d8ba621fb69e9f5b0b785b4d2ff7a5ac049d8957ee01f0133829af0143a49df9[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

d8ba621fb69e9f5b0b785b4d2ff7a5ac049d8957ee01f0133829af0143a49df9.exe
Size

20.6MB
MD5

1c5800aa80cdfe929b8db04c3ea740dd
SHA1

0632fbea6943f84c95d0356c92d511518281e3ee
SHA256

d8ba621fb69e9f5b0b785b4d2ff7a5ac049d8957ee01f0133829af0143a49df9
SHA512

d72503adf47b3e762c20534a4434640efdaf714395c5ba4eb770c90f7b2ca01e051969d4721d9731eb330bd8534e74ae7b4d89027d5ab7fba5c458c54b3f4887
SSDEEP

393216:q5brUX4WBT7PSERJRj0Xijv7qQ7amlAs52QW7DFzR4cQ0YvXMyrf5Sjsu:qlUX4WJzRhvuOAsY9LQ0Y0yrf5SAu

Score

1^/10

Malware Config

Signatures

Files

d8ba621fb69e9f5b0b785b4d2ff7a5ac049d8957ee01f0133829af0143a49df9.exe
.exe windows:5 windows x86 arch:x86

c552a31531df962b2298e689961d15c2

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0b:37:67:40:c1:e4:c4:0a:e1:b6:48:ae:f0:9e:a9:11
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

19/08/2022, 00:00

Not After

19/08/2023, 23:59

Subject

SERIALNUMBER=91330201MA2H83P31L,CN=Ningbo Kunda Intelligent Technology Co.\, Ltd.,O=Ningbo Kunda Intelligent Technology Co.\, Ltd.,ST=Shanghai,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#1316446178696520446576656c6f706d656e74205a6f6e65,1.3.6.1.4.1.311.60.2.1.2=#13085a68656a69616e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:37:67:40:c1:e4:c4:0a:e1:b6:48:ae:f0:9e:a9:11
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

19/08/2022, 00:00

Not After

19/08/2023, 23:59

Subject

SERIALNUMBER=91330201MA2H83P31L,CN=Ningbo Kunda Intelligent Technology Co.\, Ltd.,O=Ningbo Kunda Intelligent Technology Co.\, Ltd.,ST=Shanghai,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#1316446178696520446576656c6f706d656e74205a6f6e65,1.3.6.1.4.1.311.60.2.1.2=#13085a68656a69616e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

15:ce:f8:7f:9a:f6:92:11:ed:fa:16:7b:d2:e5:1e:3b:78:4e:4e:a1:ad:fe:f1:25:ec:dd:38:0b:6f:a4:da:14
Signer

Actual PE Digest

15:ce:f8:7f:9a:f6:92:11:ed:fa:16:7b:d2:e5:1e:3b:78:4e:4e:a1:ad:fe:f1:25:ec:dd:38:0b:6f:a4:da:14

Digest Algorithm

sha256

PE Digest Matches

true

45:14:6f:ce:96:84:a2:49:40:4f:d8:33:10:0b:fa:f2:c3:99:76:6a
Signer

Actual PE Digest

45:14:6f:ce:96:84:a2:49:40:4f:d8:33:10:0b:fa:f2:c3:99:76:6a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
GetPrivateProfileStringW
WritePrivateProfileStringW
MoveFileW
MultiByteToWideChar
WideCharToMultiByte
CreateFileW
GetFileSize
GetTickCount
GetModuleFileNameW
GetProcAddress
GetCommandLineW
SetEnvironmentVariableW
WriteFile
GetTempPathW
SetErrorMode
HeapAlloc
HeapFree
GetProcessHeap
GetCurrentProcess
GetCurrentProcessId
ExitProcess
GetVersion
GetWindowsDirectoryW
LoadLibraryW
CopyFileW
GetDiskFreeSpaceW
CreateThread
GlobalLock
GlobalUnlock
lstrcmpiW
lstrlenW
CreateDirectoryW
GetTempFileNameW
RemoveDirectoryW
WaitForSingleObject
GetExitCodeProcess
CreateProcessW
GetSystemDirectoryW
GetModuleHandleA
lstrcmpiA
lstrcpyA
lstrcatW
MoveFileExW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
VirtualQuery
RtlUnwind
IsProcessorFeaturePresent
lstrcmpW
FormatMessageW
MulDiv
LocalFree
GlobalFree
GlobalAlloc
LoadLibraryExW
GetModuleHandleW
FreeLibrary
Sleep
GetLastError
CloseHandle
SetFileTime
SetFilePointer
SetFileAttributesW
ReadFile
GetShortPathNameW
GetFullPathNameW
GetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
CompareFileTime
SearchPathW
SetCurrentDirectoryW
lstrcpynW
ExpandEnvironmentStringsW

user32

ScreenToClient
GetSysColor
GetWindowLongW
SetClassLongW
LoadCursorW
SystemParametersInfoW
wsprintfA
DispatchMessageW
PeekMessageW
SetDlgItemTextW
GetDlgItemTextW
SetCursor
CharPrevW
MessageBoxIndirectW
GetSystemMetrics
IsWindowEnabled
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
CheckDlgButton
EndDialog
DialogBoxParamW
GetWindowRect
TrackPopupMenu
AppendMenuW
EnableMenuItem
CreatePopupMenu
CharNextA
GetSystemMenu
IsWindowVisible
SetWindowPos
CreateWindowExW
GetClassInfoW
RegisterClassW
CallWindowProcW
GetMessagePos
CharNextW
ExitWindowsEx
SetWindowTextW
CreateDialogParamW
DestroyWindow
PostMessageW
LoadImageW
FindWindowExW
SetWindowLongW
InvalidateRect
ReleaseDC
GetDC
DefWindowProcW
DrawTextW
BeginPaint
EndPaint
GetClientRect
SetForegroundWindow
EnableWindow
GetDlgItem
ShowWindow
IsWindow
PostQuitMessage
SendMessageTimeoutW
SendMessageW
wsprintfW
FillRect
SetTimer

gdi32

SetBkColor
GetDeviceCaps
SetTextColor
SetBkMode
SelectObject
DeleteObject
CreateBrushIndirect
CreateFontIndirectW

shell32

ShellExecuteExW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegQueryValueExW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegSetValueExW
RegCreateKeyExW
SetFileSecurityW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyW
RegEnumValueW
RegOpenKeyExW

comctl32

ImageList_Create
ImageList_Destroy
ImageList_AddMasked
ord17

ole32

OleUninitialize
OleInitialize
CoCreateInstance
CoTaskMemFree

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ndata
Size: - Virtual size: 364KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/FileInfo.dll
.dll windows:5 windows x86 arch:x86

d1d0851e29e04e553130ee237930c418

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0b:37:67:40:c1:e4:c4:0a:e1:b6:48:ae:f0:9e:a9:11
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

19/08/2022, 00:00

Not After

19/08/2023, 23:59

Subject

SERIALNUMBER=91330201MA2H83P31L,CN=Ningbo Kunda Intelligent Technology Co.\, Ltd.,O=Ningbo Kunda Intelligent Technology Co.\, Ltd.,ST=Shanghai,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#1316446178696520446576656c6f706d656e74205a6f6e65,1.3.6.1.4.1.311.60.2.1.2=#13085a68656a69616e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:37:67:40:c1:e4:c4:0a:e1:b6:48:ae:f0:9e:a9:11
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

19/08/2022, 00:00

Not After

19/08/2023, 23:59

Subject

SERIALNUMBER=91330201MA2H83P31L,CN=Ningbo Kunda Intelligent Technology Co.\, Ltd.,O=Ningbo Kunda Intelligent Technology Co.\, Ltd.,ST=Shanghai,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#1316446178696520446576656c6f706d656e74205a6f6e65,1.3.6.1.4.1.311.60.2.1.2=#13085a68656a69616e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

67:dc:80:d5:a8:c2:fc:63:74:48:4c:80:f3:ed:aa:07:59:97:85:42:02:ba:0f:b9:4b:e2:ba:a4:e1:36:2a:30
Signer

Actual PE Digest

67:dc:80:d5:a8:c2:fc:63:74:48:4c:80:f3:ed:aa:07:59:97:85:42:02:ba:0f:b9:4b:e2:ba:a4:e1:36:2a:30

Digest Algorithm

sha256

PE Digest Matches

true

0b:3a:df:50:35:4f:54:b1:7d:8e:96:67:b4:5d:f6:ff:ca:b6:40:a1
Signer

Actual PE Digest

0b:3a:df:50:35:4f:54:b1:7d:8e:96:67:b4:5d:f6:ff:ca:b6:40:a1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

TerminateProcess
WaitForSingleObject
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
CloseHandle
GetCurrentProcessId
MultiByteToWideChar
GlobalAlloc
GlobalFree
WideCharToMultiByte
lstrcpyW
SetLastError
GetCurrentProcess
MoveFileExW
WriteFile
SetFilePointer
CreateFileW
GetFileSize
GetExitCodeProcess
GetProcAddress
GetModuleHandleW
LoadLibraryExW
GetModuleFileNameW
InterlockedExchange
InterlockedExchangeAdd
GetTickCount
lstrlenW
LoadLibraryW
FreeLibrary
OutputDebugStringW
DeleteFileW
GetLastError
Sleep
SetFileAttributesW
GetFileAttributesW
CreateMutexW
lstrcpynW
CreateProcessW
WriteConsoleW
SetFilePointerEx
HeapSize
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetStdHandle
GetTimeZoneInformation
HeapReAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
FormatMessageW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
DecodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
InitializeCriticalSection
GetVersionExW
LockResource
LoadResource
FindResourceW
lstrcmpiW
ResumeThread
GetACP
FindFirstFileW
FindClose
QueryDosDeviceW
GetEnvironmentVariableW
RaiseException
GetLongPathNameW
GetFileAttributesExW
ReadFile
SetEndOfFile
GetFileSizeEx
SetEvent
ResetEvent
HeapFree
HeapAlloc
LocalFree
GetProcessHeap
GetLogicalDriveStringsW
CreateDirectoryW
GetFullPathNameW
GetTempPathW
GetWindowsDirectoryW
GetTempFileNameW
ReleaseMutex
RtlUnwind
InterlockedFlushSList
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
CreateThread
ExitThread
FreeLibraryAndExitThread
GetStdHandle
GetFileType
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA

user32

wsprintfW

advapi32

SetTokenInformation
AllocateAndInitializeSid
OpenProcessToken
FreeSid
CreateProcessAsUserW
GetLengthSid
DuplicateTokenEx

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW

ole32

CoTaskMemFree

Exports

Exports

CheckInstallerInstance
CheckUserID_01
CheckUserID_02
CheckUserID_03
CheckUserID_04
CheckUserID_05
CheckUserID_06
CreateLowIntegrityProcess
DeleteInstallFile
EndSafeCenterConfigRequest
FindProcess
GetSafeCenterCloseReason
GetSafeCenterConfig
GetSpecialBuild
IsSafeCenterExist
IsSafeCenterOpen
IsSafeCenterValidForPic
IsValidUserID
KillProcess
UnInstallSafeCenter

Sections

.text
Size: 429KB - Virtual size: 429KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/RCWidgetPlugin.dll
.dll windows:5 windows x86 arch:x86

c4652d554298f02fd349d67956bc914f

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0b:37:67:40:c1:e4:c4:0a:e1:b6:48:ae:f0:9e:a9:11
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

19/08/2022, 00:00

Not After

19/08/2023, 23:59

Subject

SERIALNUMBER=91330201MA2H83P31L,CN=Ningbo Kunda Intelligent Technology Co.\, Ltd.,O=Ningbo Kunda Intelligent Technology Co.\, Ltd.,ST=Shanghai,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#1316446178696520446576656c6f706d656e74205a6f6e65,1.3.6.1.4.1.311.60.2.1.2=#13085a68656a69616e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:37:67:40:c1:e4:c4:0a:e1:b6:48:ae:f0:9e:a9:11
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

19/08/2022, 00:00

Not After

19/08/2023, 23:59

Subject

SERIALNUMBER=91330201MA2H83P31L,CN=Ningbo Kunda Intelligent Technology Co.\, Ltd.,O=Ningbo Kunda Intelligent Technology Co.\, Ltd.,ST=Shanghai,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#1316446178696520446576656c6f706d656e74205a6f6e65,1.3.6.1.4.1.311.60.2.1.2=#13085a68656a69616e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

af:ef:c8:5a:e8:db:b9:a0:10:ff:4e:13:16:85:9f:1c:b4:1f:0b:40:b5:9c:11:00:60:e4:ee:77:c4:56:7a:b7
Signer

Actual PE Digest

af:ef:c8:5a:e8:db:b9:a0:10:ff:4e:13:16:85:9f:1c:b4:1f:0b:40:b5:9c:11:00:60:e4:ee:77:c4:56:7a:b7

Digest Algorithm

sha256

PE Digest Matches

true

60:56:15:2e:d8:cc:4e:3b:a8:8d:67:dc:79:5b:ec:7e:3a:a9:15:d7
Signer

Actual PE Digest

60:56:15:2e:d8:cc:4e:3b:a8:8d:67:dc:79:5b:ec:7e:3a:a9:15:d7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLocalTime
FormatMessageW
SystemTimeToFileTime
SetFileTime
LocalFileTimeToFileTime
CreateDirectoryW
ExitProcess
VirtualQuery
SetThreadContext
GetThreadContext
CreateToolhelp32Snapshot
Thread32First
Thread32Next
InterlockedCompareExchange
WriteConsoleW
GetConsoleCP
FlushFileBuffers
SetStdHandle
HeapSize
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
GetTimeZoneInformation
SetFilePointerEx
ReadConsoleW
GetConsoleMode
HeapReAlloc
GetStringTypeW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetModuleFileNameA
FreeLibraryAndExitThread
ExitThread
TlsFree
InterlockedFlushSList
RtlUnwind
GetFileType
GetStdHandle
LoadLibraryExA
VirtualFree
VirtualAlloc
InterlockedPushEntrySList
InterlockedPopEntrySList
EncodePointer
FlushInstructionCache
VerifyVersionInfoW
HeapCreate
OutputDebugStringA
GetModuleHandleExW
VirtualProtect
TlsGetValue
CreateThread
TlsAlloc
DisableThreadLibraryCalls
GetModuleHandleA
TlsSetValue
MapViewOfFileEx
CreateFileMappingW
UnmapViewOfFile
QueryPerformanceFrequency
CreateWaitableTimerW
SetWaitableTimer
LocalAlloc
InterlockedIncrement
InterlockedDecrement
lstrcmpW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
WaitForSingleObjectEx
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
MulDiv
VerSetConditionMask
GlobalLock
GlobalUnlock
GetCurrentDirectoryW
GetCurrentThreadId
GetCurrentProcess
GetModuleHandleW
GlobalMemoryStatusEx
GetACP
SetEvent
WaitForMultipleObjects
GetFileSize
DeleteFileW
Sleep
SetEndOfFile
SetFilePointer
WriteFile
InterlockedExchangeAdd
SetLastError
InterlockedExchange
GetVersionExW
ExpandEnvironmentStringsW
GetPrivateProfileStringW
GetTickCount
LocalFree
GetCommandLineW
CreateFileW
SetErrorMode
GetModuleFileNameW
ReadFile
lstrcatW
GetFileAttributesW
FindClose
lstrlenW
FindFirstFileW
FreeLibrary
LoadLibraryW
FindResourceW
LoadResource
LockResource
FreeResource
SizeofResource
GetExitCodeProcess
GetCurrentProcessId
OpenProcess
WaitForSingleObject
GetSystemInfo
DeleteCriticalSection
DecodePointer
RaiseException
GetLastError
InitializeCriticalSectionAndSpinCount
lstrcpyW
WideCharToMultiByte
GlobalFree
GetFileSizeEx
DeviceIoControl
GetLogicalDriveStringsW
ReleaseMutex
CreateMutexW
MoveFileW
GetTempFileNameW
CopyFileW
MoveFileExW
GetWindowsDirectoryW
SetFileAttributesW
GetTempPathW
GetFullPathNameW
ResetEvent
CreateEventW
FileTimeToSystemTime
QueryDosDeviceW
FindNextFileW
GetEnvironmentVariableW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
OpenThread
GlobalAlloc
MultiByteToWideChar
lstrcpynW
LoadLibraryExW
SwitchToThread
SuspendThread
GetFileTime
ResumeThread
GetProcessHeap
HeapAlloc
HeapFree
GetFileAttributesExW
GetLongPathNameW
OutputDebugStringW
lstrcmpiW
CreateProcessW
GetProcAddress
CloseHandle
HeapDestroy

user32

GetForegroundWindow
GetAsyncKeyState
LoadStringW
DestroyAcceleratorTable
EnumThreadWindows
RegisterWindowMessageW
SetWindowPos
GetAncestor
OpenClipboard
GetIconInfo
ScreenToClient
ShowWindow
DrawIconEx
GetDesktopWindow
LoadBitmapW
MsgWaitForMultipleObjects
AttachThreadInput
SystemParametersInfoW
RemovePropW
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
IsClipboardFormatAvailable
GetClassLongW
SetTimer
MessageBoxA
IntersectRect
SetFocus
LoadCursorW
ShowWindowAsync
SetRectEmpty
SetCapture
SetCursor
KillTimer
PtInRect
ReleaseCapture
InvalidateRect
GetCursorPos
BeginPaint
EndPaint
GetDC
GetClientRect
ReleaseDC
TrackMouseEvent
MapVirtualKeyExW
GetKeyNameTextW
GetKeyboardLayout
SetForegroundWindow
GetGUIThreadInfo
InvalidateRgn
CreateAcceleratorTableW
DrawTextA
wsprintfA
IsWindowEnabled
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
EqualRect
UpdateWindow
ClientToScreen
GetCaretPos
SetCaretPos
ShowCaret
HideCaret
GetCaretBlinkTime
CreateCaret
TrackPopupMenu
AppendMenuW
EnableMenuItem
DestroyMenu
CreatePopupMenu
SetRect
FillRect
DrawTextW
GetWindowRgn
MoveWindow
UpdateLayeredWindow
SetWindowRgn
MonitorFromPoint
MessageBoxW
AdjustWindowRectEx
GetPropW
SetPropW
GetSystemMetrics
EnableWindow
GetClassInfoExW
RegisterClassExW
RegisterClassW
CallWindowProcW
PostQuitMessage
DefWindowProcW
InflateRect
GetMonitorInfoW
MonitorFromWindow
LoadImageW
GetWindow
GetParent
IsRectEmpty
OffsetRect
UnionRect
GetSysColor
MapWindowPoints
GetUpdateRect
GetKeyState
GetFocus
IsZoomed
IsIconic
IsWindowVisible
IsWindow
CreateWindowExW
DispatchMessageW
TranslateMessage
GetMessageW
DestroyWindow
GetWindowLongW
GetActiveWindow
LoadIconW
CharPrevW
CharNextW
GetWindowThreadProcessId
EndDialog
GetShellWindow
SetWindowLongW
SendMessageW
PostMessageW
UnregisterClassW
wsprintfW
GetWindowRect
ToAscii
CopyRect
GetKeyboardState
GetDCEx
GetWindowDC
RedrawWindow
EnumChildWindows
DialogBoxParamW
GetDlgItem
SetParent
GetClassNameW
ValidateRect
IsChild

gdi32

TextOutW
MoveToEx
GetObjectA
SetTextColor
SetStretchBltMode
StretchBlt
SetBkMode
SetBkColor
ExtSelectClipRgn
SelectClipRgn
LineTo
GetTextExtentPoint32W
GetCharABCWidthsW
CreateSolidBrush
CreateRectRgnIndirect
CreatePenIndirect
CombineRgn
PtInRegion
CreateRectRgn
GdiFlush
SetWindowOrgEx
GetObjectW
GetTextMetricsW
ExtTextOutW
GetEnhMetaFileHeader
CreatePatternBrush
CloseEnhMetaFile
SaveDC
RestoreDC
Rectangle
RemoveFontMemResourceEx
AddFontMemResourceEx
GetStockObject
GetDeviceCaps
CreatePen
CreateFontIndirectW
CreateDIBitmap
CreateCompatibleBitmap
GetClipBox
BitBlt
SelectObject
CreateDIBSection
CreateCompatibleDC
DeleteDC
DeleteObject
GetTextExtentPointA
GetRgnBox
SetViewportOrgEx
CreatePolygonRgn
SetWorldTransform
SetGraphicsMode
EnumFontsW
GetDIBits
CreateDCW
GetBitmapBits
CreateEnhMetaFileW
SetBitmapBits
CreateRoundRectRgn
PlayEnhMetaFile

advapi32

RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegCloseKey
RegQueryInfoKeyW
RegDeleteKeyW
RegCreateKeyExW
GetUserNameW
CreateProcessWithTokenW
OpenProcessToken
DuplicateTokenEx
RegEnumKeyExW

shell32

SHGetSpecialFolderLocation
SHGetSpecialFolderPathW
DragQueryFileW
SHBrowseForFolderW
CommandLineToArgvW
DragFinish
SHGetFolderPathW
ShellExecuteExW
SHGetPathFromIDListW
ShellExecuteW

ole32

CoGetClassObject
CoTaskMemRealloc
CoTaskMemAlloc
OleUninitialize
StringFromGUID2
CoUninitialize
OleInitialize
CoCreateInstance
CoTaskMemFree
OleLockRunning
CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
ReleaseStgMedium
OleDuplicateData
DoDragDrop
CoInitialize

oleaut32

LoadRegTypeLi
LoadTypeLi
OleCreateFontIndirect
DispCallFunc
SysStringLen
SysAllocStringLen
VarUI4FromStr
SysAllocString
VariantClear
VariantInit
SysFreeString

comctl32

InitCommonControlsEx
ord17
_TrackMouseEvent

gdiplus

GdipGetBrushType
GdipCombineRegionRegion
GdipAddPathRectangleI
GdipAddPathArcI
GdipAddPathEllipseI
GdipCombineRegionPath
GdipAddPathBezierI
GdipAddPathLineI
GdiplusStartup
GdiplusShutdown
GdipAlloc
GdipDrawRectangleI
GdipSetTextureTransform
GdipDeletePath
GdipAddPathLine
ord1
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipSetPenMode
GdipLoadImageFromStream
GdipSetInterpolationMode
GdipLoadImageFromStreamICM
GdipSetLineTransform
GdipSetCompositingMode
GdipCreatePath
GdipCreateHBITMAPFromBitmap
GdipFree
GdipCreateBitmapFromStream
GdipCreateRegionPath
GdipGetInterpolationMode
GdipDeleteFontFamily
GdipCloneImage
GdipDisposeImage
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetSmoothingMode
GdipGetLineTransform
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipDrawImageRectI
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageHeight
GdipGetImageWidth
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipSetImageAttributesColorMatrix
GdipSetCompositingQuality
GdipGetFamily
GdipGetTextRenderingHint
GdipAddPathString
GdipCloneStringFormat
GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipMeasureString
GdipDrawString
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipFillPath
GdipFillRectangleI
GdipDrawPath
GdipBitmapLockBits
GdipSetTextRenderingHint
GdipBitmapUnlockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipCloneBitmapAreaI
GdipGetImagePixelFormat
GdipCloneRegion
GdipGetFamilyName
GdipDeleteMatrix
GdipDrawImageRectRectI
GdipGetFontSize
GdipGetImageGraphicsContext
GdipDeleteRegion
GdipRestoreGraphics
GdipGetCellAscent
GdipGetMatrixElements
GdipGetTextureTransform
GdipCreateTexture
GdipBeginContainer2
GdipFillEllipse
GdipGetClipBoundsI
GdipSetImageAttributesWrapMode
GdipSetClipRegion
GdipCreateImageAttributes
GdipDrawArcI
GdipGetSmoothingMode
GdipClosePathFigure
GdipSetClipRectI
GdipScaleWorldTransform
GdipSetPixelOffsetMode
GdipDrawRectangle
GdipDrawLine
GdipSetPenDashStyle
GdipGraphicsClear
GdipMultiplyWorldTransform
GdipGetPathWorldBounds
GdipTransformRegion
GdipGetFontStyle
GdipCloneBitmapArea
GdipGetCellDescent
GdipSetLinePresetBlend
GdipCreateFont
GdipEndContainer
GdipCreateMatrix
GdipGetStringFormatAlign
GdipDisposeImageAttributes
GdipCreateMatrix2
GdipGetLineSpacing
GdipSetLineWrapMode
GdipCreateLineBrushI
GdipDrawImageRectRect
GdipSaveGraphics
GdipCreateFontFamilyFromName
GdipGetEmHeight
GdipGetStringFormatLineAlign

imm32

ImmSetCandidateWindow
ImmAssociateContextEx
ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext
ImmGetCompositionStringW
ImmNotifyIME

shlwapi

ord12
PathFindFileNameW
PathAppendW
StrDupW
StrToIntA
PathFileExistsW

msimg32

AlphaBlend

urlmon

CoInternetCreateSecurityManager
CoInternetCreateZoneManager

winmm

timeGetTime

ws2_32

gethostbyname
WSAStartup
gethostname

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

psapi

GetMappedFileNameW

Exports

Exports

BindSoftware
CheckInstall
CheckNeedInstallService
ExtractDll
GetCheckValue
GetInstDir
Init
OnRepair
OnSetup
OnSetupPost
OnUninstall
PopInt
PopString
PushInt
PushString
RegNeedChangeTextBySafeCenter
ShowInstall
ShowUnInstall

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 399KB - Virtual size: 399KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 830KB - Virtual size: 830KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:6 windows x86 arch:x86

216ff05c01e38b13fee53b7ace6b1894

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0b:d8:a6:92:ce:d9:a1:8c:53:0f:a8:5d:55:72:c0:d4
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/04/2020, 00:00

Not After

12/06/2023, 12:00

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:eb:8e:00:26:88:42:f0:dc:0c:60:43:a6:d5:61:91
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

02/04/2020, 00:00

Not After

12/06/2023, 12:00

Subject

CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,OU=IT,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e2:2a:29:61:3d:2e:db:f3:c1:d8:06:ab:50:62:3e:3c:ce:8a:52:6d:8c:a2:53:79:ce:9c:25:cb:c3:dd:a4:98
Signer

Actual PE Digest

e2:2a:29:61:3d:2e:db:f3:c1:d8:06:ab:50:62:3e:3c:ce:8a:52:6d:8c:a2:53:79:ce:9c:25:cb:c3:dd:a4:98

Digest Algorithm

sha256

PE Digest Matches

true

01:ff:77:6e:f8:da:13:72:ac:88:d1:3e:ed:4e:11:10:e9:9f:01:22
Signer

Actual PE Digest

01:ff:77:6e:f8:da:13:72:ac:88:d1:3e:ed:4e:11:10:e9:9f:01:22

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalSize
GlobalFree
lstrcpynW
lstrcpyW
GetLastError
VirtualAlloc
VirtualFree
VirtualProtect
FreeLibrary
GetModuleHandleW
GetProcAddress
lstrlenW
LoadLibraryW
MultiByteToWideChar
WideCharToMultiByte

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 926B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 700B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/libcurl_x86.dll
.dll windows:6 windows x86 arch:x86

64d8089c328d441f097db6a50d840bc2

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:ea:0d:de:d5:5e:c1:e1:a2:9f:c5:fb:5d:ab:4f:b2
Certificate

Issuer

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

19/05/2020, 00:00

Not After

18/05/2023, 12:00

Subject

SERIALNUMBER=91310115591679552Q,CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,ST=Shanghai,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e67686169,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:aa:43:30:0d:17:67:ac:12:49:43:54:21:65:bb:9e
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

19/05/2020, 00:00

Not After

18/05/2023, 12:00

Subject

SERIALNUMBER=91310115591679552Q,CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,ST=Shanghai,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e67686169,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e2:4a:00:44:60:0c:ad:d4:00:29:36:d8:9c:d0:cf:f5:f9:10:04:90:56:4a:4e:3e:db:e4:d1:67:0b:12:3b:45
Signer

Actual PE Digest

e2:4a:00:44:60:0c:ad:d4:00:29:36:d8:9c:d0:cf:f5:f9:10:04:90:56:4a:4e:3e:db:e4:d1:67:0b:12:3b:45

Digest Algorithm

sha256

PE Digest Matches

true

77:59:7e:f8:fc:5f:0d:2f:b5:62:1d:bf:3b:0f:de:14:9b:43:3f:64
Signer

Actual PE Digest

77:59:7e:f8:fc:5f:0d:2f:b5:62:1d:bf:3b:0f:de:14:9b:43:3f:64

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\dev\lib.vs2017\vendor\depends\curl\out\bin\Win32\release_static\pdb\libcurl_x86.pdb

Imports

ws2_32

closesocket
getpeername
getsockname
getsockopt
htons
ntohs
recv
setsockopt
socket
WSASetLastError
WSAIoctl
getaddrinfo
WSAGetLastError
freeaddrinfo
gethostname
accept
listen
ioctlsocket
__WSAFDIsSet
select
send
WSAStartup
WSACleanup
recvfrom
sendto
gethostbyname
bind
connect
shutdown
htonl
ntohl
getservbyname

wldap32

ord145
ord301
ord147
ord133
ord79
ord142
ord167
ord127
ord27
ord26
ord118
ord41
ord208
ord216
ord14
ord46
ord219

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenStore

kernel32

GetCurrentDirectoryW
SetCurrentDirectoryW
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapFree
HeapAlloc
GetACP
GetStringTypeW
DecodePointer
GetCurrentThread
WaitForSingleObjectEx
OutputDebugStringW
OutputDebugStringA
HeapSize
WriteConsoleW
GetProcessHeap
SetEnvironmentVariableW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SleepEx
MultiByteToWideChar
WideCharToMultiByte
WaitForSingleObject
CloseHandle
ExpandEnvironmentStringsA
Sleep
GetLastError
SetLastError
FormatMessageA
VerSetConditionMask
FreeLibrary
GetProcAddress
LoadLibraryW
GetModuleHandleW
GetSystemDirectoryW
QueryPerformanceFrequency
VerifyVersionInfoW
WaitForMultipleObjects
GetFileType
GetStdHandle
ReadFile
PeekNamedPipe
GetTickCount
QueryPerformanceCounter
FlushConsoleInputBuffer
WriteFile
GetCurrentThreadId
GetModuleHandleA
GetCurrentProcessId
LoadLibraryA
GlobalMemoryStatus
GetSystemTime
SystemTimeToFileTime
GetConsoleCP
ReadConsoleW
GetModuleFileNameW
GetModuleFileNameA
ExitProcess
SetConsoleMode
ReadConsoleInputA
PeekConsoleInputA
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
FindFirstFileA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileW
FindNextFileA
FindFirstFileExW
FindFirstFileExA
FindClose
GetTimeZoneInformation
SetEndOfFile
SetFileAttributesW
GetFileAttributesExW
FlushFileBuffers
GetNumberOfConsoleInputEvents
SetStdHandle
GetFullPathNameA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
InterlockedPushEntrySList
InterlockedFlushSList
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
EncodePointer
RaiseException
CreateThread
ExitThread
ResumeThread
FreeLibraryAndExitThread
GetModuleHandleExW
CreateFileW
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SetFilePointerEx
SetConsoleCtrlHandler
GetConsoleMode
GetFullPathNameW

user32

GetDC
GetDesktopWindow
MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
ReleaseDC

gdi32

GetDeviceCaps
GetDIBits
GetObjectA
DeleteObject
CreateCompatibleBitmap

advapi32

RegisterEventSourceA
DeregisterEventSource
CryptEnumProvidersA
CryptSignHashA
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextA
ReportEventA

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_init
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_easy_upkeep
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_global_sslset
curl_maprintf
curl_mfprintf
curl_mime_addpart
curl_mime_data
curl_mime_data_cb
curl_mime_encoder
curl_mime_filedata
curl_mime_filename
curl_mime_free
curl_mime_headers
curl_mime_init
curl_mime_name
curl_mime_subparts
curl_mime_type
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_multi_wait
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_pushheader_byname
curl_pushheader_bynum
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape
curl_url
curl_url_cleanup
curl_url_dup
curl_url_get
curl_url_set
curl_version
curl_version_info

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 343KB - Virtual size: 342KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
KeanPdfMain.exe
.exe windows:5 windows x64 arch:x64

ec535e8b1f66eb6a108be0c9e0712ada

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0b:37:67:40:c1:e4:c4:0a:e1:b6:48:ae:f0:9e:a9:11
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

19/08/2022, 00:00

Not After

19/08/2023, 23:59

Subject

SERIALNUMBER=91330201MA2H83P31L,CN=Ningbo Kunda Intelligent Technology Co.\, Ltd.,O=Ningbo Kunda Intelligent Technology Co.\, Ltd.,ST=Shanghai,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#1316446178696520446576656c6f706d656e74205a6f6e65,1.3.6.1.4.1.311.60.2.1.2=#13085a68656a69616e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:37:67:40:c1:e4:c4:0a:e1:b6:48:ae:f0:9e:a9:11
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

19/08/2022, 00:00

Not After

19/08/2023, 23:59

Subject

SERIALNUMBER=91330201MA2H83P31L,CN=Ningbo Kunda Intelligent Technology Co.\, Ltd.,O=Ningbo Kunda Intelligent Technology Co.\, Ltd.,ST=Shanghai,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#1316446178696520446576656c6f706d656e74205a6f6e65,1.3.6.1.4.1.311.60.2.1.2=#13085a68656a69616e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

49:3d:2f:f9:2d:14:2c:14:59:21:eb:aa:de:af:2b:49:3f:13:0d:76:c0:96:2a:e9:b4:cc:51:50:4b:27:be:3d
Signer

Actual PE Digest

49:3d:2f:f9:2d:14:2c:14:59:21:eb:aa:de:af:2b:49:3f:13:0d:76:c0:96:2a:e9:b4:cc:51:50:4b:27:be:3d

Digest Algorithm

sha256

PE Digest Matches

true

2d:12:3d:5f:8e:ca:87:e4:a4:45:28:ff:04:9e:50:de:71:1c:f0:f9
Signer

Actual PE Digest

2d:12:3d:5f:8e:ca:87:e4:a4:45:28:ff:04:9e:50:de:71:1c:f0:f9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\zhanlue\kean_pdfconverter\bin\x64\Release\pdb\KeanPdfMain.pdb

Imports

kernel32

ExpandEnvironmentStringsW
GetPrivateProfileStringW
CreateFileW
GetVersionExW
GetCurrentThreadId
LoadLibraryW
GetFileAttributesW
GetModuleHandleW
LoadLibraryExW
CloseHandle
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
FormatMessageW
ReleaseMutex
CreateMutexW
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
GetLastError
GetProcAddress
GetFullPathNameW
CreateDirectoryW
GetFileSize
GetFileSizeEx
DeleteFileW
SetEndOfFile
SetFilePointer
WriteFile
ReadFile
lstrcpyW
lstrcatW
lstrlenW
lstrcmpiW
GetProcessHeap
LocalFree
HeapAlloc
OpenProcess
HeapFree
GetEnvironmentVariableW
GetFileAttributesExW
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
GetModuleFileNameW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW

ole32

CoTaskMemFree

msvcp140

?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z

vcruntime140

__CxxFrameHandler3
_CxxThrowException
memcpy
memmove
__C_specific_handler
__std_terminate
_purecall
wcsstr
__std_exception_destroy
wcschr
memset
__std_exception_copy

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
terminate
_c_exit
_register_onexit_function
_initialize_onexit_table
_invalid_parameter_noinfo_noreturn
_cexit
_crt_atexit
_set_app_type
_seh_filter_exe
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_initterm_e
exit
_exit

api-ms-win-crt-string-l1-1-0

_wcsicmp
wcsncpy
_stricmp
towupper
towlower

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-heap-l1-1-0

malloc
_set_new_mode
_callnewh
free

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf
__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-filesystem-l1-1-0

_splitpath_s

Exports

Exports

CheckSigner

Sections

.text
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c552a31531df962b2298e689961d15c2

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

0b:37:67:40:c1:e4:c4:0a:e1:b6:48:ae:f0:9e:a9:11Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0b:37:67:40:c1:e4:c4:0a:e1:b6:48:ae:f0:9e:a9:11Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

15:ce:f8:7f:9a:f6:92:11:ed:fa:16:7b:d2:e5:1e:3b:78:4e:4e:a1:ad:fe:f1:25:ec:dd:38:0b:6f:a4:da:14Signer

45:14:6f:ce:96:84:a2:49:40:4f:d8:33:10:0b:fa:f2:c3:99:76:6aSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 43KB - Virtual size: 43KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 173KB

.CRT Size: 512B - Virtual size: 4B

.ndata Size: - Virtual size: 364KB

.rsrc Size: 17KB - Virtual size: 17KB

d1d0851e29e04e553130ee237930c418

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

0b:37:67:40:c1:e4:c4:0a:e1:b6:48:ae:f0:9e:a9:11Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0b:37:67:40:c1:e4:c4:0a:e1:b6:48:ae:f0:9e:a9:11Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

0b:37:67:40:c1:e4:c4:0a:e1:b6:48:ae:f0:9e:a9:11
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0b:37:67:40:c1:e4:c4:0a:e1:b6:48:ae:f0:9e:a9:11
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

15:ce:f8:7f:9a:f6:92:11:ed:fa:16:7b:d2:e5:1e:3b:78:4e:4e:a1:ad:fe:f1:25:ec:dd:38:0b:6f:a4:da:14
Signer

45:14:6f:ce:96:84:a2:49:40:4f:d8:33:10:0b:fa:f2:c3:99:76:6a
Signer

.text
Size: 43KB - Virtual size: 43KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 173KB

.CRT
Size: 512B - Virtual size: 4B

.ndata
Size: - Virtual size: 364KB

.rsrc
Size: 17KB - Virtual size: 17KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

0b:37:67:40:c1:e4:c4:0a:e1:b6:48:ae:f0:9e:a9:11
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0b:37:67:40:c1:e4:c4:0a:e1:b6:48:ae:f0:9e:a9:11
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

67:dc:80:d5:a8:c2:fc:63:74:48:4c:80:f3:ed:aa:07:59:97:85:42:02:ba:0f:b9:4b:e2:ba:a4:e1:36:2a:30
Signer

0b:3a:df:50:35:4f:54:b1:7d:8e:96:67:b4:5d:f6:ff:ca:b6:40:a1
Signer

.text
Size: 429KB - Virtual size: 429KB

.rdata
Size: 115KB - Virtual size: 115KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 19KB - Virtual size: 19KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

0b:37:67:40:c1:e4:c4:0a:e1:b6:48:ae:f0:9e:a9:11
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0b:37:67:40:c1:e4:c4:0a:e1:b6:48:ae:f0:9e:a9:11
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

af:ef:c8:5a:e8:db:b9:a0:10:ff:4e:13:16:85:9f:1c:b4:1f:0b:40:b5:9c:11:00:60:e4:ee:77:c4:56:7a:b7
Signer

60:56:15:2e:d8:cc:4e:3b:a8:8d:67:dc:79:5b:ec:7e:3a:a9:15:d7
Signer