bomgar-scc-w0iec3085dg7i1yhjjx6hg18exx1i568d1y6xdzc408c90[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

bomgar-scc-w0iec3085dg7i1yhjjx6hg18exx1i568d1y6xdzc408c90.exe
Size

3.8MB
MD5

dedeccb770240294e6743f21a00ea18e
SHA1

96c51fa1644634e960c27ac943112ada43fea889
SHA256

3e188bd911496074331e1bbdba13238557cf40ebb80002e94ec1b4d92ea4631d
SHA512

92ab2a78bba2f01a1ade2c06220a32844ce065e56e5d5b6a83aa71749d0876d222c69bdef59f0e51cb7616c6d80e3890c1f4bc22471c6ae9458171a052963dff
SSDEEP

98304:jUYIAQyRJvH+n9ENElv0XFsOM3SlgML2RZw96G:ZIxkH+8EgsOMS12Hq

Score

1^/10

Malware Config

Signatures

NSIS installer 4 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/$0/remove.exe	nsis_installer_1
static1/unpack001/$0/remove.exe	nsis_installer_2

Files

bomgar-scc-w0iec3085dg7i1yhjjx6hg18exx1i568d1y6xdzc408c90.exe
.exe windows:4 windows x86 arch:x86

b1a57b635b23ffd553b3fd1e0960b2bd

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:5d:63:32:d3:dd:3a:bc:56:36:15:d1:6e:0a:74:40
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

06/05/2022, 00:00

Not After

20/05/2025, 23:59

Subject

CN=Bomgar Corporation,OU=Remote Support,O=Bomgar Corporation,L=Ridgeland,ST=Mississippi,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:5d:63:32:d3:dd:3a:bc:56:36:15:d1:6e:0a:74:40
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

06/05/2022, 00:00

Not After

20/05/2025, 23:59

Subject

CN=Bomgar Corporation,OU=Remote Support,O=Bomgar Corporation,L=Ridgeland,ST=Mississippi,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

db:69:b2:2d:d0:11:86:1f:25:f7:a2:0d:9b:03:ef:3e:13:2b:cd:da:d9:7e:a6:fb:6c:29:42:ff:1f:4c:2b:5d
Signer

Actual PE Digest

db:69:b2:2d:d0:11:86:1f:25:f7:a2:0d:9b:03:ef:3e:13:2b:cd:da:d9:7e:a6:fb:6c:29:42:ff:1f:4c:2b:5d

Digest Algorithm

sha256

PE Digest Matches

true

52:48:3b:a9:55:f3:73:87:44:1c:37:bf:96:8c:f7:2f:55:4a:a0:6c
Signer

Actual PE Digest

52:48:3b:a9:55:f3:73:87:44:1c:37:bf:96:8c:f7:2f:55:4a:a0:6c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
SetFileAttributesA
CompareFileTime
SearchPathA
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
Sleep
lstrcmpiA
lstrlenA
GetVersion
SetErrorMode
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
GetLastError
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrcatA
GetSystemDirectoryA
WaitForSingleObject
SetFileTime
CloseHandle
GlobalFree
lstrcmpA
ExpandEnvironmentStringsA
GetExitCodeProcess
GlobalAlloc
GetCommandLineA
GetTempPathA
GetProcAddress
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
ReadFile
FindClose
GetPrivateProfileStringA
WritePrivateProfileStringA
WriteFile
MulDiv
MultiByteToWideChar
LoadLibraryExA
GetModuleHandleA
FreeLibrary

user32

SetCursor
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
EndDialog
ScreenToClient
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetForegroundWindow
GetWindowLongA
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
SetTimer
PostQuitMessage
SetWindowLongA
SendMessageTimeoutA
LoadImageA
wsprintfA
GetDlgItem
FindWindowExA
IsWindow
SetClipboardData
EmptyClipboard
OpenClipboard
EndPaint
CreateDialogParamA
DestroyWindow
ShowWindow
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
SHFileOperationA
ShellExecuteA

advapi32

RegDeleteValueA
SetFileSecurityA
RegOpenKeyExA
RegDeleteKeyA
RegEnumValueA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_AddMasked
ImageList_Destroy
ImageList_Create
ord17

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$0/app_icon.png
.png
$0/bc-status-alert.png
.png
$0/bc-status-info.png
.png
$0/bc-status-success.png
.png
$0/bc-status-warn.png
.png
$0/bc-typing.png
.png
$0/bomgar-scc.exe
.exe windows:6 windows x64 arch:x64

81e0c61d6041df7eb4b8a8a1ab4adaab

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:5d:63:32:d3:dd:3a:bc:56:36:15:d1:6e:0a:74:40
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

06/05/2022, 00:00

Not After

20/05/2025, 23:59

Subject

CN=Bomgar Corporation,OU=Remote Support,O=Bomgar Corporation,L=Ridgeland,ST=Mississippi,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:5d:63:32:d3:dd:3a:bc:56:36:15:d1:6e:0a:74:40
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

06/05/2022, 00:00

Not After

20/05/2025, 23:59

Subject

CN=Bomgar Corporation,OU=Remote Support,O=Bomgar Corporation,L=Ridgeland,ST=Mississippi,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

38:63:de:f8
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

24/12/1999, 17:50

Not After

24/07/2029, 14:15

Subject

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

22/07/2015, 19:02

Not After

22/06/2029, 19:32

Subject

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:d7:13:53:da:25:61:b4:61:e9:90:47:8a:4c:ce:04
Certificate

Issuer

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

19/01/2024, 16:46

Not After

01/06/2029, 00:00

Subject

CN=Entrust Timestamp Authority - TSA1,O=Entrust\, Inc.,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6d:f1:a7:0e:56:37:51:b8:0d:1e:59:6e:ad:67:f1:6e:73:f1:94:91:1b:63:f5:27:bc:3d:30:ac:25:0f:08:91
Signer

Actual PE Digest

6d:f1:a7:0e:56:37:51:b8:0d:1e:59:6e:ad:67:f1:6e:73:f1:94:91:1b:63:f5:27:bc:3d:30:ac:25:0f:08:91

Digest Algorithm

sha256

PE Digest Matches

true

0a:77:ce:db:6d:35:b6:fe:74:93:b2:0f:e5:e3:b0:00:68:ab:19:ac
Signer

Actual PE Digest

0a:77:ce:db:6d:35:b6:fe:74:93:b2:0f:e5:e3:b0:00:68:ab:19:ac

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

bomgar-scc-x64.pdb

Imports

kernel32

CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetFileAttributesW
GetShortPathNameW
CreateFileA
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CreateFileW
GetFileSizeEx
GetSystemInfo
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
lstrcmpiW
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CancelIo
CreateEventW
ReadFile
WriteFile
SetNamedPipeHandleState
FreeLibrary
LoadLibraryW
GetDriveTypeW
GlobalMemoryStatusEx
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
HeapAlloc
HeapFree
GetProcessHeap
ExpandEnvironmentStringsW
LoadLibraryExW
FormatMessageW
SetHandleInformation
ConnectNamedPipe
DisconnectNamedPipe
CancelIoEx
CreateNamedPipeA
GetStdHandle
CreatePipe
CreateProcessW
InitializeProcThreadAttributeList
DeleteProcThreadAttributeList
UpdateProcThreadAttribute
GetConsoleScreenBufferInfo
DuplicateHandle
AllocConsole
FreeConsole
SetConsoleCtrlHandler
SetConsoleScreenBufferSize
SetConsoleCursorPosition
SetConsoleWindowInfo
ScrollConsoleScreenBufferW
ReadConsoleOutputW
SetConsoleTitleW
GetConsoleWindow
GenerateConsoleCtrlEvent
WriteConsoleInputW
GetLargestConsoleWindowSize
FormatMessageA
GetSystemDirectoryA
ProcessIdToSessionId
RtlCaptureContext
SetUnhandledExceptionFilter
InitializeCriticalSection
ReleaseSemaphore
CreateSemaphoreW
CreateThread
OpenThread
TerminateThread
GetProcessId
VirtualQueryEx
TransactNamedPipe
WaitNamedPipeW
WaitForMultipleObjects
GetTickCount64
Module32FirstW
Module32NextW
GetFileSize
GetFileTime
SetFilePointer
GlobalSize
QueryPerformanceCounter
QueryPerformanceFrequency
TryEnterCriticalSection
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SetThreadPriority
GetDiskFreeSpaceExA
GetDriveTypeA
IsDebuggerPresent
GetCurrentThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetConsoleTextAttribute
MultiByteToWideChar
GetLocalTime
FileTimeToSystemTime
SystemTimeToFileTime
OutputDebugStringA
GetSystemTimeAsFileTime
GetFullPathNameW
GetVersionExW
LoadLibraryA
VirtualLock
VirtualUnlock
GetConsoleMode
SetConsoleMode
SleepEx
SetStdHandle
FindClose
FindFirstFileW
FindNextFileW
GetWindowsDirectoryW
SetFileTime
SetCurrentDirectoryW
CreateDirectoryW
RemoveDirectoryW
GetLogicalDriveStringsA
DeleteFileW
GetTempPathW
GetModuleFileNameW
ReleaseMutex
CreateMutexW
HeapDestroy
HeapReAlloc
HeapSize
LocalAlloc
PeekNamedPipe
CreateNamedPipeW
GetOverlappedResult
QueueUserAPC
FlushFileBuffers
SearchPathW
LockFileEx
SetEndOfFile
UnlockFileEx
QueryFullProcessImageNameW
Thread32First
Thread32Next
OpenEventW
GetDiskFreeSpaceExW
WaitForMultipleObjectsEx
GetExitCodeThread
GetSystemTime
GetCurrentDirectoryW
GetFileInformationByHandle
SetFilePointerEx
DeviceIoControl
AreFileApisANSI
GetSystemFirmwareTable
lstrcmpiA
GetFileAttributesA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
ReadConsoleW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
GetConsoleOutputCP
WriteConsoleW
GetFileType
FreeLibraryAndExitThread
ExitThread
GetModuleHandleExW
ExitProcess
RtlUnwind
RtlUnwindEx
VirtualQuery
VirtualProtect
OutputDebugStringW
LoadLibraryExA
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
InitializeSListHead
InitializeCriticalSectionAndSpinCount
GetCPInfo
CompareStringEx
SetEnvironmentVariableW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
LCMapStringEx
EncodePointer
SleepConditionVariableSRW
RtlPcToFileHeader
GetLocaleInfoEx
GetStringTypeW
InitOnceComplete
InitOnceBeginInitialize
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
lstrcmpW
GetCommandLineW
MoveFileExW
GetTempFileNameW
CopyFileW
Wow64RevertWow64FsRedirection
Wow64DisableWow64FsRedirection
GetSystemDirectoryW
SetProcessShutdownParameters
ResumeThread
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
Sleep
LeaveCriticalSection
EnterCriticalSection
SetLastError
RaiseException
lstrlenW
CompareStringW
GetModuleHandleW
GetTickCount
GetExitCodeProcess
GetCurrentProcessId
OpenEventA
CreateEventA
WaitForSingleObjectEx
WaitForSingleObject
ResetEvent
SetEvent
LocalFree
WTSGetActiveConsoleSessionId
WideCharToMultiByte
VerifyVersionInfoW
GetProcAddress
GetModuleHandleA
OpenProcess
QueryDosDeviceW
GetLogicalDriveStringsW
VerSetConditionMask
GetComputerNameExW
DeleteCriticalSection
InitializeCriticalSectionEx
DecodePointer
GetLastError
CloseHandle
GetLogicalDrives
MulDiv

user32

GetDlgCtrlID
FrameRect
CopyRect
InflateRect
OffsetRect
GetParent
DrawFocusRect
SendMessageTimeoutW
GetActiveWindow
BlockInput
VkKeyScanW
MapVirtualKeyW
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
GetAsyncKeyState
SetCapture
ReleaseCapture
ShowScrollBar
SetCursor
PostQuitMessage
LockSetForegroundWindow
IsRectEmpty
GetMonitorInfoA
GetMessageTime
SetRect
PtInRect
GetDCEx
FindWindowW
CopyIcon
GetIconInfo
MessageBoxTimeoutW
ToUnicodeEx
GetKeyboardLayout
GetKeyState
GetKeyboardState
VkKeyScanExW
keybd_event
SendInput
MapVirtualKeyExW
GetLayeredWindowAttributes
EnumWindows
GetClassNameA
GetLastInputInfo
GetCursorInfo
ChangeDisplaySettingsW
EnumDisplaySettingsW
ToUnicode
GetWindowRgn
MapWindowPoints
GetClassLongPtrW
GetLastActivePopup
EnumDisplayDevicesW
EnumDisplayMonitors
SetThreadDesktop
GetThreadDesktop
GetClipboardSequenceNumber
GetClipboardOwner
SetClipboardViewer
ChangeClipboardChain
GetClipboardData
RegisterClipboardFormatA
RegisterClipboardFormatW
IsClipboardFormatAvailable
AddClipboardFormatListener
RemoveClipboardFormatListener
CallMsgFilterW
MsgWaitForMultipleObjectsEx
OpenDesktopW
OpenWindowStationW
CloseWindowStation
SetProcessWindowStation
GetProcessWindowStation
SetUserObjectSecurity
GetUserObjectSecurity
MsgWaitForMultipleObjects
DrawFrameControl
GetScrollBarInfo
GetScrollInfo
SetScrollInfo
ScrollWindow
DrawIconEx
DestroyIcon
SetClassLongPtrW
TrackMouseEvent
ScreenToClient
GetClassInfoExW
CallWindowProcW
GetMonitorInfoW
MonitorFromRect
LoadIconW
GetWindow
GetSysColor
HideCaret
MessageBeep
DrawTextW
EnableMenuItem
GetSystemMenu
DialogBoxIndirectParamW
IsIconic
GetShellWindow
DestroyMenu
CreatePopupMenu
GetUserObjectInformationW
CloseDesktop
OpenInputDesktop
UpdateLayeredWindow
PostThreadMessageW
GetWindowInfo
IsDialogMessageW
LoadCursorW
GetSysColorBrush
GetCursorPos
SetMenuItemInfoW
TrackPopupMenu
DeleteMenu
AppendMenuW
GetMenuItemCount
GetSubMenu
GetMenuStringW
LoadMenuW
RegisterWindowMessageW
ShutdownBlockReasonDestroy
ShutdownBlockReasonCreate
LockWorkStation
DialogBoxParamW
IsWindow
WaitForInputIdle
ExitWindowsEx
LoadBitmapW
SetWindowRgn
EndPaint
BeginPaint
SetLayeredWindowAttributes
RegisterClassExW
EnumChildWindows
SetWindowLongW
AdjustWindowRectEx
RedrawWindow
GetMenu
SetWindowPos
GetWindowLongPtrW
UpdateWindow
DestroyWindow
CreateWindowExW
RegisterClassW
DefWindowProcW
PostMessageW
GetMessageW
PeekMessageW
DispatchMessageW
GetAncestor
UnhookWinEvent
SetWinEventHook
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetWindowThreadProcessId
WindowFromPoint
GetWindowTextLengthW
GetForegroundWindow
GetDoubleClickTime
CreateIconIndirect
CopyImage
GetDesktopWindow
FillRect
ReleaseDC
GetDC
DrawStateW
GetSystemMetrics
SystemParametersInfoW
FindWindowExW
IsWindowVisible
LoadImageW
GetClassNameW
SetWindowLongPtrW
GetWindowTextW
SetWindowTextW
SetForegroundWindow
EnableWindow
KillTimer
SetTimer
SetFocus
GetNextDlgTabItem
SendDlgItemMessageW
GetDlgItemTextW
SetDlgItemTextW
GetDlgItem
EndDialog
BringWindowToTop
SetWindowPlacement
GetWindowPlacement
ShowWindow
UnregisterClassW
SendMessageW
MessageBoxW
MonitorFromWindow
GetWindowLongW
GetWindowRect
GetClientRect
InvalidateRect
MoveWindow
TranslateMessage

gdi32

DeleteObject
CombineRgn
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
CreateRectRgn
CreateSolidBrush
DeleteDC
GetDIBits
GetMapMode
GetPixel
SelectObject
SetBkColor
SetMapMode
StretchBlt
SetStretchBltMode
SetTextColor
CreateDIBSection
GetObjectW
DPtoLP
SetBrushOrgEx
CreateFontIndirectW
GetTextExtentPointW
CreatePen
Ellipse
GetStockObject
LineTo
Rectangle
MoveToEx
GetDeviceCaps
CreateICW
GetTextExtentPoint32W
GetTextMetricsW
SetBkMode
CreateFontW
SetTextAlign
ExtTextOutW
RoundRect
SetDCBrushColor
SetDCPenColor
Polygon
CreateDCW
GetRandomRgn
GetRegionData
OffsetRgn
BitBlt

Sections

.text
Size: 8.2MB - Virtual size: 8.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 585KB - Virtual size: 659KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 293KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$0/button_cb_access_key.png
.png
$0/button_cb_private.png
.png
$0/button_cb_survey.png
.png
$0/button_cb_team.png
.png
$0/cbhook-x64.dll
.dll windows:6 windows x64 arch:x64

52d48807d6acf5aa19d9dd2751d8cc7d

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:5d:63:32:d3:dd:3a:bc:56:36:15:d1:6e:0a:74:40
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

06/05/2022, 00:00

Not After

20/05/2025, 23:59

Subject

CN=Bomgar Corporation,OU=Remote Support,O=Bomgar Corporation,L=Ridgeland,ST=Mississippi,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:5d:63:32:d3:dd:3a:bc:56:36:15:d1:6e:0a:74:40
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

06/05/2022, 00:00

Not After

20/05/2025, 23:59

Subject

CN=Bomgar Corporation,OU=Remote Support,O=Bomgar Corporation,L=Ridgeland,ST=Mississippi,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b4:89:e5:2f:b3:9b:d0:34:20:51:23:93:c8:6c:94:82:57:89:b5:3e:a7:99:27:19:23:2d:a8:9e:19:e1:67:d0
Signer

Actual PE Digest

b4:89:e5:2f:b3:9b:d0:34:20:51:23:93:c8:6c:94:82:57:89:b5:3e:a7:99:27:19:23:2d:a8:9e:19:e1:67:d0

Digest Algorithm

sha256

PE Digest Matches

true

61:5d:a4:5d:57:d8:35:8f:6d:96:28:33:1c:a0:9e:36:0d:e5:aa:b7
Signer

Actual PE Digest

61:5d:a4:5d:57:d8:35:8f:6d:96:28:33:1c:a0:9e:36:0d:e5:aa:b7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Source\workspace\triage\networkstreaming\trymax\sdcust\client\Win32\embedded_cb\cbhook-x64.pdb

Imports

psapi

GetModuleFileNameExW

kernel32

lstrcmpiW
lstrcpynA
lstrcpynW
lstrlenW
GlobalAddAtomW
GetSystemDirectoryW
FreeLibrary
GetProcAddress
LoadLibraryW
VirtualProtect
GetSystemInfo
WriteConsoleW
CreateFileW
SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
WriteFile
FlushFileBuffers
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
GetFileType
GetStdHandle
GetProcessHeap
GlobalDeleteAtom
LCMapStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapFree
HeapAlloc
LocalFree
LocalAlloc
DisableThreadLibraryCalls
MapViewOfFile
CreateFileMappingW
CreateProcessW
GetCurrentProcessId
GetCurrentProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetLastError
InitializeCriticalSection
CloseHandle
OutputDebugStringW
LoadLibraryExA
OutputDebugStringA
VirtualQuery
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
RtlPcToFileHeader
RaiseException
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
InterlockedFlushSList
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
EncodePointer

user32

DrawIconEx
GetClassNameW
FindWindowExW
OffsetRect
GetCursorPos
GetWindowRgn
GetForegroundWindow
DrawFrameControl
LoadImageW
LoadCursorW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetWindowThreadProcessId
EnumWindows
FindWindowW
GetParent
GetWindowLongW
PtInRect
GetWindowRect
MonitorFromWindow
GetPropW
SetPropW
InvalidateRect
EndPaint
BeginPaint
GetSystemMetrics
CharLowerBuffW
IsZoomed
IsIconic
IsWindowVisible
MoveWindow
SetLayeredWindowAttributes
ShowWindow
IsWindow
CreateWindowExW
UnregisterClassW
RegisterClassW
DefWindowProcW
PostThreadMessageW
PostMessageW
SendMessageTimeoutW
SendMessageW
wsprintfW
wvsprintfW
wvsprintfA
GetMonitorInfoW
RemovePropW

gdi32

GetObjectW
CreateDIBSection
SelectObject
GetRgnBox
DeleteObject
DeleteDC
CreateRectRgn
CreateCompatibleDC
BitBlt
SetViewportOrgEx
SetBkMode
CreateSolidBrush

advapi32

RegQueryValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegCloseKey
RegOpenKeyExW

shlwapi

StrRChrW
StrNCatW
StrToIntW
StrCpyNW
StrStrW

Exports

Exports

InstallMessageHook
Kill
UnInstallMessageHook

Sections

.text
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$0/cbhook-x86.dll
.dll windows:6 windows x86 arch:x86

7e2def7e9906ad7bbfcb0a58a300558b

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:5d:63:32:d3:dd:3a:bc:56:36:15:d1:6e:0a:74:40
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

06/05/2022, 00:00

Not After

20/05/2025, 23:59

Subject

CN=Bomgar Corporation,OU=Remote Support,O=Bomgar Corporation,L=Ridgeland,ST=Mississippi,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:5d:63:32:d3:dd:3a:bc:56:36:15:d1:6e:0a:74:40
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

06/05/2022, 00:00

Not After

20/05/2025, 23:59

Subject

CN=Bomgar Corporation,OU=Remote Support,O=Bomgar Corporation,L=Ridgeland,ST=Mississippi,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

38:63:de:f8
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

24/12/1999, 17:50

Not After

24/07/2029, 14:15

Subject

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

22/07/2015, 19:02

Not After

22/06/2029, 19:32

Subject

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:d7:13:53:da:25:61:b4:61:e9:90:47:8a:4c:ce:04
Certificate

Issuer

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

19/01/2024, 16:46

Not After

01/06/2029, 00:00

Subject

CN=Entrust Timestamp Authority - TSA1,O=Entrust\, Inc.,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:8f:70:a0:0e:0f:87:6e:49:a6:3a:45:ec:2a:d1:9b:f7:fe:78:95:10:d6:04:0e:d9:8d:16:e3:17:31:88:81
Signer

Actual PE Digest

42:8f:70:a0:0e:0f:87:6e:49:a6:3a:45:ec:2a:d1:9b:f7:fe:78:95:10:d6:04:0e:d9:8d:16:e3:17:31:88:81

Digest Algorithm

sha256

PE Digest Matches

true

a2:be:0a:40:08:d9:44:ce:97:18:ab:6e:ea:02:fb:65:eb:7b:4a:73
Signer

Actual PE Digest

a2:be:0a:40:08:d9:44:ce:97:18:ab:6e:ea:02:fb:65:eb:7b:4a:73

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Source\workspace\triage\networkstreaming\trymax\sdcust\client\Win32\embedded_cb\cbhook-x86.pdb

Imports

psapi

GetModuleFileNameExW

kernel32

lstrcmpiW
lstrcpynA
lstrcpynW
lstrlenW
GlobalAddAtomW
GetSystemDirectoryW
FreeLibrary
GetProcAddress
LoadLibraryW
VirtualProtect
GetSystemInfo
DecodePointer
WriteConsoleW
CreateFileW
SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
WriteFile
FlushFileBuffers
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
GetFileType
GetStdHandle
LocalFree
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapFree
HeapAlloc
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
LocalAlloc
DisableThreadLibraryCalls
MapViewOfFile
CreateFileMappingW
CreateProcessW
GetCurrentProcessId
GetCurrentProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
LoadLibraryExA
GlobalDeleteAtom
GetLastError
CloseHandle
OutputDebugStringW
OutputDebugStringA
VirtualQuery
GetProcessHeap
RaiseException
EncodePointer
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InterlockedFlushSList
RtlUnwind
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc

user32

DrawIconEx
GetClassNameW
FindWindowExW
OffsetRect
GetCursorPos
GetWindowRgn
GetForegroundWindow
DrawFrameControl
LoadImageW
LoadCursorW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetWindowThreadProcessId
EnumWindows
FindWindowW
GetParent
GetWindowLongW
PtInRect
GetWindowRect
MonitorFromWindow
GetPropW
SetPropW
InvalidateRect
EndPaint
BeginPaint
GetSystemMetrics
CharLowerBuffW
IsZoomed
IsIconic
IsWindowVisible
MoveWindow
SetLayeredWindowAttributes
ShowWindow
IsWindow
CreateWindowExW
UnregisterClassW
RegisterClassW
DefWindowProcW
PostThreadMessageW
PostMessageW
SendMessageTimeoutW
SendMessageW
wsprintfW
wvsprintfW
wvsprintfA
GetMonitorInfoW
RemovePropW

gdi32

CreateDIBSection
SelectObject
GetRgnBox
DeleteObject
DeleteDC
CreateRectRgn
CreateCompatibleDC
BitBlt
SetViewportOrgEx
SetBkMode
CreateSolidBrush
GetObjectW

advapi32

RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey

shlwapi

StrRChrW
StrNCatW
StrToIntW
StrCpyNW
StrStrW

Exports

Exports

InstallMessageHook
Kill
UnInstallMessageHook

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$0/chat.wav
$0/cp.dll
.dll windows:6 windows x64 arch:x64

81540850f1daa6680911041ba90d48be

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:5d:63:32:d3:dd:3a:bc:56:36:15:d1:6e:0a:74:40
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

06/05/2022, 00:00

Not After

20/05/2025, 23:59

Subject

CN=Bomgar Corporation,OU=Remote Support,O=Bomgar Corporation,L=Ridgeland,ST=Mississippi,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:5d:63:32:d3:dd:3a:bc:56:36:15:d1:6e:0a:74:40
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

06/05/2022, 00:00

Not After

20/05/2025, 23:59

Subject

CN=Bomgar Corporation,OU=Remote Support,O=Bomgar Corporation,L=Ridgeland,ST=Mississippi,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

73:d4:20:14:90:2a:20:6a:e1:58:fe:3e:8f:51:54:f3:51:9d:77:57:ef:05:77:a9:cb:cc:63:5c:51:ed:bc:bf
Signer

Actual PE Digest

73:d4:20:14:90:2a:20:6a:e1:58:fe:3e:8f:51:54:f3:51:9d:77:57:ef:05:77:a9:cb:cc:63:5c:51:ed:bc:bf

Digest Algorithm

sha256

PE Digest Matches

true

ea:fa:28:34:c8:07:36:c4:42:b2:50:6f:55:0a:b8:c9:5b:6d:48:df
Signer

Actual PE Digest

ea:fa:28:34:c8:07:36:c4:42:b2:50:6f:55:0a:b8:c9:5b:6d:48:df

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

cp-x64.pdb

Imports

bcrypt

BCryptGenRandom
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider

kernel32

GetLogicalDriveStringsA
GetCommandLineW
GetVersionExW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetSystemTime
SystemTimeToFileTime
GetSystemInfo
VirtualLock
VirtualUnlock
TerminateProcess
SetStdHandle
InitOnceComplete
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
ReadConsoleW
GetCurrentDirectoryW
SetFilePointerEx
GetFileSizeEx
GetConsoleOutputCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
ExitProcess
VirtualQuery
VirtualProtect
VirtualAlloc
InitOnceBeginInitialize
FormatMessageA
SleepConditionVariableSRW
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
RaiseException
RtlPcToFileHeader
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
GetModuleHandleExW
GetFileType
FormatMessageW
SetLastError
GetTimeZoneInformation
GetSystemTimeAsFileTime
SleepEx
QueryPerformanceFrequency
QueryPerformanceCounter
MoveFileExW
LoadLibraryExW
GetModuleFileNameW
FreeLibrary
SetEndOfFile
DeleteFileW
SetFileTime
GetLogicalDrives
GetDriveTypeA
FindNextFileW
FindFirstFileW
RemoveDirectoryW
GetConsoleMode
GetTimeFormatW
GetDateFormatW
GetStdHandle
WaitForMultipleObjects
CancelIo
DisconnectNamedPipe
FlushFileBuffers
CreateMutexW
ReleaseMutex
GetProcAddress
GetModuleHandleW
GetTickCount
OpenThread
GetCurrentThread
QueueUserAPC
GetCurrentProcess
WideCharToMultiByte
MultiByteToWideChar
PostQueuedCompletionStatus
GetQueuedCompletionStatus
CreateIoCompletionPort
ReadFile
LocalAlloc
GetLocalTime
CreateThread
CreateEventW
WaitForSingleObject
SetEvent
OutputDebugStringA
GetTempPathW
WriteFile
CreateFileW
DisableThreadLibraryCalls
WTSGetActiveConsoleSessionId
LocalFree
ProcessIdToSessionId
CloseHandle
lstrlenW
GetCurrentThreadId
GetCurrentProcessId
GetLastError
IsProcessorFeaturePresent
CreateDirectoryW
GetDriveTypeW
GetFullPathNameW
FreeLibraryAndExitThread
ExitThread
RtlUnwind
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedFlushSList
RtlUnwindEx
OutputDebugStringW
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeCriticalSectionAndSpinCount
GetCPInfo
CompareStringEx
LCMapStringEx
GetLocaleInfoEx
EncodePointer
GetStringTypeW
SetCurrentDirectoryW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
Wow64RevertWow64FsRedirection
Wow64DisableWow64FsRedirection
OpenProcess
Sleep
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
DecodePointer
VerifyVersionInfoW
LoadLibraryW
GetSystemDirectoryW
VerSetConditionMask
OpenEventA
CreateEventA
WaitForSingleObjectEx
ResetEvent
GetComputerNameExW
FindClose
ExpandEnvironmentStringsW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
FreeLibraryWhenCallbackReturns

user32

GetShellWindow
GetSystemMetrics
GetWindowThreadProcessId

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW

ole32

CoTaskMemAlloc
CoTaskMemFree

oleaut32

VariantClear
SysAllocStringByteLen
SysStringByteLen
SysFreeString

advapi32

RevertToSelf
CredFree
CredUnmarshalCredentialW
ConvertSidToStringSidW
MakeAbsoluteSD
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
OpenThreadToken
RegDisablePredefinedCacheEx
LookupAccountSidW
ImpersonateLoggedOnUser
GetLengthSid
DuplicateToken
CreateWellKnownSid
CopySid
CheckTokenMembership
RegCopyTreeW
RegDeleteTreeW
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyTransactedW
RegEnumValueW
RegEnumKeyW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyTransactedW
RegCreateKeyExW
RegConnectRegistryW
RegOpenCurrentUser
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetUserNameW
GetTokenInformation
FreeSid
AllocateAndInitializeSid
OpenProcessToken
CredIsMarshaledCredentialW
LsaNtStatusToWinError
LookupAccountNameW
IsValidSid
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CredProtectW
LogonUserW
EqualSid
CredIsProtectedW

credui

CredPackAuthenticationBufferW

secur32

LsaLookupAuthenticationPackage
LsaDeregisterLogonProcess
LsaConnectUntrusted

wtsapi32

WTSQuerySessionInformationW
WTSQueryUserToken
WTSFreeMemory

shlwapi

SHStrDupW
PathFileExistsW
ord219

ktmw32

CreateTransaction
CommitTransaction

userenv

UnloadUserProfile
LoadUserProfileW

mpr

WNetGetUniversalNameW

crypt32

CertOpenSystemStoreW
CertGetNameStringW
CertFreeCertificateContext
CertFindCertificateInStore
CryptFindLocalizedName
CryptUnprotectData
CryptProtectData
CertStrToNameW
CryptExportPublicKeyInfoEx
CryptSignAndEncodeCertificate
CertGetPublicKeyLength
CertAddEncodedCertificateToStore
CertCreateCertificateContext
CertCloseStore
CertSaveStore
CertOpenStore
CryptMsgControl
CryptMsgGetParam
CryptMsgUpdate
CryptMsgClose
CryptMsgOpenToDecode
CryptMsgOpenToEncode
CryptEncodeObjectEx
CryptUnprotectMemory
CryptProtectMemory

ncrypt

NCryptFinalizeKey
NCryptCreatePersistedKey
NCryptOpenStorageProvider
NCryptFreeObject
NCryptSetProperty

ws2_32

htonl
ntohl

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 768KB - Virtual size: 767KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 258KB - Virtual size: 257KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bmgrcfg
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$0/embedhook-x64.exe
.exe windows:6 windows x64 arch:x64

17abbe9f3bc8aca1b208bf15cbe70009

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:5d:63:32:d3:dd:3a:bc:56:36:15:d1:6e:0a:74:40
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

06/05/2022, 00:00

Not After

20/05/2025, 23:59

Subject

CN=Bomgar Corporation,OU=Remote Support,O=Bomgar Corporation,L=Ridgeland,ST=Mississippi,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:5d:63:32:d3:dd:3a:bc:56:36:15:d1:6e:0a:74:40
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

06/05/2022, 00:00

Not After

20/05/2025, 23:59

Subject

CN=Bomgar Corporation,OU=Remote Support,O=Bomgar Corporation,L=Ridgeland,ST=Mississippi,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7a:79:53:e8:f3:15:a4:83:3c:6a:78:79:37:9a:09:52:b3:b6:36:6d:82:78:af:df:a7:d6:e7:10:76:e8:0f:53
Signer

Actual PE Digest

7a:79:53:e8:f3:15:a4:83:3c:6a:78:79:37:9a:09:52:b3:b6:36:6d:82:78:af:df:a7:d6:e7:10:76:e8:0f:53

Digest Algorithm

sha256

PE Digest Matches

true

b5:5c:21:5c:02:df:45:7d:d2:f4:64:50:68:82:5a:0f:f9:a1:f2:73
Signer

Actual PE Digest

b5:5c:21:5c:02:df:45:7d:d2:f4:64:50:68:82:5a:0f:f9:a1:f2:73

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

embedhook-x64.pdb

Imports

kernel32

GetCommandLineW
OutputDebugStringA
OutputDebugStringW
CloseHandle
GetLastError
ExitProcess
GetCurrentThreadId
CreateProcessW
GetStartupInfoW
FreeLibrary
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadLibraryW
LocalAlloc
LocalReAlloc
LocalFree
lstrcmpiW
lstrcpynA
lstrcpynW
lstrcatW
lstrlenW
CreateFileW
SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
HeapReAlloc
HeapSize
GetProcessHeap
LCMapStringW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
RtlUnwindEx
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
EncodePointer
RaiseException
RtlPcToFileHeader
GetStdHandle
WriteFile
GetModuleHandleExW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
GetStringTypeW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
WriteConsoleW

user32

CharPrevW
TranslateMessage
GetMessageW
wvsprintfW
wvsprintfA
DispatchMessageW
WaitForInputIdle

shell32

CommandLineToArgvW

shlwapi

PathIsRelativeW

Sections

.text
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$0/embedhook-x86.exe
.exe windows:6 windows x86 arch:x86

1d72e90bd53e4b629b223d425d92e5ba

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:5d:63:32:d3:dd:3a:bc:56:36:15:d1:6e:0a:74:40
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

06/05/2022, 00:00

Not After

20/05/2025, 23:59

Subject

CN=Bomgar Corporation,OU=Remote Support,O=Bomgar Corporation,L=Ridgeland,ST=Mississippi,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:5d:63:32:d3:dd:3a:bc:56:36:15:d1:6e:0a:74:40
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

06/05/2022, 00:00

Not After

20/05/2025, 23:59

Subject

CN=Bomgar Corporation,OU=Remote Support,O=Bomgar Corporation,L=Ridgeland,ST=Mississippi,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:16:47:b1:2c:d5:b5:0c:31:40:35:de:c5:d6:20:d2:d3:21:7f:2b:54:4c:d7:b2:63:be:78:66:77:65:6e:91
Signer

Actual PE Digest

8c:16:47:b1:2c:d5:b5:0c:31:40:35:de:c5:d6:20:d2:d3:21:7f:2b:54:4c:d7:b2:63:be:78:66:77:65:6e:91

Digest Algorithm

sha256

PE Digest Matches

true

fe:9d:4a:3f:f2:85:b6:e7:3a:28:29:e1:70:13:e8:98:93:22:f1:a7
Signer

Actual PE Digest

fe:9d:4a:3f:f2:85:b6:e7:3a:28:29:e1:70:13:e8:98:93:22:f1:a7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

embedhook-x86.pdb

Imports

kernel32

GetCommandLineW
OutputDebugStringA
OutputDebugStringW
CloseHandle
GetLastError
ExitProcess
GetCurrentThreadId
CreateProcessW
GetStartupInfoW
FreeLibrary
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadLibraryW
LocalAlloc
LocalReAlloc
LocalFree
lstrcmpiW
lstrcpynA
lstrcpynW
lstrcatW
lstrlenW
WriteConsoleW
CreateFileW
SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
HeapReAlloc
HeapSize
GetProcessHeap
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
RtlUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
EncodePointer
RaiseException
GetStdHandle
WriteFile
GetModuleHandleExW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
GetStringTypeW
LCMapStringW
DecodePointer

user32

CharPrevW
TranslateMessage
GetMessageW
wvsprintfW
wvsprintfA
DispatchMessageW
WaitForInputIdle

shell32

CommandLineToArgvW

shlwapi

PathIsRelativeW

Sections

.text
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$0/icon_exclamation.png
.png
$0/indicator_pinned_connected.png
.png
$0/indicator_pinned_disconnected.png
.png
$0/nudge.wav
$0/pinuninstall.bat
$0/preload-en-us.rdf
$0/remove.exe
.exe windows:4 windows x86 arch:x86

b1a57b635b23ffd553b3fd1e0960b2bd

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:5d:63:32:d3:dd:3a:bc:56:36:15:d1:6e:0a:74:40
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

06/05/2022, 00:00

Not After

20/05/2025, 23:59

Subject

CN=Bomgar Corporation,OU=Remote Support,O=Bomgar Corporation,L=Ridgeland,ST=Mississippi,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:5d:63:32:d3:dd:3a:bc:56:36:15:d1:6e:0a:74:40
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

06/05/2022, 00:00

Not After

20/05/2025, 23:59

Subject

CN=Bomgar Corporation,OU=Remote Support,O=Bomgar Corporation,L=Ridgeland,ST=Mississippi,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

38:63:de:f8
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

24/12/1999, 17:50

Not After

24/07/2029, 14:15

Subject

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

22/07/2015, 19:02

Not After

22/06/2029, 19:32

Subject

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:d7:13:53:da:25:61:b4:61:e9:90:47:8a:4c:ce:04
Certificate

Issuer

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

19/01/2024, 16:46

Not After

01/06/2029, 00:00

Subject

CN=Entrust Timestamp Authority - TSA1,O=Entrust\, Inc.,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

34:e3:7c:e8:99:a9:38:96:36:a5:5e:0b:f4:1f:66:2c:2a:f2:95:37:03:25:d5:57:00:32:b6:89:ec:02:16:38
Signer

Actual PE Digest

34:e3:7c:e8:99:a9:38:96:36:a5:5e:0b:f4:1f:66:2c:2a:f2:95:37:03:25:d5:57:00:32:b6:89:ec:02:16:38

Digest Algorithm

sha256

PE Digest Matches

true

bc:17:c6:18:50:d9:9b:1d:f5:d4:18:c9:26:8a:84:d4:7f:94:c4:e0
Signer

Actual PE Digest

bc:17:c6:18:50:d9:9b:1d:f5:d4:18:c9:26:8a:84:d4:7f:94:c4:e0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
SetFileAttributesA
CompareFileTime
SearchPathA
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
Sleep
lstrcmpiA
lstrlenA
GetVersion
SetErrorMode
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
GetLastError
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrcatA
GetSystemDirectoryA
WaitForSingleObject
SetFileTime
CloseHandle
GlobalFree
lstrcmpA
ExpandEnvironmentStringsA
GetExitCodeProcess
GlobalAlloc
GetCommandLineA
GetTempPathA
GetProcAddress
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
ReadFile
FindClose
GetPrivateProfileStringA
WritePrivateProfileStringA
WriteFile
MulDiv
MultiByteToWideChar
LoadLibraryExA
GetModuleHandleA
FreeLibrary

user32

SetCursor
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
EndDialog
ScreenToClient
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetForegroundWindow
GetWindowLongA
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
SetTimer
PostQuitMessage
SetWindowLongA
SendMessageTimeoutA
LoadImageA
wsprintfA
GetDlgItem
FindWindowExA
IsWindow
SetClipboardData
EmptyClipboard
OpenClipboard
EndPaint
CreateDialogParamA
DestroyWindow
ShowWindow
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
SHFileOperationA
ShellExecuteA

advapi32

RegDeleteValueA
SetFileSecurityA
RegOpenKeyExA
RegDeleteKeyA
RegEnumValueA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_AddMasked
ImageList_Destroy
ImageList_Create
ord17

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

f2ac1ab587d5531d5f1bf76c094aef4c

Code Sign

78:a1:8f:5a:6a:4a:79:c4:05:20:fc:be:ce:d3:41:3a
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/04/2019, 00:00

Not After

20/05/2022, 23:59

Subject

CN=Bomgar Corporation,OU=Remote Support,O=Bomgar Corporation,L=Ridgeland,ST=Mississippi,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:a1:8f:5a:6a:4a:79:c4:05:20:fc:be:ce:d3:41:3a
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/04/2019, 00:00

Not After

20/05/2022, 23:59

Subject

CN=Bomgar Corporation,OU=Remote Support,O=Bomgar Corporation,L=Ridgeland,ST=Mississippi,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8d:21:79:58:2a:d2:fd:70:ec:a8:a7:c7:8f:49:cc:9b:25:7e:62:da:77:d9:ad:e7:bd:7a:a0:3b:cb:7f:80:9f
Signer

Actual PE Digest

8d:21:79:58:2a:d2:fd:70:ec:a8:a7:c7:8f:49:cc:9b:25:7e:62:da:77:d9:ad:e7:bd:7a:a0:3b:cb:7f:80:9f

Digest Algorithm

sha256

PE Digest Matches

true

91:d5:65:d6:11:1e:f4:fa:4f:62:65:a4:ee:33:0d:16:8b:27:21:37
Signer

Actual PE Digest

91:d5:65:d6:11:1e:f4:fa:4f:62:65:a4:ee:33:0d:16:8b:27:21:37

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
GlobalAlloc
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 510B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$0/sas.dll
.dll windows:6 windows x64 arch:x64

539b8218dccc41fb0ec666e865913971

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:5d:63:32:d3:dd:3a:bc:56:36:15:d1:6e:0a:74:40
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

06/05/2022, 00:00

Not After

20/05/2025, 23:59

Subject

CN=Bomgar Corporation,OU=Remote Support,O=Bomgar Corporation,L=Ridgeland,ST=Mississippi,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:5d:63:32:d3:dd:3a:bc:56:36:15:d1:6e:0a:74:40
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

06/05/2022, 00:00

Not After

20/05/2025, 23:59

Subject

CN=Bomgar Corporation,OU=Remote Support,O=Bomgar Corporation,L=Ridgeland,ST=Mississippi,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

74:57:84:c9:a3:18:bc:2a:fb:2a:08:33:23:d6:6c:d3:46:43:8c:96:3b:50:64:c8:a1:54:fb:04:94:87:d1:73
Signer

Actual PE Digest

74:57:84:c9:a3:18:bc:2a:fb:2a:08:33:23:d6:6c:d3:46:43:8c:96:3b:50:64:c8:a1:54:fb:04:94:87:d1:73

Digest Algorithm

sha256

PE Digest Matches

true

0d:ff:89:21:46:f8:29:6c:d0:d3:97:97:a9:6e:e8:b8:e9:2a:f3:c8
Signer

Actual PE Digest

0d:ff:89:21:46:f8:29:6c:d0:d3:97:97:a9:6e:e8:b8:e9:2a:f3:c8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

SAS.pdb

Imports

msvcrt

malloc
_initterm
free
_amsg_exit
__C_specific_handler
_XcptFilter
_vsnwprintf
memset

kernel32

RtlLookupFunctionEntry
SetLastError
GetProcessHeap
HeapFree
HeapAlloc
LoadLibraryA
GetProcAddress
FreeLibrary
RtlCaptureContext
RtlVirtualUnwind
DisableThreadLibraryCalls
Sleep
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter

rpcrt4

RpcStringFreeW
RpcBindingFree
RpcBindingSetAuthInfoExW
RpcStringBindingComposeW
RpcBindingFromStringBindingW
NdrClientCall3
I_RpcExceptionFilter

Exports

Exports

SendSAS

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$0/scc-attach-hovered.png
.png
$0/scc-attach.png
.png
$0/scc-chat-flash.png
.png
$0/scc-chat-hovered.png
.png
$0/scc-chat.png
.png
$0/scc-disconnected-animation.png
.png
$0/scc-fontsize-hovered.png
.png
$0/scc-fontsize.png
.png
$0/server.lic
$0/spinner.exe
.exe windows:6 windows x64 arch:x64

6c28999296bb5cc77f600bf61cbe0523

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:5d:63:32:d3:dd:3a:bc:56:36:15:d1:6e:0a:74:40
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

06/05/2022, 00:00

Not After

20/05/2025, 23:59

Subject

CN=Bomgar Corporation,OU=Remote Support,O=Bomgar Corporation,L=Ridgeland,ST=Mississippi,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:5d:63:32:d3:dd:3a:bc:56:36:15:d1:6e:0a:74:40
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

06/05/2022, 00:00

Not After

20/05/2025, 23:59

Subject

CN=Bomgar Corporation,OU=Remote Support,O=Bomgar Corporation,L=Ridgeland,ST=Mississippi,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

38:63:de:f8
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

24/12/1999, 17:50

Not After

24/07/2029, 14:15

Subject

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

22/07/2015, 19:02

Not After

22/06/2029, 19:32

Subject

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:d7:13:53:da:25:61:b4:61:e9:90:47:8a:4c:ce:04
Certificate

Issuer

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

19/01/2024, 16:46

Not After

01/06/2029, 00:00

Subject

CN=Entrust Timestamp Authority - TSA1,O=Entrust\, Inc.,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

52:e2:1b:a0:ee:9d:2c:8f:78:8d:73:5b:14:14:d8:f9:8b:00:48:92:d5:b5:b8:39:2f:c8:50:cf:a1:2d:b3:e5
Signer

Actual PE Digest

52:e2:1b:a0:ee:9d:2c:8f:78:8d:73:5b:14:14:d8:f9:8b:00:48:92:d5:b5:b8:39:2f:c8:50:cf:a1:2d:b3:e5

Digest Algorithm

sha256

PE Digest Matches

true

ee:01:61:30:90:72:1c:c8:64:c5:3c:d8:d8:7b:6b:c2:e0:e8:42:9c
Signer

Actual PE Digest

ee:01:61:30:90:72:1c:c8:64:c5:3c:d8:d8:7b:6b:c2:e0:e8:42:9c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

spinner-x64.pdb

Imports

kernel32

EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
WaitForSingleObject
CreateEventW
ExitProcess
CreateThread
GetCurrentThreadId
GetStartupInfoW
GetModuleFileNameW
GetModuleHandleW
LocalAlloc
LocalFree
lstrcmpW
lstrcpyW
lstrlenW
CreateFileW
SetFilePointerEx
GetConsoleMode
InitializeCriticalSection
FlushFileBuffers
HeapReAlloc
HeapSize
GetProcessHeap
LCMapStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetStringTypeW
GetFileType
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetLastError
GetLastError
CloseHandle
OutputDebugStringW
OutputDebugStringA
GetConsoleOutputCP
GetCommandLineW
WideCharToMultiByte
MultiByteToWideChar
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
RtlUnwindEx
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
RaiseException
RtlPcToFileHeader
GetStdHandle
WriteFile
GetModuleHandleExW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
WriteConsoleW

user32

LoadCursorW
GetClassLongPtrW
SetWindowLongPtrW
GetWindowLongPtrW
GetSysColorBrush
InvalidateRect
EndPaint
BeginPaint
GetSystemMetrics
SetTimer
CharPrevW
SetWindowPos
MoveWindow
LoadImageW
DestroyWindow
CreateWindowExW
RegisterClassExW
PostQuitMessage
DefWindowProcW
PostMessageW
DispatchMessageW
TranslateMessage
GetMessageW
wsprintfW
wsprintfA
wvsprintfW
wvsprintfA
ShowWindow

gdi32

SelectObject
DeleteDC
CreateCompatibleDC
BitBlt
GetObjectW

shell32

CommandLineToArgvW

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$0/start-cb-hook.bat
.bat .vbs
$0/startup_animation_1.bmp
$0/startup_animation_2.bmp
$0/startup_animation_3.bmp
$0/startup_animation_4.bmp
$0/startup_animation_5.bmp
$0/stop-cb-hook.bat.template
$0/uninstall.bat
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

f2ac1ab587d5531d5f1bf76c094aef4c

Code Sign

78:a1:8f:5a:6a:4a:79:c4:05:20:fc:be:ce:d3:41:3a
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/04/2019, 00:00

Not After

20/05/2022, 23:59

Subject

CN=Bomgar Corporation,OU=Remote Support,O=Bomgar Corporation,L=Ridgeland,ST=Mississippi,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:a1:8f:5a:6a:4a:79:c4:05:20:fc:be:ce:d3:41:3a
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/04/2019, 00:00

Not After

20/05/2022, 23:59

Subject

CN=Bomgar Corporation,OU=Remote Support,O=Bomgar Corporation,L=Ridgeland,ST=Mississippi,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8d:21:79:58:2a:d2:fd:70:ec:a8:a7:c7:8f:49:cc:9b:25:7e:62:da:77:d9:ad:e7:bd:7a:a0:3b:cb:7f:80:9f
Signer

Actual PE Digest

8d:21:79:58:2a:d2:fd:70:ec:a8:a7:c7:8f:49:cc:9b:25:7e:62:da:77:d9:ad:e7:bd:7a:a0:3b:cb:7f:80:9f

Digest Algorithm

sha256

PE Digest Matches

true

91:d5:65:d6:11:1e:f4:fa:4f:62:65:a4:ee:33:0d:16:8b:27:21:37
Signer

Actual PE Digest

91:d5:65:d6:11:1e:f4:fa:4f:62:65:a4:ee:33:0d:16:8b:27:21:37

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
GlobalAlloc
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 510B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b1a57b635b23ffd553b3fd1e0960b2bd

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

03:5d:63:32:d3:dd:3a:bc:56:36:15:d1:6e:0a:74:40Certificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

03:5d:63:32:d3:dd:3a:bc:56:36:15:d1:6e:0a:74:40Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

db:69:b2:2d:d0:11:86:1f:25:f7:a2:0d:9b:03:ef:3e:13:2b:cd:da:d9:7e:a6:fb:6c:29:42:ff:1f:4c:2b:5dSigner

52:48:3b:a9:55:f3:73:87:44:1c:37:bf:96:8c:f7:2f:55:4a:a0:6cSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 108KB

.ndata Size: - Virtual size: 44KB

.rsrc Size: 16KB - Virtual size: 16KB

81e0c61d6041df7eb4b8a8a1ab4adaab

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

03:5d:63:32:d3:dd:3a:bc:56:36:15:d1:6e:0a:74:40Certificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

03:5d:63:32:d3:dd:3a:bc:56:36:15:d1:6e:0a:74:40Certificate

Extended Key Usages

Key Usages

38:63:de:f8Certificate

Key Usages

58:da:13:ff:00:00:00:00:51:ce:0d:f7Certificate

Extended Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

03:5d:63:32:d3:dd:3a:bc:56:36:15:d1:6e:0a:74:40
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

03:5d:63:32:d3:dd:3a:bc:56:36:15:d1:6e:0a:74:40
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

db:69:b2:2d:d0:11:86:1f:25:f7:a2:0d:9b:03:ef:3e:13:2b:cd:da:d9:7e:a6:fb:6c:29:42:ff:1f:4c:2b:5d
Signer

52:48:3b:a9:55:f3:73:87:44:1c:37:bf:96:8c:f7:2f:55:4a:a0:6c
Signer

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 108KB

.ndata
Size: - Virtual size: 44KB

.rsrc
Size: 16KB - Virtual size: 16KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

03:5d:63:32:d3:dd:3a:bc:56:36:15:d1:6e:0a:74:40
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

03:5d:63:32:d3:dd:3a:bc:56:36:15:d1:6e:0a:74:40
Certificate

38:63:de:f8
Certificate

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

07:d7:13:53:da:25:61:b4:61:e9:90:47:8a:4c:ce:04
Certificate

6d:f1:a7:0e:56:37:51:b8:0d:1e:59:6e:ad:67:f1:6e:73:f1:94:91:1b:63:f5:27:bc:3d:30:ac:25:0f:08:91
Signer

0a:77:ce:db:6d:35:b6:fe:74:93:b2:0f:e5:e3:b0:00:68:ab:19:ac
Signer

.text
Size: 8.2MB - Virtual size: 8.2MB

.rdata
Size: 1.9MB - Virtual size: 1.9MB

.data
Size: 585KB - Virtual size: 659KB

.pdata
Size: 293KB - Virtual size: 292KB

.didat
Size: 3KB - Virtual size: 3KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 18KB - Virtual size: 18KB

.reloc
Size: 52KB - Virtual size: 51KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

03:5d:63:32:d3:dd:3a:bc:56:36:15:d1:6e:0a:74:40
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

03:5d:63:32:d3:dd:3a:bc:56:36:15:d1:6e:0a:74:40
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

b4:89:e5:2f:b3:9b:d0:34:20:51:23:93:c8:6c:94:82:57:89:b5:3e:a7:99:27:19:23:2d:a8:9e:19:e1:67:d0
Signer

61:5d:a4:5d:57:d8:35:8f:6d:96:28:33:1c:a0:9e:36:0d:e5:aa:b7
Signer

.text
Size: 70KB - Virtual size: 70KB