SHADOWBYPASSVIP3[.]4[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

SHADOWBYPASSVIP3.4.zip
Size

2.4MB
MD5

9c73ec965c98ae34983d4c718d0a968d
SHA1

7d034bf5422eca38fb9dc569b6d4dc24a53b4734
SHA256

6722db26bb76c7b4f3ed4824f792005c8633dda2987f78440bf6be3bdea4807c
SHA512

b5cd1d676df0d750e086cf0223b09277509845ff4a2117bcab46aac31e37cc073e123bce8fcbd3f4d99191d6b357e90bb3daa1c677533eb708e712fea592f4f4
SSDEEP

49152:kgTMh7SLmNS/FzLRfUO/7GGeLGtEXvKzQvLWl0o:kg87JcLraGkG0izQKqo

Score

5^/10

upx

Malware Config

Signatures

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
static1/unpack004/out.upx	autoit_exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack003/Windows Defender Control/dControl.exe	upx

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack002/SHADOW BP + HAX 3.4/BYPASS/Release/txn54kjdcy1#SHADOW VIP.exe
unpack002/SHADOW BP + HAX 3.4/SETUP/Gameloop 32 Bit.exe
unpack004/out.upx

Files

SHADOWBYPASSVIP3.4.zip
.zip
SHADOW BYPASS VIP 3.4/SHADOW BP + HAX 3.4.zip
.zip
SHADOW BP + HAX 3.4/BYPASS/Release/data1
SHADOW BP + HAX 3.4/BYPASS/Release/data2
SHADOW BP + HAX 3.4/BYPASS/Release/data3
SHADOW BP + HAX 3.4/BYPASS/Release/data4
SHADOW BP + HAX 3.4/BYPASS/Release/txn54kjdcy1#SHADOW VIP.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SHADOW BP + HAX 3.4/SETUP/Clean_Gameloop.bat
SHADOW BP + HAX 3.4/SETUP/Gameloop 32 Bit.exe
.exe windows:5 windows x86 arch:x86

0e2b0c48d5c7e0af756a1d45ad1efe66

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Devops\agent\workspace\p-111758179e0043a5b011650a32a71ea0\src\TGBDownloader\Output\TGBDownloader\Release\TGBDownloader.pdb

Imports

psapi

GetModuleFileNameExA

ws2_32

htons
WSAStartup
WSAGetLastError
WSACleanup
gethostbyname
closesocket
setsockopt
ioctlsocket
__WSAFDIsSet
select
shutdown
connect
recv
send
htonl
ntohl
socket

kernel32

UnmapViewOfFile
EnterCriticalSection
LeaveCriticalSection
DuplicateHandle
SetErrorMode
TerminateProcess
RaiseException
GetFileTime
GetCurrentDirectoryW
SetCurrentDirectoryW
GetTempPathW
GetFileAttributesW
GetFileSizeEx
TerminateThread
FreeResource
GetUserDefaultUILanguage
DecodePointer
ProcessIdToSessionId
OpenMutexW
CreateMutexW
GetLogicalDrives
GetDriveTypeW
DeviceIoControl
FindFirstFileW
RemoveDirectoryW
MoveFileExW
FindNextFileW
FindClose
GetExitCodeProcess
IsDBCSLeadByte
GetFullPathNameW
SetEndOfFile
SetFilePointerEx
CopyFileW
CreateFileA
SwitchToThread
CreateDirectoryA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetVersionExW
LoadLibraryA
GetSystemDefaultLangID
OpenProcess
SleepEx
CreateMutexA
AreFileApisANSI
TryEnterCriticalSection
HeapCreate
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
GetFullPathNameA
UnlockFileEx
HeapValidate
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetFileAttributesA
FlushViewOfFile
WaitForSingleObjectEx
GetVersionExA
DeleteFileA
HeapCompact
UnlockFile
CreateFileMappingA
LocalFree
LockFileEx
SystemTimeToFileTime
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
QueryPerformanceCounter
FlushFileBuffers
GetStdHandle
GetFileType
GetModuleHandleA
GlobalMemoryStatus
FlushConsoleInputBuffer
MulDiv
GetACP
lstrlenW
GlobalUnlock
ExitProcess
VerifyVersionInfoW
VerSetConditionMask
CreateDirectoryW
MapViewOfFile
LocalFileTimeToFileTime
GlobalAlloc
lstrcpyW
lstrcmpiW
IsValidCodePage
SetStdHandle
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleCP
ReadConsoleW
SetEnvironmentVariableA
SetConsoleMode
ReadConsoleInputA
GetConsoleMode
SetConsoleCtrlHandler
GetModuleHandleExW
ExitThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualProtect
VirtualFree
VirtualAlloc
LoadLibraryExW
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
SignalObjectAndWait
CreateTimerQueue
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
ResetEvent
IsDebuggerPresent
LCMapStringW
CompareStringW
GetCPInfo
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
QueryPerformanceFrequency
FindFirstFileExW
GetNativeSystemInfo
GetExitCodeThread
GetCurrentThread
GetStringTypeW
EncodePointer
SetUnhandledExceptionFilter
InitializeCriticalSection
GetCurrentProcessId
GetModuleFileNameA
GetSystemDirectoryW
CreateFileMappingW
GetEnvironmentVariableW
GetLocaleInfoW
GetPrivateProfileSectionW
GetPrivateProfileIntW
GetPrivateProfileStringW
GetCommandLineW
GetSystemInfo
GetDiskFreeSpaceExW
GlobalMemoryStatusEx
OutputDebugStringW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LoadLibraryW
FreeLibrary
InterlockedExchangeAdd
GetTickCount
GetFileAttributesExW
GetLocalTime
GetModuleFileNameW
InterlockedDecrement
InterlockedIncrement
MoveFileW
DeleteFileW
SetFilePointer
SetEvent
WaitForSingleObject
CreateEventW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
Sleep
InterlockedExchange
InterlockedCompareExchange
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
GetCurrentThreadId
GlobalFree
MultiByteToWideChar
GetCurrentProcess
GetFileSize
WriteFile
ReadFile
GetLastError
GetModuleHandleW
GetProcAddress
CreateFileW
CloseHandle
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
GlobalLock

user32

wsprintfW
EnumDisplayDevicesW
GetDC
MonitorFromWindow
GetMonitorInfoW
ReleaseDC
DestroyWindow
DefWindowProcW
GetSystemMetrics
MessageBoxW
InvalidateRgn
GetWindowTextW
GetWindowTextLengthW
SetWindowTextW
IsWindowEnabled
InvalidateRect
IsWindow
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA
IsRectEmpty
IntersectRect
PtInRect
SetCursor
LoadCursorW
CharNextW
CreateAcceleratorTableW
InflateRect
UnionRect
SendMessageW
GetWindowRect
ScreenToClient
GetKeyState
GetClientRect
SetWindowPos
GetWindowLongW
SetWindowLongW
IsIconic
GetActiveWindow
GetWindow
SetFocus
BeginPaint
EndPaint
GetUpdateRect
IsWindowVisible
MapWindowPoints
CreateWindowExW
GetCursorPos
ReleaseCapture
GetSysColor
GetMessageW
DestroyMenu
TrackPopupMenu
EnableMenuItem
AppendMenuW
TranslateMessage
DispatchMessageW
IsZoomed
PostMessageW
GetFocus
SetTimer
KillTimer
SetCapture
GetParent
LoadImageW
SetWindowRgn
ShowWindow
EnableWindow
PostQuitMessage
RegisterClassW
GetClassInfoExW
RegisterClassExW
GetGUIThreadInfo
SetForegroundWindow
MapVirtualKeyExW
GetKeyboardLayout
OffsetRect
CallWindowProcW
SetPropW
CreatePopupMenu
GetCaretBlinkTime
ClientToScreen
SetCaretPos
GetCaretPos
GetKeyNameTextW
GetPropW
HideCaret
ShowCaret
CreateCaret
GetWindowRgn
UpdateLayeredWindow
EqualRect
FillRect
DrawTextW
SetRect
CharPrevW
MoveWindow

gdi32

CreateRectRgnIndirect
GetClipBox
SelectClipRgn
CreateRoundRectRgn
PlayEnhMetaFile
GetEnhMetaFileHeader
CreateDIBitmap
AddFontMemResourceEx
GetTextMetricsW
CloseEnhMetaFile
CreateEnhMetaFileW
SetWindowOrgEx
Rectangle
RestoreDC
BitBlt
SaveDC
StretchBlt
CreateCompatibleDC
DeleteDC
ExtSelectClipRgn
CreatePen
CreateFontIndirectW
GetStockObject
GetObjectW
GetObjectA
DeleteObject
CreateCompatibleBitmap
GetDeviceCaps
SetStretchBltMode
CreatePatternBrush
CreateSolidBrush
CreatePenIndirect
MoveToEx
LineTo
RoundRect
GetBitmapBits
SetBitmapBits
CombineRgn
RemoveFontMemResourceEx
CreateDIBSection
SetBkMode
SetTextColor
SetBkColor
GetCharABCWidthsW
GetTextExtentPoint32W
TextOutW
GdiFlush
CreateRectRgn
SelectObject
PtInRegion

advapi32

CryptAcquireContextW
RegOpenKeyExA
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
ReportEventA
RegisterEventSourceA
DeregisterEventSource
CryptReleaseContext
CryptGenRandom
RegQueryValueExA

shell32

SHBrowseForFolderW
DragQueryFileW
SHGetFolderPathA
ord165
ShellExecuteExW
SHGetSpecialFolderPathW
SHCreateDirectoryExW
CommandLineToArgvW
SHGetPathFromIDListW
SHChangeNotify

ole32

RegisterDragDrop
DoDragDrop
OleDuplicateData
CoInitialize
CoCreateInstance
CoUninitialize
CoInitializeEx
CoTaskMemFree
CoCreateGuid
ReleaseStgMedium
OleLockRunning
CLSIDFromString
CLSIDFromProgID
CreateStreamOnHGlobal

comctl32

ord17
_TrackMouseEvent

gdiplus

GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipSetStringFormatTrimming
GdipDeleteStringFormat
GdipTranslateWorldTransform
GdipCloneStringFormat
GdipSetInterpolationMode
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawRectangleI
GdipSetPenMode
GdipMeasureString
GdipCreatePen1
GdipFillRectangleI
GdipDeleteBrush
GdipCreateSolidFill
GdipDeleteGraphics
GdipCreateFromHDC
GdipDisposeImage
GdipCloneImage
GdipAlloc
GdipFree
GdipLoadImageFromStream
GdiplusShutdown
GdiplusStartup
GdipDeletePen
GdipDrawString
GdipDrawImageRectI
GdipRotateWorldTransform
GdipStringFormatGetGenericTypographic

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow

winhttp

WinHttpReceiveResponse
WinHttpWriteData
WinHttpSetOption
WinHttpSendRequest
WinHttpQueryHeaders
WinHttpGetIEProxyConfigForCurrentUser
WinHttpAddRequestHeaders
WinHttpOpenRequest
WinHttpConnect
WinHttpCrackUrl
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpGetProxyForUrl
WinHttpSetTimeouts
WinHttpCloseHandle
WinHttpOpen

shlwapi

PathFileExistsW
PathRemoveFileSpecW
PathAddBackslashW
PathRemoveFileSpecA
PathIsDirectoryW

d3d9

Direct3DCreate9

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

netapi32

Netbios

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 529KB - Virtual size: 529KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.QMGuid
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 448KB - Virtual size: 447KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SHADOW BP + HAX 3.4/SETUP/How To Use .txt
SHADOW BP + HAX 3.4/SETUP/Kill_Gameloop.bat
SHADOW BYPASS VIP 3.4/Windows Defender Control.zip
.zip
Windows Defender Control/Read Me.txt
Windows Defender Control/dControl.exe
.exe windows:5 windows x86 arch:x86

Code Sign

69:98:6c:80:0a:7c:5b:8e:47:86:45:a0:3e:86:d5:40
Certificate

Issuer

CN=Sordum Software

Not Before

11-09-2021 21:00

Not After

31-07-2030 21:00

Subject

CN=Sordum Software

Extended Key Usages

ExtKeyUsageCodeSigning

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31-05-2021 06:43

Not After

17-09-2029 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f1:64:25:8c:09:b6:e2:7b:e2:0e:32:60:8e:4b:f4:a8
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

19-05-2021 05:42

Not After

18-05-2032 05:42

Subject

CN=Certum Timestamp 2021,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19-05-2021 05:32

Not After

18-05-2036 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

13:f6:ef:3f:06:29:49:56:6c:21:59:e0:0c:ac:6f:83:24:95:fa:e4
Signer

Actual PE Digest

13:f6:ef:3f:06:29:49:56:6c:21:59:e0:0c:ac:6f:83:24:95:fa:e4

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 492KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 262KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 57KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 514KB - Virtual size: 513KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Windows Defender Control/dControl.ini

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 62KB - Virtual size: 62KB

.reloc Size: 512B - Virtual size: 12B

.rsrc Size: 166KB - Virtual size: 166KB

0e2b0c48d5c7e0af756a1d45ad1efe66

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

psapi

ws2_32

kernel32

user32

gdi32

advapi32

shell32

ole32

comctl32

gdiplus

imm32

winhttp

shlwapi

d3d9

version

netapi32

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.rdata Size: 529KB - Virtual size: 529KB

.data Size: 64KB - Virtual size: 82KB

.gfids Size: 4KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 9B

.QMGuid Size: 512B - Virtual size: 20B

.rsrc Size: 448KB - Virtual size: 447KB

.reloc Size: 117KB - Virtual size: 117KB

Code Sign

69:98:6c:80:0a:7c:5b:8e:47:86:45:a0:3e:86:d5:40Certificate

Extended Key Usages

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27Certificate

Key Usages

f1:64:25:8c:09:b6:e2:7b:e2:0e:32:60:8e:4b:f4:a8Certificate

Extended Key Usages

Key Usages

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87Certificate

Extended Key Usages

Key Usages

13:f6:ef:3f:06:29:49:56:6c:21:59:e0:0c:ac:6f:83:24:95:fa:e4Signer

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 492KB

UPX1 Size: 262KB - Virtual size: 264KB

.rsrc Size: 57KB - Virtual size: 60KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 514KB - Virtual size: 513KB

.rdata Size: 56KB - Virtual size: 55KB

.data Size: 26KB - Virtual size: 105KB

.rsrc Size: 56KB - Virtual size: 56KB

.text
Size: 62KB - Virtual size: 62KB

.reloc
Size: 512B - Virtual size: 12B

.rsrc
Size: 166KB - Virtual size: 166KB

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 529KB - Virtual size: 529KB

.data
Size: 64KB - Virtual size: 82KB

.gfids
Size: 4KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 9B

.QMGuid
Size: 512B - Virtual size: 20B

.rsrc
Size: 448KB - Virtual size: 447KB

.reloc
Size: 117KB - Virtual size: 117KB

69:98:6c:80:0a:7c:5b:8e:47:86:45:a0:3e:86:d5:40
Certificate

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

f1:64:25:8c:09:b6:e2:7b:e2:0e:32:60:8e:4b:f4:a8
Certificate

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

13:f6:ef:3f:06:29:49:56:6c:21:59:e0:0c:ac:6f:83:24:95:fa:e4
Signer

UPX0
Size: - Virtual size: 492KB

UPX1
Size: 262KB - Virtual size: 264KB

.rsrc
Size: 57KB - Virtual size: 60KB

.text
Size: 514KB - Virtual size: 513KB

.rdata
Size: 56KB - Virtual size: 55KB

.data
Size: 26KB - Virtual size: 105KB

.rsrc
Size: 56KB - Virtual size: 56KB