetFileTime
WriteFile
CreateDirectoryW
GetFileAttributesW
LocalFileTimeToFileTime
GetCurrentDirectoryW
SystemTimeToFileTime
SetFilePointer
GetVersionExW
DeleteFileW
Sleep
Process32NextW
TerminateProcess
GetExitCodeProcess
OpenProcess
Process32FirstW
CreateToolhelp32Snapshot
WinExec
GetSystemDirectoryW
GetCommandLineW
OpenFile
GetWindowsDirectoryW
GetModuleFileNameW
WideCharToMultiByte
MultiByteToWideChar
LockResource
SizeofResource
LoadResource
FindResourceW
GetProcAddress
FreeLibrary
LoadLibraryW
CloseHandle
ReadFile
CreateFileW
GetLastError

user32

FrameRect
EmptyClipboard
CloseClipboard
SetClipboardData
OpenClipboard
CopyImage
GetIconInfo
HideCaret
InvertRect
RegisterClipboardFormatW
LockWindowUpdate
SetCursorPos
CreateAcceleratorTableW
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
DrawFocusRect
DrawFrameControl
DrawEdge
DrawIconEx
SetClassLongW
DestroyAcceleratorTable
SetParent
UnpackDDElParam
ReuseDDElParam
LoadImageW
LoadAcceleratorsW
InsertMenuItemW
BringWindowToTop
TranslateAcceleratorW
UnregisterClassW
DestroyIcon
GetMenuDefaultItem
SetMenuDefaultItem
CreatePopupMenu
IsMenu
MonitorFromPoint
UpdateLayeredWindow
EnableScrollBar
UnionRect
IsZoomed
GetAsyncKeyState
NotifyWinEvent
SetWindowRgn
LoadMenuW
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
SetRect
IsRectEmpty
CopyAcceleratorTableW
OffsetRect
CharNextW
SetLayeredWindowAttributes
EnumDisplayMonitors
SetRectEmpty
RealChildWindowFromPoint
DeleteMenu
WaitMessage
ReleaseCapture
WindowFromPoint
SetCapture
LoadCursorW
GetSysColorBrush
SystemParametersInfoW
DestroyMenu
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
CheckDlgButton
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
CopyIcon
GetClassLongW
SetPropW
GetPropW
RemovePropW
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
GetMessagePos
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
GetClassNameW
InvalidateRect
UpdateWindow
DrawStateW
IntersectRect
InflateRect
ShowOwnedPopups
SetCursor
GetMessageW
TranslateMessage
DispatchMessageW
IsWindowVisible
GetKeyState
PeekMessageW
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
EnableMenuItem
CheckMenuItem
CharUpperW
SetWindowsHookExW
UnhookWindowsHookEx
GetCursorPos
CallNextHookEx
GetFocus
GetWindowRect
PtInRect
GetSysColor
EndPaint
BeginPaint
GetWindowDC
CharUpperBuffW
PostThreadMessageW
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
GetWindowRgn
DestroyCursor
SubtractRect
ClientToScreen
ScreenToClient
FillRect
GetWindowThreadProcessId
GetLastActivePopup
MessageBoxW
MapVirtualKeyW
GetKeyNameTextW
ReleaseDC
GetDC
CopyRect
MapVirtualKeyExW
IsCharLowerW
GetDoubleClickTime
GetUpdateRect
IsClipboardFormatAvailable
GetCapture
CreateMenu
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
RegisterWindowMessageW
GetWindow
SetWindowContextHelpId
GetParent
MapDialogRect
SetWindowPos
PostQuitMessage
PostMessageW
GetMenuState
GetMenuStringW
GetMenuItemID
InsertMenuW
GetMenuItemCount
GetSubMenu
RemoveMenu
GetDesktopWindow
wsprintfW
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
KillTimer
LoadBitmapW
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
SetTimer
SendMessageW
AppendMenuW
GetSystemMenu
LoadIconW
EnableWindow
RedrawWindow
GetWindowLongW
SetWindowLongW
GetMenuItemInfoW

gdi32

CreatePen
CreateSolidBrush
CreateHatchBrush
CreateFontIndirectW
SetRectRgn
CombineRgn
GetTextExtentPoint32W
CreateDIBitmap
GetTextMetricsW
EnumFontFamiliesW
GetTextCharsetInfo
GetTextColor
GetRgnBox
CreateRoundRectRgn
CreateDIBSection
CreatePolygonRgn
CreateEllipticRgn
Polyline
Ellipse
Polygon
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
OffsetRgn
SetDIBColorTable
StretchBlt
SetPixel
Rectangle
EnumFontFamiliesExW
ExtFloodFill
SetPaletteEntries
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
GetTextFaceW
SetPixelV
SelectClipRgn
DeleteObject
GetObjectType
CreateRectRgn
SelectPalette
GetStockObject
CreateBitmap
CreatePatternBrush
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
GetPixel
CreateCompatibleDC
SetLayout
GetLayout
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetTextColor
SetROP2
SetPolyFillMode
SetBkMode
SetBkColor
RestoreDC
SaveDC
PatBlt
CreateRectRgnIndirect
CreateDCW
CopyMetaFileW
GetDeviceCaps
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetObjectW
GetBkColor
BitBlt
DPtoLP
GetViewportExtEx
GetWindowExtEx
GetMapMode
CreateCompatibleBitmap
LPtoDP

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyW
RegQueryValueW
RegCloseKey
RegEnumKeyExW
RegEnumValueW

shell32

DragFinish
ShellExecuteExW
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetMalloc
SHGetPathFromIDListW
SHBrowseForFolderW
SHAppBarMessage
ShellExecuteW
DragQueryFileW
SHGetSpecialFolderPathW
SHGetFileInfoW

comctl32

InitCommonControlsEx
ImageList_GetIconSize

shlwapi

PathStripToRootW
PathIsUNCW
PathFindFileNameW
PathFindExtensionW
PathRemoveFileSpecW

ole32

CoRevokeClassObject
ReleaseStgMedium
CoTaskMemAlloc
OleDuplicateData
CoCreateGuid
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CoUninitialize
CoInitialize
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CreateStreamOnHGlobal
CoTaskMemFree
OleIsCurrentClipboard
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleLockRunning
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleGetClipboard
CoRegisterMessageFilter
OleFlushClipboard
DoDragDrop
CoInitializeEx

oleaut32

SysFreeString
OleCreateFontIndirect
VarBstrFromDate
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SysAllocString

oledlg

OleUIBusyW

gdiplus

GdipDrawImageI
GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

wininet

HttpOpenRequestW
InternetConnectW
HttpSendRequestW
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetOpenW
InternetGetLastResponseInfoW
InternetCloseHandle
HttpQueryInfoW
InternetQueryDataAvailable

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

PlaySoundW

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 290KB - Virtual size: 289KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WinnerFinder.exe
.exe windows:5 windows x86 arch:x86

736d5929188540bb714b034d79e5e566

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

45:3b:5e:67:da:9e:2a:29:af:6d:96:d6:9a:9a:6e:9c
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

20-07-2015 00:00

Not After

17-09-2017 23:59

Subject

CN=(주)위너스톡,OU=IT Team,O=(주)위너스톡,L=Geumcheon-gu,ST=SEOUL,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c7:5b:99:9f:d8:cf:92:d2:25:8f:c6:19:09:75:83:67:be:19:97:fa
Signer

Actual PE Digest

c7:5b:99:9f:d8:cf:92:d2:25:8f:c6:19:09:75:83:67:be:19:97:fa

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\VS2010\WinnerFinder\Release\WinnerFinder.pdb

Imports

kernel32

SetUnhandledExceptionFilter
GetTimeZoneInformation
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStringTypeW
GetConsoleCP
GetConsoleMode
ReadConsoleW
SetFilePointerEx
UnhandledExceptionFilter
LCMapStringW
WriteConsoleW
SetEnvironmentVariableA
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
OutputDebugStringW
FreeEnvironmentStringsW
GetModuleHandleW
GetLastError
WideCharToMultiByte
GetCurrentThreadId
MultiByteToWideChar
WritePrivateProfileStringW
GetFileSize
CreateFileW
ReadFile
CloseHandle
LoadLibraryW
FreeLibrary
GetProcAddress
SizeofResource
LockResource
LoadResource
FindResourceW
GetPrivateProfileStringW
GetPrivateProfileIntW
CopyFileW
WinExec
FreeResource
GetSystemDirectoryW
GetWindowsDirectoryW
GetVersionExW
CreateToolhelp32Snapshot
Process32FirstW
OpenProcess
GetExitCodeProcess
TerminateProcess
Process32NextW
WaitForSingleObject
CreateMutexW
InitializeCriticalSectionAndSpinCount
HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
RaiseException
HeapSize
DecodePointer
GetModuleFileNameW
Sleep
OpenFile
GetCommandLineW
GlobalAlloc
GlobalSize
GlobalLock
GlobalUnlock
GlobalFree
LocalFree
MulDiv
FormatMessageW
SetLastError
GetCurrentProcessId
OutputDebugStringA
EncodePointer
GetModuleHandleA
LoadLibraryExW
GlobalDeleteAtom
lstrcmpW
LoadLibraryA
GlobalAddAtomW
GlobalFindAtomW
SetThreadPriority
ResumeThread
GlobalGetAtomNameW
FileTimeToLocalFileTime
LocalAlloc
FileTimeToSystemTime
lstrcmpA
GetThreadLocale
GetCurrentThread
GetTickCount
DeleteFileW
FindClose
FindFirstFileW
FlushFileBuffers
GetFullPathNameW
GetVolumeInformationW
LockFile
SetEndOfFile
SetFilePointer
UnlockFile
WriteFile
DuplicateHandle
GetCurrentProcess
lstrcmpiW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalReAlloc
GlobalFlags
CompareStringW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetFileAttributesW
GetFileAttributesExW
GetFileSizeEx
GetFileTime
VerSetConditionMask
lstrcpyW
VerifyVersionInfoW
GetCurrentDirectoryW
SetErrorMode
GetTempFileNameW
GetTempPathW
SearchPathW
GetProfileIntW
VirtualProtect
FindResourceExW
GetSystemTimeAsFileTime
CreateDirectoryW
GetSystemInfo
VirtualAlloc
VirtualQuery
RtlUnwind
CreateThread
ExitThread
IsDebuggerPresent
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleExW
HeapQueryInformation
SetStdHandle
GetFileType
GetStdHandle
GetStartupInfoW
QueryPerformanceCounter
GetEnvironmentStringsW
InitializeCriticalSection

user32

RegisterClipboardFormatW
WaitMessage
PostQuitMessage
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
DrawStateW
CharNextW
SystemParametersInfoW
GetMenuItemInfoW
ReuseDDElParam
UnpackDDElParam
SetRectEmpty
InsertMenuItemW
DestroyMenu
CreatePopupMenu
TranslateAcceleratorW
LoadAcceleratorsW
ReleaseCapture
BringWindowToTop
GetActiveWindow
TranslateMessage
GetMessageW
IntersectRect
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
IsDialogMessageW
SetWindowTextW
CheckDlgButton
MoveWindow
ShowWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetWindow
GetTopWindow
GetClassLongW
EqualRect
MapWindowPoints
AdjustWindowRectEx
GetWindowTextLengthW
GetWindowTextW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
ValidateRect
GetForegroundWindow
SetActiveWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
GetKeyState
GetFocus
SetFocus
GetDlgCtrlID
GetDlgItem
EndDeferWindowPos
DeferWindowPos
EmptyClipboard
SetWindowPlacement
SetWindowPos
IsChild
GetClassInfoExW
CallWindowProcW
GetMessageTime
GetMessagePos
PeekMessageW
DispatchMessageW
GetSysColor
EndPaint
BeginPaint
ReleaseDC
GetWindowDC
GetDC
GetLastActivePopup
MessageBoxW
IsWindowEnabled
RemoveMenu
AppendMenuW
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetMenuState
GetMenuStringW
OffsetRect
FlashWindow
UpdateWindow
GetWindowThreadProcessId
DestroyIcon
UnregisterClassW
FillRect
InflateRect
CharUpperBuffW
LoadIconW
SendMessageTimeoutW
EnumChildWindows
FindWindowW
RegisterWindowMessageW
SetForegroundWindow
IsIconic
CheckMenuItem
GetSubMenu
LoadMenuW
GetCursorPos
IsWindow
GetDesktopWindow
PtInRect
IsWindowVisible
KillTimer
RegisterClassW
GetClassInfoW
SetTimer
SetWindowRgn
GetSystemMetrics
GetWindowRect
SetClipboardData
CloseClipboard
OpenClipboard
RegisterClassExW
CreateWindowExW
SetWindowLongW
SetClassLongW
SetCursorPos
GetClassNameW
SendMessageW
ScreenToClient
ClientToScreen
GetParent
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
LoadBitmapW
GetClientRect
InvalidateRect
RedrawWindow
CopyRect
SetCursor
LoadImageW
LoadCursorW
DrawIcon
GetWindowRgn
GetComboBoxInfo
DestroyCursor
CreateMenu
SubtractRect
GetUpdateRect
IsClipboardFormatAvailable
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
DrawMenuBar
EnableWindow
PostMessageW
DefWindowProcW
MapVirtualKeyExW
IsCharLowerW
GetDoubleClickTime
InvertRect
HideCaret
GetIconInfo
FrameRect
CopyIcon
GetWindowPlacement
ModifyMenuW
DestroyAcceleratorTable
CreateAcceleratorTableW
DestroyWindow
GetWindowLongW
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
DrawIconEx
DrawFocusRect
DrawFrameControl
DrawEdge
LockWindowUpdate
GetNextDlgGroupItem
PostThreadMessageW
MonitorFromPoint
EnableScrollBar
UpdateLayeredWindow
IsMenu
SetMenuDefaultItem
GetMenuDefaultItem
NotifyWinEvent
WindowFromPoint
MessageBeep
GetAsyncKeyState
IsZoomed
TrackMouseEvent
EnumDisplayMonitors
SetLayeredWindowAttributes
SetRect
InvalidateRgn
CopyAcceleratorTableW
SetCapture
SetParent
DeleteMenu
GetSystemMenu
IsRectEmpty
UnionRect
MapVirtualKeyW
GetKeyNameTextW
SendDlgItemMessageA
CopyImage
RealChildWindowFromPoint
GetSysColorBrush
ShowOwnedPopups
CharUpperW
MapDialogRect
BeginDeferWindowPos
SetWindowContextHelpId

gdi32

GetObjectW
BitBlt
GetMapMode
LPtoDP
GetTextFaceW
SetPixelV
GetViewportOrgEx
GetWindowOrgEx
PtInRegion
GetBoundsRect
FrameRgn
FillRgn
EnumFontFamiliesExW
SetPaletteEntries
ExtFloodFill
RoundRect
GetSystemPaletteEntries
GetPaletteEntries
GetNearestPaletteIndex
CreatePalette
Rectangle
OffsetRgn
SetDIBColorTable
StretchBlt
SetPixel
RealizePalette
Polyline
Polygon
Ellipse
CreateEllipticRgn
CreateDIBSection
GetTextMetricsW
GetTextCharsetInfo
EnumFontFamiliesW
CreateDIBitmap
GetRgnBox
GetTextColor
GetTextExtentPoint32W
SetRectRgn
PatBlt
CreateRectRgnIndirect
CombineRgn
ScaleWindowExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
MoveToEx
SetTextAlign
SetTextColor
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetBkMode
SetBkColor
SelectPalette
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
LineTo
IntersectClipRect
GetStockObject
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CopyMetaFileW
CreateSolidBrush
DeleteDC
CreateFontIndirectW
DeleteObject
SelectObject
CreateDCW
CreatePolygonRgn
CreateRoundRectRgn
GetDeviceCaps
CreateBitmap
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetBkColor
DPtoLP
GetViewportExtEx
GetWindowExtEx
CreateCompatibleBitmap
CreateCompatibleDC

msimg32

TransparentBlt
AlphaBlend

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegQueryValueW
RegCloseKey
RegDeleteKeyW
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW
RegEnumKeyExW
RegEnumValueW
RegCreateKeyExW
RegEnumKeyW
RegSetValueExW

shell32

SHAppBarMessage
ShellExecuteW
ShellExecuteExW
Shell_NotifyIconW
DragQueryFileW
DragFinish
SHGetFileInfoW
SHBrowseForFolderW
SHGetSpecialFolderPathW
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetPathFromIDListW

comctl32

InitCommonControlsEx
_TrackMouseEvent

shlwapi

PathFileExistsW
PathFindExtensionW
PathIsUNCW
PathStripToRootW
PathFindFileNameW
StrFormatKBSizeW
PathRemoveFileSpecW

uxtheme

OpenThemeData
CloseThemeData
GetThemePartSize
GetThemeColor
GetCurrentThemeName
GetThemeSysColor
GetWindowTheme
IsThemeBackgroundPartiallyTransparent
DrawThemeBackground
DrawThemeText
IsAppThemed
DrawThemeParentBackground

ole32

CoInitializeEx
CoInitialize
CoUninitialize
CoTaskMemAlloc
CoTaskMemFree
OleDuplicateData
ReleaseStgMedium
CoCreateGuid
CoCreateInstance
CoFreeUnusedLibraries
OleInitialize
OleUninitialize
CLSIDFromString
CLSIDFromProgID
CoDisconnectObject
CoGetClassObject
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoRegisterMessageFilter
DoDragDrop
CreateStreamOnHGlobal
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleLockRunning

oleaut32

VariantChangeType
OleCreateFontIndirect
LoadRegTypeLi
DispCallFunc
LoadTypeLi
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayCreate
SafeArrayDestroy
VariantCopy
SafeArrayGetElemsize
SafeArrayAccessData
SafeArrayUnaccessData
VarBstrFromDate
VariantClear
VariantInit
SysAllocString
SysAllocStringLen
SysStringByteLen
SysAllocStringByteLen
SysFreeString

oledlg

OleUIBusyW

gdiplus

GdipCloneImage
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdiplusStartup
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetInterpolationMode
GdipDrawImageRectI
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDrawImageI
GdipFree
GdipDisposeImage
GdiplusShutdown
GdipAlloc

ws2_32

ioctlsocket
accept
connect
WSAAsyncGetHostByName
send
recv
WSACancelAsyncRequest
closesocket
bind
setsockopt
WSAStartup
WSACleanup
inet_addr
htonl
socket
WSASetLastError
htons
WSAGetLastError
WSAAsyncSelect

iphlpapi

GetAdaptersInfo

winmm

PlaySoundW

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 343KB - Virtual size: 342KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 278KB - Virtual size: 278KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pm.ini
uninst.exe.nsis
ws.ico

Sharing

General

Malware Config

Signatures

Files

b78ecf47c0a3e24a6f4af114e2d1f5de

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

45:3b:5e:67:da:9e:2a:29:af:6d:96:d6:9a:9a:6e:9cCertificate

Extended Key Usages

Key Usages

ed:78:ba:05:e0:03:89:fd:f4:bb:7b:1a:37:69:5a:4b:b9:1d:87:adSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 149KB

.ndata Size: - Virtual size: 80KB

.rsrc Size: 43KB - Virtual size: 43KB

153027ec3b10bcea606b777657dd3402

Headers

File Characteristics

Imports

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 172B

8c8a576201f68de1a3f26fc723b9f30f

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 851B

.data Size: 512B - Virtual size: 104B

.reloc Size: 1024B - Virtual size: 608B

ddbd50fe6279559edf7d1f1d89b42c2c

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 620B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

45:3b:5e:67:da:9e:2a:29:af:6d:96:d6:9a:9a:6e:9c
Certificate

ed:78:ba:05:e0:03:89:fd:f4:bb:7b:1a:37:69:5a:4b:b9:1d:87:ad
Signer

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 149KB

.ndata
Size: - Virtual size: 80KB

.rsrc
Size: 43KB - Virtual size: 43KB

.text
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 172B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 851B

.data
Size: 512B - Virtual size: 104B

.reloc
Size: 1024B - Virtual size: 608B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 620B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

45:3b:5e:67:da:9e:2a:29:af:6d:96:d6:9a:9a:6e:9c
Certificate

c5:46:e4:33:f1:e7:e1:71:be:32:e2:4a:23:ba:47:62:55:4a:db:04
Signer

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 342KB - Virtual size: 342KB

.data
Size: 28KB - Virtual size: 57KB

.rsrc
Size: 274KB - Virtual size: 274KB

.reloc
Size: 123KB - Virtual size: 123KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

45:3b:5e:67:da:9e:2a:29:af:6d:96:d6:9a:9a:6e:9c
Certificate

bf:87:b2:85:5e:16:c7:3b:0e:6b:0d:03:54:f9:d0:32:7f:8a:91:61
Signer