f555906807d31e4e8a44a0f0eff4b37a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f555906807d31e4e8a44a0f0eff4b37a_JaffaCakes118
Size

12.9MB
MD5

f555906807d31e4e8a44a0f0eff4b37a
SHA1

1b7c7a0206f8a8d3a61123bdd94b5a9df15174a3
SHA256

cd71e213d3d334215aa7b56199b62189bf1b64a75c04ea17dc2a7d0469c0aab6
SHA512

2e6247507e0e12b8361513b622586cfe0f24934e24ef5dfca3de65ca86a9e981cb67c63f57cc6a752c1efd787a904944aa991deaee9a0cf987d039dd65a88aad
SSDEEP

393216:AeXNTRTNxUk+rKBkavK5QY8PKxtKq+qLIueH97C2ViSdJ:BNTNNOtMGiqLIueHBVi8J

Score

3^/10

Malware Config

Signatures

Unsigned PE 17 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/INetC.dll
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/Caliburn.Micro.Platform.Core.dll
unpack001/Caliburn.Micro.Platform.dll
unpack001/Caliburn.Micro.dll
unpack001/GongSolutions.WPF.DragDrop.dll
unpack001/HandBrake.Interop.dll
unpack001/HandBrake.exe
unpack001/de/HandBrake.resources.dll
unpack001/es/HandBrake.resources.dll
unpack001/fr/HandBrake.resources.dll
unpack001/hb.dll
unpack001/ko/HandBrake.resources.dll
unpack001/ru/HandBrake.resources.dll
unpack001/tr/HandBrake.resources.dll
unpack001/zh/HandBrake.resources.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

f555906807d31e4e8a44a0f0eff4b37a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3abe302b6d9a1256e6a915429af4ffd2

Code Sign

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

08/03/2016, 13:10

Not After

30/05/2027, 13:10

Subject

CN=Certum EV TSA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29/10/2015, 11:30

Not After

09/06/2027, 11:30

Subject

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:24:03:fd:3b:1f:11:14:ab:95:cd:fd:7e:3c:4a:55
Certificate

Issuer

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

18/09/2019, 06:32

Not After

17/09/2020, 06:32

Subject

CN=Open Source Developer\, Scott Rae,O=Open Source Developer,L=Livingstone,C=GB,1.2.840.113549.1.9.1=#0c13737235352e6862406f75746c6f6f6b2e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5e:9a:33:cd:3e:e0:2f:d5:27:39:b3:ef:ba:4e:b8:99:ef:2b:f1:74
Signer

Actual PE Digest

5e:9a:33:cd:3e:e0:2f:d5:27:39:b3:ef:ba:4e:b8:99:ef:2b:f1:74

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetEnvironmentVariableA
Sleep
GetTickCount
GetCommandLineA
lstrlenA
GetVersion
SetErrorMode
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GetWindowsDirectoryA
SetCurrentDirectoryA
GetLastError
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
ReadFile
WriteFile
lstrcpyA
MoveFileExA
lstrcatA
GetSystemDirectoryA
GetProcAddress
GetExitCodeProcess
WaitForSingleObject
CompareFileTime
SetFileAttributesA
GetFileAttributesA
GetShortPathNameA
MoveFileA
GetFullPathNameA
SetFileTime
SearchPathA
CloseHandle
lstrcmpiA
CreateThread
GlobalLock
lstrcmpA
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
GetPrivateProfileStringA
FindClose
MultiByteToWideChar
FreeLibrary
MulDiv
WritePrivateProfileStringA
LoadLibraryExA
GetModuleHandleA
GlobalAlloc
GlobalFree
ExpandEnvironmentStringsA

user32

ScreenToClient
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
PostQuitMessage
GetWindowRect
EnableMenuItem
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndDialog
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
GetDC
CreateDialogParamA
SetTimer
GetDlgItem
SetWindowLongA
SetForegroundWindow
LoadImageA
IsWindow
SendMessageTimeoutA
FindWindowExA
OpenClipboard
TrackPopupMenu
AppendMenuA
EndPaint
DestroyWindow
wsprintfA
ShowWindow
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
ShellExecuteExA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
SHFileOperationA

advapi32

AdjustTokenPrivileges
RegCreateKeyExA
RegOpenKeyExA
SetFileSecurityA
OpenProcessToken
LookupPrivilegeValueA
RegEnumValueA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/INetC.dll
.dll windows:4 windows x86 arch:x86

8e4c63f70f7cc6490634d743e795c93e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateThread
CreateThread
LocalAlloc
lstrcpyA
WaitForSingleObject
MulDiv
ReadFile
GetModuleHandleA
SleepEx
lstrcatA
GetTickCount
CreateFileA
GetFileSize
DeleteFileA
lstrcmpA
lstrcmpiA
SetFilePointer
WriteFile
GetProcAddress
CloseHandle
lstrlenA
LoadLibraryA
lstrcpynA
LocalFree
GlobalAlloc
GlobalFree
GetLastError
WideCharToMultiByte

user32

LoadIconA
SystemParametersInfoA
GetWindowLongA
GetParent
MessageBoxA
DispatchMessageA
SetWindowLongA
KillTimer
PostMessageA
IsWindow
GetWindowTextA
ShowWindow
SendDlgItemMessageA
TranslateMessage
IsDialogMessageA
CreateDialogParamA
SetDlgItemTextA
GetWindowRect
SetWindowPos
SetTimer
SendMessageA
RedrawWindow
GetClientRect
EnableWindow
FindWindowExA
UpdateWindow
GetMessageA
GetDlgItem
wsprintfA
DestroyWindow
SetWindowTextA
IsWindowVisible

comctl32

ord17

wininet

InternetSetOptionA
InternetQueryOptionA
FtpCreateDirectoryA
InternetConnectA
InternetWriteFile
FtpOpenFileA
InternetSetFilePointer
HttpEndRequestA
HttpAddRequestHeadersA
HttpSendRequestA
InternetGetLastResponseInfoA
InternetOpenA
InternetCrackUrlA
HttpOpenRequestA
HttpSendRequestExA
InternetCloseHandle
InternetReadFile
HttpQueryInfoA
InternetErrorDlg

Exports

Exports

get
head
post
put

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

610235b90207a63ccf481f0d4375d329

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetPrivateProfileIntA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileStringA
SetCurrentDirectoryA
GetModuleHandleA
lstrcmpiA
WritePrivateProfileStringA
lstrcatA
lstrcpynA
GlobalFree
lstrlenA
lstrcpyA
GlobalUnlock
GlobalAlloc
GlobalLock

user32

MapWindowPoints
PtInRect
CloseClipboard
LoadCursorA
GetDlgCtrlID
OpenClipboard
GetClientRect
SetWindowRgn
DrawFocusRect
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
DrawTextA
SetCursor
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
CallWindowProcA
PostMessageA
MessageBoxA
GetSysColor
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetWindowLongA
EnableMenuItem
GetSystemMenu
GetClipboardData
LoadIconA

gdi32

DeleteObject
CombineRgn
SetTextColor
GetDIBits
SelectObject
CreateRectRgn
GetObjectA
CreateCompatibleDC

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA
SHGetDesktopFolder

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

8c8a576201f68de1a3f26fc723b9f30f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GlobalFree
GlobalSize
lstrcpynA
lstrcpyA
GetProcAddress
VirtualFree
FreeLibrary
lstrlenA
LoadLibraryA
GetModuleHandleA
GlobalAlloc
WideCharToMultiByte
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
Caliburn.Micro.Platform.Core.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Dev\GitHub\Caliburn.Micro\obj\portable-core\Release\Caliburn.Micro.Platform.Core.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Caliburn.Micro.Platform.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Dev\GitHub\Caliburn.Micro\obj\net45\Release\Caliburn.Micro.Platform.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Caliburn.Micro.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Dev\GitHub\Caliburn.Micro\obj\portable\Release\Caliburn.Micro.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GongSolutions.WPF.DragDrop.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\projects\gong-wpf-dragdrop\src\GongSolutions.WPF.DragDrop\obj\Release\net47\GongSolutions.WPF.DragDrop.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GongSolutions.WPF.DragDrop.pdb
HandBrake.Interop.dll
.dll windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\TeamCity\buildAgent\work\f59d4bfd6460bac1\win\CS\HandBrake.Interop\obj\x64\Release\HandBrake.Interop.pdb

Sections

.text
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
HandBrake.Interop.dll.config
.xml
HandBrake.Interop.pdb
HandBrake.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\TeamCity\buildAgent\work\f59d4bfd6460bac1\win\CS\HandBrakeWPF\obj\x64\Release\HandBrake.pdb

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 121KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
HandBrake.exe.config
.xml
HandBrake.pdb
Newtonsoft.Json.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:b0:41:8d:a5:1e:14:8c:33:1b:bc:de:b7:13:83:23
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/04/2018, 12:41

Not After

27/04/2028, 12:41

Subject

CN=.NET Foundation Projects Code Signing CA,O=.NET Foundation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:71:a1:b0:c2:96:f5:c7:90:65:47:0a:3c:20:53:7e
Certificate

Issuer

CN=.NET Foundation Projects Code Signing CA,O=.NET Foundation,C=US

Not Before

25/10/2018, 00:00

Not After

29/10/2021, 12:00

Subject

SERIALNUMBER=603 389 068,CN=Json.NET (.NET Foundation),O=Json.NET (.NET Foundation),L=Redmond,ST=wa,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/01/2017, 00:00

Not After

18/01/2028, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a7:cc:fe:41:40:99:65:07:53:c6:c7:f4:1c:e3:22:5f:f1:9e:7a:db:83:aa:c0:1c:bd:9b:44:a1:54:ff:58:a1
Signer

Actual PE Digest

a7:cc:fe:41:40:99:65:07:53:c6:c7:f4:1c:e3:22:5f:f1:9e:7a:db:83:aa:c0:1c:bd:9b:44:a1:54:ff:58:a1

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

/_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 649KB - Virtual size: 649KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Ookii.Dialogs.Wpf.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17/05/2005, 00:00

Not After

16/05/2010, 23:59

Subject

CN=Comodo Time Stamping Signer,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

a8:00:c0:d4:41:5d:1f:88:b0:ec:8a:df:1a:b9:b5:af
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

04/09/2008, 00:00

Not After

04/09/2009, 23:59

Subject

CN=Sven Groot,O=Sven Groot,POSTALCODE=3328 CS,STREET=Zwaluwenburg 81,L=Dordrecht,ST=Zuid-Holland,C=NL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2d:ce:bf:bb:bf:fa:10:a0:ec:b2:d9:ad:12:86:f0:51:3d:7a:f5:80
Signer

Actual PE Digest

2d:ce:bf:bb:bf:fa:10:a0:ec:b2:d9:ad:12:86:f0:51:3d:7a:f5:80

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\Sven\Documents\Visual Studio 2008\Projects\Ookii.Dialogs\Ookii.Dialogs.Wpf\obj\Release\Ookii.Dialogs.Wpf.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
System.Windows.Interactivity.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:00:9d:1e:8d:27:ae:b8:f3:d8:38:00:01:00:00:00:9d
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/09/2012, 21:42

Not After

04/03/2013, 21:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:02:8e:42:00:00:00:00:00:1f
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

09/01/2012, 22:25

Not After

09/04/2013, 22:25

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:08:e2:79:fa:0d:25:58:45:ea:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/07/2012, 00:14

Not After

07/10/2013, 00:14

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3e:ee:d8:f6:58:e3:82:0a:29:a6:0d:4d:da:4f:ed:6b:c4:34:50:1b:a8:8c:42:82:1a:79:91:a0:3a:90:87:f2
Signer

Actual PE Digest

3e:ee:d8:f6:58:e3:82:0a:29:a6:0d:4d:da:4f:ed:6b:c4:34:50:1b:a8:8c:42:82:1a:79:91:a0:3a:90:87:f2

Digest Algorithm

sha256

PE Digest Matches

true

12:e5:b0:a2:ba:03:46:7f:56:92:05:89:ed:0e:65:b2:33:e9:07:1f
Signer

Actual PE Digest

12:e5:b0:a2:ba:03:46:7f:56:92:05:89:ed:0e:65:b2:33:e9:07:1f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\ExprUpdate2\Blend\SDK\BlendWPFSDK\Build\Intermediate\Release\Libraries\System.Windows.Interactivity\System.Windows.Interactivity.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
de/HandBrake.resources.dll
.dll windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.text
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
doc/COPYING
es/HandBrake.resources.dll
.dll windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.text
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
fr/HandBrake.resources.dll
.dll windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.text
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
hb.dll
.dll windows:4 windows x64 arch:x64

04604cf3498fc6a40f7aaec685f2a2b1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
RegCloseKey
RegEnumKeyExW
RegEnumValueW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW

bcrypt

BCryptCloseAlgorithmProvider
BCryptGenRandom
BCryptOpenAlgorithmProvider

kernel32

AcquireSRWLockExclusive
AddVectoredExceptionHandler
CloseHandle
CreateDirectoryW
CreateEventA
CreateEventW
CreateFileMappingA
CreateFileW
CreateMutexA
CreateSemaphoreA
CreateSemaphoreW
CreateThread
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
FindClose
FindFirstFileW
FindNextFileW
FormatMessageA
FormatMessageW
FreeLibrary
GetACP
GetConsoleMode
GetConsoleOutputCP
GetConsoleScreenBufferInfo
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetFileAttributesA
GetFileAttributesW
GetFileSize
GetHandleInformation
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExA
GetModuleHandleExW
GetModuleHandleW
GetNumaHighestNodeNumber
GetNumaNodeProcessorMaskEx
GetProcAddress
GetProcessAffinityMask
GetStdHandle
GetSystemDirectoryA
GetSystemDirectoryW
GetSystemInfo
GetSystemTimeAsFileTime
GetTempPathA
GetThreadContext
GetThreadPriority
GetTickCount
GetTimeZoneInformation
GetWindowsDirectoryW
InitOnceBeginInitialize
InitOnceComplete
InitializeConditionVariable
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeSRWLock
IsDBCSLeadByteEx
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadLibraryExW
LoadLibraryW
MapViewOfFile
MoveFileExA
MoveFileExW
MultiByteToWideChar
OpenProcess
OutputDebugStringA
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadFile
ReleaseMutex
ReleaseSRWLockExclusive
ReleaseSemaphore
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
SetConsoleTextAttribute
SetDllDirectoryW
SetErrorMode
SetEvent
SetLastError
SetProcessAffinityMask
SetThreadAffinityMask
SetThreadContext
SetThreadGroupAffinity
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SleepConditionVariableCS
SleepConditionVariableSRW
SuspendThread
SwitchToThread
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
WaitNamedPipeW
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteConsoleW

msvcrt

__C_specific_handler
___lc_codepage_func
___mb_cur_max_func
__doserrno
__iob_func
__pioinfo
__setusermatherr
_access
_aligned_free
_aligned_malloc
_aligned_realloc
_amsg_exit
_beginthreadex
_endthreadex
_errno
_exit
_filelengthi64
_fileno
_findclose
_findfirst64
_findnext64
_fstat64
_ftime64
_fullpath
_get_osfhandle
_gmtime64
_hypot
_initterm
_localtime64
_lock
_lseeki64
_mkdir
_mktime64
_pipe
_rmdir
_setjmp
_snprintf
_snwprintf
_sopen
_stat64
_stricmp
_strnicmp
_time64
_ultoa
_unlink
_unlock
_vsnprintf
_waccess
_wfindfirst64
_wfindnext64
_wfopen
_wfopen_s
_wfullpath
_wmkdir
_wopen
_wremove
_wrename
_write
_wrmdir
_wsopen
_wstat64
_wunlink
abort
acos
asctime
asin
atan
atof
atoi
bsearch
calloc
clock
cosh
exit
fclose
feof
ferror
fflush
fgetc
fgetpos
fgets
fgetws
fopen
fprintf
fputc
fputs
fread
free
frexp
fseek
fsetpos
ftell
fwprintf
fwrite
getc
getenv
isalnum
isalpha
iscntrl
isgraph
islower
isprint
ispunct
isspace
isupper
isxdigit
localeconv
log10
longjmp
malloc
mbstowcs
memchr
memcmp
memcpy
memmove
memset
perror
printf
putc
putchar
puts
qsort
raise
rand
realloc
rewind
setlocale
setvbuf
signal
sinh
sprintf
srand
sscanf
strcat
strchr
strcmp
strcpy
strcspn
strerror
strftime
strlen
strncat
strncmp
strncpy
strpbrk
strrchr
strspn
strstr
strtok
strtok_s
strtol
strtoul
swscanf_s
tan
tanh
tolower
toupper
ungetc
vfprintf
wcscat
wcschr
wcscpy
wcscspn
wcslen
wcsrchr
wcsstr
wcstombs
_time64
_write
_unlink
_strdup
_setmode
_rmdir
_read
_open
_lseek
_isatty
_getpid
_getcwd
_fileno
_fdopen
_dup
_close

ole32

CoTaskMemFree

shell32

SHGetFolderPathW
SHGetKnownFolderPath

user32

GetDesktopWindow
MessageBoxW

ws2_32

WSACleanup
WSAGetLastError
WSASetLastError
WSAStartup
__WSAFDIsSet
bind
closesocket
connect
gethostbyaddr
gethostbyname
getservbyname
getservbyport
getsockname
getsockopt
htonl
htons
inet_addr
inet_ntoa
ioctlsocket
listen
ntohs
recv
select
send
socket

Exports

Exports

ABR_iteration_loop
ALL_POWERSCHEMES_GUID
APIAudioFunc
APIFunc
ARRAYID_PathProperties
ATHformula
AddMD5
AddVbrFrame
AnalyzeSamples
BHID_AssociationArray
BHID_DataObject
BHID_EnumAssocHandlers
BHID_EnumItems
BHID_Filter
BHID_LinkTargetItem
BHID_PropertyStore
BHID_RandomAccessStream
BHID_SFObject
BHID_SFUIObject
BHID_SFViewObject
BHID_Storage
BHID_StorageEnum
BHID_Stream
BHID_ThumbnailHandler
BHID_Transfer
BZ2_blockSort
BZ2_bsInitWrite
BZ2_bzBuffToBuffCompress
BZ2_bzBuffToBuffDecompress
BZ2_bzCompress
BZ2_bzCompressEnd
BZ2_bzCompressInit
BZ2_bzDecompress
BZ2_bzDecompressEnd
BZ2_bzDecompressInit
BZ2_bzRead
BZ2_bzReadClose
BZ2_bzReadGetUnused
BZ2_bzReadOpen
BZ2_bzWrite
BZ2_bzWriteClose
BZ2_bzWriteClose64
BZ2_bzWriteOpen
BZ2_bz__AssertH__fail
BZ2_bzclose
BZ2_bzdopen
BZ2_bzerror
BZ2_bzflush
BZ2_bzlibVersion
BZ2_bzopen
BZ2_bzread
BZ2_bzwrite
BZ2_compressBlock
BZ2_crc32Table
BZ2_decompress
BZ2_hbAssignCodes
BZ2_hbCreateDecodeTables
BZ2_hbMakeCodeLengths
BZ2_indexIntoF
BZ2_rNums
BitrateIndex
CATID_BrowsableShellExt
CATID_BrowseInPlace
CATID_CommBand
CATID_DeskBand
CATID_InfoBand
CATID_InternetAware
CATID_IsShortcut
CATID_LocationFactory
CATID_LocationProvider
CATID_NeverShowExt
CATID_PersistsToFile
CATID_PersistsToMemory
CATID_PersistsToMoniker
CATID_RequiresDataPathHost
CATID_SafeForInitializing
CATID_SafeForScripting
CATID_SearchableApplication
CBR_iteration_loop
CGID_DefView
CGID_Explorer
CGID_ExplorerBarDoc
CGID_MENUDESKBAR
CGID_ShellDocView
CGID_ShellServiceObject
CGID_ShortCut
CLSID_ACLCustomMRU
CLSID_ACLHistory
CLSID_ACLMRU
CLSID_ACLMulti
CLSID_ACListISF
CLSID_AccPropServices
CLSID_AccessibilityDockingService
CLSID_ActiveDesktop
CLSID_AllClasses
CLSID_AlphabeticalCategorizer
CLSID_AppShellVerbHandler
CLSID_AppStartupLink
CLSID_AppVisibility
CLSID_ApplicationActivationManager
CLSID_ApplicationAssociationRegistration
CLSID_ApplicationAssociationRegistrationUI
CLSID_ApplicationDesignModeSettings
CLSID_ApplicationDestinations
CLSID_ApplicationDocumentLists
CLSID_AttachmentServices
CLSID_AutoComplete
CLSID_CAnchorBrowsePropertyPage
CLSID_CColorPropPage
CLSID_CDBurn
CLSID_CDocBrowsePropertyPage
CLSID_CFSIconOverlayManager
CLSID_CFontPropPage
CLSID_CImageBrowsePropertyPage
CLSID_CPicturePropPage
CLSID_CScriptErrorList
CLSID_CURLSearchHook
CLSID_CUrlHistory
CLSID_ControlPanel
CLSID_ConvertVBX
CLSID_CurrentUserClasses
CLSID_D2D12DAffineTransform
CLSID_D2D13DPerspectiveTransform
CLSID_D2D13DTransform
CLSID_D2D1ArithmeticComposite
CLSID_D2D1Atlas
CLSID_D2D1BitmapSource
CLSID_D2D1Blend
CLSID_D2D1Border
CLSID_D2D1Brightness
CLSID_D2D1ColorManagement
CLSID_D2D1ColorMatrix
CLSID_D2D1Composite
CLSID_D2D1ConvolveMatrix
CLSID_D2D1Crop
CLSID_D2D1DirectionalBlur
CLSID_D2D1DiscreteTransfer
CLSID_D2D1DisplacementMap
CLSID_D2D1DistantDiffuse
CLSID_D2D1DistantSpecular
CLSID_D2D1DpiCompensation
CLSID_D2D1Flood
CLSID_D2D1GammaTransfer
CLSID_D2D1GaussianBlur
CLSID_D2D1Histogram
CLSID_D2D1HueRotation
CLSID_D2D1LinearTransfer
CLSID_D2D1LuminanceToAlpha
CLSID_D2D1Morphology
CLSID_D2D1OpacityMetadata
CLSID_D2D1PointDiffuse
CLSID_D2D1PointSpecular
CLSID_D2D1Premultiply
CLSID_D2D1Saturation
CLSID_D2D1Scale
CLSID_D2D1Shadow
CLSID_D2D1SpotDiffuse
CLSID_D2D1SpotSpecular
CLSID_D2D1TableTransfer
CLSID_D2D1Tile
CLSID_D2D1Turbulence
CLSID_D2D1UnPremultiply
CLSID_DarwinAppPublisher
CLSID_DefFolderMenu
CLSID_DesktopGadget
CLSID_DesktopWallpaper
CLSID_DestinationList
CLSID_DocHostUIHandler
CLSID_DocPropShellExtension
CLSID_DragDropHelper
CLSID_DriveSizeCategorizer
CLSID_DriveTypeCategorizer
CLSID_EnumerableObjectCollection
CLSID_ExecuteFolder
CLSID_ExecuteUnknown
CLSID_ExplorerBrowser
CLSID_FSCopyHandler
CLSID_FileOpenDialog
CLSID_FileOperation
CLSID_FileSaveDialog
CLSID_FileSearchBand
CLSID_FileTypes
CLSID_FolderItem
CLSID_FolderItemsMultiLevel
CLSID_FolderShortcut
CLSID_FolderViewHost
CLSID_FrameworkInputPane
CLSID_FreeSpaceCategorizer
CLSID_GlobalOptions
CLSID_HWShellExecute
CLSID_HomeGroup
CLSID_IENamespaceTreeControl
CLSID_ISFBand
CLSID_IdentityUnmarshal
CLSID_ImageProperties
CLSID_ImageRecompress
CLSID_InMemoryPropertyStore
CLSID_InProcFreeMarshaler
CLSID_Internet
CLSID_InternetButtons
CLSID_InternetExplorer
CLSID_InternetPrintOrdering
CLSID_InternetSecurityManager
CLSID_InternetShortcut
CLSID_InternetZoneManager
CLSID_KnownFolderManager
CLSID_LinkColumnProvider
CLSID_LocalMachineClasses
CLSID_MSOButtons
CLSID_MailRecipient
CLSID_MenuBand
CLSID_MenuBandSite
CLSID_MenuToolbarBase
CLSID_MergedCategorizer
CLSID_MyComputer
CLSID_MyDocuments
CLSID_NamespaceTreeControl
CLSID_NamespaceWalker
CLSID_NetworkConnections
CLSID_NetworkDomain
CLSID_NetworkExplorerFolder
CLSID_NetworkPlaces
CLSID_NetworkServer
CLSID_NetworkShare
CLSID_NewMenu
CLSID_OpenControlPanel
CLSID_PSBindCtx
CLSID_PSClassObject
CLSID_PSClientSite
CLSID_PSDragDrop
CLSID_PSEnumerators
CLSID_PSGenObject
CLSID_PSInPlaceActive
CLSID_PSInPlaceFrame
CLSID_PackageDebugSettings
CLSID_PersistPropset
CLSID_Picture_Dib
CLSID_Picture_EnhMetafile
CLSID_Picture_Metafile
CLSID_PlaybackManager
CLSID_PreviousVersions
CLSID_Printers
CLSID_ProgressDialog
CLSID_PropertiesUI
CLSID_PropertySystem
CLSID_PublishDropTarget
CLSID_PublishingWizard
CLSID_QueryAssociations
CLSID_QueryCancelAutoPlay
CLSID_QuickLinks
CLSID_RecycleBin
CLSID_ScheduledTasks
CLSID_SearchAssistantOC
CLSID_SearchFolderItemFactory
CLSID_SharingConfigurationManager
CLSID_Shell
CLSID_ShellBrowserWindow
CLSID_ShellDesktop
CLSID_ShellDispatchInproc
CLSID_ShellFSFolder
CLSID_ShellFldSetExt
CLSID_ShellFolderItem
CLSID_ShellFolderView
CLSID_ShellFolderViewOC
CLSID_ShellItem
CLSID_ShellLibrary
CLSID_ShellLink
CLSID_ShellLinkObject
CLSID_ShellNameSpace
CLSID_ShellSearchAssistantOC
CLSID_ShellShellNameSpace
CLSID_ShellUIHelper
CLSID_ShellWindows
CLSID_SizeCategorizer
CLSID_StartMenuPin
CLSID_StaticDib
CLSID_StaticMetafile
CLSID_StdFont
CLSID_StdGlobalInterfaceTable
CLSID_StdHlink
CLSID_StdHlinkBrowseContext
CLSID_StdMarshal
CLSID_StdPicture
CLSID_StdURLProtocol
CLSID_TaskbarList
CLSID_TimeCategorizer
CLSID_ToolbarExtButtons
CLSID_TrayBandSiteService
CLSID_TrayDeskBand
CLSID_UserNotification
CLSID_WebBrowser
CLSID_WebBrowser_V1
CLSID_WebWizardHost
CPFG_CREDENTIAL_PROVIDER_LABEL
CPFG_CREDENTIAL_PROVIDER_LOGO
CPFG_LOGON_PASSWORD
CPFG_LOGON_USERNAME
CPFG_SMARTCARD_PIN
CPFG_SMARTCARD_USERNAME
CRC_writeheader
DIID_DShellFolderViewEvents
DIID_DShellNameSpaceEvents
DIID_DShellWindowsEvents
DIID_DWebBrowserEvents
DIID_DWebBrowserEvents2
DIID__SearchAssistantEvents
DRM_INTEL_DRIVER_NAME
DVDClose
DVDCloseFile
DVDDiscID
DVDFileSeek
DVDFileSeekForce
DVDFileSize
DVDFileStat
DVDISOVolumeInfo
DVDOpen
DVDOpenFile
DVDOpenStream
DVDReadBlocks
DVDReadBytes
DVDUDFCacheLevel
DVDUDFVolumeInfo
EP_AdvQueryPane
EP_Commands
EP_Commands_Organize
EP_Commands_View
EP_DetailsPane
EP_NavPane
EP_PreviewPane
EP_QueryPane
EP_Ribbon
EP_StatusBar
EndMD5
ExitMP3
FLAGID_Internet
FMTID_Briefcase
FMTID_CustomImageProperties
FMTID_DRM
FMTID_Displaced
FMTID_DocSummaryInformation
FMTID_ImageProperties
FMTID_InternetSite
FMTID_Intshcut
FMTID_LibraryProperties
FMTID_MUSIC
FMTID_Misc
FMTID_Query
FMTID_ShellDetails
FMTID_Storage
FMTID_SummaryInformation
FMTID_UserDefinedProperties
FMTID_Volume
FMTID_WebView
FOLDERID_AccountPictures
FOLDERID_AddNewPrograms
FOLDERID_AdminTools
FOLDERID_AppUpdates
FOLDERID_ApplicationShortcuts
FOLDERID_AppsFolder
FOLDERID_CDBurning
FOLDERID_ChangeRemovePrograms
FOLDERID_CommonAdminTools
FOLDERID_CommonOEMLinks
FOLDERID_CommonPrograms
FOLDERID_CommonStartMenu
FOLDERID_CommonStartup
FOLDERID_CommonTemplates
FOLDERID_ComputerFolder
FOLDERID_ConflictFolder
FOLDERID_ConnectionsFolder
FOLDERID_Contacts
FOLDERID_ControlPanelFolder
FOLDERID_Cookies
FOLDERID_Desktop
FOLDERID_DeviceMetadataStore
FOLDERID_Documents
FOLDERID_DocumentsLibrary
FOLDERID_Downloads
FOLDERID_Favorites
FOLDERID_Fonts
FOLDERID_GameTasks
FOLDERID_Games
FOLDERID_History
FOLDERID_HomeGroup
FOLDERID_HomeGroupCurrentUser
FOLDERID_ImplicitAppShortcuts
FOLDERID_InternetCache
FOLDERID_InternetFolder
FOLDERID_Libraries
FOLDERID_Links
FOLDERID_LocalAppData
FOLDERID_LocalAppDataLow
FOLDERID_LocalizedResourcesDir
FOLDERID_Music
FOLDERID_MusicLibrary
FOLDERID_NetHood
FOLDERID_NetworkFolder
FOLDERID_OriginalImages
FOLDERID_PhotoAlbums
FOLDERID_Pictures
FOLDERID_PicturesLibrary
FOLDERID_Playlists
FOLDERID_PrintHood
FOLDERID_PrintersFolder
FOLDERID_Profile
FOLDERID_ProgramData
FOLDERID_ProgramFiles
FOLDERID_ProgramFilesCommon
FOLDERID_ProgramFilesCommonX64
FOLDERID_ProgramFilesCommonX86
FOLDERID_ProgramFilesX64
FOLDERID_ProgramFilesX86
FOLDERID_Programs
FOLDERID_Public
FOLDERID_PublicDesktop
FOLDERID_PublicDocuments
FOLDERID_PublicDownloads
FOLDERID_PublicGameTasks
FOLDERID_PublicLibraries
FOLDERID_PublicMusic
FOLDERID_PublicPictures
FOLDERID_PublicRingtones
FOLDERID_PublicUserTiles
FOLDERID_PublicVideos
FOLDERID_QuickLaunch
FOLDERID_Recent
FOLDERID_RecordedTVLibrary
FOLDERID_RecycleBinFolder
FOLDERID_ResourceDir
FOLDERID_Ringtones
FOLDERID_RoamedTileImages
FOLDERID_RoamingAppData
FOLDERID_RoamingTiles
FOLDERID_SEARCH_CSC
FOLDERID_SEARCH_MAPI
FOLDERID_SampleMusic
FOLDERID_SamplePictures
FOLDERID_SamplePlaylists
FOLDERID_SampleVideos
FOLDERID_SavedGames
FOLDERID_SavedSearches
FOLDERID_Screenshots
FOLDERID_SearchHome
FOLDERID_SendTo
FOLDERID_SidebarDefaultParts
FOLDERID_SidebarParts
FOLDERID_StartMenu
FOLDERID_Startup
FOLDERID_SyncManagerFolder
FOLDERID_SyncResultsFolder
FOLDERID_SyncSetupFolder
FOLDERID_System
FOLDERID_SystemX86
FOLDERID_Templates
FOLDERID_UserPinned
FOLDERID_UserProfiles
FOLDERID_UserProgramFiles
FOLDERID_UserProgramFilesCommon
FOLDERID_UsersFiles
FOLDERID_UsersLibraries
FOLDERID_Videos
FOLDERID_VideosLibrary
FOLDERID_Windows
FOLDERTYPEID_AccountPictures
FOLDERTYPEID_Communications
FOLDERTYPEID_CompressedFolder
FOLDERTYPEID_Contacts
FOLDERTYPEID_ControlPanelCategory
FOLDERTYPEID_ControlPanelClassic
FOLDERTYPEID_Documents
FOLDERTYPEID_Games
FOLDERTYPEID_Generic
FOLDERTYPEID_GenericLibrary
FOLDERTYPEID_GenericSearchResults
FOLDERTYPEID_Invalid
FOLDERTYPEID_Music
FOLDERTYPEID_NetworkExplorer
FOLDERTYPEID_OpenSearch
FOLDERTYPEID_OtherUsers
FOLDERTYPEID_Pictures
FOLDERTYPEID_Printers
FOLDERTYPEID_PublishedItems
FOLDERTYPEID_RecordedTV
FOLDERTYPEID_RecycleBin
FOLDERTYPEID_SavedGames
FOLDERTYPEID_SearchConnector
FOLDERTYPEID_SearchHome
FOLDERTYPEID_Searches
FOLDERTYPEID_SoftwareExplorer
FOLDERTYPEID_StartMenu
FOLDERTYPEID_UserFiles
FOLDERTYPEID_UsersLibraries
FOLDERTYPEID_Videos
FT_Activate_Size
FT_Add_Default_Modules
FT_Add_Module
FT_Angle_Diff
FT_Atan2
FT_Attach_File
FT_Attach_Stream

Sections

.text
Size: 41.5MB - Virtual size: 41.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 282KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 7.5MB - Virtual size: 7.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 541KB - Virtual size: 541KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 683KB - Virtual size: 682KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 8.8MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ko/HandBrake.resources.dll
.dll windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.text
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
portable.ini.template
ru/HandBrake.resources.dll
.dll windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.text
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
tr/HandBrake.resources.dll
.dll windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.text
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
uninst.exe.nsis
zh/HandBrake.resources.dll
.dll windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.text
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3abe302b6d9a1256e6a915429af4ffd2

Code Sign

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70Certificate

Extended Key Usages

Key Usages

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2Certificate

Extended Key Usages

Key Usages

0d:24:03:fd:3b:1f:11:14:ab:95:cd:fd:7e:3c:4a:55Certificate

Extended Key Usages

Key Usages

5e:9a:33:cd:3e:e0:2f:d5:27:39:b3:ef:ba:4e:b8:99:ef:2b:f1:74Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 106KB

.ndata Size: - Virtual size: 40KB

.rsrc Size: 120KB - Virtual size: 120KB

8e4c63f70f7cc6490634d743e795c93e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

comctl32

wininet

Exports

Exports

Sections

.text Size: 14KB - Virtual size: 13KB

.data Size: 2KB - Virtual size: 15KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 1KB

610235b90207a63ccf481f0d4375d329

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

8c8a576201f68de1a3f26fc723b9f30f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70
Certificate

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

0d:24:03:fd:3b:1f:11:14:ab:95:cd:fd:7e:3c:4a:55
Certificate

5e:9a:33:cd:3e:e0:2f:d5:27:39:b3:ef:ba:4e:b8:99:ef:2b:f1:74
Signer

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 106KB

.ndata
Size: - Virtual size: 40KB

.rsrc
Size: 120KB - Virtual size: 120KB

.text
Size: 14KB - Virtual size: 13KB

.data
Size: 2KB - Virtual size: 15KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 867B

.data
Size: 512B - Virtual size: 104B

.reloc
Size: 1024B - Virtual size: 636B

.text
Size: 12KB - Virtual size: 11KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 79KB - Virtual size: 79KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 58KB - Virtual size: 57KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 71KB - Virtual size: 70KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 120KB - Virtual size: 120KB

.rsrc
Size: 1KB - Virtual size: 1KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rsrc
Size: 121KB - Virtual size: 120KB

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

07:b0:41:8d:a5:1e:14:8c:33:1b:bc:de:b7:13:83:23
Certificate