465a0800e9d60d8d598b0dddb514beb2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

465a0800e9d60d8d598b0dddb514beb2_JaffaCakes118
Size

1.6MB
MD5

465a0800e9d60d8d598b0dddb514beb2
SHA1

6aba1518d8dabbb5ac28c4f13fac985d92e08168
SHA256

66e5624ceeaec3cc9430a9626ca95d3c0cd7ceb472c14c7d55955c9283984609
SHA512

eb99b085131bfc7fc25662e10cf36d7db12d32cc6c476f5ed9285dc4ef9f5d471263056e9ee5a853c533cd87a92008bdca479eb03d780e476f90e50fdea3ebca
SSDEEP

49152:5HgUJj0EuXfcKMt7y5ZbYOhpw2+WWW3KN:5AkpIEj7yZlv+lfN

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/$TEMP/utilplg.dll	acprotect

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/$TEMP/utilplg.dll	upx
static1/unpack001/2.0.17/updater.exe	upx

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
465a0800e9d60d8d598b0dddb514beb2_JaffaCakes118
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$PLUGINSDIR/nsExec.dll
unpack002/out.upx
unpack001/2.0.17/iptray.exe
unpack003/out.upx

Files

465a0800e9d60d8d598b0dddb514beb2_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b729b61eb1515fcf7b3e511e4e66258b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 409KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 1.7MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/leftblue.bmp
$PLUGINSDIR/leftgrey.bmp
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:5 windows x86 arch:x86

9ea5bdc8c90dfcffe309465c26c89758

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
MulDiv
lstrlenW
HeapFree
GetProcessHeap
lstrcmpiW
HeapReAlloc
lstrcpynW
GetFileAttributesW
lstrcpyW
GetCurrentDirectoryW
SetCurrentDirectoryW
HeapAlloc
GlobalFree

user32

LoadCursorW
RemovePropW
DrawFocusRect
GetPropW
DrawTextW
GetWindowTextW
GetDlgItem
SetWindowLongW
SetWindowPos
CreateDialogParamW
MapWindowPoints
GetWindowRect
SetCursor
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
GetClientRect
CharPrevW
CallWindowProcW
SetPropW
DestroyWindow
MapDialogRect
CharNextW
SendMessageW
GetWindowLongW

gdi32

SetTextColor

shell32

SHGetPathFromIDListW
SHBrowseForFolderW

comdlg32

GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 590B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsExec.dll
.dll windows:5 windows x86 arch:x86

8700d0ebbb41c81ea52718af1ab70a93

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyW
MultiByteToWideChar
lstrlenA
lstrcmpiW
lstrlenW
ExitProcess
CloseHandle
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
lstrcpynW
GetCommandLineW
Sleep
TerminateProcess
GlobalReAlloc
GlobalUnlock
GlobalSize
ReadFile
GetModuleHandleW
GetTickCount
GetStartupInfoW
CreatePipe
GetVersionExW
GlobalLock
DeleteFileW
lstrcatW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateFileW
CopyFileW
GetTempFileNameW
GlobalFree
GlobalAlloc
GetModuleFileNameW
GetProcAddress
PeekNamedPipe
GetCurrentProcess

user32

CharPrevW
CharNextW
SendMessageW
FindWindowExW
wsprintfW

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 454B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/rightblue.bmp
$PLUGINSDIR/rightgrey.bmp
$PLUGINSDIR/select.bmp
$PLUGINSDIR/trialfreefeatures.bmp
$PLUGINSDIR/trialplusfeatures.bmp
$TEMP/DIFxAPI.dll
.dll windows:6 windows x86 arch:x86

c8bb176aa316a8a34b7e7e1439c67e13

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1b:ab:11:da:3a:a1:b6:df:ec:88
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

11/10/2005, 21:55

Not After

26/04/2010, 07:00

Subject

CN=Microsoft Windows Verification Intermediate PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:10:c3:52:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Windows Verification Intermediate PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/10/2005, 23:24

Not After

11/01/2007, 23:34

Subject

CN=Microsoft Windows Component Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

26:98:6b:1f:23:b8:07:df:c1:05:57:1b:9c:b8:b1:59:1a:1f:7c:a1
Signer

Actual PE Digest

26:98:6b:1f:23:b8:07:df:c1:05:57:1b:9c:b8:b1:59:1a:1f:7c:a1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

DIFXAPI.pdb

Imports

ntdll

RtlUnwind
RtlNtStatusToDosError
VerSetConditionMask

kernel32

VerifyVersionInfoW
GetVersionExW
lstrlenW
FreeLibrary
GetProcAddress
LoadLibraryW
DeleteFileW
SetFileAttributesW
GetEnvironmentVariableW
CompareStringW
GetFileAttributesW
MoveFileExW
GetTempFileNameW
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileSize
CreateFileW
GetSystemWindowsDirectoryW
MultiByteToWideChar
WideCharToMultiByte
GetFullPathNameW
CopyFileW
LocalFree
RemoveDirectoryW
FindClose
FindNextFileW
lstrcmpW
FindFirstFileW
CreateDirectoryW
LocalReAlloc
LocalAlloc
GetProcessHeap
ReleaseMutex
GetSystemDirectoryW
DeviceIoControl
WaitForSingleObject
CreateMutexW
GetSystemTimeAsFileTime
Sleep
RaiseException
GetVersionExA
HeapSize
GetCommandLineA
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetModuleHandleA
ExitProcess
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
WriteFile
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
LCMapStringW
LoadLibraryA
SetFilePointer
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
CreateFileA
GetThreadLocale
WaitForMultipleObjects
InterlockedCompareExchange
SetEvent
CreateEventW
SetEndOfFile
SetLastError
InterlockedExchange
lstrcmpiW
InterlockedDecrement
GetLastError
InterlockedIncrement
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
HeapFree
HeapReAlloc
EnterCriticalSection
HeapAlloc
LeaveCriticalSection
HeapDestroy
GetModuleHandleW
DeleteCriticalSection
GetModuleFileNameA
OutputDebugStringA
HeapCreate
InitializeCriticalSection
TlsGetValue

user32

UnregisterClassA
CharLowerW
CharPrevW

setupapi

CM_Query_And_Remove_SubTreeW
SetupDiSetDeviceRegistryPropertyW
SetupQueueCopyIndirectW
SetupDiCallClassInstaller
SetupDiBuildDriverInfoList
SetupDiSetDeviceInstallParamsW
SetupDiGetDeviceInstallParamsW
SetupDiSetSelectedDevice
SetupDiOpenDeviceInfoW
SetupDiOpenDevRegKey
SetupDiGetDeviceInstanceIdW
SetupDiCreateDeviceInfoList
SetupDiGetDriverInfoDetailW
SetupDiGetSelectedDriverW
SetupDiSetClassInstallParamsW
SetupDiClassNameFromGuidW
CM_Get_Device_ID_ListW
CM_Get_Device_ID_List_SizeW
CM_Locate_DevNodeW
CM_Get_DevNode_Status
CM_Setup_DevNode
SetupDiGetDeviceRegistryPropertyW
SetupGetTargetPathW
SetupInstallFilesFromInfSectionW
SetupPromptReboot
SetupInstallFromInfSectionW
SetupInstallServicesFromInfSectionW
SetupDiGetActualSectionToInstallW
SetupFindNextLine
SetupFindNextMatchLineW
SetupOpenInfFileW
SetupOpenFileQueue
SetupCommitFileQueueW
SetupQueueCopyW
SetupCloseFileQueue
SetupGetLineCountW
SetupCloseInfFile
SetupFindFirstLineW
SetupGetFieldCount
SetupGetIntField
CM_Enumerate_Classes
SetupDiEnumDeviceInfo
SetupInitDefaultQueueCallbackEx
SetupDefaultQueueCallbackW
SetupDiGetClassDevsW
SetupDiOpenClassRegKey
CM_Get_Device_IDW
SetupDiDestroyDeviceInfoList
SetupGetStringFieldW
pSetupGetGlobalFlags
pSetupSetGlobalFlags
SetupOpenAppendInfFileW
SetupCopyOEMInfW
SetupTermDefaultQueueCallback

advapi32

FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
GetLengthSid
SetEntriesInAclW
QueryServiceStatus
DeleteService
ControlService
CloseServiceHandle
OpenServiceW
OpenSCManagerW
StartServiceW
RegCloseKey

ole32

StringFromCLSID
CoTaskMemFree
CoInitialize
CoUninitialize
CoCreateInstance

wintrust

CryptCATAdminCalcHashFromFileHandle
WinVerifyTrust

crypt32

CertFreeCertificateContext
CertGetCTLContextProperty
CryptQueryObject
CertFreeCTLContext

Exports

Exports

DIFXAPISetLogCallbackA
DIFXAPISetLogCallbackW
DriverPackageGetPathA
DriverPackageGetPathW
DriverPackageInstallA
DriverPackageInstallW
DriverPackagePreinstallA
DriverPackagePreinstallW
DriverPackageUninstallA
DriverPackageUninstallW
SetDifxLogCallbackA
SetDifxLogCallbackW

Sections

.text
Size: 280KB - Virtual size: 279KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/casetup32.exe
.exe windows:5 windows x86 arch:x86

5bed6ed7ad45a6e31b4d3350bd86da70

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:47:b0:da:73:5e:fb:4b:02:0f:c8:38:ad:98:21:16
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

20/07/2010, 00:00

Not After

18/08/2011, 23:59

Subject

CN=Immunet Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Immunet Corporation,L=Woodside,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c4:b6:06:c0:64:e2:ec:92:48:dc:aa:84:55:e0:d5:02:98:b1:78:eb
Signer

Actual PE Digest

c4:b6:06:c0:64:e2:ec:92:48:dc:aa:84:55:e0:d5:02:98:b1:78:eb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Builder\Builds\2.0.17.48\air\2.0.17\agent\Release\casetup32.pdb

Imports

difxapi

DriverPackageUninstallW
DriverPackageInstallW
SetDifxLogCallbackW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

fltlib

FilterFindClose
FilterFindNext
FilterFindFirst

psapi

GetModuleFileNameExW
GetProcessImageFileNameW

kernel32

QueryDosDeviceW
LocalAlloc
ReleaseSemaphore
CreateSemaphoreW
GetVersion
GetFileType
GetStdHandle
QueryPerformanceCounter
GlobalMemoryStatus
GetVersionExA
FlushConsoleInputBuffer
FreeLibrary
LocalFree
FormatMessageW
WideCharToMultiByte
SetCurrentDirectoryW
GetCurrentThread
GetSystemTimeAsFileTime
IsDebuggerPresent
LoadLibraryA
GetProcAddress
MultiByteToWideChar
GetCurrentThreadId
MoveFileExW
SetEvent
OpenEventW
GetCurrentProcessId
ProcessIdToSessionId
WTSGetActiveConsoleSessionId
ReleaseMutex
WaitForSingleObject
CreateMutexW
Process32NextW
CloseHandle
TerminateProcess
OpenProcess
Process32FirstW
CreateToolhelp32Snapshot
Sleep
GetTickCount
FindClose
FindNextFileW
GetLastError
FindFirstFileW
GetSystemDirectoryW
InterlockedExchange
InterlockedCompareExchange
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
SetLastError

user32

MessageBoxA
MessageBoxExW
SetDebugErrorLevel
GetUserObjectInformationW
GetDesktopWindow
GetProcessWindowStation

advapi32

AdjustTokenPrivileges
SetEntriesInAclW
GetNamedSecurityInfoW
BuildTrusteeWithSidW
SetNamedSecurityInfoW
OpenSCManagerW
CloseServiceHandle
OpenServiceW
DeleteService
QueryServiceStatusEx
StartServiceW
RegisterEventSourceA
ReportEventA
DeregisterEventSource
ImpersonateSelf
OpenThreadToken
CreateProcessAsUserW
CreateWellKnownSid
DuplicateTokenEx
LookupPrivilegeValueW
OpenProcessToken
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegOpenKeyExW
ControlService

msvcr90

_wtoi
wcsncpy_s
free
??2@YAPAXI@Z
??3@YAXPAX@Z
wcscpy_s
wcscat_s
wcsncat_s
wcsrchr
_wcsicmp
toupper
wprintf
realloc
swprintf_s
_vscwprintf
malloc
fwprintf
_scprintf
_localtime64_s
fflush
_wfopen
_errno
vswprintf_s
vsprintf_s
printf
wcsftime
fprintf
strftime
_scwprintf
_vscprintf
fclose
_time64
wcschr
strchr
tolower
wcsstr
isdigit
fread
_ui64tow_s
memcpy
memset
memchr
__iob_func
strncmp
ferror
fwrite
fopen
_setmode
_fileno
ftell
feof
fseek
fgets
qsort
strtoul
getenv
_vsnprintf
vfprintf
abort
isspace
strncpy
isxdigit
strcmp
fputs
signal
_getch
isupper
sscanf
sprintf
strstr
_wfopen_s
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
__winitenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
_snprintf_s
_itoa_s
_stricmp
_wcsnicmp
_wcslwr
atoi
_wstat64i32
_strdup
strncpy_s
__CxxFrameHandler3
sprintf_s

wintrust

WinVerifyTrust

Sections

.text
Size: 239KB - Virtual size: 238KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/facebook.bmp
$TEMP/iprd.dll
.dll windows:5 windows x86 arch:x86

f13e8315c6037e2f60f543dc9611e0ec

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:47:b0:da:73:5e:fb:4b:02:0f:c8:38:ad:98:21:16
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

20/07/2010, 00:00

Not After

18/08/2011, 23:59

Subject

CN=Immunet Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Immunet Corporation,L=Woodside,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7e:ba:2d:d1:14:bc:0a:92:23:5b:6e:62:35:89:d4:3b:b4:10:09:3d
Signer

Actual PE Digest

7e:ba:2d:d1:14:bc:0a:92:23:5b:6e:62:35:89:d4:3b:b4:10:09:3d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Builds\trunk\common\signed-pe-injection\InjectedPeReader\Release\iprd.pdb

Imports

psapi

GetModuleFileNameExW
GetProcessImageFileNameW

kernel32

FindFirstFileA
GetProcAddress
FindClose
LoadLibraryA
QueryDosDeviceW
CloseHandle
SetLastError
CreateMutexW
Sleep
ReleaseSemaphore
CreateSemaphoreW
GetCurrentThreadId
GetVersion
GetFileType
GetStdHandle
GetTickCount
QueryPerformanceCounter
GlobalMemoryStatus
GetVersionExA
FlushConsoleInputBuffer
GetLastError
LocalAlloc
GetDriveTypeA
SetEnvironmentVariableA
CompareStringW
MultiByteToWideChar
CreateFileW
ReadFile
GetModuleHandleW
FreeLibrary
FindFirstFileW
WaitForSingleObject
LocalFree
FormatMessageW
WideCharToMultiByte
SetCurrentDirectoryW
GetCurrentDirectoryW
SetCurrentDirectoryA
GetCurrentDirectoryA
OpenProcess
GetCurrentProcessId
CompareStringA
GetProcessHeap
HeapFree
GetCommandLineA
HeapAlloc
GetTimeFormatA
GetDateFormatA
GetSystemTimeAsFileTime
HeapReAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
EnterCriticalSection
LeaveCriticalSection
SetConsoleCtrlHandler
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
RaiseException
HeapCreate
HeapDestroy
VirtualFree
DeleteCriticalSection
VirtualAlloc
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
LCMapStringA
LCMapStringW
RtlUnwind
SetFilePointer
WriteFile
GetModuleFileNameA
ExitProcess
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTimeZoneInformation
GetConsoleCP
FlushFileBuffers
GetFullPathNameW
GetFileInformationByHandle
PeekNamedPipe
GetModuleHandleA
SetStdHandle
CreateFileA
HeapSize
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile

user32

GetDesktopWindow
SetDebugErrorLevel
MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation

advapi32

CreateWellKnownSid
SetEntriesInAclW
GetNamedSecurityInfoW
RegisterEventSourceA
ReportEventA
DeregisterEventSource
SetNamedSecurityInfoW
BuildTrusteeWithSidW

Exports

Exports

caCleanUpConfig
caExtractAffiliate
caExtractAffiliateW
caExtractExistingLicense
caExtractExistingLicenseW
caExtractLicense
caExtractLicenseW
caGetLicenseState
caLogMessage
caLogMessageW
caResetLicenseState
caSetConfig
caSetConfigW

Sections

.text
Size: 340KB - Virtual size: 340KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 45KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/runtime.msi
.msi
$TEMP/twitter.bmp
$TEMP/utilplg.dll
.dll windows:5 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1e:44:68:3e:8f:d5:c1:e3:94:85:de:55:8e:87:77:79
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

05/08/2009, 00:00

Not After

18/08/2010, 23:59

Subject

CN=Immunet Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Immunet Corporation,L=Woodside,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:60:c1:7e:68:a3:d2:7e:e3:0b:4e:55:de:0d:c2:61:74:d1:92:a1
Signer

Actual PE Digest

47:60:c1:7e:68:a3:d2:7e:e3:0b:4e:55:de:0d:c2:61:74:d1:92:a1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

Execute
ExecuteW
VerifyTrust
VerifyTrustW

Sections

UPX0
Size: - Virtual size: 72KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 39KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2.0.17/agent.exe
.exe windows:5 windows x86 arch:x86

02cdd00f68b38364a6e651e3ba1e6db7

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:47:b0:da:73:5e:fb:4b:02:0f:c8:38:ad:98:21:16
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

20/07/2010, 00:00

Not After

18/08/2011, 23:59

Subject

CN=Immunet Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Immunet Corporation,L=Woodside,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:3f:83:9e:0f:eb:d7:f4:71:29:f6:6f:26:d2:0f:cf:d2:d1:32:f9
Signer

Actual PE Digest

79:3f:83:9e:0f:eb:d7:f4:71:29:f6:6f:26:d2:0f:cf:d2:d1:32:f9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Builder\Builds\2.0.17.48\air\2.0.17\agent\Release\agent.pdb

Imports

dut

?VerifySignature@Util@@SAHPB_WPAX@Z
?VerifyIssuer@Util@@SAHPB_WPAPB_W@Z
?VerifyAll@Util@@SAHPB_WPA_W@Z
?HexChar@Util@@SAPADPAEK@Z
?error@@YAXPADZZ
?GetOsVersion@Util@@SAKXZ
?RegValueQuery@Util@@SAKPA_W0PAKPAE1@Z
?setDebugLevel@@YAXH@Z
?ConvertStringToWCHAR@Util@@SAPA_WPAD@Z
?ConvertWCHARToString@Util@@SAPADPA_W@Z
?trace_open@@YAHXZ
?IsFileInCatStore@Util@@SAHPB_WPAX@Z
?GetCertHashData@Util@@SAHPB_WPAXPAPB_WPAPAEPAK@Z
?CharHex@Util@@SAPAEPADPAK@Z
?BaseName@Util@@SAPADPAD@Z
?LoadFile@Util@@SAHPB_WPAXPAPAEPAK@Z

dxm

??0XML@@QAE@XZ
?LoadBuffer@XML@@UAEHPAD@Z
?GetW@XML@@UAEPA_WPAD@Z
?GetDword@XML@@UAEKPAD@Z
?GetMany@XML@@UAEPAPADPAD@Z
??1XML@@QAE@XZ

dcf

?AddDword@Config@@UAEHPADKH@Z
?NodeExists@Config@@QAEHPAD0@Z
?AddMany@Config@@UAEHPADPAPADH@Z
?SetDword@Config@@UAEHPADKH@Z
??0Config@@QAE@XZ
??1Config@@QAE@XZ
?GetDword@Config@@UAEKPAD@Z
?Load@Config@@UAEHXZ
?GetW@Config@@UAEPA_WPAD@Z
?ReLoad@Config@@UAEHXZ
?Get@Config@@UAEPADPAD@Z
?Set@Config@@UAEHPAD0H@Z
?Add@Config@@UAEHPAD0H@Z
?Save@Config@@UAEHH@Z
?GetMany@Config@@UAEPAPADPAD@Z
?GetManyW@Config@@UAEPAPA_WPAD@Z
?AddW@Config@@UAEHPADPA_WH@Z
?GetKey@Config@@QAEPAUevp_pkey_st@@PADH@Z
?Delete@Config@@UAEKPADH@Z
?SetW@Config@@UAEHPADPA_WH@Z
?FreeManyW@Config@@UAEXPAPA_W@Z
?Exists@Config@@UAEHPAD@Z

dqr

?QueryLoadW@@YAKPA_W0@Z
?QueryOpen@@YAKGPAPAXPAH@Z
?QueryUpdateHash@@YAKPAXHPAEKEPAD@Z
?QueryGet@@YAKPAXDHPAEK11PAKPAPAD@Z
?QueryException@@YAKPAXHPAEK@Z
?QueryPreGet@@YAKPAXHPAEK11PAKPAPAD@Z
?QueryMultiGet@@YAKPAXHPAEKH1KHH11PAKPAPAD@Z
?QueryConnectivityGet@@YAKPAH@Z
?QueryFalsePositive@@YAKPAXHPAEK@Z
?QueryMultiAssocGet@@YAKPAXHPAEKHPAPAEPAK@Z
?QueryPing@@YAKPAXPAK11PAH@Z
?QueryLicenseRegister@@YAKPAXPAEKPAK21@Z

dti

?PreFullScan@TetraEngineInterface@@QAEHHHH@Z
?BootScan@TetraEngineInterface@@QAEHXZ
?GetDBInfo@TetraEngineInterface@@QAEHPAK0@Z
?GetSyncTetraInstance@@YGKPAX@Z
?GetASynchronousTetraInstance@@YGKPAX@Z
?DeInitScanner@TetraEngineInterface@@QAEHXZ
?DeInit@TetraInterface@@QAEXXZ
?DebugOptions@TetraEngineInterface@@QAEXXZ
?SetOptions@TetraEngineInterface@@QAEHXZ
?ScanFile@TetraEngineInterface@@QAEHPAXPB_W0@Z
?ScanFile@TetraEngineInterface@@QAEHPB_WPAX@Z
?m_config@TetraInterface@@2VConfig@@A
?RootkitScan@TetraEngineInterface@@QAEHPAX@Z
?TetraUpdaterInit@@YGHPAU_TETRA_UPDATER_PARAM@@@Z

dsl

sqlite3_prepare_v2
sqlite3_column_int
sqlite3_close
sqlite3_busy_timeout
sqlite3_finalize
sqlite3_step
sqlite3_errmsg
sqlite3_open_v2
sqlite3_column_text

fltlib

FilterSendMessage
FilterReplyMessage
FilterGetMessage
FilterConnectCommunicationPort

shlwapi

StrStrIA

kernel32

InterlockedCompareExchange
UnhandledExceptionFilter
TerminateProcess
SetNamedPipeHandleState
TransactNamedPipe
WaitNamedPipeW
SetUnhandledExceptionFilter
FlushConsoleInputBuffer
GetVersionExA
LoadLibraryA
GlobalMemoryStatus
QueryPerformanceCounter
GetStdHandle
GetFileType
GetVersion
SetLastError
FormatMessageW
WaitForSingleObjectEx
DeleteFileW
lstrcmpA
LocalFree
lstrcpyW
LocalAlloc
WideCharToMultiByte
MultiByteToWideChar
DeviceIoControl
CreateFileW
GetFileAttributesExW
Module32NextW
Module32FirstW
Process32NextW
CreateToolhelp32Snapshot
FindClose
FindNextFileW
FindFirstFileW
GetLogicalDriveStringsW
TerminateThread
ReadFile
ResetEvent
IsDebuggerPresent
GetSystemTimeAsFileTime
InterlockedExchange
ConnectNamedPipe
DisconnectNamedPipe
WaitForSingleObject
CreateEventW
CreateThread
GetVersionExW
CreateMutexW
ExitProcess
Sleep
SetProcessWorkingSetSize
GetCurrentProcess
WaitForMultipleObjects
GetModuleFileNameW
SetCurrentDirectoryW
CloseHandle
GetSystemInfo
OpenProcess
GetCurrentProcessId
GetProcessTimes
GetSystemTimes
GetSystemTime
SystemTimeToFileTime
GetFileAttributesW
CreateProcessW
GetTickCount
SetEvent
GetLastError
GetCurrentThread
SetThreadPriority
GetLogicalDriveStringsA
QueryDosDeviceA
EnterCriticalSection
LeaveCriticalSection
ReleaseMutex
InterlockedIncrement
GetCurrentThreadId
GetFileSize
DuplicateHandle
CreateFileA
DeleteFileA
DeleteCriticalSection
InitializeCriticalSection
InterlockedDecrement
LoadLibraryW
GetProcAddress
FreeLibrary
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CreateSemaphoreW
ReleaseSemaphore
WriteFile
GetOverlappedResult
CreateNamedPipeW

user32

MessageBoxA
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
LoadStringW
wsprintfW

advapi32

DeleteService
RegisterEventSourceA
OpenSCManagerW
OpenServiceW
QueryServiceStatusEx
CloseServiceHandle
LookupPrivilegeValueW
OpenThreadToken
ImpersonateSelf
InitializeSecurityDescriptor
AdjustTokenPrivileges
RegOpenKeyExW
RegEnumValueW
RegQueryValueExW
RegCloseKey
CreateServiceW
ChangeServiceConfig2W
ControlService
StartServiceW
ReportEventA
DeregisterEventSource
QueryServiceStatus
SetServiceStatus
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
SetSecurityDescriptorDacl

shell32

SHGetFolderPathW
SHGetFolderPathA

ole32

CoInitializeEx
StringFromGUID2
CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

SysFreeString
VariantClear
SysAllocString

msvcp90

?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z

msvcr90

__iob_func
abort
qsort
isdigit
memchr
strncpy
ferror
fflush
_setmode
_fileno
ftell
feof
fseek
fgets
strcmp
isspace
isxdigit
fputs
signal
_getch
isupper
fprintf
vsprintf_s
_scprintf
fopen
atoi
strtok_s
strchr
sscanf
sprintf
memmove
memmove_s
_set_purecall_handler
_snwprintf_s
_set_invalid_parameter_handler
exit
_unlock
__dllonexit
_encode_pointer
_lock
vfprintf
_decode_pointer
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
__winitenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_CxxThrowException
__set_app_type
_crt_debugger_hook
_except_handler4_common
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
_stat64i32
__CxxFrameHandler3
strrchr
tolower
strftime
rand
_snprintf_s
srand
_wstat64
_localtime64_s
strncmp
??_V@YAXPAX@Z
_wcslwr_s
wcstok
wcsstr
wcschr
realloc
fclose
fread
_wfopen_s
_purecall
_wcsicmp
_vsnprintf
getenv
strtoul
memcpy
fwrite
memset
_errno
_wstat64i32
_wfsopen
strerror_s
_onexit
_vscprintf
free
malloc
strstr
sprintf_s
wcscpy_s
_strdup
_wcsdup
??3@YAXPAX@Z
??2@YAPAXI@Z
swprintf_s
strncpy_s
strcat_s
wcscat_s
strcpy_s
calloc
printf
_time64
_i64toa_s
_ltoa_s
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABV01@@Z
_invalid_parameter_noinfo
?what@exception@std@@UBEPBDXZ
memcpy_s
wcstok_s
_wtoi
swscanf_s
wcsncpy_s

rpcrt4

UuidCreate
UuidToStringW
RpcStringFreeW

psapi

GetModuleFileNameExW
GetProcessMemoryInfo

wintrust

WinVerifyTrust

crypt32

CryptMsgGetParam
CertFindCertificateInStore
CertFreeCertificateContext
CertCloseStore
CryptMsgClose
CertGetNameStringW
CryptDecodeObject
CryptQueryObject

winhttp

WinHttpOpenRequest
WinHttpOpen
WinHttpConnect
WinHttpWriteData
WinHttpSetCredentials
WinHttpReadData
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpAddRequestHeaders
WinHttpCloseHandle
WinHttpSendRequest

ws2_32

WSAGetLastError
closesocket
WSASetLastError
recv
shutdown
send

Sections

.text
Size: 451KB - Virtual size: 451KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 159KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 57KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2.0.17/iptray.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 380KB - Virtual size: 379KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 107KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 229KB - Virtual size: 229KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2.0.17/updater.exe
.exe windows:5 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:47:b0:da:73:5e:fb:4b:02:0f:c8:38:ad:98:21:16
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

20/07/2010, 00:00

Not After

18/08/2011, 23:59

Subject

CN=Immunet Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Immunet Corporation,L=Woodside,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

eb:6c:94:85:27:18:1f:b5:0f:04:12:11:92:31:97:b7:42:8c:cd:42
Signer

Actual PE Digest

eb:6c:94:85:27:18:1f:b5:0f:04:12:11:92:31:97:b7:42:8c:cd:42

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b729b61eb1515fcf7b3e511e4e66258b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 409KB

.ndata Size: - Virtual size: 1.7MB

.rsrc Size: 8KB - Virtual size: 8KB

039bcbc605477e8e87ec550c2e60e748

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 963B

.data Size: 512B - Virtual size: 64B

.reloc Size: 1024B - Virtual size: 588B

9ea5bdc8c90dfcffe309465c26c89758

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: - Virtual size: 48B

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 590B

8700d0ebbb41c81ea52718af1ab70a93

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: - Virtual size: 3KB

.reloc Size: 512B - Virtual size: 454B

c8bb176aa316a8a34b7e7e1439c67e13

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 409KB

.ndata
Size: - Virtual size: 1.7MB

.rsrc
Size: 8KB - Virtual size: 8KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 963B

.data
Size: 512B - Virtual size: 64B

.reloc
Size: 1024B - Virtual size: 588B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: - Virtual size: 48B

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 590B

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 454B

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:1b:ab:11:da:3a:a1:b6:df:ec:88
Certificate

61:10:c3:52:00:00:00:00:00:03
Certificate

26:98:6b:1f:23:b8:07:df:c1:05:57:1b:9c:b8:b1:59:1a:1f:7c:a1
Signer

.text
Size: 280KB - Virtual size: 279KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 17KB - Virtual size: 16KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

25:47:b0:da:73:5e:fb:4b:02:0f:c8:38:ad:98:21:16
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

c4:b6:06:c0:64:e2:ec:92:48:dc:aa:84:55:e0:d5:02:98:b1:78:eb
Signer

.text
Size: 239KB - Virtual size: 238KB

.rdata
Size: 94KB - Virtual size: 93KB

.data
Size: 40KB - Virtual size: 93KB

.rsrc
Size: 15KB - Virtual size: 15KB

.reloc
Size: 28KB - Virtual size: 27KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate