b[.]zip | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

b.zip
Size

42.9MB
MD5

8289ee3fbd2e550280a69d6f311fbe8f
SHA1

515a6ed8a22cb425a85cb9b5886e7e426d625433
SHA256

b4bfba362d1d68de5176add660027807c782d16aaa5ba899a53d900296041fd5
SHA512

216ca13063210e7f0945c328e68fcfc75d3eb182c2a892799796272100acc576cee4bb356ae189c8ce0741cb0d85e98350b255cec8105fe899b2e38b5067d5a6
SSDEEP

786432:WXNBmtmUJUcGRdzVV6YnSFdWDxkjvyVzRBUPtFADd0QX6pytIgmSHvifm2Fpc960:WXN8tKc8zVVUsxwvyiPtFI4pytIVSKNY

Score

6^/10

pdf evasion

Malware Config

Signatures

Malformed or missing cross-reference table in PDF
Malformed or missing cross-reference tables are often used to evade detection
pdf evasion

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/msimg32.dll

Files

b.zip
.zip
#Uc800#Uc791#Uad8c #Uce68#Ud574#Uc5d0 #Ub300#Ud55c #Uc99d#Uac70 #Ubc0f #Uc790#Ub8cc - #Uc2a4#Ud0c0#Uc27d #Uc5d4#Ud130#Ud14c#Uc778#Uba3c#Ud2b8.exe
.exe windows:5 windows x86 arch:x86

e456fbce099e309bfeaff191fcf3b1ee

Code Sign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6a:e1:85:c2:92:81:e4:14:ea:62:0e:1d
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

13/11/2017, 16:48

Not After

13/02/2021, 16:48

Subject

CN=Haihaisoft Limited,O=Haihaisoft Limited,L=Hong Kong,ST=Hong Kong,C=HK,1.2.840.113549.1.9.1=#0c156a6f7365706840686169686169736f66742e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

40:cb:42:89:5c:3e:74:94:26:97:ad:2f
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/01/2017, 10:00

Not After

24/02/2028, 10:00

Subject

CN=GlobalSign TSA for Advanced - G3 - 001-02,O=GMO GlobalSign K.K.,C=JP

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:3e:9f:9c:65:a4:62:ce:88:5d:59:c6:1d:1c:ac:b2:d0:fa:2e:e7
Signer

Actual PE Digest

20:3e:9f:9c:65:a4:62:ce:88:5d:59:c6:1d:1c:ac:b2:d0:fa:2e:e7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

m:\sumatrapdf\hpreader-windows-standard\hpreader\Release\hpreader.pdb

Imports

wininet

HttpOpenRequestW
HttpQueryInfoW
InternetConnectW
FtpCommandA
FtpFindFirstFileA
HttpEndRequestW
InternetWriteFile
HttpSendRequestExA
InternetQueryOptionW
HttpSendRequestA
InternetGetCookieA
InternetGetLastResponseInfoW
InternetConnectA
HttpQueryInfoA
InternetGetLastResponseInfoA
InternetCloseHandle
InternetSetOptionW
InternetOpenA
InternetCreateUrlA
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetReadFile
InternetOpenUrlW
HttpOpenRequestA
InternetOpenW

gdiplus

GdipGetImageWidth
GdipInvertMatrix
GdipCloneImage
GdipDeleteMatrix
GdipSaveImageToFile
GdipTransformMatrixPoints
GdipCreateHBITMAPFromBitmap
GdipGetImageEncoders
GdipRotateMatrix
GdipDisposeImage
GdipGetImageEncodersSize
GdipTranslateMatrix
GdipDrawImageI
GdipGetImageVerticalResolution
GdipSetWorldTransform
GdipSetClipRectI
GdipCreateMatrix
GdipCreateBitmapFromStream
GdipGetImageHeight
GdipScaleMatrix
GdipCloneBitmapAreaI
GdipGetImageHorizontalResolution
GdipCreateBitmapFromStreamICM
GdipFillEllipseI
GdipCreatePen1
GdipDrawLineI
GdipFillRectangleI
GdipSetCompositingQuality
GdipCreateFromHDC
GdipSetPageUnit
GdipAlloc
GdipCreateSolidFill
GdipSetSmoothingMode
GdipDeleteGraphics
GdipCloneBrush
GdipDeletePen
GdipFree
GdiplusShutdown
GdipDeleteBrush
GdipSetPenDashOffset
GdipSetPenLineJoin
GdipSetPixelOffsetMode
GdipCreatePath
GdipCloneFontFamily
GdipRestoreGraphics
GdipBitmapLockBits
GdipStringFormatGetGenericTypographic
GdipSetInterpolationMode
GdipGetCellAscent
GdipFillPath
GdipCreateFontFamilyFromName
GdipCreateRegion
GdipDeletePrivateFontCollection
GdipFillRectangle
GdipTranslateWorldTransform
GdipSetCompositingMode
GdipGetWorldTransform
GdipNewPrivateFontCollection
GdipDrawString
GdipCreateImageAttributes
GdipGetGenericFontFamilySansSerif
GdipClonePath
GdipDeleteRegion
GdipTransformPath
GdipGetClipBoundsI
GdipDeletePath
GdipCreateRegionPath
GdipCreateFont
GdipCreateMatrix2
GdipSaveGraphics
GdiplusStartup
GdipDisposeImageAttributes
GdipBitmapUnlockBits
GdipIsStyleAvailable
GdipSetClipRegion
GdipGetFontCollectionFamilyList
GdipCreatePath2
GdipSetImageAttributesColorMatrix
GdipDrawImageRectRectI
GdipGetEmHeight
GdipAddPathPath
GdipFillPolygon
GdipPrivateAddFontFile
GdipGetFamilyName
GdipDrawImagePointsRect
GdipSetTextRenderingHint
GdipSetPageScale
GdipDrawPath
GdipGetClip
GdipDeleteFont
GdipCreateBitmapFromScan0
GdipGetDpiY
GdipSetPenDashArray
GdipGetImageGraphicsContext
GdipDrawImageRectI
GdipGetFontCollectionFamilyCount
GdipGetMatrixElements
GdipTransformRegion
GdipCreateRegionRectI
GdipGetRegionBounds
GdipSetPenLineCap197819
GdipWidenPath
GdipCreatePen2
GdipDeleteFontFamily
GdipSetPenMiterLimit

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

WaitForMultipleObjects
QueryPerformanceCounter
SetThreadExecutionState
QueryPerformanceFrequency
GetSystemTime
GetTickCount
CreateFileA
GetFileSize
SetFilePointer
ReadFile
LocalFree
FormatMessageW
SetLastError
GetVersionExA
GetModuleHandleW
lstrcmpW
LoadLibraryA
CompareStringW
GlobalFindAtomW
FreeResource
GetModuleFileNameW
MoveFileW
GetThreadLocale
WriteFile
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetVolumeInformationW
GetFullPathNameW
FileTimeToLocalFileTime
GetFileAttributesExW
LocalFileTimeToFileTime
SetFileTime
GetFileAttributesW
GetFileSizeEx
GetFileTime
InterlockedExchange
CompareStringA
LoadLibraryExW
lstrcmpA
EnumResourceLanguagesW
ConvertDefaultLocale
WritePrivateProfileStringW
ResetEvent
GlobalGetAtomNameW
RaiseException
LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
lstrlenA
GlobalFlags
SetErrorMode
GetSystemDirectoryW
GetStartupInfoW
HeapAlloc
HeapFree
UnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
GetDriveTypeW
HeapReAlloc
RtlUnwind
VirtualProtect
VirtualAlloc
HeapSize
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
GetCPInfo
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
LCMapStringW
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetFileAttributesA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetFileInformationByHandle
PeekNamedPipe
GetCurrentDirectoryA
SetCurrentDirectoryA
GetTimeZoneInformation
LCMapStringA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateProcessA
GetProcessHeap
FreeEnvironmentStringsA
GetEnvironmentStrings
SetEnvironmentVariableA
GetDriveTypeA
GetFullPathNameA
GetLongPathNameW
AllocConsole
CreateProcessW
SetConsoleScreenBufferSize
GetConsoleScreenBufferInfo
GetVersion
InterlockedCompareExchange
CreateDirectoryA
FindFirstFileA
FindNextFileA
DeleteFileA
IsDBCSLeadByte
SetFileAttributesA
DeviceIoControl
lstrcpynW
GetWindowsDirectoryW
GetOverlappedResult
ReadDirectoryChangesW
ResumeThread
SuspendThread
GetCurrentProcessId
Module32NextW
GetCurrentThreadId
GetModuleHandleA
GetModuleFileNameA
GetSystemInfo
Module32FirstW
GlobalMemoryStatusEx
OpenThread
CreateFileW
Thread32Next
GetVersionExW
Thread32First
FormatMessageA
GetCurrentThread
SetEvent
SetUnhandledExceptionFilter
VirtualQuery
GetLocaleInfoA
GetThreadContext
GetLogicalDrives
GetShortPathNameW
GetTempPathW
GetExitCodeProcess
GetTempFileNameW
GetEnvironmentVariableW
GetUserDefaultUILanguage
GetTimeFormatW
GetLocaleInfoW
GetDateFormatW
DeleteCriticalSection
CreateEventW
EnterCriticalSection
GetPrivateProfileIntW
LeaveCriticalSection
InitializeCriticalSection
GetPrivateProfileStringW
GetSystemTimeAsFileTime
GetCommandLineW
GlobalAddAtomW
GlobalDeleteAtom
GlobalUnlock
WaitForSingleObject
GetProfileStringW
GlobalLock
InterlockedIncrement
MulDiv
InterlockedDecrement
FreeLibrary
GetProcAddress
LoadLibraryW
GetCurrentProcess
lstrcatW
lstrcpyW
QueryDosDeviceW
lstrcmpiW
GetLogicalDriveStringsW
GlobalFree
GlobalAlloc
TerminateProcess
OpenProcess
TerminateThread
GetACP
WideCharToMultiByte
SetFileAttributesW
CreateDirectoryW
FileTimeToSystemTime
lstrlenW
Sleep
SystemTimeToFileTime
GetLocalTime
FindClose
DeleteFileW
FindResourceW
LoadResource
LockResource
SizeofResource
FindNextFileW
FindFirstFileW
Process32NextW
Process32FirstW
GetLastError
CreateToolhelp32Snapshot
CreateThread
MultiByteToWideChar
CloseHandle
MoveFileA

user32

SetWindowTextW
IsWindowEnabled
GetWindowThreadProcessId
CharUpperW
GetNextDlgTabItem
CreateDialogIndirectParamW
GetActiveWindow
GetDesktopWindow
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
MapDialogRect
SetWindowContextHelpId
RegisterClipboardFormatW
ValidateRect
TranslateMessage
GetMessageW
ShowOwnedPopups
LoadMenuW
TranslateAcceleratorW
BringWindowToTop
SetRectEmpty
InsertMenuItemW
LoadAcceleratorsW
InflateRect
GetSysColorBrush
GetMenuItemInfoW
UnregisterClassW
CharNextW
CopyAcceleratorTableW
IsRectEmpty
SetRect
InvalidateRgn
PostThreadMessageW
MonitorFromWindow
OemToCharA
CharToOemA
CharLowerA
CharUpperA
CharToOemBuffW
OemToCharBuffA
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetDlgCtrlID
CopyRect
PtInRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindow
GetMenuState
GetMenuItemCount
GetSubMenu
IsCharAlphaNumericW
wsprintfA
GetMonitorInfoW
MonitorFromRect
FindWindowExW
LoadImageW
GetNextDlgGroupItem
ClientToScreen
SetWindowRgn
DrawFocusRect
OffsetRect
DrawEdge
WindowFromPoint
HideCaret
ShowCaret
SetClassLongW
PostQuitMessage
IsZoomed
IsDialogMessageW
TrackMouseEvent
IsCharUpperW
CharLowerW
GetForegroundWindow
GetScrollInfo
LoadBitmapW
ShowScrollBar
GetCursor
IsWindowVisible
UnregisterHotKey
SetScrollInfo
GetScrollPos
DialogBoxIndirectParamW
DialogBoxParamW
EndDialog
SendDlgItemMessageW
CheckDlgButton
IsDlgButtonChecked
CheckRadioButton
SetDlgItemTextW
SetActiveWindow
CloseClipboard
SetCapture
GetCapture
EmptyClipboard
OpenClipboard
ReleaseCapture
SetClipboardData
PostMessageW
ReuseDDElParam
MessageBeep
UnpackDDElParam
GetDlgItem
EndPaint
SetCursor
ScreenToClient
DrawTextW
BeginPaint
GetDC
ReleaseDC
GetSysColor
SetWindowPos
GetCursorPos
DrawFrameControl
GetMenuItemID
GetParent
ModifyMenuW
CheckMenuRadioItem
SetMenu
InsertMenuW
CheckMenuItem
GetMenu
DrawIcon
GetSystemMetrics
IsIconic
FillRect
wsprintfW
MoveWindow
SetParent
IsWindow
FindWindowW
DestroyWindow
GetWindowRect
TrackPopupMenu
SetForegroundWindow
CreateMenu
SetFocus
GetWindowLongW
AppendMenuW
EnableMenuItem
SetWindowLongW
RedrawWindow
CreatePopupMenu
RemoveMenu
MapWindowPoints
DestroyMenu
SetMenuItemInfoW
CallWindowProcW
GetMessagePos
RegisterClassExW
LoadIconW
CreateWindowExW
UpdateWindow
DefWindowProcW
EnableWindow
InvalidateRect
KillTimer
GetFocus
SetTimer
RegisterHotKey
ShowWindow
SystemParametersInfoW
GetWindowDC
GrayStringW
DrawTextExW
TabbedTextOutW
RegisterWindowMessageW
SendDlgItemMessageA
WinHelpW
IsChild
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SendMessageW
LoadCursorW
GetClientRect
GetWindowTextLengthW
GetWindowTextW
GetLastActivePopup
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
PeekMessageW
GetKeyState
GetClassInfoExW
MessageBoxW

gdi32

GetObjectW
BitBlt
GetPixel
CreateRectRgn
CombineRgn
CreateDIBitmap
GetClipBox
SaveDC
RestoreDC
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
CreateCompatibleBitmap
ScaleWindowExtEx
LineTo
ExtSelectClipRgn
CreatePatternBrush
CreateBitmap
CreateRectRgnIndirect
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
Rectangle
StretchBlt
GetDIBits
SelectClipRgn
SetDIBits
CreateCompatibleDC
ExcludeClipRect
SetWorldTransform
SetGraphicsMode
SetStretchBltMode
CreateRoundRectRgn
CreatePen
RoundRect
GetStockObject
EndPage
StartPage
DeleteDC
CreateDCW
SetMapMode
StartDocW
EndDoc
AbortDoc
SetTextColor
CreateFontIndirectW
GetDeviceCaps
SetBkColor
SetBkMode
SelectObject
CreateSolidBrush
DeleteObject
GetTextExtentPoint32W
CreateFontW
SetWindowExtEx
FloodFill
MoveToEx

msimg32

AlphaBlend

comdlg32

GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError
PrintDlgExW
GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ord203
ClosePrinter

advapi32

RegOpenKeyExW
SetFileSecurityA
SetFileSecurityW
RegQueryValueExW
RegDeleteValueW
RegQueryValueExA
RegSetKeySecurity
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey
RegQueryValueW
RegDeleteKeyW
RegOpenKeyW
RegEnumKeyW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegSetValueExW
RegCreateKeyExW

shell32

SHGetFileInfoW
SHChangeNotify
SHAddToRecentDocs
DragQueryFileW
DragFinish
SHGetFolderPathW
SHGetDesktopFolder
ShellExecuteExW
SHBindToParent
DragAcceptFiles
SHGetSpecialFolderPathW
ShellExecuteW

comctl32

InitCommonControlsEx
CreatePropertySheetPageW
_TrackMouseEvent
ImageList_Draw

shlwapi

StrStrW
StrRStrIW
StrStrIW
PathStripToRootW
PathIsUNCW
PathFindFileNameW
PathFindExtensionW
SHDeleteKeyW
PathAppendW
SHSetValueW
PathIsRelativeW

oledlg

OleUIBusyW

ole32

CoSetProxyBlanket
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CreateStreamOnHGlobal
CoCreateGuid
CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysStringLen
VariantClear
VariantInit
SysAllocString
SysAllocStringLen
VariantChangeType
VariantCopy
DispCallFunc
LoadRegTypeLi
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayCreate
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
SysFreeString

psapi

EnumProcesses
GetProcessImageFileNameW

ws2_32

closesocket
recv
gethostname
gethostbyname
WSAStartup
socket
htons
bind
listen
WSAGetLastError
accept
send
connect

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 399KB - Virtual size: 496KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 187KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
W2
.pdf
msimg32.dll
.dll windows:6 windows x86 arch:x86

35df53ce9fc03786a6a1d9def6f6bec8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\TaxCut\Application\Build\Windows\ReleaseTree\Release\State\mi\MITax.pdb

Imports

kernel32

GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitializeSListHead
GetCurrentThreadId
DisableThreadLibraryCalls
IsProcessorFeaturePresent

Exports

Exports

AlphaBlend
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@$$QAV01@ABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@ABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@IABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@IIABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@QBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@QBDABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@QBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@QBDIABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@U_String_constructor_concat_tag@1@AAV01@1@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@U_String_constructor_concat_tag@1@ABV01@QBDI2I@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@V?$initializer_list@D@1@ABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0MvcMessage@MvcMgmt@@QAE@ABV01@@Z
??0MvcObserver@MvcMgmt@@QAE@ABV01@@Z
??0MvcObserver@MvcMgmt@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1MvcObserver@MvcMgmt@@UAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@$$QAV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@QBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@V?$initializer_list@D@1@@Z
??4MvcMessage@MvcMgmt@@QAEAAV01@ABV01@@Z
??4MvcObserver@MvcMgmt@@QAEAAV01@ABV01@@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@QBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@V?$initializer_list@D@1@@Z
??_7MvcMessage@MvcMgmt@@6B@
??_7MvcObserver@MvcMgmt@@6B@
?_Become_small@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Calculate_growth@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABEII@Z
?_Calculate_growth@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAIIII@Z
?_Construct@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXQAD0Urandom_access_iterator_tag@2@@Z
?_Construct@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXQBD0Urandom_access_iterator_tag@2@@Z
?_Construct_lv_contents@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXABV12@@Z
?_Copy_assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXABV12@U?$integral_constant@_N$00@2@@Z
?_Copy_assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXABV12@U?$integral_constant@_N$0A@@2@@Z
?_Copy_assign_val_from_small@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXABV12@@Z
?_Copy_s@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIQADIII@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Equal@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NABV12@@Z
?_Equal@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NQBD@Z
?_Erase_noexcept@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAV12@II@Z
?_Getal@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAV?$allocator@D@2@XZ
?_Getal@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABEABV?$allocator@D@2@XZ
?_Memcpy_val_from@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXABV12@@Z
?_Move_assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXAAV12@U?$integral_constant@_N$00@2@@Z
?_Move_assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXAAV12@U?$integral_constant@_N$0A@@2@@Z
?_Move_assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXAAV12@U_Equal_allocators@2@@Z
?_Orphan_all@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?_Swap_bx_large_with_small@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV?$_String_val@U?$_Simple_types@D@std@@@2@0@Z
?_Swap_data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
?_Swap_proxy_and_iterators@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXAAV12@@Z
?_Take_contents@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXAAV12@@Z
?_Tidy_deallocate@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Tidy_init@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Unchecked_begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ
?_Unchecked_begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?_Unchecked_end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ
?_Unchecked_end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@QBD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@QBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@V?$initializer_list@D@2@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@$$QAV12@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@QBD@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@QBDI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@V?$initializer_list@D@2@@Z
?at@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?at@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
?back@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADXZ
?back@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDXZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@2@XZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$_String_const_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@2@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?capacity@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?cbegin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$_String_const_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@2@XZ
?cend@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$_String_const_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@2@XZ
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHABV12@@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIABV12@@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIABV12@II@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIQBD@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIQBDI@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHQBD@Z
?copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIQADII@Z
?crbegin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$reverse_iterator@V?$_String_const_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@std@@@2@XZ
?crend@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$reverse_iterator@V?$_String_const_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@std@@@2@XZ
?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@2@XZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$_String_const_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@2@XZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@2@V?$_String_const_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@2@0@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@2@V?$_String_const_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@2@@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@I@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIQBDI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIQBDII@Z
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIQBDI@Z
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIQBDII@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIQBDI@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIQBDII@Z
?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIQBDI@Z
?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIQBDII@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIQBDI@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIQBDII@Z
?front@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADXZ
?front@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDXZ
?getEventType@MvcMessage@MvcMgmt@@UAEGXZ
?get_allocator@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$allocator@D@2@XZ
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@2@V?$_String_const_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@2@D@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@2@V?$_String_const_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@2@ID@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@2@V?$_String_const_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@2@V?$initializer_list@D@2@@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IABV12@@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IABV12@II@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IID@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IQBD@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IQBDI@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?pop_back@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?push_back@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXD@Z
?rbegin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$reverse_iterator@V?$_String_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@std@@@2@XZ
?rbegin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$reverse_iterator@V?$_String_const_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@std@@@2@XZ
?rend@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$reverse_iterator@V?$_String_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@std@@@2@XZ
?rend@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$reverse_iterator@V?$_String_const_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@std@@@2@XZ
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@II@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIID@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIQBD@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIQBDI@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@V?$_String_const_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@2@0ABV12@@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@V?$_String_const_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@2@0ID@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@V?$_String_const_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@2@0QBD@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@V?$_String_const_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@2@0QBDI@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@V?$_String_const_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@2@0V?$initializer_list@D@2@@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXID@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIQBDI@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIQBDII@Z
?setEventType@MvcMessage@MvcMgmt@@UAEXG@Z
?shrink_to_fit@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
compatVersion
createAuditorInstance
createCalcEngineInstance
createInterviewHierarchy
createMacroExpanderInstance
createTaxFormPrinterInstance
createTaxReturnInstance
createTaxSummaryReport
createTifFileWriterInstance

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 463KB - Virtual size: 464KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
저작권 침해에 대한 증거 및 자료 - 스타쉽 엔터테인먼트.exe
.exe windows:5 windows x86 arch:x86

e456fbce099e309bfeaff191fcf3b1ee

Code Sign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6a:e1:85:c2:92:81:e4:14:ea:62:0e:1d
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

13/11/2017, 16:48

Not After

13/02/2021, 16:48

Subject

CN=Haihaisoft Limited,O=Haihaisoft Limited,L=Hong Kong,ST=Hong Kong,C=HK,1.2.840.113549.1.9.1=#0c156a6f7365706840686169686169736f66742e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

40:cb:42:89:5c:3e:74:94:26:97:ad:2f
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/01/2017, 10:00

Not After

24/02/2028, 10:00

Subject

CN=GlobalSign TSA for Advanced - G3 - 001-02,O=GMO GlobalSign K.K.,C=JP

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:3e:9f:9c:65:a4:62:ce:88:5d:59:c6:1d:1c:ac:b2:d0:fa:2e:e7
Signer

Actual PE Digest

20:3e:9f:9c:65:a4:62:ce:88:5d:59:c6:1d:1c:ac:b2:d0:fa:2e:e7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

m:\sumatrapdf\hpreader-windows-standard\hpreader\Release\hpreader.pdb

Imports

wininet

HttpOpenRequestW
HttpQueryInfoW
InternetConnectW
FtpCommandA
FtpFindFirstFileA
HttpEndRequestW
InternetWriteFile
HttpSendRequestExA
InternetQueryOptionW
HttpSendRequestA
InternetGetCookieA
InternetGetLastResponseInfoW
InternetConnectA
HttpQueryInfoA
InternetGetLastResponseInfoA
InternetCloseHandle
InternetSetOptionW
InternetOpenA
InternetCreateUrlA
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetReadFile
InternetOpenUrlW
HttpOpenRequestA
InternetOpenW

gdiplus

GdipGetImageWidth
GdipInvertMatrix
GdipCloneImage
GdipDeleteMatrix
GdipSaveImageToFile
GdipTransformMatrixPoints
GdipCreateHBITMAPFromBitmap
GdipGetImageEncoders
GdipRotateMatrix
GdipDisposeImage
GdipGetImageEncodersSize
GdipTranslateMatrix
GdipDrawImageI
GdipGetImageVerticalResolution
GdipSetWorldTransform
GdipSetClipRectI
GdipCreateMatrix
GdipCreateBitmapFromStream
GdipGetImageHeight
GdipScaleMatrix
GdipCloneBitmapAreaI
GdipGetImageHorizontalResolution
GdipCreateBitmapFromStreamICM
GdipFillEllipseI
GdipCreatePen1
GdipDrawLineI
GdipFillRectangleI
GdipSetCompositingQuality
GdipCreateFromHDC
GdipSetPageUnit
GdipAlloc
GdipCreateSolidFill
GdipSetSmoothingMode
GdipDeleteGraphics
GdipCloneBrush
GdipDeletePen
GdipFree
GdiplusShutdown
GdipDeleteBrush
GdipSetPenDashOffset
GdipSetPenLineJoin
GdipSetPixelOffsetMode
GdipCreatePath
GdipCloneFontFamily
GdipRestoreGraphics
GdipBitmapLockBits
GdipStringFormatGetGenericTypographic
GdipSetInterpolationMode
GdipGetCellAscent
GdipFillPath
GdipCreateFontFamilyFromName
GdipCreateRegion
GdipDeletePrivateFontCollection
GdipFillRectangle
GdipTranslateWorldTransform
GdipSetCompositingMode
GdipGetWorldTransform
GdipNewPrivateFontCollection
GdipDrawString
GdipCreateImageAttributes
GdipGetGenericFontFamilySansSerif
GdipClonePath
GdipDeleteRegion
GdipTransformPath
GdipGetClipBoundsI
GdipDeletePath
GdipCreateRegionPath
GdipCreateFont
GdipCreateMatrix2
GdipSaveGraphics
GdiplusStartup
GdipDisposeImageAttributes
GdipBitmapUnlockBits
GdipIsStyleAvailable
GdipSetClipRegion
GdipGetFontCollectionFamilyList
GdipCreatePath2
GdipSetImageAttributesColorMatrix
GdipDrawImageRectRectI
GdipGetEmHeight
GdipAddPathPath
GdipFillPolygon
GdipPrivateAddFontFile
GdipGetFamilyName
GdipDrawImagePointsRect
GdipSetTextRenderingHint
GdipSetPageScale
GdipDrawPath
GdipGetClip
GdipDeleteFont
GdipCreateBitmapFromScan0
GdipGetDpiY
GdipSetPenDashArray
GdipGetImageGraphicsContext
GdipDrawImageRectI
GdipGetFontCollectionFamilyCount
GdipGetMatrixElements
GdipTransformRegion
GdipCreateRegionRectI
GdipGetRegionBounds
GdipSetPenLineCap197819
GdipWidenPath
GdipCreatePen2
GdipDeleteFontFamily
GdipSetPenMiterLimit

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

WaitForMultipleObjects
QueryPerformanceCounter
SetThreadExecutionState
QueryPerformanceFrequency
GetSystemTime
GetTickCount
CreateFileA
GetFileSize
SetFilePointer
ReadFile
LocalFree
FormatMessageW
SetLastError
GetVersionExA
GetModuleHandleW
lstrcmpW
LoadLibraryA
CompareStringW
GlobalFindAtomW
FreeResource
GetModuleFileNameW
MoveFileW
GetThreadLocale
WriteFile
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetVolumeInformationW
GetFullPathNameW
FileTimeToLocalFileTime
GetFileAttributesExW
LocalFileTimeToFileTime
SetFileTime
GetFileAttributesW
GetFileSizeEx
GetFileTime
InterlockedExchange
CompareStringA
LoadLibraryExW
lstrcmpA
EnumResourceLanguagesW
ConvertDefaultLocale
WritePrivateProfileStringW
ResetEvent
GlobalGetAtomNameW
RaiseException
LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
lstrlenA
GlobalFlags
SetErrorMode
GetSystemDirectoryW
GetStartupInfoW
HeapAlloc
HeapFree
UnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
GetDriveTypeW
HeapReAlloc
RtlUnwind
VirtualProtect
VirtualAlloc
HeapSize
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
GetCPInfo
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
LCMapStringW
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetFileAttributesA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetFileInformationByHandle
PeekNamedPipe
GetCurrentDirectoryA
SetCurrentDirectoryA
GetTimeZoneInformation
LCMapStringA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateProcessA
GetProcessHeap
FreeEnvironmentStringsA
GetEnvironmentStrings
SetEnvironmentVariableA
GetDriveTypeA
GetFullPathNameA
GetLongPathNameW
AllocConsole
CreateProcessW
SetConsoleScreenBufferSize
GetConsoleScreenBufferInfo
GetVersion
InterlockedCompareExchange
CreateDirectoryA
FindFirstFileA
FindNextFileA
DeleteFileA
IsDBCSLeadByte
SetFileAttributesA
DeviceIoControl
lstrcpynW
GetWindowsDirectoryW
GetOverlappedResult
ReadDirectoryChangesW
ResumeThread
SuspendThread
GetCurrentProcessId
Module32NextW
GetCurrentThreadId
GetModuleHandleA
GetModuleFileNameA
GetSystemInfo
Module32FirstW
GlobalMemoryStatusEx
OpenThread
CreateFileW
Thread32Next
GetVersionExW
Thread32First
FormatMessageA
GetCurrentThread
SetEvent
SetUnhandledExceptionFilter
VirtualQuery
GetLocaleInfoA
GetThreadContext
GetLogicalDrives
GetShortPathNameW
GetTempPathW
GetExitCodeProcess
GetTempFileNameW
GetEnvironmentVariableW
GetUserDefaultUILanguage
GetTimeFormatW
GetLocaleInfoW
GetDateFormatW
DeleteCriticalSection
CreateEventW
EnterCriticalSection
GetPrivateProfileIntW
LeaveCriticalSection
InitializeCriticalSection
GetPrivateProfileStringW
GetSystemTimeAsFileTime
GetCommandLineW
GlobalAddAtomW
GlobalDeleteAtom
GlobalUnlock
WaitForSingleObject
GetProfileStringW
GlobalLock
InterlockedIncrement
MulDiv
InterlockedDecrement
FreeLibrary
GetProcAddress
LoadLibraryW
GetCurrentProcess
lstrcatW
lstrcpyW
QueryDosDeviceW
lstrcmpiW
GetLogicalDriveStringsW
GlobalFree
GlobalAlloc
TerminateProcess
OpenProcess
TerminateThread
GetACP
WideCharToMultiByte
SetFileAttributesW
CreateDirectoryW
FileTimeToSystemTime
lstrlenW
Sleep
SystemTimeToFileTime
GetLocalTime
FindClose
DeleteFileW
FindResourceW
LoadResource
LockResource
SizeofResource
FindNextFileW
FindFirstFileW
Process32NextW
Process32FirstW
GetLastError
CreateToolhelp32Snapshot
CreateThread
MultiByteToWideChar
CloseHandle
MoveFileA

user32

SetWindowTextW
IsWindowEnabled
GetWindowThreadProcessId
CharUpperW
GetNextDlgTabItem
CreateDialogIndirectParamW
GetActiveWindow
GetDesktopWindow
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
MapDialogRect
SetWindowContextHelpId
RegisterClipboardFormatW
ValidateRect
TranslateMessage
GetMessageW
ShowOwnedPopups
LoadMenuW
TranslateAcceleratorW
BringWindowToTop
SetRectEmpty
InsertMenuItemW
LoadAcceleratorsW
InflateRect
GetSysColorBrush
GetMenuItemInfoW
UnregisterClassW
CharNextW
CopyAcceleratorTableW
IsRectEmpty
SetRect
InvalidateRgn
PostThreadMessageW
MonitorFromWindow
OemToCharA
CharToOemA
CharLowerA
CharUpperA
CharToOemBuffW
OemToCharBuffA
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetDlgCtrlID
CopyRect
PtInRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindow
GetMenuState
GetMenuItemCount
GetSubMenu
IsCharAlphaNumericW
wsprintfA
GetMonitorInfoW
MonitorFromRect
FindWindowExW
LoadImageW
GetNextDlgGroupItem
ClientToScreen
SetWindowRgn
DrawFocusRect
OffsetRect
DrawEdge
WindowFromPoint
HideCaret
ShowCaret
SetClassLongW
PostQuitMessage
IsZoomed
IsDialogMessageW
TrackMouseEvent
IsCharUpperW
CharLowerW
GetForegroundWindow
GetScrollInfo
LoadBitmapW
ShowScrollBar
GetCursor
IsWindowVisible
UnregisterHotKey
SetScrollInfo
GetScrollPos
DialogBoxIndirectParamW
DialogBoxParamW
EndDialog
SendDlgItemMessageW
CheckDlgButton
IsDlgButtonChecked
CheckRadioButton
SetDlgItemTextW
SetActiveWindow
CloseClipboard
SetCapture
GetCapture
EmptyClipboard
OpenClipboard
ReleaseCapture
SetClipboardData
PostMessageW
ReuseDDElParam
MessageBeep
UnpackDDElParam
GetDlgItem
EndPaint
SetCursor
ScreenToClient
DrawTextW
BeginPaint
GetDC
ReleaseDC
GetSysColor
SetWindowPos
GetCursorPos
DrawFrameControl
GetMenuItemID
GetParent
ModifyMenuW
CheckMenuRadioItem
SetMenu
InsertMenuW
CheckMenuItem
GetMenu
DrawIcon
GetSystemMetrics
IsIconic
FillRect
wsprintfW
MoveWindow
SetParent
IsWindow
FindWindowW
DestroyWindow
GetWindowRect
TrackPopupMenu
SetForegroundWindow
CreateMenu
SetFocus
GetWindowLongW
AppendMenuW
EnableMenuItem
SetWindowLongW
RedrawWindow
CreatePopupMenu
RemoveMenu
MapWindowPoints
DestroyMenu
SetMenuItemInfoW
CallWindowProcW
GetMessagePos
RegisterClassExW
LoadIconW
CreateWindowExW
UpdateWindow
DefWindowProcW
EnableWindow
InvalidateRect
KillTimer
GetFocus
SetTimer
RegisterHotKey
ShowWindow
SystemParametersInfoW
GetWindowDC
GrayStringW
DrawTextExW
TabbedTextOutW
RegisterWindowMessageW
SendDlgItemMessageA
WinHelpW
IsChild
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SendMessageW
LoadCursorW
GetClientRect
GetWindowTextLengthW
GetWindowTextW
GetLastActivePopup
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
PeekMessageW
GetKeyState
GetClassInfoExW
MessageBoxW

gdi32

GetObjectW
BitBlt
GetPixel
CreateRectRgn
CombineRgn
CreateDIBitmap
GetClipBox
SaveDC
RestoreDC
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
CreateCompatibleBitmap
ScaleWindowExtEx
LineTo
ExtSelectClipRgn
CreatePatternBrush
CreateBitmap
CreateRectRgnIndirect
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
Rectangle
StretchBlt
GetDIBits
SelectClipRgn
SetDIBits
CreateCompatibleDC
ExcludeClipRect
SetWorldTransform
SetGraphicsMode
SetStretchBltMode
CreateRoundRectRgn
CreatePen
RoundRect
GetStockObject
EndPage
StartPage
DeleteDC
CreateDCW
SetMapMode
StartDocW
EndDoc
AbortDoc
SetTextColor
CreateFontIndirectW
GetDeviceCaps
SetBkColor
SetBkMode
SelectObject
CreateSolidBrush
DeleteObject
GetTextExtentPoint32W
CreateFontW
SetWindowExtEx
FloodFill
MoveToEx

msimg32

AlphaBlend

comdlg32

GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError
PrintDlgExW
GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ord203
ClosePrinter

advapi32

RegOpenKeyExW
SetFileSecurityA
SetFileSecurityW
RegQueryValueExW
RegDeleteValueW
RegQueryValueExA
RegSetKeySecurity
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey
RegQueryValueW
RegDeleteKeyW
RegOpenKeyW
RegEnumKeyW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegSetValueExW
RegCreateKeyExW

shell32

SHGetFileInfoW
SHChangeNotify
SHAddToRecentDocs
DragQueryFileW
DragFinish
SHGetFolderPathW
SHGetDesktopFolder
ShellExecuteExW
SHBindToParent
DragAcceptFiles
SHGetSpecialFolderPathW
ShellExecuteW

comctl32

InitCommonControlsEx
CreatePropertySheetPageW
_TrackMouseEvent
ImageList_Draw

shlwapi

StrStrW
StrRStrIW
StrStrIW
PathStripToRootW
PathIsUNCW
PathFindFileNameW
PathFindExtensionW
SHDeleteKeyW
PathAppendW
SHSetValueW
PathIsRelativeW

oledlg

OleUIBusyW

ole32

CoSetProxyBlanket
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CreateStreamOnHGlobal
CoCreateGuid
CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysStringLen
VariantClear
VariantInit
SysAllocString
SysAllocStringLen
VariantChangeType
VariantCopy
DispCallFunc
LoadRegTypeLi
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayCreate
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
SysFreeString

psapi

EnumProcesses
GetProcessImageFileNameW

ws2_32

closesocket
recv
gethostname
gethostbyname
WSAStartup
socket
htons
bind
listen
WSAGetLastError
accept
send
connect

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 399KB - Virtual size: 496KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 187KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e456fbce099e309bfeaff191fcf3b1ee

Code Sign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cdCertificate

Extended Key Usages

Key Usages

6a:e1:85:c2:92:81:e4:14:ea:62:0e:1dCertificate

Extended Key Usages

Key Usages

40:cb:42:89:5c:3e:74:94:26:97:ad:2fCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

20:3e:9f:9c:65:a4:62:ce:88:5d:59:c6:1d:1c:ac:b2:d0:fa:2e:e7Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

gdiplus

version

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

psapi

ws2_32

Sections

.text Size: 2.8MB - Virtual size: 2.8MB

.rdata Size: 2.7MB - Virtual size: 2.7MB

.data Size: 399KB - Virtual size: 496KB

.rsrc Size: 187KB - Virtual size: 186KB

35df53ce9fc03786a6a1d9def6f6bec8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Exports

Exports

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 463KB - Virtual size: 464KB

.data Size: 25KB - Virtual size: 176KB

.rsrc Size: 1.8MB - Virtual size: 1.8MB

e456fbce099e309bfeaff191fcf3b1ee

Code Sign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cdCertificate

Extended Key Usages

Key Usages

6a:e1:85:c2:92:81:e4:14:ea:62:0e:1dCertificate

Extended Key Usages

Key Usages

40:cb:42:89:5c:3e:74:94:26:97:ad:2fCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

20:3e:9f:9c:65:a4:62:ce:88:5d:59:c6:1d:1c:ac:b2:d0:fa:2e:e7Signer

Headers

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

6a:e1:85:c2:92:81:e4:14:ea:62:0e:1d
Certificate

40:cb:42:89:5c:3e:74:94:26:97:ad:2f
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

20:3e:9f:9c:65:a4:62:ce:88:5d:59:c6:1d:1c:ac:b2:d0:fa:2e:e7
Signer

.text
Size: 2.8MB - Virtual size: 2.8MB

.rdata
Size: 2.7MB - Virtual size: 2.7MB

.data
Size: 399KB - Virtual size: 496KB

.rsrc
Size: 187KB - Virtual size: 186KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 463KB - Virtual size: 464KB

.data
Size: 25KB - Virtual size: 176KB

.rsrc
Size: 1.8MB - Virtual size: 1.8MB

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

6a:e1:85:c2:92:81:e4:14:ea:62:0e:1d
Certificate

40:cb:42:89:5c:3e:74:94:26:97:ad:2f
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

20:3e:9f:9c:65:a4:62:ce:88:5d:59:c6:1d:1c:ac:b2:d0:fa:2e:e7
Signer

.text
Size: 2.8MB - Virtual size: 2.8MB

.rdata
Size: 2.7MB - Virtual size: 2.7MB

.data
Size: 399KB - Virtual size: 496KB

.rsrc
Size: 187KB - Virtual size: 186KB