D:\Downloads\NSIS\nsis-2.44-src\build\debug\System\System.pdb
Overview
overview
7Static
static
7da59e5ab19...18.exe
windows7-x64
7da59e5ab19...18.exe
windows10-2004-x64
7$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$_2_/game_...DF.dll
windows7-x64
1$_2_/game_...DF.dll
windows10-2004-x64
1$_2_/game_...DF.dll
windows7-x64
1$_2_/game_...DF.dll
windows10-2004-x64
1$_2_/game_...DF.dll
windows7-x64
1$_2_/game_...DF.dll
windows10-2004-x64
1$_2_/game_...DF.dll
windows7-x64
1$_2_/game_...DF.dll
windows10-2004-x64
1$_2_/game_...DF.dll
windows7-x64
1$_2_/game_...DF.dll
windows10-2004-x64
1$_2_/game_...DF.dll
windows7-x64
1$_2_/game_...DF.dll
windows10-2004-x64
1$_2_/game_...DF.dll
windows7-x64
1$_2_/game_...DF.dll
windows10-2004-x64
1$_2_/game_...DF.dll
windows7-x64
1$_2_/game_...DF.dll
windows10-2004-x64
1$_2_/game_...DF.dll
windows7-x64
1$_2_/game_...DF.dll
windows10-2004-x64
1$_2_/game_...DF.dll
windows7-x64
1$_2_/game_...DF.dll
windows10-2004-x64
1$_4_/Hotel...WT.exe
windows7-x64
7$_4_/Hotel...WT.exe
windows10-2004-x64
7$_4_/unins...me.exe
windows7-x64
7$_4_/unins...me.exe
windows10-2004-x64
7Behavioral task
behavioral1
Sample
da59e5ab19955c67a9102a7fbf102768_JaffaCakes118.exe
Resource
win7-20240729-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
da59e5ab19955c67a9102a7fbf102768_JaffaCakes118.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
4 signatures
150 seconds
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral5
Sample
$_2_/game_hoteldash2lostluxuries_1.0.1.2614/DLL/de/GDF.dll
Resource
win7-20240903-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral6
Sample
$_2_/game_hoteldash2lostluxuries_1.0.1.2614/DLL/de/GDF.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral7
Sample
$_2_/game_hoteldash2lostluxuries_1.0.1.2614/DLL/en-us/GDF.dll
Resource
win7-20240903-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral8
Sample
$_2_/game_hoteldash2lostluxuries_1.0.1.2614/DLL/en-us/GDF.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral9
Sample
$_2_/game_hoteldash2lostluxuries_1.0.1.2614/DLL/es-es/GDF.dll
Resource
win7-20240903-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral10
Sample
$_2_/game_hoteldash2lostluxuries_1.0.1.2614/DLL/es-es/GDF.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral11
Sample
$_2_/game_hoteldash2lostluxuries_1.0.1.2614/DLL/es/GDF.dll
Resource
win7-20240903-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral12
Sample
$_2_/game_hoteldash2lostluxuries_1.0.1.2614/DLL/es/GDF.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral13
Sample
$_2_/game_hoteldash2lostluxuries_1.0.1.2614/DLL/fr/GDF.dll
Resource
win7-20240903-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral14
Sample
$_2_/game_hoteldash2lostluxuries_1.0.1.2614/DLL/fr/GDF.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral15
Sample
$_2_/game_hoteldash2lostluxuries_1.0.1.2614/DLL/it/GDF.dll
Resource
win7-20240708-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral16
Sample
$_2_/game_hoteldash2lostluxuries_1.0.1.2614/DLL/it/GDF.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral17
Sample
$_2_/game_hoteldash2lostluxuries_1.0.1.2614/DLL/ko/GDF.dll
Resource
win7-20240903-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral18
Sample
$_2_/game_hoteldash2lostluxuries_1.0.1.2614/DLL/ko/GDF.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral19
Sample
$_2_/game_hoteldash2lostluxuries_1.0.1.2614/DLL/pt/GDF.dll
Resource
win7-20240903-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral20
Sample
$_2_/game_hoteldash2lostluxuries_1.0.1.2614/DLL/pt/GDF.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral21
Sample
$_2_/game_hoteldash2lostluxuries_1.0.1.2614/DLL/zh-chs/GDF.dll
Resource
win7-20240903-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral22
Sample
$_2_/game_hoteldash2lostluxuries_1.0.1.2614/DLL/zh-chs/GDF.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral23
Sample
$_2_/game_hoteldash2lostluxuries_1.0.1.2614/DLL/zh-cht/GDF.dll
Resource
win7-20240903-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral24
Sample
$_2_/game_hoteldash2lostluxuries_1.0.1.2614/DLL/zh-cht/GDF.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral25
Sample
$_4_/Hotel Dash 2 - Lost Luxuries-WT.exe
Resource
win7-20240903-en
windows7-x64
5 signatures
150 seconds
Behavioral task
behavioral26
Sample
$_4_/Hotel Dash 2 - Lost Luxuries-WT.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
4 signatures
150 seconds
Behavioral task
behavioral27
Sample
$_4_/uninstall/game.exe
Resource
win7-20240903-en
windows7-x64
2 signatures
150 seconds
General
-
Target
da59e5ab19955c67a9102a7fbf102768_JaffaCakes118
-
Size
3.1MB
-
MD5
da59e5ab19955c67a9102a7fbf102768
-
SHA1
5f2a1466a6a6c02d14537600f72fd5bf4919e28a
-
SHA256
a6ffba0bc884906c7fb5f413ceac3d46e4775477c9102c221ed21347aca11f59
-
SHA512
0cd5ee1c0488ef3561361772a47afc5bba272d73a17c9c9580cd267750026b9d46476ded6aa58634e88896694d7d5f2060a34456d7b051710f5f965d91bca484
-
SSDEEP
98304:ay3b+WKUlAsp7K+IPSpZSMzoEWYDWwRTeD:am3lAsw7YZSMvWYbeD
Score
7/10
Malware Config
Signatures
-
resource yara_rule static1/unpack001/$_4_/uninstall/game.dat upx -
Unsigned PE 3 IoCs
Checks for missing Authenticode signature.
resource da59e5ab19955c67a9102a7fbf102768_JaffaCakes118 unpack001/$PLUGINSDIR/System.dll unpack002/out.upx -
NSIS installer 3 IoCs
resource yara_rule sample nsis_installer_1 sample nsis_installer_2 static1/unpack002/out.upx nsis_installer_2
Files
-
da59e5ab19955c67a9102a7fbf102768_JaffaCakes118.exe windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 136KB - Virtual size: 135KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 29KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 184KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ndata Size: - Virtual size: 212KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/System.dll.dll windows:5 windows x86 arch:x86
05325dd50f4f6fa54efd1ebe28f8bb53
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
kernel32
GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
lstrlenA
MultiByteToWideChar
WideCharToMultiByte
VirtualAlloc
VirtualProtect
user32
wsprintfA
ole32
StringFromGUID2
CLSIDFromString
Exports
Exports
Alloc
Call
Copy
Free
Get
Int64Op
Store
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 436B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1024B - Virtual size: 955B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$_2_/game_hoteldash2lostluxuries_1.0.1.2614/DLL/de/GDF.dll.dll windows:5 windows x86 arch:x86
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
1f:71:3d:35:f5:d4:9e:ca:b0:a8:0b:32:d4:76:15:4eCertificate
IssuerCN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=USNot Before07/03/2011, 00:00Not After06/03/2013, 23:59SubjectCN=WildTangent Inc,OU=Product Development,O=WildTangent Inc,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91Certificate
IssuerCN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6dNot Before17/11/2006, 00:00Not After30/12/2020, 23:59SubjectCN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=USKey Usages
KeyUsageCertSign
KeyUsageCRLSign
47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate
IssuerCN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=USNot Before08/02/2010, 00:00Not After07/02/2020, 23:59SubjectCN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
28:ad:b9:2d:86:2d:1c:df:1a:ee:c7:48:3d:1d:d4:b0:8d:82:98:0fSigner
Actual PE Digest28:ad:b9:2d:86:2d:1c:df:1a:ee:c7:48:3d:1d:d4:b0:8d:82:98:0fDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rsrc Size: 483KB - Virtual size: 482KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$_2_/game_hoteldash2lostluxuries_1.0.1.2614/DLL/en-us/GDF.dll.dll windows:5 windows x86 arch:x86
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
1f:71:3d:35:f5:d4:9e:ca:b0:a8:0b:32:d4:76:15:4eCertificate
IssuerCN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=USNot Before07/03/2011, 00:00Not After06/03/2013, 23:59SubjectCN=WildTangent Inc,OU=Product Development,O=WildTangent Inc,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91Certificate
IssuerCN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6dNot Before17/11/2006, 00:00Not After30/12/2020, 23:59SubjectCN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=USKey Usages
KeyUsageCertSign
KeyUsageCRLSign
47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate
IssuerCN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=USNot Before08/02/2010, 00:00Not After07/02/2020, 23:59SubjectCN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
c0:6f:10:e0:97:c6:64:27:ab:66:ea:12:98:21:3c:2c:c8:2d:18:34Signer
Actual PE Digestc0:6f:10:e0:97:c6:64:27:ab:66:ea:12:98:21:3c:2c:c8:2d:18:34Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rsrc Size: 483KB - Virtual size: 482KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$_2_/game_hoteldash2lostluxuries_1.0.1.2614/DLL/es-es/GDF.dll.dll windows:5 windows x86 arch:x86
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
1f:71:3d:35:f5:d4:9e:ca:b0:a8:0b:32:d4:76:15:4eCertificate
IssuerCN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=USNot Before07/03/2011, 00:00Not After06/03/2013, 23:59SubjectCN=WildTangent Inc,OU=Product Development,O=WildTangent Inc,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91Certificate
IssuerCN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6dNot Before17/11/2006, 00:00Not After30/12/2020, 23:59SubjectCN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=USKey Usages
KeyUsageCertSign
KeyUsageCRLSign
47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate
IssuerCN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=USNot Before08/02/2010, 00:00Not After07/02/2020, 23:59SubjectCN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
a2:f0:69:e9:56:df:54:51:e5:6c:c8:05:d3:86:a8:ab:6f:3d:e7:f4Signer
Actual PE Digesta2:f0:69:e9:56:df:54:51:e5:6c:c8:05:d3:86:a8:ab:6f:3d:e7:f4Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rsrc Size: 483KB - Virtual size: 482KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$_2_/game_hoteldash2lostluxuries_1.0.1.2614/DLL/es/GDF.dll.dll windows:5 windows x86 arch:x86
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
1f:71:3d:35:f5:d4:9e:ca:b0:a8:0b:32:d4:76:15:4eCertificate
IssuerCN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=USNot Before07/03/2011, 00:00Not After06/03/2013, 23:59SubjectCN=WildTangent Inc,OU=Product Development,O=WildTangent Inc,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91Certificate
IssuerCN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6dNot Before17/11/2006, 00:00Not After30/12/2020, 23:59SubjectCN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=USKey Usages
KeyUsageCertSign
KeyUsageCRLSign
47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate
IssuerCN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=USNot Before08/02/2010, 00:00Not After07/02/2020, 23:59SubjectCN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
ec:f1:da:b1:0c:1d:2a:cc:44:91:35:fa:d1:0a:be:57:38:ef:02:2dSigner
Actual PE Digestec:f1:da:b1:0c:1d:2a:cc:44:91:35:fa:d1:0a:be:57:38:ef:02:2dDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rsrc Size: 483KB - Virtual size: 482KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$_2_/game_hoteldash2lostluxuries_1.0.1.2614/DLL/fr/GDF.dll.dll windows:5 windows x86 arch:x86
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
1f:71:3d:35:f5:d4:9e:ca:b0:a8:0b:32:d4:76:15:4eCertificate
IssuerCN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=USNot Before07/03/2011, 00:00Not After06/03/2013, 23:59SubjectCN=WildTangent Inc,OU=Product Development,O=WildTangent Inc,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91Certificate
IssuerCN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6dNot Before17/11/2006, 00:00Not After30/12/2020, 23:59SubjectCN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=USKey Usages
KeyUsageCertSign
KeyUsageCRLSign
47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate
IssuerCN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=USNot Before08/02/2010, 00:00Not After07/02/2020, 23:59SubjectCN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
7d:b0:e1:8a:73:8f:c1:55:8f:2f:f1:f3:e5:bb:8b:59:60:48:f6:44Signer
Actual PE Digest7d:b0:e1:8a:73:8f:c1:55:8f:2f:f1:f3:e5:bb:8b:59:60:48:f6:44Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rsrc Size: 483KB - Virtual size: 482KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$_2_/game_hoteldash2lostluxuries_1.0.1.2614/DLL/it/GDF.dll.dll windows:5 windows x86 arch:x86
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
1f:71:3d:35:f5:d4:9e:ca:b0:a8:0b:32:d4:76:15:4eCertificate
IssuerCN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=USNot Before07/03/2011, 00:00Not After06/03/2013, 23:59SubjectCN=WildTangent Inc,OU=Product Development,O=WildTangent Inc,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91Certificate
IssuerCN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6dNot Before17/11/2006, 00:00Not After30/12/2020, 23:59SubjectCN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=USKey Usages
KeyUsageCertSign
KeyUsageCRLSign
47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate
IssuerCN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=USNot Before08/02/2010, 00:00Not After07/02/2020, 23:59SubjectCN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
29:df:f1:c9:5d:ff:e5:f7:85:31:ea:eb:57:36:b8:eb:45:09:b2:06Signer
Actual PE Digest29:df:f1:c9:5d:ff:e5:f7:85:31:ea:eb:57:36:b8:eb:45:09:b2:06Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rsrc Size: 483KB - Virtual size: 482KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$_2_/game_hoteldash2lostluxuries_1.0.1.2614/DLL/ko/GDF.dll.dll windows:5 windows x86 arch:x86
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
1f:71:3d:35:f5:d4:9e:ca:b0:a8:0b:32:d4:76:15:4eCertificate
IssuerCN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=USNot Before07/03/2011, 00:00Not After06/03/2013, 23:59SubjectCN=WildTangent Inc,OU=Product Development,O=WildTangent Inc,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91Certificate
IssuerCN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6dNot Before17/11/2006, 00:00Not After30/12/2020, 23:59SubjectCN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=USKey Usages
KeyUsageCertSign
KeyUsageCRLSign
47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate
IssuerCN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=USNot Before08/02/2010, 00:00Not After07/02/2020, 23:59SubjectCN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
3c:c8:ae:44:36:ae:cc:d9:c1:bb:ac:48:b4:bf:e8:59:c8:a2:df:c8Signer
Actual PE Digest3c:c8:ae:44:36:ae:cc:d9:c1:bb:ac:48:b4:bf:e8:59:c8:a2:df:c8Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rsrc Size: 483KB - Virtual size: 482KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$_2_/game_hoteldash2lostluxuries_1.0.1.2614/DLL/pt/GDF.dll.dll windows:5 windows x86 arch:x86
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
1f:71:3d:35:f5:d4:9e:ca:b0:a8:0b:32:d4:76:15:4eCertificate
IssuerCN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=USNot Before07/03/2011, 00:00Not After06/03/2013, 23:59SubjectCN=WildTangent Inc,OU=Product Development,O=WildTangent Inc,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91Certificate
IssuerCN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6dNot Before17/11/2006, 00:00Not After30/12/2020, 23:59SubjectCN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=USKey Usages
KeyUsageCertSign
KeyUsageCRLSign
47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate
IssuerCN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=USNot Before08/02/2010, 00:00Not After07/02/2020, 23:59SubjectCN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
f4:ba:27:46:e4:a0:e8:ec:5b:bd:13:42:55:e7:88:f6:de:0d:c4:5dSigner
Actual PE Digestf4:ba:27:46:e4:a0:e8:ec:5b:bd:13:42:55:e7:88:f6:de:0d:c4:5dDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rsrc Size: 483KB - Virtual size: 482KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$_2_/game_hoteldash2lostluxuries_1.0.1.2614/DLL/zh-chs/GDF.dll.dll windows:5 windows x86 arch:x86
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
1f:71:3d:35:f5:d4:9e:ca:b0:a8:0b:32:d4:76:15:4eCertificate
IssuerCN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=USNot Before07/03/2011, 00:00Not After06/03/2013, 23:59SubjectCN=WildTangent Inc,OU=Product Development,O=WildTangent Inc,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91Certificate
IssuerCN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6dNot Before17/11/2006, 00:00Not After30/12/2020, 23:59SubjectCN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=USKey Usages
KeyUsageCertSign
KeyUsageCRLSign
47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate
IssuerCN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=USNot Before08/02/2010, 00:00Not After07/02/2020, 23:59SubjectCN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
13:e9:16:a1:13:31:9a:62:1c:bc:d9:6d:40:6a:29:6c:c8:72:73:f5Signer
Actual PE Digest13:e9:16:a1:13:31:9a:62:1c:bc:d9:6d:40:6a:29:6c:c8:72:73:f5Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rsrc Size: 483KB - Virtual size: 482KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$_2_/game_hoteldash2lostluxuries_1.0.1.2614/DLL/zh-cht/GDF.dll.dll windows:5 windows x86 arch:x86
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
1f:71:3d:35:f5:d4:9e:ca:b0:a8:0b:32:d4:76:15:4eCertificate
IssuerCN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=USNot Before07/03/2011, 00:00Not After06/03/2013, 23:59SubjectCN=WildTangent Inc,OU=Product Development,O=WildTangent Inc,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91Certificate
IssuerCN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6dNot Before17/11/2006, 00:00Not After30/12/2020, 23:59SubjectCN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=USKey Usages
KeyUsageCertSign
KeyUsageCRLSign
47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate
IssuerCN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=USNot Before08/02/2010, 00:00Not After07/02/2020, 23:59SubjectCN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
a6:5f:95:86:76:75:eb:b1:48:d1:da:ae:86:bd:f9:15:d2:82:61:07Signer
Actual PE Digesta6:5f:95:86:76:75:eb:b1:48:d1:da:ae:86:bd:f9:15:d2:82:61:07Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rsrc Size: 483KB - Virtual size: 482KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$_4_/Hotel Dash 2 - Lost Luxuries-WT.exe.exe windows:4 windows x86 arch:x86
82935279cc64d412044c6dabd2edb61e
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
1f:71:3d:35:f5:d4:9e:ca:b0:a8:0b:32:d4:76:15:4eCertificate
IssuerCN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=USNot Before07/03/2011, 00:00Not After06/03/2013, 23:59SubjectCN=WildTangent Inc,OU=Product Development,O=WildTangent Inc,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91Certificate
IssuerCN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6dNot Before17/11/2006, 00:00Not After30/12/2020, 23:59SubjectCN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=USKey Usages
KeyUsageCertSign
KeyUsageCRLSign
47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate
IssuerCN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=USNot Before08/02/2010, 00:00Not After07/02/2020, 23:59SubjectCN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
e1:8a:59:ee:89:49:dd:ea:e2:8b:01:b8:5b:31:bd:e6:e0:9f:8a:51Signer
Actual PE Digeste1:8a:59:ee:89:49:dd:ea:e2:8b:01:b8:5b:31:bd:e6:e0:9f:8a:51Digest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
SetLastError
GetVolumeInformationA
DeviceIoControl
IsBadReadPtr
GlobalUnlock
GlobalLock
MulDiv
lstrcpyA
EnumResourceLanguagesA
ConvertDefaultLocale
lstrcmpA
GlobalDeleteAtom
FreeResource
GlobalAddAtomA
lstrcmpW
lstrcatA
GlobalFindAtomA
GlobalGetAtomNameA
GlobalReAlloc
GlobalHandle
LocalReAlloc
TlsFree
GlobalFlags
LockFile
UnlockFile
GetCPInfo
GetOEMCP
SetErrorMode
GetFileTime
VirtualAllocEx
RtlUnwind
ExitProcess
VirtualQuery
HeapReAlloc
GetStartupInfoA
GetCommandLineA
ExitThread
GetDriveTypeA
GetSystemTimeAsFileTime
GetFileType
HeapSize
HeapDestroy
HeapCreate
IsBadWritePtr
LCMapStringA
LCMapStringW
GetTimeZoneInformation
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
SetStdHandle
GetStringTypeA
GetStringTypeW
IsBadCodePtr
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
SetEnvironmentVariableA
CreateRemoteThread
ReadProcessMemory
VirtualProtectEx
VirtualFreeEx
DosDateTimeToFileTime
SetFileTime
CreateJobObjectA
SetInformationJobObject
AssignProcessToJobObject
TerminateProcess
OpenEventA
OpenMutexA
OpenFileMappingA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
CreateThread
WaitForMultipleObjects
ResetEvent
GetProcessId
QueryInformationJobObject
GetProcessTimes
GetExitCodeProcess
TerminateJobObject
OpenProcess
OpenThread
WritePrivateProfileStringA
WriteProcessMemory
GetFullPathNameA
TlsAlloc
ResumeThread
TlsSetValue
TlsGetValue
FlushFileBuffers
MoveFileA
CopyFileA
LocalFileTimeToFileTime
SetFileAttributesA
DeleteFileA
FindNextFileA
GetFileAttributesExA
GetCurrentDirectoryA
SetThreadAffinityMask
QueryPerformanceCounter
QueryPerformanceFrequency
DebugBreak
DuplicateHandle
CreateDirectoryA
GetWindowsDirectoryA
LocalAlloc
LocalFree
FormatMessageA
FileTimeToSystemTime
CreateEventA
SetEndOfFile
SetFilePointer
WriteFile
SetEvent
TerminateThread
GetSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
IsDBCSLeadByte
InterlockedIncrement
lstrcpynA
CompareStringW
CompareStringA
lstrcmpiA
GetVersion
EnterCriticalSection
LeaveCriticalSection
InterlockedDecrement
LoadLibraryExA
FindResourceA
LockResource
SizeofResource
ReleaseMutex
CreateMutexA
lstrlenW
FindResourceExA
LoadResource
GlobalAlloc
ReadFile
GlobalFree
WideCharToMultiByte
GetFileAttributesW
CreateFileW
GetFileSize
GetProcessHeap
HeapAlloc
GetPrivateProfileStringW
HeapFree
GetModuleFileNameW
FindFirstFileW
FindNextFileW
GetUserDefaultLCID
GetUserGeoID
GetUserDefaultUILanguage
GetSystemDefaultLangID
GetLocaleInfoW
GetNumberFormatW
GetDateFormatW
LoadLibraryW
FreeLibrary
GetModuleFileNameA
GetPrivateProfileStringA
GetCurrentProcessId
lstrlenA
MultiByteToWideChar
GetLastError
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
WaitForSingleObject
Sleep
IsDebuggerPresent
LoadLibraryA
GetTickCount
GetCurrentThread
GetThreadContext
SetThreadContext
SetUnhandledExceptionFilter
OutputDebugStringA
FindFirstFileA
FindClose
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetModuleHandleA
GetProcAddress
GetCurrentProcess
CreateFileA
GetCurrentThreadId
CreateProcessA
CloseHandle
GetFileAttributesA
DeleteCriticalSection
InitializeCriticalSection
RaiseException
user32
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
DestroyMenu
WinHelpA
GetCapture
CreateWindowExA
GetClassLongA
GetClassInfoExA
GetPropA
RemovePropA
IsChild
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
UpdateWindow
GetMenu
GetSysColor
AdjustWindowRectEx
EqualRect
GetClassInfoA
RegisterClassA
DefWindowProcA
CallWindowProcA
CopyRect
RegisterWindowMessageA
RegisterClipboardFormatA
GetWindow
SetWindowContextHelpId
MapDialogRect
UnregisterClassA
IntersectRect
GetWindowDC
BeginPaint
EndPaint
GetSysColorBrush
SetForegroundWindow
AttachThreadInput
SetMenuItemBitmaps
ModifyMenuA
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
GetLastActivePopup
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetKeyState
PeekMessageA
ValidateRect
UnhookWindowsHookEx
GetWindowTextA
GetFocus
SetWindowPos
SetWindowLongA
GetDlgCtrlID
SetWindowTextA
IsDialogMessageA
SendDlgItemMessageA
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetWindowLongA
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
GetMenuState
IsRectEmpty
CopyAcceleratorTableA
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
GetMenuItemID
GetSubMenu
FindWindowExA
SetWindowPlacement
WaitForInputIdle
GetWindowPlacement
EnumWindows
PostThreadMessageA
GetSystemMetrics
GetWindowThreadProcessId
GetForegroundWindow
FindWindowA
GetWindowRect
MoveWindow
SetFocus
SystemParametersInfoA
PostMessageA
wsprintfA
CharLowerBuffW
PtInRect
OffsetRect
GetCursorPos
SetCapture
ReleaseCapture
IsWindow
SetCursor
LoadCursorA
MessageBoxW
CharLowerBuffA
LoadIconA
PostQuitMessage
SetRect
EnableMenuItem
GetMenuItemCount
InsertMenuA
SendMessageA
GetSystemMenu
IsIconic
SetWindowRgn
GetClientRect
InvalidateRect
SetTimer
EnableWindow
CharUpperA
GetClassNameA
ShowWindow
GetLastInputInfo
IsWindowVisible
GetParent
MessageBoxA
ChangeDisplaySettingsA
GetDC
ReleaseDC
CharNextA
SetPropA
gdi32
GetRgnBox
GetTextColor
GetBkColor
GetMapMode
CreateRectRgnIndirect
GetStockObject
DeleteDC
ExtSelectClipRgn
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
DeleteObject
SetMapMode
RestoreDC
SaveDC
ExtTextOutA
GetObjectA
SetBkColor
CreateRoundRectRgn
CreateRectRgn
GetDeviceCaps
CreateBitmap
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetTextColor
GetClipBox
SetViewportExtEx
comdlg32
GetFileTitleA
winspool.drv
OpenPrinterA
DocumentPropertiesA
ClosePrinter
advapi32
CryptDestroyKey
CryptDestroyHash
CryptReleaseContext
GetUserNameA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegDeleteKeyA
RegQueryInfoKeyA
RegOpenKeyExA
RegEnumKeyExA
RegQueryValueExA
RegCloseKey
CryptDeriveKey
CryptHashData
RegQueryValueA
RegEnumKeyA
RegOpenKeyA
RegQueryValueExW
CryptSetKeyParam
RevertToSelf
ImpersonateSelf
RegCreateKeyExW
RegOpenKeyExW
RegSetKeySecurity
CryptDecrypt
CryptAcquireContextW
CryptCreateHash
shell32
SHGetSpecialFolderPathA
ShellExecuteExA
SHFileOperationA
comctl32
ord17
shlwapi
PathFileExistsA
PathRemoveFileSpecA
PathStripPathA
PathAppendA
PathAppendW
PathRemoveFileSpecW
PathUnquoteSpacesW
PathFindExtensionA
PathIsUNCA
PathFindFileNameA
PathStripToRootA
oledlg
ord8
ole32
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CoRevokeClassObject
CoCreateInstance
CoInitializeEx
CoInitializeSecurity
StringFromCLSID
CoSetProxyBlanket
CLSIDFromProgID
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoInitialize
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CoUninitialize
CoCreateGuid
CLSIDFromString
oleaut32
SysAllocString
SysFreeString
SysStringLen
VariantClear
VariantInit
DispCallFunc
LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
VariantChangeType
SysAllocStringByteLen
SysStringByteLen
VariantCopy
SysAllocStringLen
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayCreate
SafeArrayDestroy
SystemTimeToVariantTime
OleCreateFontIndirect
urlmon
URLDownloadToCacheFileA
rasapi32
RasEnumEntriesA
ws2_32
gethostname
gethostbyname
ntohl
WSACleanup
WSAStartup
crypt32
CertFreeCertificateContext
CertNameToStrA
CryptMsgGetAndVerifySigner
CryptQueryObject
CryptMsgClose
wintrust
WinVerifyTrust
wininet
InternetCloseHandle
HttpAddRequestHeadersA
InternetGetLastResponseInfoA
InternetReadFile
InternetQueryOptionA
HttpSendRequestA
HttpQueryInfoA
InternetOpenA
InternetConnectA
HttpOpenRequestA
winmm
timeGetTime
PlaySoundA
iphlpapi
GetAdaptersInfo
psapi
GetProcessImageFileNameW
dinput8
DirectInput8Create
version
VerQueryValueW
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
Sections
.text Size: 503KB - Virtual size: 502KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.pecode Size: 81KB - Virtual size: 80KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pccode Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 139KB - Virtual size: 138KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 14KB - Virtual size: 37KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.phs Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 397KB - Virtual size: 396KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$_4_/df97434d-70c0-462d-b94f-bae03a2b8c6a.ico
-
$_4_/uninstall/game.dat.exe windows:4 windows x86 arch:x86
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
1f:71:3d:35:f5:d4:9e:ca:b0:a8:0b:32:d4:76:15:4eCertificate
IssuerCN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=USNot Before07/03/2011, 00:00Not After06/03/2013, 23:59SubjectCN=WildTangent Inc,OU=Product Development,O=WildTangent Inc,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91Certificate
IssuerCN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6dNot Before17/11/2006, 00:00Not After30/12/2020, 23:59SubjectCN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=USKey Usages
KeyUsageCertSign
KeyUsageCRLSign
47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate
IssuerCN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=USNot Before08/02/2010, 00:00Not After07/02/2020, 23:59SubjectCN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
ff:dc:a8:0a:9b:75:10:fa:f9:6a:fa:e1:4b:a5:72:4b:9e:08:44:41Signer
Actual PE Digestff:dc:a8:0a:9b:75:10:fa:f9:6a:fa:e1:4b:a5:72:4b:9e:08:44:41Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 484KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 84KB - Virtual size: 84KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.exe windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 136KB - Virtual size: 136KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 29KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 228KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ndata Size: - Virtual size: 148KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ