罗技非优联无线鼠标配对软件[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

罗技非优联无线鼠标配对软件.exe
Size

2.1MB
MD5

0b63bead18bf7bb55de1ae58ee26b308
SHA1

1af5e33c61e286a8b7f57229dafcdbf9ebef2d87
SHA256

27812530b3a7c9591aae290cfcae5c05d1dfaa216832081b71022b65861c5d6d
SHA512

ec964dbd64de8898a42e5809f80c8a06df8d7acfa62e8edd890217dfd99469bb5fc0d826224f72a95123823b8dc5109235034ca01c6b72be6fa412b8b111ae8a
SSDEEP

49152:k9LaBaE8v3wELWmBgTJY281wEVqntdKDxbMg4IbvLq6QNbRgcmwRy:kVaBamEL9gTn8aEVYaYgNTefucm/

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/UserInfo.dll

Files

罗技非优联无线鼠标配对软件.exe
.exe windows:5 windows x86 arch:x86

bf95d1fc1d10de18b32654b123ad5e1f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

60:69:84:58:b2:a6:6c:ae:52:53:f8:e7:ae:ed:3a:c6
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

19-03-2013 00:00

Not After

18-05-2015 23:59

Subject

CN=Logitech,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Logitech,L=Newark,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6a:69:83:f1:17:df:ca:da:c9:92:27:15:7d:d6:33:29:c1:36:39:85
Signer

Actual PE Digest

6a:69:83:f1:17:df:ca:da:c9:92:27:15:7d:d6:33:29:c1:36:39:85

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
CloseHandle
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
CreateFileW
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrlenW

user32

ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 409KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

6c41c5e4d44f55745b925cc4e42b7fab

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
lstrlenW
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 899B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 574B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:5 windows x86 arch:x86

45d25ca52c312b2254c60dbcb30342d1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
GetCurrentThread
GetCurrentProcess
GetModuleHandleW
GetProcAddress
GetLastError
GlobalFree
CloseHandle
lstrcpynW
GlobalAlloc

advapi32

OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameW
OpenThreadToken

Exports

Exports

GetAccountType
GetName
GetOriginalAccountType

Sections

.text
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 753B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$R9/ConnectUtility.exe
.exe windows:5 windows x86 arch:x86

5d23cd1f231dee47c37707215995630d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

60:69:84:58:b2:a6:6c:ae:52:53:f8:e7:ae:ed:3a:c6
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

19-03-2013 00:00

Not After

18-05-2015 23:59

Subject

CN=Logitech,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Logitech,L=Newark,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3b:61:e7:f1:4f:ff:a1:5b:75:bc:c1:15:16:a4:fe:2f:5e:87:17:77
Signer

Actual PE Digest

3b:61:e7:f1:4f:ff:a1:5b:75:bc:c1:15:16:a4:fe:2f:5e:87:17:77

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\Builds\VersionedApps\ConnectUtility_2.00\2.00.3\Source\Release\Win32\ConnectUtility.pdb

Imports

djcu

RunDJCU

kernel32

GetStartupInfoW
RtlUnwind
RaiseException
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
HeapFree
HeapReAlloc
ExitProcess
HeapSize
VirtualAlloc
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
InitializeCriticalSectionAndSpinCount
LCMapStringA
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SizeofResource
LockResource
LoadResource
FindResourceW
Sleep
CloseHandle
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
OpenFileMappingW
GetLastError
LocalFree
FormatMessageW
MultiByteToWideChar
WideCharToMultiByte
MulDiv
lstrlenW
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalFree
SetLastError
GetProcAddress
GetModuleHandleW
FreeLibrary
lstrcmpW
InterlockedExchange
LoadLibraryW
GetLocaleInfoW
lstrcmpA
GetModuleFileNameW
EnumResourceLanguagesW
ConvertDefaultLocale
GetCurrentThreadId
GetCurrentThread
GlobalDeleteAtom
GetTickCount
LoadLibraryA
SetErrorMode
GetCurrentProcess
FlushFileBuffers
SetFilePointer
WriteFile
GlobalFlags
GetModuleHandleA
WritePrivateProfileStringW
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
InterlockedIncrement
lstrlenA
InterlockedDecrement
ReleaseMutex
CreateMutexW
GetCurrentProcessId
GetVersionExA
WaitForSingleObject
FreeResource
GlobalAddAtomW
GlobalFindAtomW
GetVersionExW
CompareStringW
GetLocaleInfoA

user32

UnregisterClassW
DestroyMenu
ShowWindow
IsDialogMessageW
PostThreadMessageW
SetWindowTextW
EndPaint
BeginPaint
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetDesktopWindow
ClientToScreen
LoadCursorW
GetDC
ReleaseDC
GetSysColorBrush
GetWindowThreadProcessId
IsWindowEnabled
GetMessageW
TranslateMessage
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
RegisterWindowMessageW
LoadIconW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetFocus
IsWindow
SetFocus
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageW
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
FindWindowW
SendMessageW
PostMessageW
GetSubMenu
GetKeyState
SetMenu
EnableWindow
SetForegroundWindow
IsWindowVisible
UpdateWindow
GetClientRect
MessageBoxW
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
CreateWindowExW
GetClassInfoExW
GetActiveWindow
GetMenuItemCount
GetMenuItemID
GetMenuState
PostQuitMessage
RegisterClipboardFormatW
GetWindow
GetSystemMetrics
GetWindowRect
GetWindowPlacement
IsIconic
SystemParametersInfoA
SetWindowPos
SetWindowLongW
GetWindowLongW
GetMenu
PtInRect
CopyRect
CallWindowProcW
DefWindowProcW
GetDlgCtrlID
GetParent
AdjustWindowRectEx
GetSysColor
RegisterClassW
GetClassInfoW
SetCursor

gdi32

DeleteObject
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetStockObject
SetMapMode
RestoreDC
SaveDC
CreateBitmap
GetObjectW
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegQueryValueW
RegCloseKey
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameW
PathFindExtensionW

oledlg

OleUIBusyW

ole32

CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize

oleaut32

VariantClear
VariantChangeType
VariantInit

Sections

.text
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$R9/DJAPI.dll
.dll windows:5 windows x86 arch:x86

40e0c4fb62c06445e15ed846058530de

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

60:69:84:58:b2:a6:6c:ae:52:53:f8:e7:ae:ed:3a:c6
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

19-03-2013 00:00

Not After

18-05-2015 23:59

Subject

CN=Logitech,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Logitech,L=Newark,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

22:78:ef:cf:2f:94:b3:b0:82:1c:93:eb:60:2e:c7:65:e5:99:34:33
Signer

Actual PE Digest

22:78:ef:cf:2f:94:b3:b0:82:1c:93:eb:60:2e:c7:65:e5:99:34:33

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\Builds\VersionedApps\DJAPI_2.20\2.20.7\Sources\DJAPI\Release\Win32\DJAPI.pdb

Imports

kernel32

DeleteCriticalSection
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
WaitForSingleObject
SetEvent
CreateEventW
CloseHandle
CreateProcessW
TerminateThread
GetStartupInfoW
RaiseException
ResetEvent
OpenThread
InterlockedExchangeAdd
WaitForMultipleObjects
CreateThread
WriteFile
ReadFile
GetOverlappedResult
GetLastError
LoadLibraryW
CreateFileW
GetProcAddress
CreateMutexW
QueryPerformanceCounter
Sleep
QueryPerformanceFrequency
ReleaseMutex
FreeLibrary
EnterCriticalSection
HeapFree
GetProcessHeap
GetTickCount
FindFirstChangeNotificationW
FindCloseChangeNotification
FindNextChangeNotification
MultiByteToWideChar
GetFileSize
FindFirstFileW
GetTempPathW
FindClose
FindNextFileW
DeleteFileW
SetFilePointer
CreateDirectoryW
GetLocalTime
GetPrivateProfileStringW
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LeaveCriticalSection
InitializeCriticalSection
HeapAlloc
OutputDebugStringW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
HeapReAlloc
GetModuleHandleW
ExitProcess
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
LCMapStringA
WideCharToMultiByte
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
RtlUnwind
LoadLibraryA
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
GetStringTypeA
GetStringTypeW

user32

SetTimer
KillTimer
RegisterDeviceNotificationW
ShowWindow
RegisterClassW
DefWindowProcW
PostMessageW
UnregisterDeviceNotification
wsprintfW
CreateWindowExW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shell32

SHGetFolderPathW

Exports

Exports

_DJ_CheckForManifestedUpdatesNow@4
_DJ_CheckForUpdatesNow@0
_DJ_ConfigureUpdates@0
_DJ_DFUAction@12
_DJ_DFUStateToString@4
_DJ_DevInfoToString@8
_DJ_DisconnectDevice@8
_DJ_ErrorToString@4
_DJ_EventToString@4
_DJ_ForceDFU@20
_DJ_GetDJAPIVersion@12
_DJ_GetDefaultReceiver@0
_DJ_GetDefaultWirelessDevice@0
_DJ_GetDeviceInfo@8
_DJ_GetEngineLog@12
_DJ_Initialize@12
_DJ_MoveDevice@8
_DJ_OpenReceiver@8
_DJ_ScanActivity@4

Sections

.text
Size: 171KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$R9/DJCU.dll
.dll windows:5 windows x86 arch:x86

f6de64c7cbd22e1e1418c1461d322d74

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

60:69:84:58:b2:a6:6c:ae:52:53:f8:e7:ae:ed:3a:c6
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

19-03-2013 00:00

Not After

18-05-2015 23:59

Subject

CN=Logitech,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Logitech,L=Newark,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a2:df:71:8b:1d:f8:a9:5f:3e:a1:3b:31:2a:df:83:79:ca:6b:e5:87
Signer

Actual PE Digest

a2:df:71:8b:1d:f8:a9:5f:3e:a1:3b:31:2a:df:83:79:ca:6b:e5:87

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\Builds\VersionedApps\ConnectUtility_2.00\2.00.3\Source\Release\Win32\DJCU.pdb

Imports

djapi

_DJ_ConfigureUpdates@0
_DJ_CheckForUpdatesNow@0
_DJ_ScanActivity@4
_DJ_GetEngineLog@12
_DJ_GetDJAPIVersion@12
_DJ_DFUAction@12
_DJ_OpenReceiver@8
_DJ_DisconnectDevice@8
_DJ_Initialize@12
_DJ_GetDeviceInfo@8

kernel32

HeapFree
HeapAlloc
ExitThread
CreateThread
GetCommandLineA
RtlUnwind
RaiseException
GetSystemTimeAsFileTime
HeapReAlloc
Sleep
ExitProcess
SetStdHandle
GetFileType
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetStdHandle
GetModuleFileNameA
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
LCMapStringW
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetTimeFormatA
GetDateFormatA
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
LCMapStringA
GetStringTypeA
IsDebuggerPresent
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetProcessHeap
CreateFileA
SetEnvironmentVariableA
SizeofResource
LockResource
LoadResource
FindResourceW
GetFileAttributesW
GetModuleFileNameW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
SetThreadAffinityMask
GetCurrentThread
GetModuleHandleW
VerSetConditionMask
VerifyVersionInfoW
SetThreadUILanguage
SetThreadLocale
GetVersionExW
GetCurrentProcessId
GetCurrentThreadId
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
CreateEventW
CloseHandle
MulDiv
ResumeThread
FreeResource
WaitForSingleObject
SetEvent
ResetEvent
SetLastError
GetLastError
LoadLibraryW
GetProcAddress
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetFileTime
GetFileSizeEx
FileTimeToLocalFileTime
WritePrivateProfileStringW
GlobalFlags
FileTimeToSystemTime
FindResourceExW
GetShortPathNameW
GetFullPathNameW
LocalFree
FormatMessageW
InterlockedIncrement
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
VirtualProtect
CreateFileW
GetVolumeInformationW
FindFirstFileW
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
VerLanguageNameW
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetModuleHandleA
ConvertDefaultLocale
EnumResourceLanguagesW
GetLocaleInfoW
CompareStringA
InterlockedExchange
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LoadLibraryA
lstrcmpW
GetVersionExA
FreeLibrary
InterlockedDecrement
MultiByteToWideChar
lstrlenA
lstrlenW
lstrcmpA
WideCharToMultiByte
GetSystemInfo
OutputDebugStringW
GetStringTypeW

user32

DestroyMenu
GetSysColorBrush
GetDesktopWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
MapDialogRect
GetAsyncKeyState
CharUpperW
EndPaint
BeginPaint
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
MoveWindow
SetWindowTextW
IsDialogMessageW
IsWindowEnabled
GetMessageW
TranslateMessage
GetActiveWindow
GetCursorPos
ValidateRect
PostQuitMessage
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
EnableMenuItem
CheckMenuItem
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
GetCapture
GetClassLongW
SetPropW
RemovePropW
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetLastActivePopup
DispatchMessageW
GetDlgItem
GetTopWindow
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
SetMenu
UpdateWindow
MessageBoxW
GetClassInfoExW
GetClassInfoW
GetSysColor
AdjustWindowRectEx
ScreenToClient
CallWindowProcW
PtInRect
GetMenu
GetWindowLongW
SetWindowLongW
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetSystemMetrics
InflateRect
SetWindowPos
LoadBitmapW
GetKeyState
GetDlgCtrlID
GetFocus
IsWindow
GetClassNameW
GetWindow
SetWindowsHookExW
GetPropW
ShowWindow
FindWindowW
UnhookWindowsHookEx
LoadIconW
CallNextHookEx
CopyRect
GetWindowRect
InvalidateRect
ReleaseDC
GetDC
SetRect
SetTimer
GetParent
IsWindowVisible
KillTimer
SetCursor
LoadCursorW
GetClientRect
IsRectEmpty
SetRectEmpty
EnableWindow
SendMessageW
GetWindowThreadProcessId
GetForegroundWindow
SendInput
AttachThreadInput
SetForegroundWindow
SetActiveWindow
BringWindowToTop
DefWindowProcW
UnregisterClassW
DestroyWindow
CreateWindowExW
RegisterClassW
PostMessageW

gdi32

SetStretchBltMode
SetMapMode
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
CreateFontIndirectW
DPtoLP
EnumFontFamiliesExW
SetBkMode
RestoreDC
SaveDC
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
Rectangle
CreatePen
StretchBlt
GetObjectW
GetStockObject
PatBlt
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
CreateSolidBrush
DeleteObject
DeleteDC
SelectObject
SetViewportOrgEx
GetDeviceCaps

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegOpenKeyW
RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegLoadKeyW
RegSaveKeyW
RegRestoreKeyW
RegCloseKey
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteValueW
RegQueryValueExW
RegQueryValueW
RegSetValueExW
RegEnumKeyW
RegEnumValueW

shell32

ShellExecuteW
SHGetFolderPathW

shlwapi

PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathFindExtensionW
PathRemoveFileSpecW

ole32

CreateStreamOnHGlobal
ReleaseStgMedium
OleDuplicateData
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
OleSetContainedObject
OleCreateStaticFromData
CoTaskMemFree
CoUninitialize
CoCreateInstance
CoInitializeEx

oleaut32

OleLoadPicture
VariantClear
VariantChangeType
VariantInit

gdiplus

GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromStream
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromHBITMAP
GdipCreateHBITMAPFromBitmap
GdipFree
GdipAlloc
GdipDisposeImage
GdipCreateFromHDC
GdipDeleteGraphics
GdipDrawImageRectI

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

Exports

Exports

RunDJCU

Sections

.text
Size: 425KB - Virtual size: 425KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bf95d1fc1d10de18b32654b123ad5e1f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

60:69:84:58:b2:a6:6c:ae:52:53:f8:e7:ae:ed:3a:c6Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

6a:69:83:f1:17:df:ca:da:c9:92:27:15:7d:d6:33:29:c1:36:39:85Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 409KB

.ndata Size: - Virtual size: 1.3MB

.rsrc Size: 3KB - Virtual size: 2KB

6c41c5e4d44f55745b925cc4e42b7fab

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 899B

.data Size: 512B - Virtual size: 64B

.reloc Size: 1024B - Virtual size: 574B

45d25ca52c312b2254c60dbcb30342d1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 1024B - Virtual size: 696B

.rdata Size: 1024B - Virtual size: 753B

.data Size: 512B - Virtual size: 48B

.reloc Size: 512B - Virtual size: 240B

5d23cd1f231dee47c37707215995630d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

60:69:84:58:b2:a6:6c:ae:52:53:f8:e7:ae:ed:3a:c6Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

60:69:84:58:b2:a6:6c:ae:52:53:f8:e7:ae:ed:3a:c6
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

6a:69:83:f1:17:df:ca:da:c9:92:27:15:7d:d6:33:29:c1:36:39:85
Signer

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 409KB

.ndata
Size: - Virtual size: 1.3MB

.rsrc
Size: 3KB - Virtual size: 2KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 899B

.data
Size: 512B - Virtual size: 64B

.reloc
Size: 1024B - Virtual size: 574B

.text
Size: 1024B - Virtual size: 696B

.rdata
Size: 1024B - Virtual size: 753B

.data
Size: 512B - Virtual size: 48B

.reloc
Size: 512B - Virtual size: 240B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

60:69:84:58:b2:a6:6c:ae:52:53:f8:e7:ae:ed:3a:c6
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

3b:61:e7:f1:4f:ff:a1:5b:75:bc:c1:15:16:a4:fe:2f:5e:87:17:77
Signer

.text
Size: 176KB - Virtual size: 176KB

.rdata
Size: 41KB - Virtual size: 41KB

.data
Size: 9KB - Virtual size: 24KB

.rsrc
Size: 38KB - Virtual size: 38KB

.reloc
Size: 34KB - Virtual size: 33KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

60:69:84:58:b2:a6:6c:ae:52:53:f8:e7:ae:ed:3a:c6
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

22:78:ef:cf:2f:94:b3:b0:82:1c:93:eb:60:2e:c7:65:e5:99:34:33
Signer

.text
Size: 171KB - Virtual size: 170KB

.rdata
Size: 60KB - Virtual size: 59KB

.data
Size: 5KB - Virtual size: 13KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 11KB - Virtual size: 10KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

60:69:84:58:b2:a6:6c:ae:52:53:f8:e7:ae:ed:3a:c6
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

a2:df:71:8b:1d:f8:a9:5f:3e:a1:3b:31:2a:df:83:79:ca:6b:e5:87
Signer