f36e419888e099c875e6b0b77ec60e20497b91c2158323e644032a5976f582dc

Sharing

Copy URL

Twitter E-mail

General

Target

f36e419888e099c875e6b0b77ec60e20497b91c2158323e644032a5976f582dc
Size

608KB
MD5

b083029c2d2efe5439ed2ac41d8026e7
SHA1

335ce472243479e332c75d5bdf22252c3493568c
SHA256

f36e419888e099c875e6b0b77ec60e20497b91c2158323e644032a5976f582dc
SHA512

18dd8498a5b20782316c520647676d62eae4deb23bd5e6f39663ea9272f708c5b08b05ede25c65a3bf1efc6c0db01dc248f768e8eb7839eb200e6889000d2293
SSDEEP

12288:qq7z1tL/EQUobE6K2blPK9FkJYlgzaRs5+DEOn6rqGRGKz2nyY:L7TL/EQUz6K2blS9vsh+AO6rcz

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/Math.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/Kursists5/Klippeskrnternes/Udspinder2/Kladdebogs8/libbrotlidec.dll
unpack001/Kursists5/Klippeskrnternes/Udspinder2/Kladdebogs8/liboscar.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

f36e419888e099c875e6b0b77ec60e20497b91c2158323e644032a5976f582dc
.exe windows:4 windows x86 arch:x86

5f0c714c36e6cc016b3a1f4bc86559e4

Code Sign

45:00:4a:d3:08:68:56:8f
Certificate

Issuer

CN=HERACLEAN nonpayments UDLEVERES\ ,O=ALKALESCENT,L=Brousse,ST=Auvergne-Rhône-Alpes,C=FR

Not Before

12-07-2022 23:10

Not After

12-07-2023 23:10

Subject

CN=HERACLEAN nonpayments UDLEVERES\ ,O=ALKALESCENT,L=Brousse,ST=Auvergne-Rhône-Alpes,C=FR

f1:64:25:8c:09:b6:e2:7b:e2:0e:32:60:8e:4b:f4:a8
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

19-05-2021 05:42

Not After

18-05-2032 05:42

Subject

CN=Certum Timestamp 2021,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19-05-2021 05:32

Not After

18-05-2036 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31-05-2021 06:43

Not After

17-09-2029 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b0:89:c3:36:4d:81:6c:fb:6f:29:92:ec:b1:4b:43:96:11:d6:4c:bc:f6:75:f6:64:4f:d2:77:00:2d:88:02:d6
Signer

Actual PE Digest

b0:89:c3:36:4d:81:6c:fb:6f:29:92:ec:b1:4b:43:96:11:d6:4c:bc:f6:75:f6:64:4f:d2:77:00:2d:88:02:d6

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExA
RegEnumKeyA
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
SetFileSecurityA
RegOpenKeyExA
RegEnumValueA

shell32

SHGetFileInfoA
SHFileOperationA
SHGetPathFromIDListA
ShellExecuteExA
SHGetSpecialFolderLocation
SHBrowseForFolderA

ole32

IIDFromString
OleInitialize
OleUninitialize
CoCreateInstance
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

SetClipboardData
CharPrevA
CallWindowProcA
PeekMessageA
DispatchMessageA
MessageBoxIndirectA
GetDlgItemTextA
SetDlgItemTextA
GetSystemMetrics
CreatePopupMenu
AppendMenuA
TrackPopupMenu
FillRect
EmptyClipboard
LoadCursorA
GetMessagePos
CheckDlgButton
SetWindowPos
SetCursor
GetSysColor
SetClassLongA
GetWindowLongA
IsWindowEnabled
GetWindowRect
GetSystemMenu
EnableMenuItem
RegisterClassA
ScreenToClient
EndDialog
GetClassInfoA
SystemParametersInfoA
CreateWindowExA
ExitWindowsEx
DialogBoxParamA
CharNextA
SetTimer
DestroyWindow
CreateDialogParamA
SetForegroundWindow
SetWindowTextA
PostQuitMessage
SendMessageTimeoutA
ShowWindow
wsprintfA
GetDlgItem
FindWindowExA
IsWindow
GetDC
SetWindowLongA
LoadImageA
InvalidateRect
ReleaseDC
EnableWindow
BeginPaint
SendMessageA
DefWindowProcA
DrawTextA
GetClientRect
EndPaint
IsWindowVisible
CloseClipboard
OpenClipboard

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectA
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetProcAddress
GetSystemDirectoryA
WideCharToMultiByte
MoveFileExA
ReadFile
GetTempFileNameA
WriteFile
RemoveDirectoryA
CreateProcessA
CreateFileA
GetLastError
CreateThread
CreateDirectoryA
GlobalUnlock
GetDiskFreeSpaceA
GlobalLock
SetErrorMode
GetVersionExA
lstrcpynA
GetCommandLineA
GetTempPathA
lstrlenA
SetEnvironmentVariableA
ExitProcess
GetWindowsDirectoryA
GetCurrentProcess
GetModuleFileNameA
CopyFileA
GetTickCount
Sleep
GetFileSize
GetFileAttributesA
SetCurrentDirectoryA
SetFileAttributesA
GetFullPathNameA
GetShortPathNameA
MoveFileA
CompareFileTime
SetFileTime
SearchPathA
lstrcmpiA
lstrcmpA
CloseHandle
GlobalFree
GlobalAlloc
ExpandEnvironmentStringsA
LoadLibraryExA
FreeLibrary
lstrcpyA
lstrcatA
FindClose
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
SetFilePointer
GetModuleHandleA
FindNextFileA
FindFirstFileA
DeleteFileA
MulDiv

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 112KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Math.dll
.dll windows:4 windows x86 arch:x86

6a7dba1ca35af83a9a3593fbf002fb1e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapFree
lstrcmpA
lstrlenA
GlobalFree
lstrcatA
GlobalAlloc
lstrcpynA
MultiByteToWideChar
WideCharToMultiByte
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetCommandLineA
GetVersion
RaiseException
GetProcAddress
GetModuleHandleA
ExitProcess
TerminateProcess
GetCurrentProcess
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
lstrcpyA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetCPInfo
GetACP
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
GetLastError
SetFilePointer
HeapAlloc
VirtualAlloc
HeapReAlloc
LCMapStringA
GetStringTypeW
GetOEMCP
LoadLibraryA
GetStringTypeA
FlushFileBuffers
CloseHandle
LCMapStringW
SetStdHandle
RtlUnwind

Exports

Exports

Script

Sections

.text
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

8c8a576201f68de1a3f26fc723b9f30f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GlobalFree
GlobalSize
lstrcpynA
lstrcpyA
GetProcAddress
VirtualFree
FreeLibrary
lstrlenA
LoadLibraryA
GetModuleHandleA
GlobalAlloc
WideCharToMultiByte
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 654B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DAWSONITE/Storfyrstes1/WAMBLINGLY/forsyndelsers.Suk6
Evalueringscentret/Rumenotomy/Kofod/Tennissko.Usi4
Kursists5/Klippeskrnternes/Udspinder2/Kladdebogs8/hostpolicy.dll
.dll windows:6 windows x64 arch:x64

9d1e1eb9919cfae06de54f89d268ee67

Code Sign

33:00:00:02:13:8c:0c:1c:31:35:bc:d2:5f:00:00:00:00:02:13
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11-02-2021 20:09

Not After

10-02-2022 20:09

Subject

CN=.NET,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

19:cf:18:7e:63:60:0a:90:5c:e7:3d:4f:0e:30:ad:a5:57:8b:34:60:34:34:70:a0:04:09:09:7c:b7:dc:6f:99
Signer

Actual PE Digest

19:cf:18:7e:63:60:0a:90:5c:e7:3d:4f:0e:30:ad:a5:57:8b:34:60:34:34:70:a0:04:09:09:7c:b7:dc:6f:99

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\_work\1\s\artifacts\obj\win-x64.Release\corehost\hostpolicy\standalone\hostpolicy.pdb

Imports

kernel32

OutputDebugStringW
GetFileSizeEx
FindFirstFileExW
EnterCriticalSection
GetFullPathNameW
FindNextFileW
GetCurrentProcess
GetModuleHandleExW
GetModuleFileNameW
LeaveCriticalSection
InitializeCriticalSection
GetEnvironmentVariableW
GetTempPathW
FindClose
CreateFileW
GetCurrentProcessId
GetLastError
GetFileAttributesExW
LoadLibraryA
CloseHandle
GetCurrentDirectoryW
GetProcAddress
DeleteCriticalSection
GetModuleHandleW
WideCharToMultiByte
CreateFileMappingW
MapViewOfFile
IsWow64Process
LoadLibraryExW
UnmapViewOfFile
FreeLibrary
Sleep
RemoveDirectoryW
MultiByteToWideChar
CreateDirectoryW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
InterlockedFlushSList
RaiseException
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateEventW
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
LCMapStringEx
DecodePointer
EncodePointer
GetSystemTimeAsFileTime
GetCurrentThreadId
WaitForSingleObjectEx
GetExitCodeThread
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
TryEnterCriticalSection
GetStringTypeW
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
QueryPerformanceCounter

advapi32

RegOpenKeyExW
RegGetValueW
RegCloseKey

api-ms-win-crt-runtime-l1-1-0

_wcserror
_register_onexit_function
_execute_onexit_table
_crt_atexit
_initialize_narrow_environment
abort
_cexit
_errno
_initterm
_configure_narrow_argv
_initterm_e
_seh_filter_dll
_invalid_parameter_noinfo_noreturn
_initialize_onexit_table
_beginthreadex
terminate

api-ms-win-crt-string-l1-1-0

__strncnt
wcsnlen
strcpy_s
wcsncmp
_wcsnicmp
tolower
islower
_wcsdup
isupper
strcspn
_wcsicmp

api-ms-win-crt-heap-l1-1-0

free
calloc
realloc
_callnewh
malloc

api-ms-win-crt-stdio-l1-1-0

fgetc
__stdio_common_vsprintf_s
fclose
fwrite
__stdio_common_vswprintf
_wfopen
__acrt_iob_func
fflush
fgetpos
fputwc
fputws
ungetc
__stdio_common_vfwprintf
_wfsopen
fseek
fsetpos
fputc
fread
_fseeki64
_get_stream_buffer_pointers
setvbuf

api-ms-win-crt-locale-l1-1-0

___mb_cur_max_func
__pctype_func
_unlock_locales
_lock_locales
localeconv
___lc_locale_name_func
___lc_codepage_func
setlocale

api-ms-win-crt-math-l1-1-0

frexp
ceilf

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_wremove
_wrename
_lock_file

api-ms-win-crt-convert-l1-1-0

_wtoi
wcstoul

api-ms-win-crt-time-l1-1-0

wcsftime
_gmtime64_s
_time64

Exports

Exports

corehost_initialize
corehost_load
corehost_main
corehost_main_with_output_buffer
corehost_resolve_component_dependencies
corehost_set_error_writer
corehost_unload

Sections

.text
Size: 270KB - Virtual size: 270KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Kursists5/Klippeskrnternes/Udspinder2/Kladdebogs8/libbrotlidec.dll
.dll windows:4 windows x64 arch:x64

0f6da42265dd74d82d2b568ae7dca7b9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
GetLastError
InitializeCriticalSection
LeaveCriticalSection
Sleep
TlsGetValue
VirtualProtect
VirtualQuery

msvcrt

__iob_func
_amsg_exit
_initterm
_lock
_unlock
abort
calloc
free
fwrite
malloc
memcpy
memmove
memset
realloc
strlen
strncmp
vfprintf

libbrotlicommon

BrotliDefaultAllocFunc
BrotliDefaultFreeFunc
BrotliGetDictionary
BrotliGetTransforms
BrotliTransformDictionaryWord
_kBrotliContextLookupTable
_kBrotliPrefixCodeRanges

Exports

Exports

BrotliDecoderCreateInstance
BrotliDecoderDecompress
BrotliDecoderDecompressStream
BrotliDecoderDestroyInstance
BrotliDecoderErrorString
BrotliDecoderGetErrorCode
BrotliDecoderHasMoreOutput
BrotliDecoderIsFinished
BrotliDecoderIsUsed
BrotliDecoderSetParameter
BrotliDecoderTakeOutput
BrotliDecoderVersion

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 980B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 272B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 481B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Kursists5/Klippeskrnternes/Udspinder2/Kladdebogs8/liboscar.dll
.dll windows:4 windows x86 arch:x86

cff97981d7387bd56d0af71a6439cea5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

libglib-2.0-0

g_ascii_strcasecmp
g_ascii_strncasecmp
g_convert
g_convert_with_fallback
g_datalist_clear
g_datalist_id_get_data
g_direct_equal
g_direct_hash
g_error_free
g_fopen
g_free
g_get_charset
g_hash_table_destroy
g_hash_table_get_keys
g_hash_table_insert
g_hash_table_lookup
g_hash_table_lookup_extended
g_hash_table_new
g_hash_table_new_full
g_hash_table_remove
g_hash_table_replace
g_list_append
g_list_copy
g_list_free
g_list_nth_data
g_list_prepend
g_list_reverse
g_list_sort
g_malloc
g_malloc0
g_markup_escape_text
g_memdup
g_path_get_basename
g_quark_try_string
g_queue_free
g_queue_is_empty
g_queue_new
g_queue_peek_head
g_queue_pop_head
g_queue_push_tail
g_random_int
g_realloc
g_return_if_fail_warning
g_slist_append
g_slist_delete_link
g_slist_find_custom
g_slist_free
g_slist_prepend
g_slist_remove
g_slist_reverse
g_snprintf
g_str_equal
g_str_has_prefix
g_str_hash
g_strdelimit
g_strdup
g_strdup_printf
g_strescape
g_strfreev
g_string_append
g_string_append_len
g_string_append_printf
g_string_free
g_string_insert_c
g_string_new
g_string_new_len
g_string_overwrite_len
g_string_sized_new
g_string_truncate
g_strjoinv
g_strlcpy
g_strndup
g_strsplit
g_utf8_find_prev_char
g_utf8_normalize
g_utf8_strdown
g_utf8_validate
g_warn_message

intl

libintl_dgettext
libintl_dngettext

libpurple

_purple_network_set_common_socket_flags
purple_account_add_buddies
purple_account_get_active_status
purple_account_get_bool
purple_account_get_check_mail
purple_account_get_connection
purple_account_get_int
purple_account_get_presence
purple_account_get_protocol_id
purple_account_get_remember_password
purple_account_get_string
purple_account_get_user_info
purple_account_get_username
purple_account_is_connected
purple_account_is_status_active
purple_account_notify_added
purple_account_option_bool_new
purple_account_option_int_new
purple_account_option_list_new
purple_account_option_string_new
purple_account_remove_buddies
purple_account_request_authorization
purple_account_request_change_password
purple_account_request_change_user_info
purple_account_set_bool
purple_account_set_int
purple_account_set_password
purple_account_set_string
purple_accounts_find
purple_accounts_get_all
purple_base16_encode
purple_base64_decode
purple_base64_encode
purple_blist_add_buddy
purple_blist_add_group
purple_blist_alias_buddy
purple_blist_node_get_string
purple_blist_node_get_type
purple_blist_node_set_string
purple_blist_remove_buddy
purple_blist_request_add_buddy
purple_buddy_get_account
purple_buddy_get_alias_only
purple_buddy_get_group
purple_buddy_get_local_buddy_alias
purple_buddy_get_name
purple_buddy_get_presence
purple_buddy_icons_find_account_icon
purple_buddy_icons_get_account_icon_timestamp
purple_buddy_icons_get_checksum_for_user
purple_buddy_icons_set_for_user
purple_buddy_new
purple_cipher_context_append
purple_cipher_context_destroy
purple_cipher_context_digest
purple_cipher_context_new
purple_cipher_context_new_by_name
purple_cipher_context_set_key
purple_cipher_context_set_option
purple_ciphers_find_cipher
purple_circ_buffer_append
purple_circ_buffer_destroy
purple_circ_buffer_get_max_read
purple_circ_buffer_mark_read
purple_circ_buffer_new
purple_connection_error_reason
purple_connection_get_account
purple_connection_get_display_name
purple_connection_get_password
purple_connection_get_protocol_data
purple_connection_set_display_name
purple_connection_set_protocol_data
purple_connection_set_state
purple_connection_update_progress
purple_conv_chat_add_user
purple_conv_chat_get_id
purple_conv_chat_remove_user
purple_conv_present_error
purple_conv_send_confirm
purple_conversation_get_chat_data
purple_conversation_get_name
purple_conversation_new
purple_conversation_present
purple_conversation_write
purple_core_get_ui_info
purple_date_format_full
purple_date_format_short
purple_debug_error
purple_debug_info
purple_debug_is_verbose
purple_debug_misc
purple_debug_warning
purple_email_is_valid
purple_find_buddies
purple_find_buddy
purple_find_buddy_in_group
purple_find_chat
purple_find_conversation_with_account
purple_find_group
purple_get_core
purple_group_get_name
purple_group_new
purple_imgstore_add_with_id
purple_imgstore_find_by_id
purple_imgstore_get_data
purple_imgstore_get_filename
purple_imgstore_get_size
purple_imgstore_unref
purple_imgstore_unref_by_id
purple_input_add
purple_input_remove
purple_markup_escape_text
purple_markup_find_tag
purple_markup_linkify
purple_markup_strip_html
purple_menu_action_new
purple_network_get_my_ip
purple_network_get_port_from_fd
purple_network_ip_atoi
purple_network_listen_cancel
purple_network_listen_range
purple_normalize
purple_notify_emails
purple_notify_formatted
purple_notify_message
purple_notify_searchresults
purple_notify_searchresults_button_add
purple_notify_searchresults_column_add
purple_notify_searchresults_column_new
purple_notify_searchresults_new
purple_notify_searchresults_row_add
purple_notify_uri
purple_notify_user_info_add_pair
purple_notify_user_info_add_section_break
purple_notify_user_info_add_section_header
purple_notify_user_info_destroy
purple_notify_user_info_new
purple_notify_userinfo
purple_plugin_action_new
purple_plugin_get_id
purple_prefs_add_bool
purple_prefs_add_none
purple_prefs_connect_callback
purple_prefs_disconnect_by_handle
purple_prefs_get_string
purple_prefs_remove
purple_presence_get_active_status
purple_presence_get_idle_time
purple_presence_get_status
purple_presence_is_idle
purple_presence_is_online
purple_presence_is_status_primitive_active
purple_privacy_deny_add
purple_privacy_deny_remove
purple_privacy_permit_add
purple_privacy_permit_remove
purple_proxy_connect
purple_proxy_connect_cancel
purple_prpl_got_user_idle
purple_prpl_got_user_login_time
purple_prpl_got_user_status
purple_prpl_got_user_status_deactive
purple_request_action
purple_request_close_with_handle
purple_request_field_bool_get_value
purple_request_field_bool_new
purple_request_field_group_add_field
purple_request_field_group_new
purple_request_fields
purple_request_fields_add_group
purple_request_fields_get_field
purple_request_fields_new
purple_request_input
purple_signal_connect
purple_ssl_close
purple_ssl_connect
purple_ssl_connect_with_ssl_cn
purple_ssl_input_add
purple_ssl_is_supported
purple_ssl_read
purple_ssl_strerror
purple_ssl_write
purple_status_get_attr_string
purple_status_get_id
purple_status_get_name
purple_status_get_presence
purple_status_get_type
purple_status_is_active
purple_status_is_available
purple_status_is_independent
purple_status_type_get_primitive
purple_status_type_new_full
purple_status_type_new_with_attrs
purple_str_seconds_to_string
purple_str_size_to_units
purple_str_strip_char
purple_strcasestr
purple_strdup_withhtml
purple_strequal
purple_strreplace
purple_time_format
purple_timeout_add
purple_timeout_add_seconds
purple_timeout_remove
purple_unescape_text
purple_url_encode
purple_utf8_salvage
purple_utf8_strftime
purple_utf8_try_convert
purple_util_fetch_url_cancel
purple_util_fetch_url_request_data_len_with_account
purple_util_fetch_url_request_len_with_account
purple_value_new
purple_xfer_cancel_local
purple_xfer_cancel_remote
purple_xfer_get_bytes_remaining
purple_xfer_get_bytes_sent
purple_xfer_get_local_filename
purple_xfer_get_size
purple_xfer_get_status
purple_xfer_get_type
purple_xfer_is_completed
purple_xfer_new
purple_xfer_ref
purple_xfer_request
purple_xfer_request_accepted
purple_xfer_set_ack_fnc
purple_xfer_set_bytes_sent
purple_xfer_set_cancel_recv_fnc
purple_xfer_set_cancel_send_fnc
purple_xfer_set_completed
purple_xfer_set_end_fnc
purple_xfer_set_filename
purple_xfer_set_init_fnc
purple_xfer_set_message
purple_xfer_set_request_denied_fnc
purple_xfer_set_size
purple_xfer_start
purple_xfer_unref
serv_got_alias
serv_got_chat_in
serv_got_chat_invite
serv_got_chat_left
serv_got_im
serv_got_joined_chat
serv_got_typing
serv_got_typing_stopped
serv_join_chat
serv_set_info
wpurple_close
wpurple_gettimeofday
wpurple_read
wpurple_recv
wpurple_send
wpurple_strerror
xmlnode_free
xmlnode_from_str
xmlnode_get_child
xmlnode_get_data
xmlnode_get_data_unescaped

kernel32

DeleteCriticalSection
EnterCriticalSection
GetLastError
GetModuleHandleA
GetProcAddress
InitializeCriticalSection
LeaveCriticalSection
TlsGetValue
VirtualProtect
VirtualQuery

msvcrt

__dllonexit
__mb_cur_max
_errno
_iob
_isctype
_pctype
_snprintf
abort
atoi
atol
calloc
fclose
fflush
fread
free
fwrite
gmtime
localtime
malloc
memcmp
memcpy
mktime
rand
strchr
strncpy
strrchr
strstr
strtol
strtoul
time
toupper
vfprintf

ws2_32

accept

libssp-0

__stack_chk_fail
__stack_chk_guard

Exports

Exports

_nm____stack_chk_guard
admin_modfirst
aim__findmodule
aim__findmodulebygroup
aim__registermodule
aim__shutdownmodules
aim_admin_changepasswd
aim_admin_getinfo
aim_admin_reqconfirm
aim_admin_setemail
aim_admin_setnick
aim_auth_securid_send
aim_bart_request
aim_bart_upload
aim_bos_reqrights
aim_buddylist_reqrights
aim_cachecookie
aim_cachesnac
aim_callhandler
aim_chat_join
aim_chat_readroominfo
aim_chat_send_im
aim_chatnav_createroom
aim_chatnav_reqrights
aim_checkcookie
aim_cleansnacs
aim_cookie_free
aim_email_activate
aim_email_sendcookies
aim_genericreq_l
aim_genericreq_n
aim_genericreq_n_snacid
aim_icbm_makecookie
aim_icq_changepasswd
aim_icq_getalias
aim_icq_getallinfo
aim_icq_sendsms
aim_icq_setsecurity
aim_im_denytransfer
aim_im_reqofflinemsgs
aim_im_reqparams
aim_im_send_icq_confirmation
aim_im_sendch1_ext
aim_im_sendch2_cancel
aim_im_sendch2_chatinvite
aim_im_sendch2_connected
aim_im_sendch2_icon
aim_im_sendch2_odc_requestdirect
aim_im_sendch2_odc_requestproxy
aim_im_sendch2_sendfile_requestdirect
aim_im_sendch2_sendfile_requestproxy
aim_im_sendmtn
aim_im_setparams
aim_info_extract
aim_info_free
aim_initsnachash
aim_locate_finduserinfo
aim_locate_getcaps
aim_locate_getcaps_short
aim_locate_getinfoshort
aim_locate_reqrights
aim_locate_setcaps
aim_locate_setprofile
aim_mkcookie
aim_newsnac
aim_putsnac
aim_remsnac
aim_request_login
aim_search_address
aim_send_login
aim_sendmemblock
aim_srv_clientready
aim_srv_rates_addparam
aim_srv_reqpersonalinfo
aim_srv_reqrates
aim_srv_requestnew
aim_srv_set_dc_info
aim_srv_setextrainfo
aim_srv_setidle
aim_srv_setversions
aim_ssi_add_to_private_list
aim_ssi_addbuddy
aim_ssi_aliasbuddy
aim_ssi_cleanlist
aim_ssi_del_from_private_list
aim_ssi_delbuddy
aim_ssi_delgroup
aim_ssi_delicon
aim_ssi_editcomment
aim_ssi_enable
aim_ssi_getalias
aim_ssi_getcomment
aim_ssi_getdenyentrytype
aim_ssi_getpermdeny
aim_ssi_getpresence
aim_ssi_itemlist_exists
aim_ssi_itemlist_find
aim_ssi_itemlist_finditem
aim_ssi_itemlist_findparentname
aim_ssi_modbegin
aim_ssi_modend
aim_ssi_movebuddy
aim_ssi_rename_group
aim_ssi_reqdata
aim_ssi_reqrights
aim_ssi_sendauthreply
aim_ssi_sendauthrequest
aim_ssi_seticon
aim_ssi_setpermdeny
aim_ssi_setpresence
aim_ssi_waitingforauth
aim_tlv_get16
aim_tlv_get32
aim_tlv_get8
aim_tlv_getlength
aim_tlv_getstr
aim_tlv_gettlv
aim_tlv_getvalue_as_string
aim_tlvlist_add_16
aim_tlvlist_add_32
aim_tlvlist_add_8
aim_tlvlist_add_caps
aim_tlvlist_add_chatroom
aim_tlvlist_add_frozentlvlist
aim_tlvlist_add_noval
aim_tlvlist_add_raw
aim_tlvlist_add_str
aim_tlvlist_cmp
aim_tlvlist_copy
aim_tlvlist_count
aim_tlvlist_free
aim_tlvlist_read
aim_tlvlist_readlen
aim_tlvlist_readnum
aim_tlvlist_remove
aim_tlvlist_replace_32
aim_tlvlist_replace_8
aim_tlvlist_replace_noval
aim_tlvlist_replace_raw
aim_tlvlist_replace_str
aim_tlvlist_size
aim_tlvlist_write
aim_uncachecookie
aimutil_iconsum
auth_modfirst
bart_modfirst
bos_modfirst
buddylist_modfirst
byte_stream_advance
byte_stream_bytes_left
byte_stream_curpos
byte_stream_destroy
byte_stream_get16
byte_stream_get32
byte_stream_get8
byte_stream_getle16
byte_stream_getle32
byte_stream_getle8
byte_stream_getraw
byte_stream_getrawbuf
byte_stream_getstr
byte_stream_init
byte_stream_new
byte_stream_put16
byte_stream_put32
byte_stream_put8
byte_stream_put_bart_asset
byte_stream_put_bart_asset_str
byte_stream_putbs
byte_stream_putcaps
byte_stream_putle16
byte_stream_putle32
byte_stream_putle8
byte_stream_putraw
byte_stream_putstr
byte_stream_putuid
byte_stream_rewind
byte_stream_setpos
chat_modfirst
chatnav_modfirst
create_visibility_menu_item
email_modfirst
flap_connection_close
flap_connection_destroy
flap_connection_destroy_chat
flap_connection_findbygroup
flap_connection_getbytype
flap_connection_getbytype_all
flap_connection_new
flap_connection_recv_cb
flap_connection_recv_cb_ssl
flap_connection_schedule_destroy
flap_connection_send
flap_connection_send_keepalive
flap_connection_send_snac
flap_connection_send_snac_with_priority
flap_connection_send_version
flap_connection_send_version_with_cookie
flap_connection_send_version_with_cookie_and_clientinfo
flap_frame_new
icq_get_custom_icon_data
icq_get_custom_icon_description
icq_get_purple_moods
icq_im_xstatus_request
icq_modfirst
icq_relay_xstatus
locate_modfirst
misc_modfirst
msg_modfirst
oscar_actions
oscar_add_buddy
oscar_add_deny
oscar_add_permit
oscar_alias_buddy
oscar_auth_recvrequest
oscar_auth_sendrequest
oscar_auth_sendrequest_menu
oscar_blist_node_menu
oscar_can_receive_file
oscar_change_passwd
oscar_chat_destroy
oscar_chat_info
oscar_chat_info_defaults
oscar_chat_invite
oscar_chat_leave
oscar_close
oscar_connect_to_bos
oscar_convo_closed
oscar_data_addhandler
oscar_data_destroy
oscar_data_new
oscar_decode_im
oscar_encode_im
oscar_encoding_to_utf8
oscar_format_buddies
oscar_free_name_data
oscar_get_chat_name
oscar_get_clientstring
oscar_get_info
oscar_get_locale_charset
oscar_get_msgerr_reason
oscar_get_purple_moods
oscar_get_ui_info_int
oscar_get_ui_info_string
oscar_init
oscar_join_chat
oscar_keepalive
oscar_list_emblem
oscar_list_icon_aim
oscar_list_icon_icq
oscar_login
oscar_move_buddy
oscar_new_xfer
oscar_normalize
oscar_offline_message
oscar_rem_deny
oscar_rem_permit
oscar_remove_buddy
oscar_remove_group
oscar_rename_group
oscar_send_chat
oscar_send_file
oscar_send_im
oscar_send_typing
oscar_set_aim_permdeny
oscar_set_icon
oscar_set_idle
oscar_set_info
oscar_set_status
oscar_show_invisible_list
oscar_show_visible_list
oscar_status_text
oscar_status_types
oscar_tooltip_text
oscar_user_info_append_extra_info
oscar_user_info_append_status
oscar_user_info_display_aim
oscar_user_info_display_error
oscar_user_info_display_icq
oscar_utf8_try_convert
oscar_util_format_string
oscar_util_name_compare
oscar_util_valid_name
oscar_util_valid_name_icq
oscar_util_valid_name_sms
peer_connection_destroy
peer_connection_finalize_connection
peer_connection_find_by_cookie
peer_connection_find_by_type
peer_connection_got_proposition
peer_connection_listen_cb
peer_connection_new
peer_connection_propose
peer_connection_recv_cb
peer_connection_schedule_destroy
peer_connection_send
peer_connection_trynext
peer_odc_close
peer_odc_recv_frame
peer_odc_send_cookie
peer_odc_send_im
peer_odc_send_typing
peer_oft_cb_generic_cancel
peer_oft_checksum_destroy
peer_oft_close
peer_oft_recv_frame
peer_oft_recvcb_ack_recv
peer_oft_recvcb_end
peer_oft_recvcb_init
peer_oft_send_prompt
peer_oft_sendcb_ack
peer_oft_sendcb_init
peer_proxy_connection_established_cb
popups_modfirst
search_modfirst
send_client_login
send_kerberos_login
service_modfirst
ssi_modfirst
stats_modfirst

Sections

.text
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 836B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
battery-level-100-charged-symbolic.symbolic.png
.png

Sharing

General

Malware Config

Signatures

Files

5f0c714c36e6cc016b3a1f4bc86559e4

Code Sign

45:00:4a:d3:08:68:56:8fCertificate

f1:64:25:8c:09:b6:e2:7b:e2:0e:32:60:8e:4b:f4:a8Certificate

Extended Key Usages

Key Usages

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87Certificate

Extended Key Usages

Key Usages

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27Certificate

Key Usages

b0:89:c3:36:4d:81:6c:fb:6f:29:92:ec:b1:4b:43:96:11:d6:4c:bc:f6:75:f6:64:4f:d2:77:00:2d:88:02:d6Signer

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shell32

ole32

comctl32

user32

gdi32

kernel32

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 3.6MB

.ndata Size: - Virtual size: 112KB

.rsrc Size: 88KB - Virtual size: 87KB

6a7dba1ca35af83a9a3593fbf002fb1e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 46KB - Virtual size: 45KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 40KB

.reloc Size: 3KB - Virtual size: 2KB

8c8a576201f68de1a3f26fc723b9f30f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 1024B - Virtual size: 867B

.data Size: 512B - Virtual size: 104B

.reloc Size: 1024B - Virtual size: 654B

9d1e1eb9919cfae06de54f89d268ee67

Code Sign

33:00:00:02:13:8c:0c:1c:31:35:bc:d2:5f:00:00:00:00:02:13Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

19:cf:18:7e:63:60:0a:90:5c:e7:3d:4f:0e:30:ad:a5:57:8b:34:60:34:34:70:a0:04:09:09:7c:b7:dc:6f:99Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

45:00:4a:d3:08:68:56:8f
Certificate

f1:64:25:8c:09:b6:e2:7b:e2:0e:32:60:8e:4b:f4:a8
Certificate

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

b0:89:c3:36:4d:81:6c:fb:6f:29:92:ec:b1:4b:43:96:11:d6:4c:bc:f6:75:f6:64:4f:d2:77:00:2d:88:02:d6
Signer

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 3.6MB

.ndata
Size: - Virtual size: 112KB

.rsrc
Size: 88KB - Virtual size: 87KB

.text
Size: 46KB - Virtual size: 45KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 40KB

.reloc
Size: 3KB - Virtual size: 2KB

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 1024B - Virtual size: 867B

.data
Size: 512B - Virtual size: 104B

.reloc
Size: 1024B - Virtual size: 654B

33:00:00:02:13:8c:0c:1c:31:35:bc:d2:5f:00:00:00:00:02:13
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

19:cf:18:7e:63:60:0a:90:5c:e7:3d:4f:0e:30:ad:a5:57:8b:34:60:34:34:70:a0:04:09:09:7c:b7:dc:6f:99
Signer

.text
Size: 270KB - Virtual size: 270KB

.rdata
Size: 82KB - Virtual size: 81KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 12KB - Virtual size: 12KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 33KB - Virtual size: 33KB

.data
Size: 512B - Virtual size: 112B

.rdata
Size: 9KB - Virtual size: 8KB

.pdata
Size: 1024B - Virtual size: 1008B

.xdata
Size: 1024B - Virtual size: 980B

.bss
Size: - Virtual size: 272B

.edata
Size: 512B - Virtual size: 481B

.idata
Size: 1KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 88B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 512B - Virtual size: 96B

.text
Size: 180KB - Virtual size: 179KB

.data
Size: 1024B - Virtual size: 836B

.rdata
Size: 46KB - Virtual size: 46KB

/4
Size: 27KB - Virtual size: 27KB

.bss
Size: - Virtual size: 2KB

.edata
Size: 10KB - Virtual size: 9KB

.idata
Size: 14KB - Virtual size: 14KB

.CRT
Size: 512B - Virtual size: 24B

.tls
Size: 512B - Virtual size: 32B

.reloc
Size: 8KB - Virtual size: 8KB