df7b7700a048f1e9f188d274222e1062_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

df7b7700a048f1e9f188d274222e1062_JaffaCakes118
Size

522KB
MD5

df7b7700a048f1e9f188d274222e1062
SHA1

a15f80b98e625b9ce9fed3075ad43bceef4619ff
SHA256

132c2c3bc6f49168eaa979605883ef9b12384fa8ab4a2aa40f74f16e2aa36b33
SHA512

a9f96ff4adb23000ea9b374b04e7b1874576f604c0567a18212cbc9add9b685779c8e92cefe8a7fc2e24c8733ccace90732e303ef24747f6539910d71e7a9470
SSDEEP

12288:7JmdRc2PHtdUYspHY0+E0mT6Aj+XhcBRT4113PrxzeBwaplSRoWDCWdY:7JwPrUeETHz6PtaBjplKldY

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/dlq/LieYan.dll
unpack001/dlq/lpk.dll
unpack001/dlq/烈焰裁决.exe

Files

df7b7700a048f1e9f188d274222e1062_JaffaCakes118
.rar
dlq/LieYan.dll
.dll windows:4 windows x86 arch:x86

a85bb87806456c483cbf109b8ac80c67

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

SetRectEmpty
SetRect

kernel32

WriteFile
SetEnvironmentVariableA
CompareStringW
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
GetCurrentThread
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
FatalAppExitA
HeapAlloc
UnhandledExceptionFilter
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
IsBadWritePtr
GetProcAddress
LoadLibraryA
RtlUnwind
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement
Sleep
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetTimeZoneInformation
GetLocaleInfoW
CompareStringA

Exports

Exports

GetResBounds

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 412KB - Virtual size: 410KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dlq/Logger.exe
.exe windows:4 windows x86 arch:x86

01393209f0d419af553017a6666f74c2

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

59:e4:e1:c9:4f:21:14:a8:0e:4d:13:ab:59:33:68:1a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/02/2013, 00:00

Not After

25/02/2015, 23:59

Subject

CN=广州微娱网络科技有限公司,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=研发部,O=广州微娱网络科技有限公司,L=guangzhou,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:b9:75:43:99:dc:b2:2d:33:75:5e:69:25:8c:eb:e4:04:1f:95:44
Signer

Actual PE Digest

61:b9:75:43:99:dc:b2:2d:33:75:5e:69:25:8c:eb:e4:04:1f:95:44

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileSize
ReadFile
MultiByteToWideChar
CloseHandle
WritePrivateProfileStringW
GetPrivateProfileStringW
CreateToolhelp32Snapshot
GetCurrentProcessId
Process32FirstW
Process32NextW
InterlockedExchange
MulDiv
GetTickCount
OutputDebugStringW
GetStartupInfoW
GetModuleHandleW
ResumeThread
CreateEventW
WaitForSingleObject
SetCriticalSectionSpinCount
GetTempPathW
GetTempFileNameW
WriteFile
SetEvent
DeleteFileW
OpenProcess
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
VirtualFreeEx
WideCharToMultiByte
LocalAlloc
LocalFree
FreeLibrary
LockResource
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
lstrcmpW
DebugBreak
lstrlenA
InterlockedIncrement
InterlockedDecrement
FindResourceW
SizeofResource
LoadResource
CreateThread
DeleteCriticalSection
HeapDestroy
InitializeCriticalSection
GetModuleFileNameW
lstrlenW
CreateMutexW
GetLastError
LoadLibraryW
GetProcAddress
ExitProcess
GetCurrentProcess
FlushInstructionCache
GetCurrentThreadId
EnterCriticalSection
CreateFileW
LeaveCriticalSection

user32

GetWindowThreadProcessId
FindWindowExW
SetWindowRgn
SetRect
RegisterClassExW
wsprintfW
LoadCursorW
GetClassInfoExW
GetMonitorInfoW
MonitorFromPoint
SetWindowLongW
CreateWindowExW
ShowWindow
SendMessageW
DefWindowProcW
DispatchMessageW
IsWindow
GetWindowRect
InvalidateRgn
GetWindowTextLengthW
GetWindowTextW
CreateAcceleratorTableW
GetDesktopWindow
GetFocus
EqualRect
SetWindowPos
GetWindow
CreateDialogIndirectParamW
IsWindowVisible
RedrawWindow
IsMenu
GetClassNameW
LoadAcceleratorsW
DestroyIcon
RegisterWindowMessageW
GetDlgItem
GetSubMenu
LoadMenuW
TranslateAcceleratorW
MapWindowPoints
SetParent
CopyRect
SetFocus
DrawTextW
IsZoomed
OffsetRect
SetForegroundWindow
TrackPopupMenuEx
ScreenToClient
SetCursor
UnregisterClassW
CharNextW
wvsprintfW
IsWindowEnabled
DrawEdge
GetSystemMetrics
InflateRect
DrawFocusRect
KillTimer
ClientToScreen
PtInRect
GetDlgCtrlID
GetParent
SetCapture
GetCapture
SystemParametersInfoW
GetMenu
AdjustWindowRectEx
TranslateMessage
GetMessageW
PeekMessageW
IsChild
GetCursorPos
CreatePopupMenu
AppendMenuW
TrackPopupMenu
DestroyWindow
PostQuitMessage
DestroyMenu
SetTimer
GetDoubleClickTime
DestroyAcceleratorTable
GetDC
ReleaseDC
MessageBoxW
EndPaint
InvalidateRect
UpdateWindow
MonitorFromWindow
BringWindowToTop
UpdateLayeredWindow
GetSysColor
PostMessageW
ReleaseCapture
BeginPaint
GetClientRect
FillRect
LoadIconW
SetWindowTextW
GetWindowLongW
LoadStringW
CallWindowProcW

gdi32

SetViewportOrgEx
CreateCompatibleBitmap
SetBkMode
CreateSolidBrush
GetDeviceCaps
CombineRgn
CreateRectRgn
OffsetRgn
CreateDIBSection
SetTextColor
CreateFontIndirectW
GetObjectW
GetStockObject
BitBlt
CreateCompatibleDC
SelectObject
DeleteDC
DeleteObject

advapi32

RegSetValueExW
RegOpenKeyW
RegQueryValueExW
RegCloseKey

shell32

SHGetSpecialFolderLocation
Shell_NotifyIconW
ShellExecuteW
SHGetPathFromIDListW

ole32

CoTaskMemAlloc
OleLockRunning
OleInitialize
OleUninitialize
CLSIDFromString
StringFromCLSID
CreateStreamOnHGlobal
CoInitialize
CoUninitialize
CLSIDFromProgID
CoCreateInstance
CoTaskMemFree

oleaut32

SysStringByteLen
SysAllocStringByteLen
SysAllocString
DispCallFunc
VariantClear
SysStringLen
LoadRegTypeLi
VariantInit
SysFreeString
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetLBound
GetErrorInfo
SetErrorInfo
VariantChangeType
CreateErrorInfo
SysAllocStringLen

olepro32

ord253

comctl32

InitCommonControlsEx
ImageList_Draw
ImageList_Create
ImageList_AddMasked
_TrackMouseEvent
ImageList_Destroy
ImageList_GetIconSize

msimg32

TransparentBlt

wininet

FindCloseUrlCache
FindNextUrlCacheEntryW
FindFirstUrlCacheEntryW
InternetCloseHandle
InternetConnectW
HttpQueryInfoW
HttpSendRequestW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetCrackUrlW
InternetOpenW
InternetReadFile

gdiplus

GdipDeleteGraphics
GdipFree
GdipDrawImagePointRectI
GdipCreateBitmapFromHBITMAP
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipGetImageWidth
GdipGetImageHeight
GdiplusShutdown
GdiplusStartup
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipSaveImageToFile
GdipCreateBitmapFromStream
GdipAlloc
GdipCloneImage
GdipCreateHBITMAPFromBitmap
GdipCloneBitmapAreaI
GdipDisposeImage
GdipDrawImageRectI

msvcp60

?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??_7runtime_error@std@@6B@
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1runtime_error@std@@UAE@XZ
??0runtime_error@std@@QAE@ABV01@@Z
?what@runtime_error@std@@UBEPBDXZ
?_Doraise@runtime_error@std@@MBEXXZ
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB

msvcrt

_purecall
realloc
memmove
free
memcmp
rand
srand
time
wcslen
iswdigit
memset
wcscpy
wcstok
pow
_ftol
_wcsicmp
??8type_info@@QBEHABV0@@Z
??2@YAPAXI@Z
__p___argc
__p___wargv
_wtoi
memcpy
wcscmp
__CxxFrameHandler
malloc
iswspace
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
??1type_info@@UAE@XZ
__wgetmainargs
wcsstr
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
_CxxThrowException
_except_handler3
?terminate@@YAXXZ
__dllonexit
_onexit
_exit
_XcptFilter
exit
_wcmdln

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

shlwapi

PathRemoveBackslashW
PathAppendW
PathFindFileNameW
PathGetArgsW
PathRemoveFileSpecW
PathRemoveExtensionW
PathRemoveArgsW
PathRenameExtensionW
PathFileExistsW

wintrust

WinVerifyTrust

crypt32

CertCloseStore
CryptMsgGetParam
CertFindCertificateInStore
CertFreeCertificateContext
CryptMsgClose

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
dlq/lpk.dll
.dll windows:5 windows x86 arch:x86

00c5fd00087020a0645079ce30f4148b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
GetProcAddress
RtlMoveMemory
LoadLibraryW
lstrcatW
GetSystemDirectoryW
FreeLibrary
lstrcpynA
LockResource
LoadResource
SizeofResource
FindResourceW
CreateProcessW
RtlZeroMemory
CloseHandle
WriteFile
CreateFileW
GetTempFileNameW
GetTempPathW
GetLastError
CreateMutexA
lstrcmpiW
GetModuleFileNameW
GetExitCodeProcess
TerminateProcess
WaitForSingleObject
GetCurrentThreadId
GetFileAttributesW
lstrcpyW
GetTickCount
GetLogicalDrives
FindNextFileW
SetFileAttributesW
CopyFileW
FindClose
FindFirstFileW
WaitForMultipleObjects
TerminateThread
ResumeThread
SetThreadPriority
CreateThread
SetEvent
CreateEventW
DisableThreadLibraryCalls

user32

wsprintfW

shell32

ord64
ord92

shlwapi

SHRegGetValueW
PathFindExtensionW
PathFindFileNameW
PathAppendW
PathRemoveFileSpecW
StrStrIW

Exports

Exports

LpkDllInitialize
LpkDrawTextEx
LpkEditControl
LpkExtTextOut
LpkGetCharacterPlacement
LpkGetTextExtentExPoint
LpkInitialize
LpkPSMTextOut
LpkTabbedTextOut
LpkUseGDIWidthCache
ftsWordBreak

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 494B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dlq/烈焰裁决.exe
.exe windows:4 windows x86 arch:x86

54e0079691529009a3561bd00e922670

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaFreeVar
_adj_fdiv_m64
_adj_fprem1
__vbaHresultCheckObj
_adj_fdiv_m32
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
_adj_fpatan
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarDup
_CIatan
_allmul
_CItan
_CIexp
__vbaFreeObj

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

uudhlrk
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a85bb87806456c483cbf109b8ac80c67

Headers

File Characteristics

Imports

user32

kernel32

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 35KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 16KB - Virtual size: 14KB

.rsrc Size: 412KB - Virtual size: 410KB

.reloc Size: 8KB - Virtual size: 4KB

01393209f0d419af553017a6666f74c2

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

59:e4:e1:c9:4f:21:14:a8:0e:4d:13:ab:59:33:68:1aCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

61:b9:75:43:99:dc:b2:2d:33:75:5e:69:25:8c:eb:e4:04:1f:95:44Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

olepro32

comctl32

msimg32

wininet

gdiplus

msvcp60

msvcrt

version

shlwapi

wintrust

crypt32

iphlpapi

Sections

.text Size: 96KB - Virtual size: 95KB

.rdata Size: 24KB - Virtual size: 21KB

.data Size: 8KB - Virtual size: 5KB

.rsrc Size: 4KB - Virtual size: 912B

00c5fd00087020a0645079ce30f4148b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

shlwapi

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: - Virtual size: 672B

.rsrc Size: 35KB - Virtual size: 34KB

.reloc Size: 512B - Virtual size: 494B

54e0079691529009a3561bd00e922670

Headers

File Characteristics

Imports

msvbvm60

.text
Size: 36KB - Virtual size: 35KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 16KB - Virtual size: 14KB

.rsrc
Size: 412KB - Virtual size: 410KB

.reloc
Size: 8KB - Virtual size: 4KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

59:e4:e1:c9:4f:21:14:a8:0e:4d:13:ab:59:33:68:1a
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

61:b9:75:43:99:dc:b2:2d:33:75:5e:69:25:8c:eb:e4:04:1f:95:44
Signer

.text
Size: 96KB - Virtual size: 95KB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 8KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 912B

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: - Virtual size: 672B

.rsrc
Size: 35KB - Virtual size: 34KB

.reloc
Size: 512B - Virtual size: 494B

.text
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 40KB - Virtual size: 40KB

uudhlrk
Size: - Virtual size: 4KB