CCleaner_Pro[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

CCleaner_Pro.zip
Size

31.2MB
MD5

d9e89548a203c6cea819e6d654c13c9f
SHA1

623ff72abf56b71f79b6978846c4605e4f064910
SHA256

91d2a52f3ccc94057ef09bff7a5591271aef63f04029c48b7a28cd7240e601b6
SHA512

7fb3974dece415b68f49f10a65e2d5f270e883509cd5119bf5679086adb3991262228f7fe50325014556a096328de56caaa3d21da47cf686e4a7b6acd2f9d3e1
SSDEEP

786432:8EUrpJpScjZUDNA9rtQy8RW6E4AYTIHjLwO9loKc95:8EUrrp7jZwNgiFBEBYmPwO9lodP

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/Launcher.dll
unpack001/data/appInfo/services/Launhcer.dll
unpack001/data/appInfo/services/data/Launcher.dll

Files

CCleaner_Pro.zip
.zip
Launcher.dll
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Launcher.exe
.exe windows:6 windows x86 arch:x86

93d099f09873f4f31b1b7ec7cb84e6f0

Code Sign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3a:10:10:87:8e:d6:f7:dd:d4:ec:8e:8f
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

18-09-2019 12:58

Not After

11-12-2022 11:53

Subject

CN=Adersoft,O=Adersoft,L=Paris,C=FR,1.2.840.113549.1.9.1=#0c14737570706f72744061646572736f66742e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9f
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

27-05-2021 09:55

Not After

28-06-2032 09:55

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20-06-2018 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20-02-2019 00:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18-03-2009 10:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:fb:58:56:78:83:c0:9f:de:c5:ac:2a:33:b7:94:e6:e3:17:b1:5a:f9:ed:78:3e:8f:61:f7:67:75:db:dd:23
Signer

Actual PE Digest

03:fb:58:56:78:83:c0:9f:de:c5:ac:2a:33:b7:94:e6:e3:17:b1:5a:f9:ed:78:3e:8f:61:f7:67:75:db:dd:23

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetModuleHandleW
lstrcmpiW
MultiByteToWideChar
LoadLibraryExW
ExitProcess
LocalAlloc
LocalFree
FormatMessageW
WaitForSingleObject
GetExitCodeProcess
CreateThread
SetLastError
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
FindResourceExW
GetACP
WideCharToMultiByte
FreeResource
SetFilePointer
ReadFile
CreateFileW
CreateFileMappingW
MapViewOfFile
IsBadReadPtr
UnmapViewOfFile
GetCurrentProcessId
EnumResourceNamesW
GetFileAttributesW
GetFileSize
OpenEventW
SetEvent
ExpandEnvironmentStringsW
Sleep
FlushFileBuffers
GetFileType
WriteFile
WriteConsoleW
GetStringTypeW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
CloseHandle
FindNextFileW
FindFirstFileExW
FindClose
GetFileSizeEx
GetConsoleCP
ReadConsoleW
GetConsoleMode
SetFilePointerEx
LCMapStringW
GetStdHandle
GetModuleHandleExW
GetCommandLineW
GetCommandLineA
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetModuleFileNameW
SizeofResource
LockResource
LoadResource
FindResourceW
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
HeapFree
RtlUnwind
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
WaitForSingleObjectEx
ResetEvent
InitializeCriticalSectionAndSpinCount
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
GetCurrentProcess
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
OutputDebugStringW
IsDebuggerPresent
FreeLibrary
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionEx
IsValidCodePage

user32

UnregisterClassW
MessageBoxW
GetDlgItem
SetWindowPos
MapWindowPoints
GetClientRect
wsprintfA
GetWindowRect
GetMonitorInfoW
MonitorFromWindow
GetWindowLongW
GetWindow
SetTimer
SendMessageW
GetParent
SetWindowTextW
CharNextW
DispatchMessageW
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjects
CreateWindowExW
DestroyWindow
LoadCursorW
GetClassInfoExW
RegisterClassExW
CallWindowProcW
SetWindowLongW
DefWindowProcW
DialogBoxParamW
EndDialog
GetActiveWindow
KillTimer

advapi32

RegDeleteValueW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
CreateProcessWithLogonW
RegDeleteKeyW
RegCreateKeyExW

shell32

ShellExecuteW

ole32

CLSIDFromProgID
CLSIDFromString
CoUninitialize
CoGetObject
CoGetInstanceFromFile
CoInitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
StringFromGUID2
CoTaskMemFree

oleaut32

VariantCopy
VariantClear
SafeArrayUnaccessData
VariantChangeType
SafeArrayAccessData
SysAllocString
SysFreeString
VariantInit
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
SysStringLen
LoadTypeLibEx
SysAllocStringLen

wintrust

WinVerifyTrust

crypt32

CertFreeCertificateContext
CertFindCertificateInStore
CryptMsgGetParam
CertCloseStore
CryptMsgClose
CryptQueryObject

version

GetFileVersionInfoW
VerQueryValueA
GetFileVersionInfoSizeW

Sections

.text
Size: 221KB - Virtual size: 220KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Launcher.exe.manifest
data/BIrmoNAuezfatN
data/BKppqGJ
data/BNmMmro
data/BOwJqWaGla
data/BTYvNY
data/BUEbUbMXvOK
data/BUUdo
data/BVqwmzMDHOSAj
data/BWJEInNvIZ
data/BWYgDeUlPxjZt
data/BXPRT
data/BXpQv
data/BlCBFlp
data/BlhIOCHtD
data/BmUhlXPVOwTRr
data/Bmbfayh
data/BmjnSPAYef
data/BmqclYxtTe
data/BnAARadK
data/BnViCAoEaRWrVs
data/BoOmsDldpVcwo
data/BoaLvUFMTliPfc
data/BoehZGiVCwCuwE
data/BpRmbkYc
data/BpabcOURCguO
data/BrCbZypyVpNZd
data/BrKnAGTkKz
data/BsCzEUCHq
data/BsmLFlaJhrI
data/BuYafcSO
data/BuobR
data/BuxelASQLMQSF
data/BxGpr
data/BxaWs
data/BzqnjZvT
data/CAFjU
data/CBKLXIcETNh
data/CBrJXWiYGiwcyM
data/CCvijgUSN
data/CFbfeCgSeV
data/CGQIrWMDMRU
data/CGSvjfqIYvCiOI
data/CGbDiaRpDwOm
data/CInXHjBnX
data/CJnLtoDBd
data/CKogC
data/CLfardUdUhS
data/CLjiKLN
data/CLvzjRDgPb
data/CMAKMTw
data/CMQsEjGDjSMrB
data/CMUMmg
data/COCUZHxABcOY
data/COhsauZ
data/CPTFJiNnVPYxG
data/CPYoSQczfI
data/CPqvsf
data/CQeWsVMU
data/CQoojy
data/CSNTmj
data/CUbumr
data/CUeTnTqa
data/CUjstohO
data/CWuBppXDvxK
data/CXNZchCig
data/CXPNDJv
data/CYaAdmcNhSutGk
data/CYaSZ
data/CZuNVJAVXi
data/CZulglbCBWawC
data/CaOWtuXGH
data/CadLdAhhctfKuQ
data/CbyIEBdbolePW
data/CcYyRVNaEfWYZ
data/CdEJU
data/CdSuLrEPiTIsR
data/CjPpgbzjkDYqV
data/CkSCued
data/CnXAvedmgwVm
data/CpasSnhXSfdK
data/CrUAwqwf
data/CrtEbQJRKwBlsT
data/CsflzcyLPqiW
data/CtYTihFWZIE
data/CuHmd
data/CuafGGbcONiSMm
data/CuauBrZbwTLv
data/CwcKPuHdkEEKv
data/CwhIXbO
data/CwuEmABbWYcOD
data/CxDpe
data/CxRXTPmZ
data/CyjidHtyW
data/CzmjAxhvLrhwZ
data/DAKTbhAGrm
data/DBBbINmdO
data/DBBoNRlOSAXxz
data/DBZUJa
data/DBtaSJmgifM
data/DJoHNyqRMDq
data/DMCDqdBuucPpd
data/DaiRQ
data/DatauJW
data/DbpxVEt
data/DdOTdRcAGoId
data/DeVtpvDR
data/DfpOYhIAORZ
data/DgCmSjOgbxhcQO
data/DhEuaWV
data/DhLBYOuafO
data/DhpPW
data/DkNbFBeYeMUsqI
data/DljCr
data/appInfo/AAnPLncvAqtP
data/appInfo/AAqIhfeIZlSnK
data/appInfo/ACDDDf
data/appInfo/ACokDZrvpplbPJ
data/appInfo/ADtxLdBChafmi
data/appInfo/AEbyQnDlpaiuIR
data/appInfo/AHhkHeFRzcua
data/appInfo/AIJkL
data/appInfo/AJIRebShQ
data/appInfo/AJRLanwakWr
data/appInfo/AJSaudQqZjgca
data/appInfo/AKkZel
data/appInfo/AMsOOY
data/appInfo/ANdQmnInAiWq
data/appInfo/AOIfKL
data/appInfo/APKjjHARp
data/appInfo/AQDcWnBUB
data/appInfo/AQwRmnRVR
data/appInfo/AReoTE
data/appInfo/ARuFocBZMxEHW
data/appInfo/ASRBznhzIFbMvM
data/appInfo/ASYPoN
data/appInfo/ASlijgM
data/appInfo/ATEUhd
data/appInfo/ATdfb
data/appInfo/AUsnaJkRzevxL
data/appInfo/AVTCGBgsDCUxXy
data/appInfo/AVwipw
data/appInfo/AZQRVTFqF
data/appInfo/AaTRaEmG
data/appInfo/AanCTDTMM
data/appInfo/AcbUvAfhcshoB
data/appInfo/AdPFIeiuWTXwG
data/appInfo/AeDzznJkoM
data/appInfo/AfZbSEHpQ
data/appInfo/AgmdTlQqyy
data/appInfo/AhKNpfsdKO
data/appInfo/AhfcAZtam
data/appInfo/AiTctxQ
data/appInfo/AjJKLk
data/appInfo/AkOEVirsG
data/appInfo/AmYMddZeqQSUg
data/appInfo/AoBtUVylQ
data/appInfo/ApVmyUW
data/appInfo/AqWOwb
data/appInfo/AsOgGhbRvjQGz
data/appInfo/AslIiNLAvVBHi
data/appInfo/AtZDCvLfE
data/appInfo/Atcinu
data/appInfo/AuqiONLCdO
data/appInfo/AusOqTuCMMCnoL
data/appInfo/AwMHSXOVhlr
data/appInfo/AxByyINyG
data/appInfo/AylTgKXIkX
data/appInfo/BAAKv
data/appInfo/BAaKjYXQRA
data/appInfo/BBEGXQxw
data/appInfo/BBmwuBrCCHQwTI
data/appInfo/BBvOiAqPBN
data/appInfo/BFyfKz
data/appInfo/BHcUBC
data/appInfo/BHfhFXbjYMo
data/appInfo/BatWNECMMpWvUD
data/appInfo/BcWsHDQlGSwyhK
data/appInfo/BdOuQCsugtJCcl
data/appInfo/BdYuybQyr
data/appInfo/BdloOIiPQTS
data/appInfo/BeISOvZIYlMPm
data/appInfo/BgtggfiUgidlgg
data/appInfo/BhHqK
data/appInfo/BibDvokavd
data/appInfo/aAYSHqerfLLSw
data/appInfo/aAumx
data/appInfo/aBYZjEerBgoy
data/appInfo/aBcTFq
data/appInfo/aCTsrbxbtkP
data/appInfo/aCtCDinz
data/appInfo/aDSARr
data/appInfo/aDhpYCfSt
data/appInfo/aEkdwzYSVDHIuX
data/appInfo/aFMTKTDXQ
data/appInfo/aFQRkEEquJvw
data/appInfo/aFxtN
data/appInfo/aGCZvUTzBGJ
data/appInfo/aGaSuYSE
data/appInfo/aGkxaJlw
data/appInfo/aGpymVTrSJq
data/appInfo/aHvFNbGFwccpdY
data/appInfo/aJlZr
data/appInfo/aKSUsiRGfLlVlq
data/appInfo/aKUINBs
data/appInfo/aKcMfCVcxGec
data/appInfo/aKcZVt
data/appInfo/aLjiQPMcao
data/appInfo/aLnDMEkoc
data/appInfo/aMFTankxQxteTo
data/appInfo/aMIEy
data/appInfo/aMSGneTZfPNRo
data/appInfo/aNaRMKJZGN
data/appInfo/aNrywqGD
data/appInfo/aPFHcpS
data/appInfo/aPrFpQCCF
data/appInfo/aQEezlsvjTNGA
data/appInfo/aQJUNMEx
data/appInfo/aQeMyYNNHPVgA
data/appInfo/aQxHoqOZRXJ
data/appInfo/aRSXmlHAVzf
data/appInfo/aSAXxyCH
data/appInfo/aSXRKM
data/appInfo/aTjQtITve
data/appInfo/aUdtE
data/appInfo/aVegcupouIFX
data/appInfo/aWysyLZ
data/appInfo/aXWxsmlMolGPmM
data/appInfo/aYRXcdrNdnxzYr
data/appInfo/aZEzhaHFRwSnE
data/appInfo/aZLvfOzkIwSED
data/appInfo/aZkPyiIetkvdW
data/appInfo/aaUBmOpuRbmZdn
data/appInfo/aaUZtpDRdoD
data/appInfo/abCHIdpz
data/appInfo/aemYCqYUi
data/appInfo/afSDYJZzcNxdW
data/appInfo/ahVdbELolXwH
data/appInfo/ahoxdGsH
data/appInfo/ajQpezh
data/appInfo/ajpiICnRoD
data/appInfo/alHWZIiZr
data/appInfo/alMjfISENGmI
data/appInfo/amcanYWMVXofU
data/appInfo/anFKP
data/appInfo/anRxSTMqvnZNpl
data/appInfo/ansVJYzlqH
data/appInfo/aqPjSZ
data/appInfo/arJIotRU
data/appInfo/aslvhUbazMxR
data/appInfo/atEKevPV
data/appInfo/atxjpu
data/appInfo/avFWqTfTHIr
data/appInfo/avnzhjKFQVtPWJ
data/appInfo/awSyAurnK
data/appInfo/axCqJopntOlV
data/appInfo/axFwfppzsyRMc
data/appInfo/axclPbgGjjYdap
data/appInfo/bAAeRXoKzTZQ
data/appInfo/bBUSKm
data/appInfo/bBhAb
data/appInfo/bCUYWW
data/appInfo/bDlqUCWDtv
data/appInfo/bEFkR
data/appInfo/bFBIiQqAk
data/appInfo/bFyxL
data/appInfo/bGRRgnLideBf
data/appInfo/bGjZZhZKJ
data/appInfo/bHIQPwn
data/appInfo/bHbNPEvMQiPu
data/appInfo/bHcNnwTH
data/appInfo/baaycBLyquus
data/appInfo/bbClr
data/appInfo/bcQgBHhEI
data/appInfo/bcZLKuwzBtOa
data/appInfo/bciXtfw
data/appInfo/bdkGy
data/appInfo/bdyPOkdTIZPqn
data/appInfo/beOUFXHhKcYHCs
data/appInfo/bevtwB
data/appInfo/bfsKEJ
data/appInfo/bguoFd
data/appInfo/bhTeSytPwvuq
data/appInfo/bhUulWp
data/appInfo/services/01
.rar
data/appInfo/services/Launhcer.dll
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
data/appInfo/services/Launhcer.exe
.exe windows:6 windows x86 arch:x86

93d099f09873f4f31b1b7ec7cb84e6f0

Code Sign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3a:10:10:87:8e:d6:f7:dd:d4:ec:8e:8f
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

18-09-2019 12:58

Not After

11-12-2022 11:53

Subject

CN=Adersoft,O=Adersoft,L=Paris,C=FR,1.2.840.113549.1.9.1=#0c14737570706f72744061646572736f66742e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9f
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

27-05-2021 09:55

Not After

28-06-2032 09:55

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20-06-2018 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20-02-2019 00:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18-03-2009 10:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b1:2c:12:6f:38:81:22:3b:4b:eb:ee:5a:25:d8:c4:d1:03:ac:88:dd:95:a1:f9:d2:d7:1a:c0:b8:bd:2d:9b:73
Signer

Actual PE Digest

b1:2c:12:6f:38:81:22:3b:4b:eb:ee:5a:25:d8:c4:d1:03:ac:88:dd:95:a1:f9:d2:d7:1a:c0:b8:bd:2d:9b:73

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetModuleHandleW
lstrcmpiW
MultiByteToWideChar
LoadLibraryExW
ExitProcess
LocalAlloc
LocalFree
FormatMessageW
WaitForSingleObject
GetExitCodeProcess
CreateThread
SetLastError
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
FindResourceExW
GetACP
WideCharToMultiByte
FreeResource
SetFilePointer
ReadFile
CreateFileW
CreateFileMappingW
MapViewOfFile
IsBadReadPtr
UnmapViewOfFile
GetCurrentProcessId
EnumResourceNamesW
GetFileAttributesW
GetFileSize
OpenEventW
SetEvent
ExpandEnvironmentStringsW
Sleep
FlushFileBuffers
GetFileType
WriteFile
WriteConsoleW
GetStringTypeW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
CloseHandle
FindNextFileW
FindFirstFileExW
FindClose
GetFileSizeEx
GetConsoleCP
ReadConsoleW
GetConsoleMode
SetFilePointerEx
LCMapStringW
GetStdHandle
GetModuleHandleExW
GetCommandLineW
GetCommandLineA
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetModuleFileNameW
SizeofResource
LockResource
LoadResource
FindResourceW
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
HeapFree
RtlUnwind
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
WaitForSingleObjectEx
ResetEvent
InitializeCriticalSectionAndSpinCount
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
GetCurrentProcess
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
OutputDebugStringW
IsDebuggerPresent
FreeLibrary
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionEx
IsValidCodePage

user32

UnregisterClassW
MessageBoxW
GetDlgItem
SetWindowPos
MapWindowPoints
GetClientRect
wsprintfA
GetWindowRect
GetMonitorInfoW
MonitorFromWindow
GetWindowLongW
GetWindow
SetTimer
SendMessageW
GetParent
SetWindowTextW
CharNextW
DispatchMessageW
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjects
CreateWindowExW
DestroyWindow
LoadCursorW
GetClassInfoExW
RegisterClassExW
CallWindowProcW
SetWindowLongW
DefWindowProcW
DialogBoxParamW
EndDialog
GetActiveWindow
KillTimer

advapi32

RegDeleteValueW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
CreateProcessWithLogonW
RegDeleteKeyW
RegCreateKeyExW

shell32

ShellExecuteW

ole32

CLSIDFromProgID
CLSIDFromString
CoUninitialize
CoGetObject
CoGetInstanceFromFile
CoInitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
StringFromGUID2
CoTaskMemFree

oleaut32

VariantCopy
VariantClear
SafeArrayUnaccessData
VariantChangeType
SafeArrayAccessData
SysAllocString
SysFreeString
VariantInit
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
SysStringLen
LoadTypeLibEx
SysAllocStringLen

wintrust

WinVerifyTrust

crypt32

CertFreeCertificateContext
CertFindCertificateInStore
CryptMsgGetParam
CertCloseStore
CryptMsgClose
CryptQueryObject

version

GetFileVersionInfoW
VerQueryValueA
GetFileVersionInfoSizeW

Sections

.text
Size: 221KB - Virtual size: 220KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/appInfo/services/Launhcer.exe.manifest
data/appInfo/services/WinRAR.exe
.exe windows:5 windows x86 arch:x86

93d6ffbeb6eb5774e72f7a9d4e82b889

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

52:9e:3f:9f:cf:7d:58:d5:20:d6:07:ab:74:39:50:02
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02-06-2017 00:00

Not After

01-06-2020 23:59

Subject

CN=win.rar GmbH,O=win.rar GmbH,POSTALCODE=10117,STREET=Marienstrasse 12,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-05-2013 00:00

Not After

08-05-2028 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:9e:3f:9f:cf:7d:58:d5:20:d6:07:ab:74:39:50:02
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02-06-2017 00:00

Not After

01-06-2020 23:59

Subject

CN=win.rar GmbH,O=win.rar GmbH,POSTALCODE=10117,STREET=Marienstrasse 12,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-05-2013 00:00

Not After

08-05-2028 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

9b:89:b1:5c:05:2f:38:7e:09:3a:9b:ba:f5:18:32:e8:d1:da:b9:ba:5f:c1:9b:a2:77:d0:7f:99:b8:79:42:d7
Signer

Actual PE Digest

9b:89:b1:5c:05:2f:38:7e:09:3a:9b:ba:f5:18:32:e8:d1:da:b9:ba:5f:c1:9b:a2:77:d0:7f:99:b8:79:42:d7

Digest Algorithm

sha256

PE Digest Matches

true

98:17:ce:4e:f2:84:39:06:72:2c:9f:e2:57:6b:95:0b:7c:60:2e:bb
Signer

Actual PE Digest

98:17:ce:4e:f2:84:39:06:72:2c:9f:e2:57:6b:95:0b:7c:60:2e:bb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Projects\WinRAR\build\winrar32\Release\WinRAR.pdb

Imports

kernel32

DeviceIoControl
BackupRead
BackupSeek
GetShortPathNameW
GetLongPathNameW
GetFileType
GetStdHandle
FlushFileBuffers
GetFileTime
GetDiskFreeSpaceExW
GetVersionExW
GetCurrentDirectoryW
GetFullPathNameW
FoldStringW
LoadResource
SizeofResource
FindResourceW
LoadLibraryExW
CompareStringA
GetCurrentThread
SetThreadPriority
SetThreadExecutionState
CreateEventW
GetSystemDirectoryW
SetCurrentDirectoryW
GetFullPathNameA
SetPriorityClass
GetProcessAffinityMask
CreateThread
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
CreateSemaphoreW
GetSystemTime
TzSpecificLocalTimeToSystemTime
GetCPInfo
IsDBCSLeadByte
WideCharToMultiByte
CompareStringW
GetModuleHandleExW
GetCompressedFileSizeW
EnumResourceNamesW
EnumResourceLanguagesW
BeginUpdateResourceW
UpdateResourceW
EndUpdateResourceW
GetLocaleInfoW
GetNumberFormatW
GetLogicalDrives
LockResource
SuspendThread
ResumeThread
GetStartupInfoW
GetCurrentThreadId
FormatMessageW
CopyFileW
GetThreadPriority
SetErrorMode
GetPriorityClass
WaitForMultipleObjects
MulDiv
CompareFileTime
FindNextChangeNotification
HeapSize
GetProcessHeap
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
IsValidCodePage
FindNextFileA
FindFirstFileExA
GetStringTypeW
WriteConsoleW
SetStdHandle
LCMapStringW
HeapReAlloc
GetModuleFileNameA
ExitProcess
GetConsoleCP
ReadConsoleW
GetConsoleMode
SetFilePointerEx
FreeLibraryAndExitThread
ExitThread
QueryPerformanceFrequency
EncodePointer
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RaiseException
RtlUnwind
InitializeSListHead
QueryPerformanceCounter
IsDebuggerPresent
WaitForSingleObjectEx
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetFileInformationByHandle
GetLocalTime
FindCloseChangeNotification
FindFirstChangeNotificationW
ExpandEnvironmentStringsW
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
FindNextFileW
GetDiskFreeSpaceW
CreateHardLinkW
SetLastError
DosDateTimeToFileTime
LocalFileTimeToFileTime
HeapFree
HeapAlloc
HeapDestroy
HeapCreate
DeleteFileW
SetFileAttributesW
CreateFileW
RemoveDirectoryW
CreateDirectoryW
LoadLibraryW
GetSystemTimeAsFileTime
SetFileTime
SetFilePointer
SetEndOfFile
ReadFile
WriteFile
GetFileSize
FreeLibrary
MoveFileW
GetTickCount
GetCPInfoExW
GetOEMCP
GetACP
GetVolumeInformationW
GetDriveTypeW
Sleep
GetCurrentProcessId
GetCurrentProcess
CreateMutexW
ReleaseMutex
GetLastError
GlobalFree
GlobalUnlock
GlobalLock
GlobalSize
GlobalAlloc
DecodePointer
MultiByteToWideChar
GetVersionExA
GetModuleHandleW
GetProcAddress
GetTempPathW
OpenFileMappingW
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
CloseHandle
WaitForSingleObject
GetCommandLineW
GetModuleFileNameW
GetDateFormatW
GetTimeFormatW
FindFirstFileW
FileTimeToSystemTime
FileTimeToLocalFileTime
FindClose
Beep
GetFileAttributesW

user32

CopyImage
FindWindowExW
FillRect
MessageBoxW
CreateIcon
EnumWindows
SetForegroundWindow
IsCharAlphaW
FlashWindow
CopyRect
RegisterClassExW
GetSysColor
ValidateRect
DrawIconEx
LoadImageW
SystemParametersInfoW
GetSystemMenu
KillTimer
SetTimer
MessageBoxIndirectW
CharLowerW
ExitWindowsEx
CharLowerA
LoadStringW
GetWindow
SetProcessDefaultLayout
CharToOemBuffW
OemToCharBuffA
OemToCharA
GetComboBoxInfo
RedrawWindow
MessageBeep
CharToOemA
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
PeekMessageW
GetScrollInfo
EnableMenuItem
CheckMenuItem
GetFocus
MoveWindow
GetClientRect
GetWindowTextLengthW
EndPaint
BeginPaint
UpdateWindow
AppendMenuW
DrawMenuBar
wsprintfW
ScreenToClient
ClientToScreen
CallWindowProcW
PtInRect
SetMenuItemInfoW
GetMenuItemInfoW
InsertMenuItemW
TrackPopupMenu
DeleteMenu
InsertMenuW
GetSubMenu
SetMenu
LoadMenuW
LoadAcceleratorsW
IsChild
RegisterClassW
PostQuitMessage
SetScrollRange
SetScrollPos
ScrollWindowEx
GetClipboardData
LoadIconW
RegisterWindowMessageW
CreateDialogParamW
PostThreadMessageW
IsDialogMessageW
GetIconInfo
CreateIconIndirect
FindWindowW
RemovePropW
GetPropW
SendMessageW
DefWindowProcW
CreateWindowExW
DestroyWindow
SetFocus
GetWindowTextW
GetWindowLongW
SetWindowLongW
SetWindowPos
GetWindowPlacement
SetWindowPlacement
IsWindowVisible
DialogBoxParamW
SetPropW
GetForegroundWindow
TranslateAcceleratorW
CreateDialogIndirectParamW
BringWindowToTop
GetMenuState
GetMenuItemID
GetLastActivePopup
DispatchMessageW
TranslateMessage
DestroyMenu
CreatePopupMenu
GetMenu
IsWindow
WaitForInputIdle
LoadCursorW
EndDialog
GetDlgItem
SetDlgItemTextW
GetDlgItemTextW
SendDlgItemMessageW
GetWindowRect
MapWindowPoints
GetParent
DestroyIcon
CheckDlgButton
PostMessageW
InvalidateRect
EnumChildWindows
GetClassNameW
ShowWindow
CharToOemBuffA
SetDlgItemInt
GetDlgItemInt
GetMessageW
GetMenuItemCount
GetWindowThreadProcessId
WindowFromPoint
SetCursor
GetKeyState
RegisterClipboardFormatW
SystemParametersInfoA
GetDesktopWindow
IntersectRect
GetCursorPos
SetWindowTextW
ReleaseDC
GetDC
GetSystemMetrics
EnableWindow
IsIconic
IsWindowEnabled
IsDlgButtonChecked
CharUpperW

gdi32

TextOutA
SetPixel
Rectangle
GetTextExtentPoint32W
CreateSolidBrush
CreateDIBSection
GetPixel
DPtoLP
StretchBlt
SetMapMode
GetMapMode
GetDeviceCaps
CreateCompatibleBitmap
CreateBitmap
ExtTextOutW
SetBkColor
DeleteDC
CreateCompatibleDC
BitBlt
GetObjectW
TextOutW
MoveToEx
SetTextColor
LineTo
CreatePen
GetTextFaceW
GetTextMetricsW
SelectObject
DeleteObject
CreateFontW

comdlg32

GetOpenFileNameW
GetSaveFileNameW
CommDlgExtendedError
ChooseFontW

advapi32

AllocateAndInitializeSid
AccessCheck
OpenProcessToken
MapGenericMask
GetFileSecurityW
RegCloseKey
IsTextUnicode
RegSetValueExW
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
CheckTokenMembership
FreeSid
DuplicateToken
SetFileSecurityW
GetSecurityDescriptorLength
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
LookupPrivilegeValueW
AdjustTokenPrivileges
RegQueryValueExW
RegOpenKeyExW

shell32

FindExecutableW
DragFinish
DragQueryFileW
Shell_NotifyIconW
DragAcceptFiles
ShellExecuteW
SHGetSpecialFolderLocation
SHAddToRecentDocs
SHFileOperationW
SHGetFolderPathW
ShellExecuteExW
SHBrowseForFolderW
SHGetMalloc
SHChangeNotify
SHGetDesktopFolder
SHGetFolderLocation
SHGetPathFromIDListW
SHGetFileInfoW
ord100

ole32

RevokeDragDrop
RegisterDragDrop
OleUninitialize
OleInitialize
CLSIDFromString
CreateStreamOnHGlobal
CoTaskMemAlloc
CoInitializeEx
CoTaskMemFree
CoCreateInstance
OleSetClipboard
DoDragDrop

oleaut32

VariantClear
SysAllocString

shlwapi

StrCmpLogicalW
SHAutoComplete

powrprof

SetSuspendState

comctl32

CreateStatusWindowW
ImageList_Create
ImageList_ReplaceIcon
InitCommonControlsEx
PropertySheetW

uxtheme

IsThemeActive
IsAppThemed

gdiplus

GdiplusShutdown
GdiplusStartup
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipDisposeImage
GdipCloneImage
GdipFree
GdipAlloc
GdipCreateBitmapFromHBITMAP
GdipBitmapGetPixel
GdipBitmapSetPixel

msimg32

GradientFill

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 646KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 888KB - Virtual size: 888KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/appInfo/services/data/Launcher.dll
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
data/appInfo/services/data/Launcher.exe
.exe windows:6 windows x86 arch:x86

93d099f09873f4f31b1b7ec7cb84e6f0

Code Sign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3a:10:10:87:8e:d6:f7:dd:d4:ec:8e:8f
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

18-09-2019 12:58

Not After

11-12-2022 11:53

Subject

CN=Adersoft,O=Adersoft,L=Paris,C=FR,1.2.840.113549.1.9.1=#0c14737570706f72744061646572736f66742e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9f
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

27-05-2021 09:55

Not After

28-06-2032 09:55

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20-06-2018 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20-02-2019 00:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18-03-2009 10:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:fb:58:56:78:83:c0:9f:de:c5:ac:2a:33:b7:94:e6:e3:17:b1:5a:f9:ed:78:3e:8f:61:f7:67:75:db:dd:23
Signer

Actual PE Digest

03:fb:58:56:78:83:c0:9f:de:c5:ac:2a:33:b7:94:e6:e3:17:b1:5a:f9:ed:78:3e:8f:61:f7:67:75:db:dd:23

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetModuleHandleW
lstrcmpiW
MultiByteToWideChar
LoadLibraryExW
ExitProcess
LocalAlloc
LocalFree
FormatMessageW
WaitForSingleObject
GetExitCodeProcess
CreateThread
SetLastError
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
FindResourceExW
GetACP
WideCharToMultiByte
FreeResource
SetFilePointer
ReadFile
CreateFileW
CreateFileMappingW
MapViewOfFile
IsBadReadPtr
UnmapViewOfFile
GetCurrentProcessId
EnumResourceNamesW
GetFileAttributesW
GetFileSize
OpenEventW
SetEvent
ExpandEnvironmentStringsW
Sleep
FlushFileBuffers
GetFileType
WriteFile
WriteConsoleW
GetStringTypeW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
CloseHandle
FindNextFileW
FindFirstFileExW
FindClose
GetFileSizeEx
GetConsoleCP
ReadConsoleW
GetConsoleMode
SetFilePointerEx
LCMapStringW
GetStdHandle
GetModuleHandleExW
GetCommandLineW
GetCommandLineA
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetModuleFileNameW
SizeofResource
LockResource
LoadResource
FindResourceW
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
HeapFree
RtlUnwind
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
WaitForSingleObjectEx
ResetEvent
InitializeCriticalSectionAndSpinCount
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
GetCurrentProcess
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
OutputDebugStringW
IsDebuggerPresent
FreeLibrary
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionEx
IsValidCodePage

user32

UnregisterClassW
MessageBoxW
GetDlgItem
SetWindowPos
MapWindowPoints
GetClientRect
wsprintfA
GetWindowRect
GetMonitorInfoW
MonitorFromWindow
GetWindowLongW
GetWindow
SetTimer
SendMessageW
GetParent
SetWindowTextW
CharNextW
DispatchMessageW
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjects
CreateWindowExW
DestroyWindow
LoadCursorW
GetClassInfoExW
RegisterClassExW
CallWindowProcW
SetWindowLongW
DefWindowProcW
DialogBoxParamW
EndDialog
GetActiveWindow
KillTimer

advapi32

RegDeleteValueW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
CreateProcessWithLogonW
RegDeleteKeyW
RegCreateKeyExW

shell32

ShellExecuteW

ole32

CLSIDFromProgID
CLSIDFromString
CoUninitialize
CoGetObject
CoGetInstanceFromFile
CoInitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
StringFromGUID2
CoTaskMemFree

oleaut32

VariantCopy
VariantClear
SafeArrayUnaccessData
VariantChangeType
SafeArrayAccessData
SysAllocString
SysFreeString
VariantInit
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
SysStringLen
LoadTypeLibEx
SysAllocStringLen

wintrust

WinVerifyTrust

crypt32

CertFreeCertificateContext
CertFindCertificateInStore
CryptMsgGetParam
CertCloseStore
CryptMsgClose
CryptQueryObject

version

GetFileVersionInfoW
VerQueryValueA
GetFileVersionInfoSizeW

Sections

.text
Size: 221KB - Virtual size: 220KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/appInfo/services/data/Launcher.exe.manifest
data/bLaeciqdkmrP
data/bLhLGp
data/bLqvX
data/bMCAN
data/bMGFQd
data/bNnKkyalyMD
data/bPQGjTn
data/bPSQXjTZAm
data/bPdlqTbJ
data/bVNORaui
data/bZlxwo
data/bZyqUmiJhGz
data/bjdOwr
data/bkWBnMenWqGS
data/bkjMAyegti
data/blJSn
data/blZXylUyF
data/bnLIZbi
data/bnZdiuGlG
data/bnntCZHrKVdjYo
data/bpIPEO
data/bqiDYE
data/bqmkGl
data/brFcXMp
data/bsNVNrHezh
data/bsdBUWgJJwjIK
data/bswrTHOjlFNlVf
data/btPerT
data/bwDVHaY
data/bwlmrHkhauUQNF
data/bxXCvbqecwBBKe
data/byHeNYEXrS
data/byYJscoeoX
data/byrHmcv
data/bzPLLwDQI
data/cAwJm
data/cBmxuld
data/cBsVWWvbNEmf
data/cCCHjRDjnUHu
data/cCOxsdB
data/cCtfq
data/cDDXCIDbQtO
data/cDKqcz
data/cEGjymIRjYgw
data/cEIpcdKOu
data/cFotxygL
data/cGZpue
data/cGcBGGbwZJ
data/cGotIVwRk
data/cIJpcAKgFkCAL
data/cIsufskTbWQz
data/cKhnK
data/cNCAcihERbPIx
data/cODdRJ
data/cOHnslbY
data/cOufcTEMcRtROC
data/cSSBrBUTAFuwD
data/cSzCAYNaYZzBye
data/cUfpICamAwVFP
data/cUqgyImE
data/cWUmxXBxTJzxQo
data/cWibcoLKOvlC
data/cWwbeM
data/cZKxf
data/cZPOGQWsIe
data/cbuhMp
data/cbzIebweGds
data/chmpEIwdLASL
data/ciDpIRFy
data/cjKPoIeeclI
data/cjtSmqLBYt
data/cklVkLFtiNBEn
data/cmBbQ
data/cmGVm
data/cnghplUuMhnZMp
data/cnqSVcZdnT
data/cogaEUe
data/couAdgVO
data/cpZeNtzFFjxJIX
data/crOpYhMSoLEhqp
data/crqCNDPnHO
data/cttDkjGamKpL
data/cuiQAzA
data/cvmQpOffdbswe
data/cwiQIjFHAlm
data/cyIjDhvS
data/cyQpgJJNe
data/czPAvhYeolmI
data/dAvgT
data/dAzQyCZyw
data/dBidO
data/dEJkuLcuOB
data/dEXYzDTMIuodOL
data/dEtWEMp
data/dFdIUCvqtR
data/dFfLBYUrSvxAL
data/dHRNaqwHXGTupv
data/dHVdgIaps
data/dHtIxRpyL
data/dILOpNgKHkKVJp
data/dIMuuG
data/dIrDJJypJ
data/dJcicpIwvdVK
data/dKcYQMtf
data/dKzgREfAn
data/dLWrckLM
data/dLqRwZ
data/dLqjNabaLnC
data/daNBWhB
data/daaWG
data/daxWMUfsVrDpQ
data/dbtmkw
data/dcOVGyTShV
data/ddKDq
data/ddavvm
data/ddrIIbESYdSEPF
data/deqWFjwfaMoT
data/dfUStBXs
data/dfuFFUj
data/dgLiavfyxGMUwT
data/dgtZHkE
data/dgtjLggoZzO
data/diBbnb
data/didWXS
data/djnscuukVBmx
data/dlBDOq
data/dmDTZPToUdbr
data/kOvqCfpAuGFU
data/kRgT1xwLmMas
data/kT3TpHCWAa3h
data/kUWG8CsIX70W
data/keDmJ32cPiCc
data/kfxvKatfPYz2
data/kinbYNs36N8f
data/klICfoxiW6lk
data/koMEWGBdyxxo
data/kqU6UNr1dLr3
data/kuWQ1aWjSl4U
data/l5eOz9jGg5Oq
data/l6fTZn6VqpmH

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.rdata Size: 512B - Virtual size: 140B

.rsrc Size: 1KB - Virtual size: 1KB

93d099f09873f4f31b1b7ec7cb84e6f0

Code Sign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cdCertificate

Extended Key Usages

Key Usages

3a:10:10:87:8e:d6:f7:dd:d4:ec:8e:8fCertificate

Extended Key Usages

Key Usages

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9fCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fcCertificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

03:fb:58:56:78:83:c0:9f:de:c5:ac:2a:33:b7:94:e6:e3:17:b1:5a:f9:ed:78:3e:8f:61:f7:67:75:db:dd:23Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

wintrust

crypt32

version

Sections

.text Size: 221KB - Virtual size: 220KB

.rdata Size: 68KB - Virtual size: 68KB

.data Size: 6KB - Virtual size: 12KB

.rsrc Size: 46KB - Virtual size: 46KB

.reloc Size: 11KB - Virtual size: 11KB

Headers

DLL Characteristics

File Characteristics

Sections

.rdata Size: 512B - Virtual size: 140B

.rsrc Size: 1KB - Virtual size: 1KB

93d099f09873f4f31b1b7ec7cb84e6f0

Code Sign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cdCertificate

Extended Key Usages

Key Usages

3a:10:10:87:8e:d6:f7:dd:d4:ec:8e:8fCertificate

Extended Key Usages

Key Usages

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9fCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fcCertificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

b1:2c:12:6f:38:81:22:3b:4b:eb:ee:5a:25:d8:c4:d1:03:ac:88:dd:95:a1:f9:d2:d7:1a:c0:b8:bd:2d:9b:73Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

.rdata
Size: 512B - Virtual size: 140B

.rsrc
Size: 1KB - Virtual size: 1KB

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

3a:10:10:87:8e:d6:f7:dd:d4:ec:8e:8f
Certificate

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9f
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

03:fb:58:56:78:83:c0:9f:de:c5:ac:2a:33:b7:94:e6:e3:17:b1:5a:f9:ed:78:3e:8f:61:f7:67:75:db:dd:23
Signer

.text
Size: 221KB - Virtual size: 220KB

.rdata
Size: 68KB - Virtual size: 68KB

.data
Size: 6KB - Virtual size: 12KB

.rsrc
Size: 46KB - Virtual size: 46KB

.reloc
Size: 11KB - Virtual size: 11KB

.rdata
Size: 512B - Virtual size: 140B

.rsrc
Size: 1KB - Virtual size: 1KB

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

3a:10:10:87:8e:d6:f7:dd:d4:ec:8e:8f
Certificate

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9f
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

b1:2c:12:6f:38:81:22:3b:4b:eb:ee:5a:25:d8:c4:d1:03:ac:88:dd:95:a1:f9:d2:d7:1a:c0:b8:bd:2d:9b:73
Signer

.text
Size: 221KB - Virtual size: 220KB

.rdata
Size: 68KB - Virtual size: 68KB

.data
Size: 6KB - Virtual size: 12KB

.rsrc
Size: 46KB - Virtual size: 46KB

.reloc
Size: 11KB - Virtual size: 11KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

52:9e:3f:9f:cf:7d:58:d5:20:d6:07:ab:74:39:50:02
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

52:9e:3f:9f:cf:7d:58:d5:20:d6:07:ab:74:39:50:02
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

9b:89:b1:5c:05:2f:38:7e:09:3a:9b:ba:f5:18:32:e8:d1:da:b9:ba:5f:c1:9b:a2:77:d0:7f:99:b8:79:42:d7
Signer

98:17:ce:4e:f2:84:39:06:72:2c:9f:e2:57:6b:95:0b:7c:60:2e:bb
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 104KB - Virtual size: 103KB

.data
Size: 17KB - Virtual size: 646KB

.gfids
Size: 512B - Virtual size: 248B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 888KB - Virtual size: 888KB

.reloc
Size: 53KB - Virtual size: 53KB