4238abf8ce8abcdc0b81a18edc89c3b9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4238abf8ce8abcdc0b81a18edc89c3b9_JaffaCakes118
Size

1.1MB
MD5

4238abf8ce8abcdc0b81a18edc89c3b9
SHA1

44d427f5cba1126bf68b35135eebdd1dcb4dce77
SHA256

62ffb50728011ddb657a6438bc28aa04612dd26c491c6dbfcbb03eb3eede4fda
SHA512

f0bc9696e5396a8f6cb240bbc5f76e8e5495931dbcf7f5be301298e726fa426234bde8589631572ba2501b38def4053006fe313301b7a762d6e052405eb8c602
SSDEEP

24576:z/FZ6OGTKtS4Vk0FXaFF/nVvjhfVX5JNdeaSShb5TMpZy:z/FZ6OEfs3+/9j9JyaSSfMpZy

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/1863 KingKoxp v13/1863 KingKoxp v13.exe
unpack001/1863 KingKoxp v13/dinput8.dll

Files

4238abf8ce8abcdc0b81a18edc89c3b9_JaffaCakes118
.rar
1863 KingKoxp v13/1863 KingKoxp v13.exe
.exe windows:4 windows x86 arch:x86

0696dbf7df6ecd5e499e8d157359ec12

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarTstGt
__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaVarVargNofree
__vbaFreeVar
__vbaLateIdCall
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
__vbaVarIdiv
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
ord516
__vbaVarFix
_adj_fprem1
__vbaRecAnsiToUni
ord519
__vbaStrCat
__vbaVarCmpNe
__vbaLsetFixstr
__vbaRecDestruct
__vbaSetSystemError
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
__vbaAryDestruct
__vbaVarPow
__vbaVarForInit
__vbaExitProc
ord594
__vbaOnError
__vbaObjSet
ord595
_adj_fdiv_m16i
_adj_fdivr_m16i
ord598
ord520
__vbaBoolVarNull
__vbaVarTstLt
__vbaFpR8
_CIsin
ord631
__vbaVarCmpGt
ord632
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
ord528
__vbaStrCmp
__vbaAryConstruct2
__vbaVarTstEq
__vbaR4Str
__vbaObjVar
__vbaI2I4
DllFunctionCall
__vbaVarLateMemSt
__vbaVarOr
__vbaFpUI1
__vbaLbound
_adj_fpatan
__vbaR4Var
__vbaFixstrConstruct
__vbaLateIdCallLd
__vbaRedim
__vbaStrR8
__vbaRecUniToAnsi
__vbaUI1ErrVar
EVENT_SINK_Release
ord600
__vbaUI1I2
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaUI1I4
__vbaVarMul
__vbaExceptHandler
ord711
__vbaStrToUnicode
ord606
_adj_fprem
_adj_fdivr_m64
ord607
__vbaVarDiv
ord608
__vbaVarCmpLe
__vbaFPException
__vbaInStrVar
ord717
__vbaUbound
__vbaStrVarVal
__vbaVarCat
__vbaI2Var
ord537
_CIlog
__vbaErrorOverflow
__vbaNew2
__vbaR8Str
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
__vbaStrCopy
ord573
ord681
__vbaI4Str
__vbaVarCmpLt
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaVarTstNe
__vbaI4Var
__vbaVarCmpEq
__vbaLateMemCall
__vbaAryLock
__vbaVarAdd
__vbaVarDup
__vbaStrToAnsi
ord612
__vbaVarCopy
__vbaVarLateMemCallLd
__vbaFpI4
__vbaRecDestructAnsi
ord617
_CIatan
__vbaUI1Str
__vbaStrMove
__vbaI2ErrVar
__vbaStrVarCopy
ord619
_allmul
__vbaLateIdSt
_CItan
ord546
__vbaUI1Var
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
1863 KingKoxp v13/Alarm.wav
1863 KingKoxp v13/TABCTL3N.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

e0cb36c66e5c120ef20ebc4f30366345

Code Sign

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

09/04/1996, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

fc:a4:a5:9f:2c:0f:c0:b9:03:98:33:1b:7b:54:54:1d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

16/11/1999, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service CA SW1,OU=VeriSign Trust Network+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

75:f2:8e:f8:a8:fb:ea:6d:11:52:97:14:95:4b:65:5c
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

04/04/2000, 00:00

Not After

17/04/2001, 23:59

Subject

CN=Microsoft Corporation,OU=VeriSign Commercial Software Publishers CA+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98+OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Microsoft Corporation,O=VeriSign\, Inc.,L=Internet+L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetStringTypeW
GetStringTypeA
VirtualAlloc
LCMapStringW
LCMapStringA
WriteFile
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
VirtualFree
HeapCreate
HeapDestroy
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetCurrentProcess
TerminateProcess
ExitProcess
RaiseException
GetOEMCP
GetACP
GetCPInfo
GetModuleHandleA
GetCommandLineA
lstrcpynA
GetFileAttributesA
GetVersion
DisableThreadLibraryCalls
FindResourceA
LoadResource
LockResource
GetLastError
InterlockedDecrement
InterlockedIncrement
GetProcAddress
GetLocaleInfoA
LoadLibraryA
GetWindowsDirectoryA
GetModuleFileNameA
MultiByteToWideChar
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
lstrcmpiA
lstrlenA
GlobalSize
IsDBCSLeadByte
LeaveCriticalSection
DeleteCriticalSection
FreeLibrary
HeapFree
WideCharToMultiByte
lstrlenW
HeapAlloc
lstrcpyA
EnterCriticalSection
GetProcessHeap
HeapReAlloc
lstrcmpA
InitializeCriticalSection
lstrcatA

user32

BeginPaint
GetClientRect
MoveWindow
IntersectRect
PtInRect
CreateWindowExA
SetWindowPos
SetFocus
SetWindowRgn
FillRect
CopyRect
DrawFocusRect
GetSysColor
IsWindowEnabled
GetWindowRect
GetWindowDC
DestroyWindow
GetWindowLongA
SetWindowLongA
CallWindowProcA
CharNextA
OffsetRect
SetRectEmpty
ShowWindow
IsDialogMessageA
ScreenToClient
GetClipboardFormatNameA
RegisterClipboardFormatA
MapWindowPoints
SetCursorPos
InvalidateRect
UnregisterClassA
ReleaseCapture
GetNextDlgTabItem
CreateDialogIndirectParamA
IsChild
SetParent
IsWindowVisible
WinHelpA
InflateRect
EndDialog
GetActiveWindow
DialogBoxParamA
GetCursorPos
IsIconic
GetParent
LockWindowUpdate
EqualRect
IsWindow
MessageBeep
MessageBoxA
GetDlgItemInt
GetDlgItemTextA
IsDlgButtonChecked
SendDlgItemMessageA
SetDlgItemTextA
SetDlgItemInt
CheckDlgButton
GetDlgItem
wsprintfA
GetKeyState
DefWindowProcA
SetCursor
PeekMessageA
SendMessageA
GetFocus
GetDC
ReleaseDC
SetRect
IsCharAlphaNumericA
VkKeyScanA
CreateAcceleratorTableA
EnableWindow
LoadCursorA
RegisterClassA
DestroyAcceleratorTable
LoadStringA
GetWindow
GetSystemMetrics
EndPaint
ClientToScreen

ole32

ReleaseStgMedium
DoDragDrop
RegisterDragDrop
RevokeDragDrop
CreateOleAdviseHolder
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
OleSaveToStream
OleLoadFromStream

advapi32

RegEnumKeyExA
RegQueryValueA
RegOpenKeyA
RegQueryValueExA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

oleaut32

SysAllocStringLen
OleCreatePropertyFrame
LoadTypeLi
SafeArrayCopy
SafeArrayRedim
SafeArrayGetElement
SafeArrayCreate
SafeArrayPutElement
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayDestroy
SafeArrayUnaccessData
VariantCopyInd
SafeArrayAccessData
LoadTypeLibEx
UnRegisterTypeLi
VariantCopy
CreateErrorInfo
SetErrorInfo
RegisterTypeLi
VariantInit
SysStringLen
VariantChangeType
GetErrorInfo
OleLoadPicture
OleTranslateColor
LoadRegTypeLi
SysAllocStringByteLen
SysStringByteLen
OleCreatePictureIndirect
OleCreateFontIndirect
VariantClear
SysFreeString
SysAllocString

gdi32

SetMapMode
GetWindowExtEx
GetViewportExtEx
LPtoDP
GetNearestColor
CreatePalette
GetBitmapBits
CreateDIBitmap
GetDIBits
CopyEnhMetaFileA
CopyMetaFileA
CreateDCA
SetWindowOrgEx
SetViewportOrgEx
SetWindowExtEx
SetViewportExtEx
GetDeviceCaps
DeleteDC
DeleteObject
StretchBlt
SelectObject
CreateBitmap
CreateCompatibleDC
RealizePalette
SelectPalette
GetOutlineTextMetricsA
BitBlt
CreateCompatibleBitmap
SetTextColor
SetBkColor
CreateRectRgn
CreateFontIndirectA
GetObjectA
SelectClipRgn
CombineRgn
CreatePolygonRgn
SetBkMode
CreatePen
TextOutA
GetTextColor
LineTo
MoveToEx
GetTextExtentPoint32A
GetCharWidthA
GetCurrentPositionEx
SetTextAlign
GetStockObject
CreateSolidBrush
OffsetRgn
SetBrushOrgEx
UnrealizeObject
GetPaletteEntries
CreateRectRgnIndirect
CreateICA

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
1863 KingKoxp v13/TASARIM.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

7eceff401e11ed05319f3d6d272b9297

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

05:e6:68:a2:4e:36:9e:cc:bc:a9:53:1d:11:83:64:bf
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

20/10/2008, 00:00

Not After

20/10/2010, 23:59

Subject

CN=Codejock Technologies\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Codejock Software,O=Codejock Technologies\, LLC,L=Owosso,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

db:28:2f:d1:98:9b:61:be:5e:55:a4:5b:ea:ce:be:b5:8c:92:0c:1f
Signer

Actual PE Digest

db:28:2f:d1:98:9b:61:be:5e:55:a4:5b:ea:ce:be:b5:8c:92:0c:1f

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord613
ord289
ord2379
ord6041
ord2452
ord1146
ord6157
ord1265
ord1567
ord268
ord283
ord703
ord603
ord1969
ord2454
ord273
ord403
ord2393
ord1259
ord1770
ord462
ord3115
ord3315
ord3470
ord452
ord6307
ord521
ord4167
ord699
ord3938
ord397
ord5593
ord3438
ord6876
ord912
ord4188
ord538
ord4277
ord6283
ord4278
ord2763
ord4204
ord834
ord836
ord2814
ord4160
ord2813
ord5216
ord861
ord1572
ord849
ord850
ord2915
ord906
ord845
ord1133
ord2233
ord404
ord957
ord1860
ord5449
ord6393
ord909
ord4205
ord3986
ord1777
ord884
ord886
ord463
ord882
ord876
ord878
ord879
ord2890
ord6572
ord857
ord940
ord6779
ord536
ord6385
ord6389
ord1979
ord5442
ord3318
ord665
ord5186
ord354
ord924
ord926
ord539
ord922
ord1206
ord1223
ord2868
ord5575
ord3525
ord433
ord4202
ord5710
ord1644
ord4163
ord1200
ord4020
ord2727
ord2730
ord2729
ord1949
ord2152
ord6453
ord6605
ord3797
ord2380
ord2381
ord2567
ord4270
ord1134
ord3005
ord2135
ord3732
ord556
ord809
ord2122
ord1940
ord4287
ord6756
ord2629
ord1229
ord5785
ord939
ord1150
ord6662
ord6199
ord1140
ord3402
ord3610
ord656
ord765
ord6458
ord5053
ord4480
ord3092
ord2645
ord2108
ord4284
ord6377
ord2078
ord3721
ord795
ord2116
ord6663
ord3089
ord4123
ord6170
ord3698
ord3957
ord1795
ord2642
ord1871
ord1000
ord5589
ord394
ord696
ord3435
ord4185
ord2580
ord4400
ord3630
ord682
ord1844
ord1849
ord4083
ord1848
ord5805
ord6086
ord4375
ord4852
ord3356
ord324
ord1908
ord1690
ord2528
ord5288
ord4439
ord2054
ord4431
ord771
ord2041
ord498
ord1008
ord3475
ord4259
ord5849
ord4715
ord5788
ord472
ord4258
ord5161
ord5162
ord5160
ord4905
ord4742
ord4948
ord4358
ord4377
ord4854
ord5287
ord4835
ord3699
ord3719
ord793
ord768
ord489
ord2294
ord2362
ord2302
ord4976
ord6334
ord2646
ord1929
ord1771
ord6366
ord2413
ord2024
ord4401
ord692
ord1847
ord3803
ord6194
ord4124
ord1815
ord5861
ord1651
ord2867
ord2112
ord6195
ord3520
ord6401
ord3870
ord2463
ord3711
ord783
ord1816
ord4234
ord2575
ord4396
ord609
ord2714
ord6008
ord6905
ord3574
ord801
ord541
ord2301
ord668
ord2770
ord356
ord6883
ord1858
ord2652
ord1669
ord4538
ord3530
ord2439
ord1693
ord4342
ord4687
ord4639
ord5674
ord2156
ord4856
ord4920
ord3133
ord6002
ord2137
ord1963
ord5213
ord2953
ord3868
ord5150
ord4705
ord4707
ord2876
ord2998
ord5649
ord4113
ord4661
ord4660
ord4768
ord4650
ord4903
ord4548
ord4521
ord4594
ord4988
ord4925
ord4930
ord4935
ord4659
ord4909
ord4908
ord4668
ord4667
ord4666
ord4648
ord4689
ord5023
ord4654
ord4643
ord4354
ord4780
ord4649
ord4637
ord4636
ord5060
ord4584
ord4371
ord4361
ord4356
ord4739
ord4741
ord4738
ord4409
ord4603
ord4415
ord4992
ord4979
ord2488
ord3404
ord4539
ord4534
ord4949
ord2541
ord2954
ord2384
ord6370
ord2983
ord3148
ord3260
ord4466
ord3269
ord2986
ord3080
ord4081
ord4624
ord5825
ord1205
ord723
ord4996
ord4743
ord5888
ord5979
ord6128
ord5573
ord3199
ord5033
ord5574
ord3057
ord4820
ord2566
ord559
ord812
ord1088
ord5862
ord5610
ord1829
ord3876
ord2546
ord291
ord1927
ord5856
ord3028
ord5782
ord3920
ord3790
ord342
ord1182
ord3811
ord2820
ord551
ord4203
ord941
ord5683
ord1262
ord1832
ord5651
ord350
ord6447
ord4033
ord5642
ord1083
ord501
ord1114
ord1113
ord1099
ord5510
ord1647
ord429
ord470
ord4249
ord423
ord4809
ord1614
ord4811
ord1685
ord6040
ord1686
ord3474
ord5008
ord5953
ord3499
ord2515
ord355
ord4367
ord5344
ord3273
ord438
ord4042
ord2613
ord1706
ord2386
ord6570
ord3882
ord2795
ord4989
ord4926
ord4931
ord3272
ord2504
ord430
ord729
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord4077
ord5237
ord5282
ord2649
ord1665
ord4436
ord4427
ord366
ord1842
ord4242
ord4793
ord5252
ord5228
ord1721
ord4589
ord4588
ord4899
ord4370
ord4892
ord4535
ord5076
ord4341
ord4348
ord4887
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4963
ord4960
ord4108
ord5240
ord3748
ord1725
ord5260
ord4432
ord761
ord480
ord1904
ord4256
ord4894
ord4723
ord5121
ord674
ord5483
ord2496
ord5959
ord3119
ord6042
ord3230
ord3212
ord2901
ord5984

msvcrt

atoi
_purecall
memmove
free
malloc
_wcslwr
wcsstr
wcscmp
_ftol
_CIpow
__CxxFrameHandler
_mbscmp
strchr
sscanf
wcslen
strtod
wcsncpy
calloc
realloc
_splitpath
floor
_mbsnbcmp
_fstat
fopen
fclose
fseek
ftell
fgets
_mbschr
isprint
sprintf
isxdigit
_ismbcalnum
_ismbcspace
_ismbcdigit
_ismbcprint
_ismbcalpha
qsort
_snprintf
longjmp
fprintf
_iob
abort
_setjmp3
fread
wcsncmp
_CxxThrowException
_mbsnbcpy
wcschr
_wcsicmp
_wtoi
_mbctype
swscanf
ceil
_strdup
_mbsrchr
_mbsinc
wcstombs
__dllonexit
_onexit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
_initterm
_adjust_fdiv
_mbsicmp

kernel32

lstrlenW
IsDBCSLeadByte
lstrcpynA
GetNumberFormatA
WriteFile
GetLastError
GetCurrentProcess
TerminateProcess
GetLongPathNameA
GlobalSize
FormatMessageA
LocalFree
GetPrivateProfileIntA
lstrlenA
GetCurrentDirectoryA
GetModuleFileNameA
GetTickCount
SetEvent
CreateThread
WaitForSingleObject
ResetEvent
CreateEventA
GetOEMCP
GetCPInfo
GetVersionExA
EnumResourceLanguagesA
EnumResourceTypesA
MultiByteToWideChar
WideCharToMultiByte
GetPrivateProfileStringA
GetTempPathA
WritePrivateProfileStringA
DeleteFileA
GetFileAttributesA
lstrcmpA
EnumResourceNamesA
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
InterlockedDecrement
GlobalAlloc
DeleteCriticalSection
InitializeCriticalSection
SetFilePointer
SizeofResource
FindResourceA
LoadResource
LockResource
CreateFileA
ReadFile
CloseHandle
InterlockedIncrement
GetLocaleInfoA
GlobalLock
GlobalUnlock
GetModuleHandleA
MulDiv
LoadLibraryA
GetProcAddress
GetCurrentThreadId
LocalAlloc

user32

EnableWindow
GrayStringA
DrawTextA
TabbedTextOutA
GetSubMenu
PeekMessageA
SetRect
SystemParametersInfoA
GetWindowTextLengthA
GetWindowTextA
DefWindowProcA
LoadCursorA
GetForegroundWindow
GetLastActivePopup
GetWindowLongA
GetDialogBaseUnits
IntersectRect
SetCapture
LockWindowUpdate
IsRectEmpty
SetCaretPos
GetMessageA
ClientToScreen
OffsetRect
DispatchMessageA
ReleaseCapture
InvertRect
CopyRect
GetClientRect
IsWindow
GetWindowRect
SetRectEmpty
GetCursorPos
ScreenToClient
PtInRect
CallNextHookEx
GetParent
SetWindowsHookExA
UnhookWindowsHookEx
GetDesktopWindow
GetDC
ReleaseDC
GetSysColor
DragDetect
ShowCaret
GetScrollInfo
SendMessageA
GetScrollPos
GetWindowPlacement
ShowWindow
GetClassLongA
LoadIconA
WinHelpA
RemoveMenu
EndDeferWindowPos
wsprintfA
SetFocus
OpenClipboard
EmptyClipboard
CloseClipboard
CheckMenuItem
GetNextDlgTabItem
MessageBeep
PostMessageA
DrawFrameControl
GetFocus
SetCursor
DrawFocusRect
FillRect
AdjustWindowRectEx
RedrawWindow
GetSysColorBrush
LoadStringA
SetWindowTextA
GetDlgCtrlID
GetWindow
GetClassNameA
InflateRect
IsWindowEnabled
GetActiveWindow
SetActiveWindow
UpdateWindow
EqualRect
SetWindowPos
InvalidateRect
SetTimer
GetCursor
GetKeyState
KillTimer
IsWindowVisible
WindowFromPoint
DrawAnimatedRects
FindWindowA
EnumChildWindows
SetForegroundWindow
ValidateRect
SetParent
SetClassLongA
GetDlgItem
DestroyCaret
GetSystemMenu
GetSystemMetrics
LookupIconIdFromDirectoryEx
LoadMenuA
CopyImage
SetClipboardData
LoadBitmapA
DestroyIcon
CopyIcon
CreateIconIndirect
DrawIconEx
GetIconInfo
DrawStateA
VkKeyScanA
CreateAcceleratorTableA
DestroyAcceleratorTable
CreateIconFromResourceEx
LoadImageA
RegisterClipboardFormatA
DrawMenuBar
GetMenu
BeginDeferWindowPos
SetWindowPlacement
UnionRect
TranslateMessage
GetDoubleClickTime
GetTabbedTextExtentA
GetAsyncKeyState
IsIconic
MessageBoxA
IsChild
HideCaret
GetMenuItemCount
GetMenuItemID
MoveWindow
DrawEdge
SetScrollPos
GetClipboardData
EnableMenuItem
IsClipboardFormatAvailable
EnableScrollBar
ShowScrollBar
DeferWindowPos
CreateCaret
SetWindowRgn
GetWindowRgn
CallWindowProcA
RegisterWindowMessageA
IsWindowUnicode
GetWindowLongW
SetWindowLongW
GetCapture
SetWindowLongA

gdi32

CreateDIBSection
DeleteDC
StretchBlt
CreateBitmap
SetTextColor
SetBkColor
SetStretchBltMode
GetDIBits
GetBitmapBits
ExtCreateRegion
GetTextMetricsA
CreatePatternBrush
GetBkColor
GetTextColor
GetTextAlign
SetPixelV
CreatePolygonRgn
FillRgn
FrameRgn
PtInRegion
GetWindowOrgEx
CreateFontA
GetCharWidthA
SetBoundsRect
GetRgnBox
RoundRect
GetViewportExtEx
GetWindowExtEx
Ellipse
CombineRgn
StrokePath
FillPath
StrokeAndFillPath
EndPath
CloseFigure
MoveToEx
LineTo
PolyBezierTo
BeginPath
OffsetViewportOrgEx
GetClipBox
GetTextExtentPoint32W
ExtTextOutW
GetCurrentPositionEx
IntersectClipRect
GetClipRgn
ExtSelectClipRgn
SetBkMode
Rectangle
GetTextExtentPointA
SetBrushOrgEx
GetBrushOrgEx
CreateRectRgn
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateFontIndirectA
GetTextExtentPoint32A
Polygon
GetStockObject
EnumFontFamiliesExA
SetPixel
PatBlt
CreateSolidBrush
CreatePen
DeleteObject
BitBlt
CreateRectRgnIndirect
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
GetObjectA
Polyline
GetDeviceCaps
GetPixel

advapi32

RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegQueryValueExA

shell32

DragQueryFileA
ShellExecuteA
SHGetMalloc
SHBrowseForFolderA
SHGetPathFromIDListA
SHAppBarMessage
Shell_NotifyIconA

comctl32

ImageList_Destroy
ImageList_GetImageCount
ImageList_GetIcon
ImageList_GetIconSize
ImageList_DrawEx
ImageList_ReplaceIcon
ImageList_Add
ImageList_GetImageInfo
ImageList_Create
_TrackMouseEvent
ImageList_Draw
ImageList_AddMasked
ord17

ole32

RevokeDragDrop
RegisterDragDrop
CoCreateInstance
OleRun
CoLockObjectExternal
ReleaseStgMedium

olepro32

ord252
ord254
ord253

oleaut32

VariantCopy
SafeArrayCreate
VarI4FromCy
VarI4FromR4
VarI4FromR8
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
VariantChangeType
VariantInit
SysFreeString
SysAllocString
VariantChangeTypeEx
SafeArrayGetDim
VariantClear
OleLoadPicturePath
LoadRegTypeLi
SysAllocStringLen

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 240KB - Virtual size: 237KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 388KB - Virtual size: 387KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 116KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
1863 KingKoxp v13/comdlg32.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

988f29c1eb8054253091352741683c76

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/12/2000, 08:00

Not After

12/11/2005, 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:0e:7d:a7:00:00:00:00:00:48
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/10/2003, 05:59

Not After

25/01/2005, 06:09

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:04:be:c7:7e:04:0a:8e:9c:44:86:a8:95:a7:50:5e:ca:0f:22:ec
Signer

Actual PE Digest

30:04:be:c7:7e:04:0a:8e:9c:44:86:a8:95:a7:50:5e:ca:0f:22:ec

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
GetLastError
LockResource
GetWindowsDirectoryA
InterlockedDecrement
InterlockedIncrement
IsDBCSLeadByte
CompareStringA
CompareStringW
lstrcmpA
GetLocaleInfoA
GetVersion
GetModuleFileNameA
GetFileAttributesA
IsBadWritePtr
DisableThreadLibraryCalls
GlobalAlloc
lstrcmpiA
LoadLibraryA
GetProcAddress
lstrcatA
lstrlenA
lstrcpyA
WriteProfileStringA
GlobalLock
GlobalUnlock
LoadResource
FindResourceA
lstrcpynA
LeaveCriticalSection
DeleteCriticalSection
FreeLibrary
HeapFree
WideCharToMultiByte
lstrlenW
HeapAlloc
GetProfileStringA
EnterCriticalSection
GetProcessHeap
GetCurrentThreadId
MultiByteToWideChar
InitializeCriticalSection
GlobalFree

user32

SetWindowRgn
IntersectRect
EqualRect
PtInRect
IsDialogMessageA
IsChild
GetKeyState
CreateDialogIndirectParamA
MessageBeep
PostMessageA
ClientToScreen
wsprintfA
SendMessageTimeoutA
CharNextA
GetActiveWindow
GetWindowThreadProcessId
LoadCursorA
MessageBoxA
GetWindowLongA
GetWindowRect
CreateWindowExA
SetWindowLongA
ShowWindow
DialogBoxParamA
EnableWindow
GetDesktopWindow
GetWindow
IsWindowEnabled
OffsetRect
GetParent
GetDlgItem
SendMessageA
SetFocus
SetParent
SetDlgItemInt
EndPaint
SetActiveWindow
IsWindowVisible
WinHelpA
GetDlgItemInt
EndDialog
GetDlgItemTextA
DestroyWindow
SetDlgItemTextA
GetWindowTextA
GetNextDlgTabItem
SendDlgItemMessageA
RegisterClassA
GetDC
ReleaseDC
LoadIconA
DrawIcon
DestroyIcon
GetSystemMetrics
RegisterWindowMessageA
LoadStringA
DefWindowProcA
UnregisterClassA
GetClientRect
BeginPaint
RegisterClipboardFormatA
SetWindowPos
MoveWindow

ole32

CreateOleAdviseHolder
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
ReleaseStgMedium

advapi32

RegEnumKeyExA
RegQueryValueA
RegOpenKeyA
RegQueryValueExA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

oleaut32

LoadRegTypeLi
OleCreatePropertyFrame
SetErrorInfo
UnRegisterTypeLi
LoadTypeLi
LoadTypeLibEx
OleLoadPicture
VariantChangeType
RegisterTypeLi
VariantInit
GetErrorInfo
VariantClear
SysStringLen
SysAllocStringLen
OleTranslateColor
SysFreeString
SysAllocString
CreateErrorInfo

comdlg32

CommDlgExtendedError
PrintDlgA
ChooseFontA
ChooseColorA
GetOpenFileNameA
GetSaveFileNameA

gdi32

GetDIBits
CreateCompatibleDC
CreateBitmap
GetSystemPaletteEntries
StretchDIBits
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
SetMapMode
LPtoDP
SetViewportExtEx
GetViewportExtEx
CreateRectRgnIndirect
GetWindowExtEx
CreateDCA
GetObjectA
EnumFontFamiliesA
DeleteDC
DeleteObject
GetDeviceCaps
SelectObject

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
1863 KingKoxp v13/dinput8.dll
.dll regsvr32 windows:5 windows x86 arch:x86

0f59d0be33614ade19fa8de73d0b9e82

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dinput8.pdb

Imports

msvcrt

malloc
free
strchr
iswctype
towupper
_wsplitpath
_snwprintf
_wcsnicmp
_ftol
_except_handler3

kernel32

LeaveCriticalSection
SetEvent
DeleteCriticalSection
ResetEvent
WideCharToMultiByte
GetCurrentProcessId
IsBadReadPtr
IsBadWritePtr
lstrcpyW
lstrcmpW
FreeLibraryAndExitThread
WaitForSingleObject
FreeLibrary
GetLastError
WaitForMultipleObjects
SetThreadPriority
CreateThread
CreateEventW
LoadLibraryW
GetTickCount
lstrcmpiW
ReadFileEx
DuplicateHandle
GetCurrentProcess
LoadLibraryExW
ReleaseMutex
MulDiv
EnterCriticalSection
LocalAlloc
LocalReAlloc
SleepEx
ResumeThread
GetProcAddress
DisableThreadLibraryCalls
UnmapViewOfFile
MultiByteToWideChar
lstrlenA
IsBadCodePtr
CompareFileTime
lstrcpynW
GetSystemDirectoryW
GetPrivateProfileStringW
GetWindowsDirectoryW
WriteFileEx
Sleep
DeviceIoControl
SystemTimeToFileTime
GetLocalTime
HeapFree
HeapAlloc
GetProcessHeap
MapViewOfFile
CreateFileMappingW
CreateMutexW
LoadResource
FindResourceW
CreateProcessW
InitializeCriticalSection
GetVersionExW
CreateFileA
GetFullPathNameA
QueryPerformanceCounter
TerminateProcess
GetCurrentThreadId
SetUnhandledExceptionFilter
lstrlenW
GetSystemTimeAsFileTime
CreateFileW
ReadFile
SetFilePointer
GetFileSize
CloseHandle
GetModuleHandleW
GetModuleFileNameW
GetFullPathNameW
InterlockedExchange
LocalFree
InterlockedDecrement
InterlockedIncrement
GetVersion
UnhandledExceptionFilter

advapi32

SetEntriesInAclW
GetSecurityInfo
RegEnumValueW
RegDeleteKeyW
GetUserNameW
RegCreateKeyExW
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAceEx
SetSecurityDescriptorControl
FreeSid
RegEnumKeyExW
RegSetKeySecurity
RegCreateKeyW
RegOpenKeyW
RegQueryValueW
RegDeleteValueW
RegQueryInfoKeyW
RegEnumKeyW
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl

user32

CallWindowProcW
IsWindow
ToUnicodeEx
MapVirtualKeyExW
GetKeyboardLayout
GetActiveWindow
GetKeyNameTextW
GetKeyboardType
GetRawInputDeviceInfoW
GetRawInputDeviceList
PostMessageW
wsprintfW
CharUpperW
UnhookWindowsHookEx
GetWindowThreadProcessId
IsIconic
GetForegroundWindow
GetWindowLongW
CallNextHookEx
SetWindowsHookExW
PostThreadMessageW
MsgWaitForMultipleObjects
DefWindowProcW
CreateWindowExW
RegisterClassW
LoadIconW
LoadCursorW
DestroyWindow
DispatchMessageW
TranslateMessage
PeekMessageW
SetTimer
GetInputState
SystemParametersInfoW
IntersectRect
GetWindowRect
GetDesktopWindow
MapWindowPoints
GetClientRect
ReleaseCapture
SetCursorPos
mouse_event
GetAsyncKeyState
SetCapture
ClipCursor
ShowCursor
GetMessageTime
SendNotifyMessageW
GetCursorPos
GetSystemMetrics
MapVirtualKeyW
LoadStringW
keybd_event
IsRectEmpty
SubtractRect
RegisterWindowMessageW
SetWindowLongW
GetPropW
SetPropW
RemovePropW

Exports

Exports

DirectInput8Create
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0696dbf7df6ecd5e499e8d157359ec12

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 64KB - Virtual size: 61KB

e0cb36c66e5c120ef20ebc4f30366345

Code Sign

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10Certificate

fc:a4:a5:9f:2c:0f:c0:b9:03:98:33:1b:7b:54:54:1dCertificate

Extended Key Usages

Key Usages

75:f2:8e:f8:a8:fb:ea:6d:11:52:97:14:95:4b:65:5cCertificate

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

ole32

advapi32

oleaut32

gdi32

Exports

Exports

Sections

.text Size: 136KB - Virtual size: 135KB

.data Size: 14KB - Virtual size: 13KB

.rsrc Size: 39KB - Virtual size: 39KB

.reloc Size: 8KB - Virtual size: 7KB

7eceff401e11ed05319f3d6d272b9297

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

05:e6:68:a2:4e:36:9e:cc:bc:a9:53:1d:11:83:64:bfCertificate

Extended Key Usages

Key Usages

db:28:2f:d1:98:9b:61:be:5e:55:a4:5b:ea:ce:be:b5:8c:92:0c:1fSigner

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

olepro32

oleaut32

Exports

Exports

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 240KB - Virtual size: 237KB

.data Size: 52KB - Virtual size: 60KB

.rsrc Size: 388KB - Virtual size: 387KB

.reloc Size: 116KB - Virtual size: 112KB

988f29c1eb8054253091352741683c76

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

.text
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 64KB - Virtual size: 61KB

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10
Certificate

fc:a4:a5:9f:2c:0f:c0:b9:03:98:33:1b:7b:54:54:1d
Certificate

75:f2:8e:f8:a8:fb:ea:6d:11:52:97:14:95:4b:65:5c
Certificate

.text
Size: 136KB - Virtual size: 135KB

.data
Size: 14KB - Virtual size: 13KB

.rsrc
Size: 39KB - Virtual size: 39KB

.reloc
Size: 8KB - Virtual size: 7KB

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

05:e6:68:a2:4e:36:9e:cc:bc:a9:53:1d:11:83:64:bf
Certificate

db:28:2f:d1:98:9b:61:be:5e:55:a4:5b:ea:ce:be:b5:8c:92:0c:1f
Signer

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 240KB - Virtual size: 237KB

.data
Size: 52KB - Virtual size: 60KB

.rsrc
Size: 388KB - Virtual size: 387KB

.reloc
Size: 116KB - Virtual size: 112KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

61:0e:7d:a7:00:00:00:00:00:48
Certificate

30:04:be:c7:7e:04:0a:8e:9c:44:86:a8:95:a7:50:5e:ca:0f:22:ec
Signer

.text
Size: 72KB - Virtual size: 69KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 52KB - Virtual size: 51KB

.reloc
Size: 8KB - Virtual size: 5KB

.text
Size: 137KB - Virtual size: 137KB

.data
Size: 1KB - Virtual size: 38KB

.rsrc
Size: 31KB - Virtual size: 30KB

.reloc
Size: 6KB - Virtual size: 6KB