Nigger[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Nigger.rar
Size

15.5MB
MD5

f95d0312d3659435e4abeb2cefebe804
SHA1

2619f93d46f9f2515a2f6cd26dee2de9d4e16c31
SHA256

eb49294f671422d59d871d186fe744afadea0e40688d79be2599b34dff8098f9
SHA512

a369fe2d202f928e1e41725ea6bc1ee5342c93dbba635300cf1a5c6687e1107d7757fb627b887965888bed741d8b0802e3227c79e0565d5f2f99f5f4fc8b4c90
SSDEEP

393216:Lr6SEE+TJ+ovqUdHRcDvkluTELG1AJftf01ojphVi:5EDzvdIGVWAZW1KXU

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/SDK/obsidium.dll	acprotect

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/SDK/obsidium.dll	upx
static1/unpack001/Tools/ObsPatchDump.exe	upx
static1/unpack001/lang/TranslationTool.exe	upx

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/GetHWID/demo.v2.exe
unpack001/Tools/display_systemid.exe
unpack001/Tools/display_usbid.exe

Files

Nigger.rar
.rar
EULA.txt
Examples/C#/API/obsi_csharp_test.sln
Examples/C#/API/obsi_csharp_test/Program.cs
Examples/C#/API/obsi_csharp_test/Properties/AssemblyInfo.cs
Examples/C#/API/obsi_csharp_test/Properties/Settings.Designer.cs
Examples/C#/API/obsi_csharp_test/Properties/Settings.settings
Examples/C#/API/obsi_csharp_test/app.config
Examples/C#/API/obsi_csharp_test/obsi_csharp_demo.csproj
Examples/C#/Keygen/obsi_keygen.sln
Examples/C#/Keygen/obsi_keygen/Program.cs
Examples/C#/Keygen/obsi_keygen/Properties/AssemblyInfo.cs
Examples/C#/Keygen/obsi_keygen/app.config
Examples/C#/Keygen/obsi_keygen/obsi_keygen.csproj
Examples/C++ Builder 2009/display_systemid/display_systemid.cbproj
Examples/C++ Builder 2009/display_systemid/display_systemid.cpp
.js
Examples/C++ Builder 2009/display_systemid/mainfrm.cpp
Examples/C++ Builder 2009/display_systemid/mainfrm.dfm
Examples/C++ Builder 2009/display_systemid/mainfrm.h
Examples/C++ Builder 6/C++ Builder Examples.txt
Examples/C++ Builder 6/Keygen Sample/Main.cpp
.vbs
Examples/C++ Builder 6/Keygen Sample/Main.dfm
Examples/C++ Builder 6/Keygen Sample/Main.h
Examples/C++ Builder 6/Keygen Sample/keygen_sample.bpr
.xml
Examples/C++ Builder 6/Keygen Sample/keygen_sample.cpp
.js
Examples/C++ Builder 6/Keygen Sample/keygen_sample.res
Examples/C++ Builder 6/Sample Application/Main.cpp
Examples/C++ Builder 6/Sample Application/Main.dfm
Examples/C++ Builder 6/Sample Application/Main.h
Examples/C++ Builder 6/Sample Application/Sample.bpr
.xml
Examples/C++ Builder 6/Sample Application/Sample.cpp
.js
Examples/C++ Builder 6/Sample Application/Sample.res
Examples/C++ Builder 6/Short Keygen Sample/Main.cpp
Examples/C++ Builder 6/Short Keygen Sample/Main.dfm
Examples/C++ Builder 6/Short Keygen Sample/Main.h
Examples/C++ Builder 6/Short Keygen Sample/keygen_sample.bpr
.xml
Examples/C++ Builder 6/Short Keygen Sample/keygen_sample.cpp
.js
Examples/C++ Builder 6/Short Keygen Sample/keygen_sample.res
Examples/C++ Wrapper/Obsi.cpp
Examples/C++ Wrapper/Obsi.h
Examples/Delphi/Delphi Examples.txt
Examples/Delphi/Keygen Example/Project1.cfg
Examples/Delphi/Keygen Example/Project1.dof
Examples/Delphi/Keygen Example/Project1.dpr
Examples/Delphi/Keygen Example/Project1.res
Examples/Delphi/Keygen Example/Unit1.dfm
Examples/Delphi/Keygen Example/Unit1.pas
Examples/Delphi/Sample Application/Main.dfm
Examples/Delphi/Sample Application/Main.pas
Examples/Delphi/Sample Application/Sample.cfg
Examples/Delphi/Sample Application/Sample.dof
Examples/Delphi/Sample Application/Sample.dpr
Examples/Delphi/Sample Application/Sample.dproj
Examples/Delphi/Sample Application/Sample.res
Examples/ExeOutput for PHP/ExeOutput Obsidium Example/Source/activation.php
Examples/ExeOutput for PHP/ExeOutput Obsidium Example/Source/do_activation.php
Examples/ExeOutput for PHP/ExeOutput Obsidium Example/Source/index.php
.html
Examples/ExeOutput for PHP/ExeOutput Obsidium Example/obsi_test.exop
.zip
cmbrowsersettings.txt
cmprintsettings.txt
ctxmenu.txt
fields.xml
.xml
fileprop.xml
.xml
files.xml
.xml
language.xml
.xml
local\cmdlgabout.htm
.html
local\cmerrormsg.htm
.html
local\cmhepages.css
php.ini
phpdllext.xml
.xml
progressbarsettings.txt
script.xml
.xml
settings.xml
.xml
statbar.txt
ui.xml
.xml
uicomp\ctxmenu
uicomp\ctxmenu.bin
uicomp\ctxmenu.xml
.xml
uicomp\menubarMenubar1
uicomp\menubarMenubar1.bin
uicomp\menubarMenubar1.xml
.xml
uicomp\toolbarToolbar1
uicomp\toolbarToolbar1.bin
uicomp\toolbarToolbar1.xml
.xml
uicomp\trayicon
uicomp\trayicon.bin
uicomp\trayicon.xml
.xml
Examples/ExeOutput for PHP/Readme.txt
Examples/Nagscreen/res.rc
Examples/Nagscreen/res.res
Examples/Nagscreen/resource2.h
Examples/Nagscreen/sample_dialog_header.bmp
Examples/PureBasic/Example.pb
Examples/REALBasic/Example.rbp
Examples/REALBasic/Readme.txt
Examples/Sample Projects/readme.txt
Examples/Sample Projects/sample_long.opf
Examples/Sample Projects/sample_short.opf
Examples/Sample Projects/sample_short.opf.db
Examples/Visual Basic 6/Obsidium Sample/Form1.frm
.vbs
Examples/Visual Basic 6/Obsidium Sample/Project1.vbp
Examples/Visual Basic 6/Obsidium Sample/Project1.vbw
Examples/Visual C++/Obsidium Long Keygen/Obsidium Long Keygen.sln
Examples/Visual C++/Obsidium Long Keygen/Obsidium Long Keygen/Obsidium Long Keygen.cpp
Examples/Visual C++/Obsidium Long Keygen/Obsidium Long Keygen/Obsidium Long Keygen.h
Examples/Visual C++/Obsidium Long Keygen/Obsidium Long Keygen/Obsidium Long Keygen.rc
Examples/Visual C++/Obsidium Long Keygen/Obsidium Long Keygen/Obsidium Long Keygen.vcproj
.xml
Examples/Visual C++/Obsidium Long Keygen/Obsidium Long Keygen/Obsidium Long KeygenDlg.cpp
.vbs
Examples/Visual C++/Obsidium Long Keygen/Obsidium Long Keygen/Obsidium Long KeygenDlg.h
Examples/Visual C++/Obsidium Long Keygen/Obsidium Long Keygen/res/Obsidium Long Keygen.ico
Examples/Visual C++/Obsidium Long Keygen/Obsidium Long Keygen/res/ObsidiumLongKeygen.rc2
Examples/Visual C++/Obsidium Long Keygen/Obsidium Long Keygen/resource.h
Examples/Visual C++/Obsidium Long Keygen/Obsidium Long Keygen/stdafx.cpp
Examples/Visual C++/Obsidium Long Keygen/Obsidium Long Keygen/stdafx.h
Examples/Visual C++/Obsidium Short Keygen/Obsidium Short Keygen.cpp
Examples/Visual C++/Obsidium Short Keygen/Obsidium Short Keygen.dsp
Examples/Visual C++/Obsidium Short Keygen/Obsidium Short Keygen.dsw
Examples/Visual C++/Obsidium Short Keygen/Obsidium Short Keygen.h
Examples/Visual C++/Obsidium Short Keygen/Obsidium Short Keygen.rc
Examples/Visual C++/Obsidium Short Keygen/Obsidium Short Keygen.sln
Examples/Visual C++/Obsidium Short Keygen/Obsidium Short Keygen.vcproj
.xml
Examples/Visual C++/Obsidium Short Keygen/Obsidium Short KeygenDlg.cpp
Examples/Visual C++/Obsidium Short Keygen/Obsidium Short KeygenDlg.h
Examples/Visual C++/Obsidium Short Keygen/res/Obsidium Short Keygen.ico
Examples/Visual C++/Obsidium Short Keygen/res/Obsidium Short Keygen.manifest
.xml
Examples/Visual C++/Obsidium Short Keygen/res/Obsidium Short Keygen.rc2
Examples/Visual C++/Obsidium Short Keygen/resource.h
Examples/Visual C++/Obsidium Short Keygen/stdafx.cpp
Examples/Visual C++/Obsidium Short Keygen/stdafx.h
Examples/Visual C++/Sample Application/Sample Application.cpp
Examples/Visual C++/Sample Application/Sample Application.dsp
Examples/Visual C++/Sample Application/Sample Application.dsw
Examples/Visual C++/Sample Application/Sample Application.sln
Examples/Visual C++/Sample Application/Sample Application.vcproj
.xml
Examples/Visual C++/Sample Application/StdAfx.cpp
Examples/Visual C++/Sample Application/StdAfx.h
Examples/Visual C++/SystemID/Obsidium SystemID.cpp
Examples/Visual C++/SystemID/Obsidium SystemID.sln
Examples/Visual C++/SystemID/Obsidium SystemID.vcproj
.xml
Examples/Visual C++/SystemID/SystemID.dsp
Examples/Visual C++/SystemID/SystemID.dsw
Examples/Visual C++/SystemID/stdafx.cpp
Examples/Visual C++/SystemID/stdafx.h
Examples/Visual C++/VistaRegistryExample/VistaRegistryExample.sln
Examples/Visual C++/VistaRegistryExample/enter_license/enter_license.cpp
Examples/Visual C++/VistaRegistryExample/enter_license/enter_license.h
Examples/Visual C++/VistaRegistryExample/enter_license/enter_license.rc
Examples/Visual C++/VistaRegistryExample/enter_license/enter_license.vcproj
.xml
Examples/Visual C++/VistaRegistryExample/enter_license/enter_licenseDlg.cpp
Examples/Visual C++/VistaRegistryExample/enter_license/enter_licenseDlg.h
Examples/Visual C++/VistaRegistryExample/enter_license/res/enter_license.ico
Examples/Visual C++/VistaRegistryExample/enter_license/res/enter_license.rc2
Examples/Visual C++/VistaRegistryExample/enter_license/resource.h
Examples/Visual C++/VistaRegistryExample/enter_license/stdafx.cpp
Examples/Visual C++/VistaRegistryExample/enter_license/stdafx.h
Examples/Visual C++/VistaRegistryExample/enter_license/targetver.h
Examples/Visual C++/VistaRegistryExample/readme.txt
Examples/Visual C++/VistaRegistryExample/store_license/resource.h
Examples/Visual C++/VistaRegistryExample/store_license/small.ico
Examples/Visual C++/VistaRegistryExample/store_license/stdafx.cpp
Examples/Visual C++/VistaRegistryExample/store_license/stdafx.h
Examples/Visual C++/VistaRegistryExample/store_license/store_license.cpp
Examples/Visual C++/VistaRegistryExample/store_license/store_license.h
Examples/Visual C++/VistaRegistryExample/store_license/store_license.ico
Examples/Visual C++/VistaRegistryExample/store_license/store_license.rc
Examples/Visual C++/VistaRegistryExample/store_license/store_license.vcproj
.xml
Examples/Visual C++/VistaRegistryExample/store_license/targetver.h
Examples/Visual C++/Visual C++ Examples.txt
GetHWID/demo.v2.exe
.exe windows:4 windows x86 arch:x86

dde0e06bc09be499c9dd706db3827f7d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LCMapStringA
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
LoadLibraryA
GetProcAddress
GetCPInfo
WriteFile
RtlUnwind
GetFileType
GetStdHandle
GetCommandLineW
GetModuleHandleA
GetOEMCP
CreateThread
SetHandleCount
GetEnvironmentStringsW
GetACP
Sleep
HeapAlloc
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
HeapReAlloc
TerminateProcess
GetCurrentProcess
HeapSize
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
LCMapStringW

user32

LoadBitmapA
DialogBoxParamA
LoadIconA
GetWindowLongA
PtInRect
SendMessageA
MessageBoxA
GetDC
ReleaseDC
EndDialog
SetWindowLongA

gdi32

GetDIBits
SetDIBitsToDevice
GetObjectA

shell32

CommandLineToArgvW

comctl32

ord17

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 296KB - Virtual size: 293KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
GetHWID/gethwid.opf
GetHWID/gethwid.opf.bak
GetHWID/gethwid.opf.db
GetHWID/machinaID-eng.res
GetHWID/machinaID.res
NetLicensing/desktop.ini
NetLicensing/netlic.cert.private
NetLicensing/netlic.cert.public
Obsidium.chm
.chm
Obsidium.exe
.exe windows:4 windows x86 arch:x86

131cd0b952e60e8a74a68b0b91d4fba1

Code Sign

07:26:43:16:5a:ad:79:e2:a6:e8:50:f2:16:42:d2:70
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/10/2017, 00:00

Not After

28/10/2020, 12:00

Subject

CN=Martin Tofall,O=Martin Tofall,L=Bad Lippspringe,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c2:d8:58:ed:68:8d:2a:ab:60:ba:65:87:ac:01:72:d7:e9:81:7a:3d:78:6f:f9:0b:13:e7:ee:02:d4:3d:c4:fa
Signer

Actual PE Digest

c2:d8:58:ed:68:8d:2a:ab:60:ba:65:87:ac:01:72:d7:e9:81:7a:3d:78:6f:f9:0b:13:e7:ee:02:d4:3d:c4:fa

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA

user32

GetWindowTextW

advapi32

CryptReleaseContext

comctl32

ImageList_DrawIndirect

Sections

.bss
Size: - Virtual size: 22.1MB

IMAGE_SCN_MEM_READ

.CRT
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.9MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 102KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ReadME.txt
SDK/C#/API/Obsidium.cs
SDK/C#/Keygen/ObsidiumKeygen.cs
SDK/C/API/obsidium.def
SDK/C/API/obsidium.h
SDK/C/API/obsidium.lib
SDK/C/API/obsidium_compat.h
SDK/C/Keygen/keygen.def
SDK/C/Keygen/keygen.h
SDK/C/Keygen/keygen.lib
SDK/C/readme.txt
SDK/Delphi/API/obsidium.pas
SDK/Delphi/API/obsidium_enc_end.pas
SDK/Delphi/API/obsidium_enc_start.pas
SDK/Delphi/API/obsidium_lic_end.pas
SDK/Delphi/API/obsidium_lic_start.pas
SDK/Delphi/API/obsidium_vm_end.pas
SDK/Delphi/API/obsidium_vm_hw_end.pas
SDK/Delphi/API/obsidium_vm_hw_start.pas
SDK/Delphi/API/obsidium_vm_start.pas
SDK/Delphi/Keygen/keygen.pas
SDK/Linux/README
SDK/Linux/bin/centos-5.5/nph-keygen_get
.elf linux x86
SDK/Linux/bin/centos-5.5/nph-keygen_post
.elf linux x86
SDK/Linux/bin/freebsd-4.5/nph-keygen_get
.elf linux x86
SDK/Linux/bin/freebsd-4.5/nph-keygen_post
.elf linux x86
SDK/Linux/bin/gcc-4.8.4/nph-keygen_get
.elf linux x86
SDK/Linux/bin/gcc-4.8.4/nph-keygen_post
.elf linux x86
SDK/Linux/keygen_short.php
SDK/Linux/keygen_short_test.html
SDK/Linux/keyver_long.php
SDK/Linux/php/obsidium_keygen.inc.php
.js
SDK/Linux/php/test-generate.php
SDK/Linux/php/test-verify.php
SDK/PureBasic/obsidium.pbi
SDK/VB .NET/Obsidium.vb
.vbs
SDK/keygen.dll
.dll windows:5 windows x86 arch:x86

7b51a5cd0c6ca57ae6f5e5f4485121b2

Code Sign

07:26:43:16:5a:ad:79:e2:a6:e8:50:f2:16:42:d2:70
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/10/2017, 00:00

Not After

28/10/2020, 12:00

Subject

CN=Martin Tofall,O=Martin Tofall,L=Bad Lippspringe,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

65:64:91:70:7f:d2:36:07:c3:eb:7e:9f:f6:ae:ff:74:ad:c9:4a:86:b3:94:8e:03:ae:f0:1e:8f:c7:d2:dd:d2
Signer

Actual PE Digest

65:64:91:70:7f:d2:36:07:c3:eb:7e:9f:f6:ae:ff:74:ad:c9:4a:86:b3:94:8e:03:ae:f0:1e:8f:c7:d2:dd:d2

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA

user32

GetCursorPos

advapi32

RegQueryValueExW

ole32

StringFromGUID2

setupapi

SetupDiEnumDeviceInterfaces

comctl32

PropertySheet

shlwapi

StrCmpLogicalW

shell32

SHGetFolderPathW

Exports

Exports

CompareSystemIds
CompareSystemIdsW
ConvertLicenseLongToBin
ConvertLicenseLongToStr
GenerateAppCertificate
GenerateLicenseLong
GenerateLicenseLongW
GenerateLicenseShort
GenerateLicenseShortW
GenerateServerConfiguration
GenerateSignature
GenerateSignatureFromFile
GenerateSignatureFromFileW
GenerateSignatureW
GetLicenseHash
VerifyLicenseLong
VerifyLicenseLongW
VerifyLicenseShort
VerifyLicenseShortW
VerifySignature
VerifySignatureFromFile
VerifySignatureFromFileW
VerifySignatureW

Sections

.bss
Size: - Virtual size: 416KB

IMAGE_SCN_MEM_READ

CODE
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.shared
Size: 101KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
SDK/obsidium.dll
.dll windows:5 windows x86 arch:x86

Code Sign

07:26:43:16:5a:ad:79:e2:a6:e8:50:f2:16:42:d2:70
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/10/2017, 00:00

Not After

28/10/2020, 12:00

Subject

CN=Martin Tofall,O=Martin Tofall,L=Bad Lippspringe,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

17:38:ae:70:aa:8a:55:8b:1b:d6:87:d9:3f:d5:2f:20:3a:8e:d7:d3:27:4c:00:5e:cf:1b:8f:b4:b4:ef:ef:30
Signer

Actual PE Digest

17:38:ae:70:aa:8a:55:8b:1b:d6:87:d9:3f:d5:2f:20:3a:8e:d7:d3:27:4c:00:5e:cf:1b:8f:b4:b4:ef:ef:30

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

obsBlacklistLicenses
obsCallMark
obsConvertLicenseToBinary
obsConvertLicenseToString
obsDecTrialCounter
obsDeleteLicenseData
obsDeleteTrialData
obsDisableLicense
obsGetActiveLicensingSystem
obsGetCustomValue
obsGetExpirationDate
obsGetInitialTrialCounter
obsGetInitialTrialDays
obsGetInitialTrialRuns
obsGetInstanceCount
obsGetLicenseCreation
obsGetLicenseData
obsGetLicenseExpiration
obsGetLicenseHash
obsGetLicenseInfo
obsGetLicenseInfoEx
obsGetLicenseInfoExW
obsGetLicenseInfoW
obsGetLicenseStatus
obsGetLicenseSystemId
obsGetProtectionDate
obsGetSystemId
obsGetTrialCounter
obsGetTrialDays
obsGetTrialEndDate
obsGetTrialIdentifier
obsGetTrialRuns
obsIsLicensed
obsIsProtected
obsIsVm
obsNetLicConnect
obsNetLicDisconnect
obsNetLicGetAppCertId
obsNetLicGetAppCertName
obsNetLicGetAppCertUserData
obsNetLicRegisterCallback
obsReloadLicense
obsSecureString
obsSecureStringW
obsSetExternalKey
obsSetLicense
obsSetLicenseShort
obsSetLicenseShortW
obsSetLicenseW
obsStoreLicense
obsStoreLicenseShort
obsStoreLicenseShortW
obsStoreLicenseW
obsUsbDecrypt
obsUsbEncrypt
obsUsbEnumDevices
obsUsbExecute
obsUsbGetDeviceId
obsUsbGetLicenseDeviceId
obsUsbReadData
obsUsbRegisterCallback
obsUsbWriteData
obsVerifyLicense
obsVerifyLicenseShort
obsVerifySignatureData
obsVerifySignatureFile
obsVerifySignatureFileW

Sections

UPX0
Size: - Virtual size: 276KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 86KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Tools/ObsPatchDump.exe
.exe windows:6 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:00:f5:eb:e0:39:43
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

14/10/2007, 22:01

Not After

14/10/2022, 22:01

Subject

CN=StartCom Class 2 Primary Intermediate Object CA,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

13:3a:f0:15:f0:49:56
Certificate

Issuer

CN=StartCom Class 2 Primary Intermediate Object CA,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

15/10/2015, 03:03

Not After

14/10/2017, 23:23

Subject

CN=Martin Tofall,L=Bad Lippspringe,ST=Nordrhein-Westfalen,C=DE,1.2.840.113549.1.9.1=#0c13737570706f7274406f6273696469756d2e6465

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5e:23:1d:11:35:0c:ea:ef:f6:91:75:98:51:7b:5d:d9:58:ad:53:bd:16:92:1a:3d:46:44:55:23:a4:b0:3f:0c
Signer

Actual PE Digest

5e:23:1d:11:35:0c:ea:ef:f6:91:75:98:51:7b:5d:d9:58:ad:53:bd:16:92:1a:3d:46:44:55:23:a4:b0:3f:0c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 104KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Tools/display_systemid.exe
.exe windows:5 windows x86 arch:x86

d55b7836fa2f58069677782727311f8b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
HeapFree
RtlUnwind
Sleep
ExitProcess
RaiseException
HeapReAlloc
HeapSize
SetUnhandledExceptionFilter
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
GetStartupInfoW
VirtualAlloc
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetErrorMode
lstrlenA
GetCurrentProcess
FlushFileBuffers
SetFilePointer
WriteFile
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalFlags
WritePrivateProfileStringW
GetModuleHandleA
FormatMessageW
LocalFree
MulDiv
InterlockedDecrement
lstrlenW
GlobalFindAtomW
GetVersionExW
LoadLibraryW
CompareStringW
LoadLibraryA
GetVersionExA
GetCurrentProcessId
GetLastError
SetLastError
GlobalAddAtomW
CloseHandle
GlobalFree
FreeResource
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesW
GetModuleFileNameW
lstrcmpA
GetLocaleInfoW
LoadLibraryExW
WideCharToMultiByte
InterlockedExchange
lstrcmpW
FreeLibrary
GetModuleHandleW
GetProcAddress
GlobalUnlock
GlobalLock
GlobalAlloc
FindResourceW
LoadResource
LockResource
SizeofResource
IsDebuggerPresent
MultiByteToWideChar

user32

LoadCursorW
EndPaint
BeginPaint
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
ShowWindow
SetWindowTextW
IsDialogMessageW
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
UpdateWindow
GetMenuItemID
GetMenuItemCount
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
CopyRect
PtInRect
GetMenu
SetWindowLongW
SetWindowPos
SystemParametersInfoA
GetWindowPlacement
GetWindow
GetWindowThreadProcessId
GetLastActivePopup
MessageBoxW
SetCursor
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
IsWindowVisible
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
UnregisterClassW
GetSysColorBrush
RemovePropW
DestroyMenu
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
GetWindowRect
GetSubMenu
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetWindowLongW
GetDlgItem
IsWindowEnabled
GetParent
GetNextDlgTabItem
EndDialog
PostQuitMessage
PostMessageW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
SendMessageW
LoadIconW
EnableWindow

gdi32

RectVisible
DeleteDC
GetStockObject
PtVisible
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
CreateBitmap
DeleteObject
SetMapMode
RestoreDC
SaveDC
GetDeviceCaps
GetObjectW
SetBkColor
SetTextColor
GetClipBox
TextOutW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegQueryValueW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameW
PathFindExtensionW

oleaut32

VariantClear
VariantChangeType
VariantInit

obsidium

ord4

Sections

.text
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Tools/display_usbid.exe
.exe windows:5 windows x86 arch:x86

367f180397b8c39fe0cfa74157231863

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesExW
GetCommandLineW
RtlUnwind
ExitProcess
GetModuleHandleExW
HeapQueryInformation
IsDebuggerPresent
IsProcessorFeaturePresent
GetStdHandle
GetFileType
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsValidCodePage
GetOEMCP
GetCPInfo
GetTimeZoneInformation
OutputDebugStringW
LCMapStringW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
SetStdHandle
WriteConsoleW
SetEnvironmentVariableA
FileTimeToLocalFileTime
SetErrorMode
FileTimeToSystemTime
GetCurrentProcess
WriteFile
GetVolumeInformationW
GetFullPathNameW
FlushFileBuffers
FindFirstFileW
FindClose
CreateFileW
DeleteFileW
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
GlobalFlags
FormatMessageW
MulDiv
LocalFree
GlobalFindAtomW
GetSystemDirectoryW
LeaveCriticalSection
EnterCriticalSection
EncodePointer
GetCurrentProcessId
GlobalAddAtomW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
WaitForSingleObject
CloseHandle
GlobalFree
FreeResource
lstrcmpW
lstrcmpA
GlobalDeleteAtom
LoadLibraryExW
FreeLibrary
GetVersionExW
GetCurrentThreadId
GetCurrentThread
FindResourceW
LoadLibraryA
SizeofResource
LockResource
LoadResource
LoadLibraryW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
SetLastError
OutputDebugStringA
GetACP
WideCharToMultiByte
MultiByteToWideChar
DeleteCriticalSection
DecodePointer
HeapSize
GetLastError
RaiseException
InitializeCriticalSectionAndSpinCount
GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc
GlobalUnlock
GlobalLock
Sleep
GlobalAlloc

user32

GetClassNameW
GetClassLongW
SetWindowLongW
PtInRect
GetSysColor
MapWindowPoints
ScreenToClient
AdjustWindowRectEx
GetWindowTextW
RemovePropW
GetPropW
SetPropW
RedrawWindow
SetForegroundWindow
GetForegroundWindow
UpdateWindow
GetMenuItemCount
GetMenuItemID
SetMenu
GetMenu
GetCapture
SetFocus
GetDlgCtrlID
SetWindowPos
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
GetMessageTime
GetMessagePos
RegisterWindowMessageW
GetLastActivePopup
GetWindowThreadProcessId
MessageBoxW
SetCursor
CallNextHookEx
SetWindowsHookExW
GetCursorPos
ValidateRect
GetKeyState
IsWindowVisible
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
GetWindowRect
GetSubMenu
GetDesktopWindow
GetWindowLongW
SetActiveWindow
IsWindowEnabled
GetActiveWindow
GetNextDlgTabItem
GetDlgItem
EndDialog
CreateDialogIndirectParamW
DestroyWindow
PostQuitMessage
PostMessageW
CopyRect
ReleaseDC
GetDC
IsWindow
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
EnableWindow
SendMessageW
LoadIconW
CheckMenuItem
GetFocus
GetParent
SendDlgItemMessageA
UnregisterClassW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
DrawIcon
GetSystemMetrics
IsIconic
CharUpperW
DestroyMenu
InvalidateRect
RegisterDeviceNotificationW
GetClientRect
KillTimer
SetTimer
LoadCursorW
GetSysColorBrush
RealChildWindowFromPoint
ClientToScreen
EndPaint
BeginPaint
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
IsDialogMessageW
SetWindowTextW
ShowWindow
GetTopWindow
MonitorFromWindow
WinHelpW
UnhookWindowsHookEx
DefWindowProcW
GetWindow
GetMonitorInfoW

gdi32

Escape
GetClipBox
GetStockObject
PtVisible
RectVisible
RestoreDC
SaveDC
SelectObject
SetMapMode
DeleteObject
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
OffsetViewportOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
DeleteDC
GetDeviceCaps
GetObjectW
CreateBitmap
SetBkColor
SetTextColor

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegSetValueExW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW

shell32

ShellExecuteW

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameW
PathIsUNCW
PathStripToRootW
PathFindExtensionW

uxtheme

SetWindowTheme

ole32

CoInitialize
CoCreateGuid
CoUninitialize
CoTaskMemFree
CoCreateInstance

oleaut32

VariantChangeType
VariantClear
VariantInit
SysAllocString
SysFreeString

obsidium

ord38
ord35

oleacc

CreateStdAccessibleObject
LresultFromObject

Sections

.text
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Tools/readme.txt
lang/TranslationTool.exe
.exe windows:4 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:00:f5:eb:e0:39:43
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

14/10/2007, 22:01

Not After

14/10/2022, 22:01

Subject

CN=StartCom Class 2 Primary Intermediate Object CA,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

13:3a:f0:15:f0:49:56
Certificate

Issuer

CN=StartCom Class 2 Primary Intermediate Object CA,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

15/10/2015, 03:03

Not After

14/10/2017, 23:23

Subject

CN=Martin Tofall,L=Bad Lippspringe,ST=Nordrhein-Westfalen,C=DE,1.2.840.113549.1.9.1=#0c13737570706f7274406f6273696469756d2e6465

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ff:82:75:4e:e6:3a:d1:55:d4:b8:ee:f7:ef:f6:b4:6d:2e:3e:ef:5d:78:74:e3:4a:de:e1:d8:cc:17:c1:4d:05
Signer

Actual PE Digest

ff:82:75:4e:e6:3a:d1:55:d4:b8:ee:f7:ef:f6:b4:6d:2e:3e:ef:5d:78:74:e3:4a:de:e1:d8:cc:17:c1:4d:05

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 2.9MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 879KB - Virtual size: 880KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
lang/chinese.lng
lang/czech.lng
lang/dutch.lng
lang/english.lng
lang/german.lng
lang/indonesian.lng
lang/italian.lng
lang/russian.lng
lang/spanish.lng
msdia140.dll
.dll regsvr32 windows:6 windows x86 arch:x86

c667a4f5d244f2dd8585dfea306b77c5

Code Sign

33:00:00:00:d8:e4:75:f9:45:6f:48:f7:ae:00:00:00:00:00:d8
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/10/2017, 22:57

Not After

02/01/2019, 22:57

Subject

CN=Microsoft Time-Stamp Service,OU=AOC+OU=Thales TSS ESN:70DD-4B5B-4568,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:78:25:5a:b5:cd:23:c6:5f:95:00:01:00:00:01:78
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/08/2017, 20:11

Not After

11/08/2018, 20:11

Subject

CN=Microsoft Corporation,OU=AOC,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:c3:0e:9b:a7:d8:b2:dc:f7:2c:00:00:00:00:00:c3
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/08/2017, 20:20

Not After

11/08/2018, 20:20

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ac:71:00:8c:05:89:62:08:0f:a1:ef:10:5e:b4:9d:1e:09:3c:43:f4:18:6a:4f:01:f0:84:82:50:f9:76:de:c6
Signer

Actual PE Digest

ac:71:00:8c:05:89:62:08:0f:a1:ef:10:5e:b4:9d:1e:09:3c:43:f4:18:6a:4f:01:f0:84:82:50:f9:76:de:c6

Digest Algorithm

sha256

PE Digest Matches

true

ac:6f:4b:0e:ba:47:82:9c:df:fe:cf:8a:88:3e:bc:53:d4:95:50:fb
Signer

Actual PE Digest

ac:6f:4b:0e:ba:47:82:9c:df:fe:cf:8a:88:3e:bc:53:d4:95:50:fb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

msdia140.pdb

Imports

kernel32

SetLastError
FindResourceExW
LoadResource
LockResource
SizeofResource
MultiByteToWideChar
LoadLibraryExW
GetProcAddress
LocalAlloc
LocalFree
GetModuleFileNameW
GetLastError
GetSystemInfo
InitializeCriticalSection
DeleteCriticalSection
LCMapStringW
UnmapViewOfFile
CloseHandle
EnterCriticalSection
LeaveCriticalSection
CreateFileW
GetFileSize
CreateFileMappingW
MapViewOfFile
FileTimeToSystemTime
RaiseException
VirtualProtect
VirtualQuery
FreeLibrary
GetModuleHandleW
LoadLibraryExA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
InterlockedFlushSList
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetFullPathNameW
GetFullPathNameA
SetStdHandle
GetFileType
SetFilePointerEx
ReadFile
GetConsoleMode
ReadConsoleW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
WideCharToMultiByte
HeapFree
HeapAlloc
GetACP
GetStdHandle
GetStringTypeW
GetDriveTypeW
WriteFile
CompareStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
GetProcessHeap
FlushFileBuffers
GetConsoleCP
GetCurrentDirectoryW
HeapSize
HeapReAlloc
WriteConsoleW
SetEndOfFile
DecodePointer
GetFileAttributesW
SetFileAttributesW
VirtualAlloc
VirtualFree
DeleteFileW
DeviceIoControl
ExpandEnvironmentStringsW
GetFileSizeEx
MapViewOfFileEx
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
VSDllRegisterServer
VSDllUnregisterServer

Sections

.text
Size: 1018KB - Virtual size: 1018KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
obsi_cmd.exe
.exe windows:4 windows x86 arch:x86

d43f80c6d8f54797fc385b616fe17971

Code Sign

07:26:43:16:5a:ad:79:e2:a6:e8:50:f2:16:42:d2:70
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/10/2017, 00:00

Not After

28/10/2020, 12:00

Subject

CN=Martin Tofall,O=Martin Tofall,L=Bad Lippspringe,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:f2:63:3e:fa:6b:17:ea:85:d3:32:00:d4:ad:bd:06:0d:ee:e6:d3:b5:36:bc:f9:8a:dc:af:77:66:5c:46:49
Signer

Actual PE Digest

7b:f2:63:3e:fa:6b:17:ea:85:d3:32:00:d4:ad:bd:06:0d:ee:e6:d3:b5:36:bc:f9:8a:dc:af:77:66:5c:46:49

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA

user32

GetWindowLongA

advapi32

GetUserNameA

comctl32

PropertySheet

Sections

.bss
Size: - Virtual size: 11.7MB

IMAGE_SCN_MEM_READ

.CRT
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 509KB - Virtual size: 657KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 102KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

dde0e06bc09be499c9dd706db3827f7d

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comctl32

Sections

.text Size: 28KB - Virtual size: 24KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 12KB - Virtual size: 11KB

.rsrc Size: 296KB - Virtual size: 293KB

131cd0b952e60e8a74a68b0b91d4fba1

Code Sign

07:26:43:16:5a:ad:79:e2:a6:e8:50:f2:16:42:d2:70Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

c2:d8:58:ed:68:8d:2a:ab:60:ba:65:87:ac:01:72:d7:e9:81:7a:3d:78:6f:f9:0b:13:e7:ee:02:d4:3d:c4:faSigner

Headers

File Characteristics

Imports

kernel32

user32

advapi32

comctl32

Sections

.bss Size: - Virtual size: 22.1MB

.CRT Size: 512B - Virtual size: 4KB

.rsrc Size: 2.9MB - Virtual size: 5.0MB

.rdata Size: 512B - Virtual size: 4KB

.adata Size: 8KB - Virtual size: 8KB

.reloc Size: 102KB - Virtual size: 104KB

7b51a5cd0c6ca57ae6f5e5f4485121b2

Code Sign

07:26:43:16:5a:ad:79:e2:a6:e8:50:f2:16:42:d2:70Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

65:64:91:70:7f:d2:36:07:c3:eb:7e:9f:f6:ae:ff:74:ad:c9:4a:86:b3:94:8e:03:ae:f0:1e:8f:c7:d2:dd:d2Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

setupapi

comctl32

shlwapi

shell32

Exports

Exports

Sections

.bss Size: - Virtual size: 416KB

CODE Size: 1024B - Virtual size: 4KB

.text
Size: 28KB - Virtual size: 24KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 12KB - Virtual size: 11KB

.rsrc
Size: 296KB - Virtual size: 293KB

07:26:43:16:5a:ad:79:e2:a6:e8:50:f2:16:42:d2:70
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

c2:d8:58:ed:68:8d:2a:ab:60:ba:65:87:ac:01:72:d7:e9:81:7a:3d:78:6f:f9:0b:13:e7:ee:02:d4:3d:c4:fa
Signer

.bss
Size: - Virtual size: 22.1MB

.CRT
Size: 512B - Virtual size: 4KB

.rsrc
Size: 2.9MB - Virtual size: 5.0MB

.rdata
Size: 512B - Virtual size: 4KB

.adata
Size: 8KB - Virtual size: 8KB

.reloc
Size: 102KB - Virtual size: 104KB

07:26:43:16:5a:ad:79:e2:a6:e8:50:f2:16:42:d2:70
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

65:64:91:70:7f:d2:36:07:c3:eb:7e:9f:f6:ae:ff:74:ad:c9:4a:86:b3:94:8e:03:ae:f0:1e:8f:c7:d2:dd:d2
Signer

.bss
Size: - Virtual size: 416KB

CODE
Size: 1024B - Virtual size: 4KB

.text
Size: 512B - Virtual size: 4KB

.edata
Size: 1024B - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 8KB

.shared
Size: 101KB - Virtual size: 104KB

07:26:43:16:5a:ad:79:e2:a6:e8:50:f2:16:42:d2:70
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

17:38:ae:70:aa:8a:55:8b:1b:d6:87:d9:3f:d5:2f:20:3a:8e:d7:d3:27:4c:00:5e:cf:1b:8f:b4:b4:ef:ef:30
Signer

UPX0
Size: - Virtual size: 276KB

UPX1
Size: 86KB - Virtual size: 88KB

.rsrc
Size: 3KB - Virtual size: 4KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

10:00:f5:eb:e0:39:43
Certificate

13:3a:f0:15:f0:49:56
Certificate

5e:23:1d:11:35:0c:ea:ef:f6:91:75:98:51:7b:5d:d9:58:ad:53:bd:16:92:1a:3d:46:44:55:23:a4:b0:3f:0c
Signer

UPX0
Size: - Virtual size: 104KB

UPX1
Size: 64KB - Virtual size: 64KB

.rsrc
Size: 1KB - Virtual size: 4KB

.text
Size: 126KB - Virtual size: 126KB

.rdata
Size: 34KB - Virtual size: 33KB

.data
Size: 8KB - Virtual size: 23KB

.rsrc
Size: 92KB - Virtual size: 91KB