2024-11-23_669c8cc562e81ad860e00c411b9c7b58_bkransomware

Sharing

Copy URL

Twitter E-mail

General

Target

2024-11-23_669c8cc562e81ad860e00c411b9c7b58_bkransomware
Size

6.2MB
MD5

669c8cc562e81ad860e00c411b9c7b58
SHA1

106a606964022260209e4d2d9f856a2b360f250f
SHA256

86919a8a99f706812294e2c241ae602f611e0336f49f2699edb833ee9c88945f
SHA512

2e4851e661a8039f3a9ec181b994073ec9882d31e191e4fb10b63a734ec6e332b810270612f7f5eeccd3796935ca8b12df58ccf7598baf6575db5882975aef23
SSDEEP

98304:6bzPGKfLnqmZjQa/LOg6MmYykewKc2oClrqg78SJDsE7nw/aMnxT8:6bz1LDUCWB5sEdwxT8

Score

1^/10

Malware Config

Signatures

Files

2024-11-23_669c8cc562e81ad860e00c411b9c7b58_bkransomware
.exe windows:5 windows x86 arch:x86

ba2a7922b2032a62aecac475e2976494

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-11-2009 10:00

Not After

18-03-2019 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:64:ef:4d:75:be:a7:6b:99:f1:1f:c3
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

25-07-2017 11:49

Not After

25-07-2020 11:49

Subject

SERIALNUMBER=CHE-113.666.835,CN=Acronis International GmbH,O=Acronis International GmbH,STREET=Rheinweg 9,L=Schaffhausen,ST=Schaffhausen,C=CH,1.3.6.1.4.1.311.60.2.1.2=#130c53636861666668617573656e,1.3.6.1.4.1.311.60.2.1.3=#13024348,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-11-2009 10:00

Not After

18-03-2019 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:64:ef:4d:75:be:a7:6b:99:f1:1f:c3
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

25-07-2017 11:49

Not After

25-07-2020 11:49

Subject

SERIALNUMBER=CHE-113.666.835,CN=Acronis International GmbH,O=Acronis International GmbH,STREET=Rheinweg 9,L=Schaffhausen,ST=Schaffhausen,C=CH,1.3.6.1.4.1.311.60.2.1.2=#130c53636861666668617573656e,1.3.6.1.4.1.311.60.2.1.3=#13024348,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

11:21:b4:55:35:1e:bb:1a:b2:4f:97:ef:07:fe:2a:b3:0b:8a
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for Standard - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d7:9d:89:b6:61:ed:e5:53:f5:08:25:56:16:87:1f:e5:24:e4:30:b4:49:df:bb:68:bb:02:1d:fe:3c:e2:ce:10
Signer

Actual PE Digest

d7:9d:89:b6:61:ed:e5:53:f5:08:25:56:16:87:1f:e5:24:e4:30:b4:49:df:bb:68:bb:02:1d:fe:3c:e2:ce:10

Digest Algorithm

sha256

PE Digest Matches

false

c3:db:00:27:32:7b:c9:f8:c8:e0:51:41:57:de:8e:5a:1d:1f:db:01
Signer

Actual PE Digest

c3:db:00:27:32:7b:c9:f8:c8:e0:51:41:57:de:8e:5a:1d:1f:db:01

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

c:\bs_hudson\workspace\332\exe\vs\release\multi\standard\atih_web_installer_standard.pdb

Imports

gdiplus

GdipSetStringFormatLineAlign
GdipFree
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreateFromHDC
GdipDeleteGraphics
GdipFillRectangleI
GdipNewPrivateFontCollection
GdipDeletePrivateFontCollection
GdipPrivateAddMemoryFont
GdipSetTextRenderingHint
GdipGetTextRenderingHint
GdipGetImageWidth
GdipGetImageHeight
GdipSetClipRectI
GdipResetClip
GdipDrawImageRectRectI
GdiplusStartup
GdiplusShutdown
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipDrawImagePointRectI
GdipGetGenericFontFamilySansSerif
GdipCreateFont
GdipDeleteFont
GdipDrawString
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipAlloc
GdipLoadImageFromStream
GdipCloneImage
GdipDisposeImage
GdipGetEmHeight
GdipGetCellDescent
GdipCloneStringFormat
GdipStringFormatGetGenericTypographic
GdipMeasureString
GdipGetFontSize
GdipGetFontStyle
GdipGetFamily

msi

ord111
ord173
ord8
ord141
ord78
ord153
ord151
ord28
ord74
ord80
ord32
ord159
ord160
ord166
ord158
ord178
ord180
ord241
ord103
ord114
ord137
ord150
ord219
ord120
ord20
ord92
ord26
ord205
ord181
ord88
ord169
ord70
ord17
ord121
ord125
ord118
ord115
ord123
ord171
ord48

advapi32

InitiateSystemShutdownA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetSidSubAuthorityCount
GetSidSubAuthority
GetSidIdentifierAuthority
FreeSid
AllocateAndInitializeSid
IsValidSid
GetTokenInformation
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RevertToSelf
OpenThreadToken
ImpersonateLoggedOnUser
SystemFunction036
RegQueryValueExW
EncryptFileW
DecryptFileW
GetSecurityDescriptorOwner
SetFileSecurityW
GetFileSecurityW
SetThreadToken
OpenEncryptedFileRawW
ReadEncryptedFileRaw
WriteEncryptedFileRaw
CloseEncryptedFileRaw
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
DuplicateTokenEx
RegOpenKeyExA
RegQueryValueExA
GetUserNameW
RegEnumValueW
RegQueryInfoKeyA
RegSetKeySecurity
SetSecurityInfo
ChangeServiceConfig2W
CloseServiceHandle
ControlService
EnumDependentServicesW
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
QueryServiceConfig2W
QueryServiceStatus
StartServiceW

kernel32

ExpandEnvironmentStringsW
GetFileSize
WriteFile
ReadFile
CloseHandle
CreateFileW
RemoveDirectoryW
InterlockedIncrement
InterlockedDecrement
FreeLibrary
GetProcAddress
lstrcmpiW
LoadLibraryExW
GetModuleFileNameW
MultiByteToWideChar
SetErrorMode
GetVersion
LocalFree
FormatMessageA
FormatMessageW
GetModuleHandleA
GetCurrentThread
SetThreadPriority
GetThreadPriority
TerminateThread
SetEvent
ResetEvent
WaitForMultipleObjects
CreateEventA
InitializeCriticalSection
GlobalMemoryStatus
GlobalMemoryStatusEx
GetCurrentProcessId
GetSystemInfo
CopyFileW
GetCommandLineW
SetCurrentDirectoryW
GetCurrentDirectoryW
SuspendThread
ResumeThread
DuplicateHandle
GetTempPathW
DeleteFileW
MoveFileExW
GetFileAttributesW
GetExitCodeProcess
GetWindowsDirectoryW
LoadLibraryW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetVersionExA
GetStdHandle
WriteConsoleW
GetSystemTime
CreateMutexW
SystemTimeToFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
GetThreadLocale
GetLogicalDrives
FindClose
GetDriveTypeA
GetProcessWorkingSetSize
SetProcessWorkingSetSize
LockFileEx
UnlockFileEx
FlushFileBuffers
DeviceIoControl
SetEndOfFile
SetFilePointer
SetFileTime
GetFileInformationByHandle
GetDriveTypeW
GetDiskFreeSpaceW
GetDiskFreeSpaceExW
CreateDirectoryW
SetFileAttributesW
GetCompressedFileSizeW
FindFirstFileW
FindNextFileW
MoveFileW
CreateHardLinkW
GetVolumeInformationW
FindFirstChangeNotificationW
GetVolumeNameForVolumeMountPointW
GetVolumePathNameW
CompareStringW
FindNextChangeNotification
FindCloseChangeNotification
ExitThread
LoadLibraryA
FindResourceExW
EnumResourceNamesW
EnumResourceLanguagesW
QueryDosDeviceA
GetSystemDefaultLangID
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetFileTime
BackupRead
BackupSeek
BackupWrite
GetFileAttributesExW
OpenProcess
TerminateProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetSystemDefaultUILanguage
GetTickCount
GetModuleFileNameA
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
CreateThread
OutputDebugStringA
CreateFileA
GetLocalTime
FileTimeToLocalFileTime
FindFirstFileA
FindNextFileA
GetTempFileNameW
GetShortPathNameW
GetUserDefaultLCID
GetEnvironmentVariableW
GetSystemDirectoryW
CreateMutexA
GetLocaleInfoA
GetUserDefaultUILanguage
ProcessIdToSessionId
DeleteFileA
AreFileApisANSI
GetTempPathA
GetDiskFreeSpaceA
CreateFileMappingW
CreateFileMappingA
HeapValidate
HeapCreate
GetFileAttributesA
WideCharToMultiByte
OutputDebugStringW
WaitForSingleObjectEx
RtlUnwind
FlushViewOfFile
UnlockFile
InterlockedCompareExchange
QueryPerformanceCounter
UnmapViewOfFile
MapViewOfFile
HeapCompact
GetFullPathNameA
GetFullPathNameW
TryEnterCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LocalAlloc
InterlockedExchange
LoadLibraryExA
GetFileType
PeekNamedPipe
GetConsoleMode
ReadConsoleW
ExitProcess
GetModuleHandleExW
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetConsoleCP
GetStringTypeW
SetStdHandle
FindFirstFileExW
LCMapStringW
IsValidLocale
EnumSystemLocalesW
SetEnvironmentVariableA
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
VirtualAlloc
VirtualFree
lstrlenA
LCMapStringA
ReleaseSemaphore
CreateSemaphoreA
DebugBreak
SleepEx
ExpandEnvironmentStringsA
GetModuleHandleW
FindResourceW
SizeofResource
LoadResource
LockResource
MulDiv
Sleep
GetVersionExW
GetStartupInfoW
CreateProcessW
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
DecodePointer
SetEnvironmentVariableW
SetFilePointerEx
IsProcessorFeaturePresent
IsDebuggerPresent
EncodePointer
SystemTimeToTzSpecificLocalTime
LockFile

user32

IsCharAlphaNumericW
CharUpperBuffW
GetMessageA
TranslateMessage
IsCharAlphaW
FillRect
EnableWindow
CallWindowProcW
GetWindowTextLengthW
GetWindowTextW
EndPaint
BeginPaint
SwitchToThisWindow
UpdateWindow
KillTimer
SetTimer
ReleaseCapture
GetActiveWindow
EndDialog
DialogBoxParamW
IsWindowVisible
SetWindowPos
ShowWindow
PostMessageW
SendMessageW
UnregisterClassW
DispatchMessageA
DefWindowProcA
RegisterClassExA
CreateWindowExA
PostMessageA
FindWindowA
GetShellWindow
GetWindowThreadProcessId
GetProcessWindowStation
GetUserObjectInformationA
InvalidateRect
SetWindowTextW
GetWindowRect
GetWindowLongW
SetWindowLongW
GetDesktopWindow
GetParent
SetCapture
SetCursor
wsprintfW
wvsprintfW
GetDC
ReleaseDC
DefWindowProcW
RegisterClassExW
CreateWindowExW
DestroyWindow
UpdateLayeredWindow
IsIconic
GetSystemMetrics
LoadCursorW
LoadImageW
CharNextW
IsWindowEnabled
MessageBoxW
GetClassInfoExW
MessageBoxA
LoadIconW

gdi32

TextOutW
GetObjectW
GetStockObject
GetTextExtentPoint32W
DPtoLP
GetDeviceCaps
CreateFontIndirectW
SetViewportOrgEx
SetTextColor
SetBkMode
SelectObject
DeleteObject
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
CreateSolidBrush

comctl32

InitCommonControlsEx

ws2_32

select
gethostname
shutdown
WSARecv
WSASend
getnameinfo
__WSAFDIsSet
freeaddrinfo
getaddrinfo
WSASetLastError
setsockopt
ntohs
getsockopt
WSAGetLastError
socket
sendto
recv
inet_addr
htons
ioctlsocket
closesocket
bind
WSACleanup
WSAStartup
getsockname
getpeername
connect
send

shell32

SHGetMalloc
SHGetSpecialFolderPathW
ord68
ShellExecuteExW
SHGetFolderPathW
ShellExecuteW
SHGetPathFromIDListW
SHGetDesktopFolder

comdlg32

GetOpenFileNameW
GetSaveFileNameW

mpr

WNetCancelConnection2W
WNetOpenEnumW
WNetEnumResourceW
WNetCloseEnum
WNetGetUniversalNameW
WNetAddConnection3W

ole32

CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
OleInitialize
OleUninitialize
CreateStreamOnHGlobal
CoInitialize
CoUninitialize
CoInitializeEx
CLSIDFromProgID
CoInitializeSecurity
CoSetProxyBlanket
CoTaskMemRealloc

oleaut32

VariantClear
VariantInit
SafeArrayUnaccessData
SafeArrayAccessData
SysAllocString
VarUI4FromStr
VariantChangeType
SysAllocStringLen
SysStringLen
SysStringByteLen
SysAllocStringByteLen
SafeArrayDestroy
SafeArrayGetUBound
VarBstrCat
SafeArrayGetElement
SafeArrayGetLBound
SysFreeString

rpcrt4

UuidCreate
UuidToStringA
UuidFromStringA
RpcBindingFree
RpcBindingFromStringBindingA
RpcRaiseException
NdrPointerMarshall
NdrPointerUnmarshall
NdrPointerBufferSize
NdrConvert
NdrClientInitializeNew
NdrServerInitializeNew
NdrGetBuffer
NdrSendReceive
NdrFreeBuffer
NdrFullPointerXlatInit
NdrFullPointerXlatFree
NdrConformantArrayMarshall
NdrConformantArrayUnmarshall
NdrConformantArrayBufferSize
RpcStringFreeA
RpcStringBindingComposeA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

shlwapi

PathAddBackslashW
PathAppendW

wintrust

WinVerifyTrust

crypt32

CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertCreateCertificateContext
CertGetCertificateContextProperty
CertAddCertificateContextToStore
CertDeleteCertificateFromStore
CertGetStoreProperty
CryptAcquireCertificatePrivateKey
CertNameToStrW
CertDuplicateStore
CertGetCertificateChain
CertFreeCertificateChain
PFXImportCertStore
PFXIsPFXBlob
PFXExportCertStoreEx
CryptQueryObject
CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CryptMsgGetParam
CertOpenStore
CertGetNameStringW
CryptDecodeObject
CryptMsgClose

Exports

Exports

GCAddLink
GCAddMember
GCAddObject
GCAddObjectDebug
GCAttach
GCCaptureHook
GCCleanup
GCConstructorHook
GCCreateEvent
GCDestructorHook
GCDetach
GCMemberRefAlloc
GCMemberRefFree
GCRefObjectAlloc
GCRefObjectAllocDebug
GCRefObjectFree
GCRefObjectFreeDebug
GCReleaseEvent
GCReleaseHook
GCReleaseLink
GCReleaseMember
GCReleaseObject
GCResetLink
GCResetMember
GCResolveMember
GCReuseObject
GCShowBlocks
GCTrace

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 933KB - Virtual size: 933KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 149KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 543KB - Virtual size: 542KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 212KB - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.zero
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ba2a7922b2032a62aecac475e2976494

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

04:00:00:00:00:01:25:07:1d:f9:afCertificate

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0fCertificate

Extended Key Usages

Key Usages

2e:64:ef:4d:75:be:a7:6b:99:f1:1f:c3Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:25:07:1d:f9:afCertificate

Key Usages

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0fCertificate

Extended Key Usages

Key Usages

2e:64:ef:4d:75:be:a7:6b:99:f1:1f:c3Certificate

Extended Key Usages

Key Usages

11:21:b4:55:35:1e:bb:1a:b2:4f:97:ef:07:fe:2a:b3:0b:8aCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

d7:9d:89:b6:61:ed:e5:53:f5:08:25:56:16:87:1f:e5:24:e4:30:b4:49:df:bb:68:bb:02:1d:fe:3c:e2:ce:10Signer

c3:db:00:27:32:7b:c9:f8:c8:e0:51:41:57:de:8e:5a:1d:1f:db:01Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

gdiplus

msi

advapi32

kernel32

user32

gdi32

comctl32

ws2_32

shell32

comdlg32

mpr

ole32

oleaut32

rpcrt4

version

shlwapi

wintrust

crypt32

Exports

Exports

Sections

.text Size: 3.1MB - Virtual size: 3.1MB

.rdata Size: 933KB - Virtual size: 933KB

.data Size: 149KB - Virtual size: 292KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 543KB - Virtual size: 542KB

.reloc Size: 212KB - Virtual size: 211KB

.zero Size: 4KB - Virtual size: 3KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

2e:64:ef:4d:75:be:a7:6b:99:f1:1f:c3
Certificate

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

2e:64:ef:4d:75:be:a7:6b:99:f1:1f:c3
Certificate

11:21:b4:55:35:1e:bb:1a:b2:4f:97:ef:07:fe:2a:b3:0b:8a
Certificate

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

d7:9d:89:b6:61:ed:e5:53:f5:08:25:56:16:87:1f:e5:24:e4:30:b4:49:df:bb:68:bb:02:1d:fe:3c:e2:ce:10
Signer

c3:db:00:27:32:7b:c9:f8:c8:e0:51:41:57:de:8e:5a:1d:1f:db:01
Signer

.text
Size: 3.1MB - Virtual size: 3.1MB

.rdata
Size: 933KB - Virtual size: 933KB

.data
Size: 149KB - Virtual size: 292KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 543KB - Virtual size: 542KB

.reloc
Size: 212KB - Virtual size: 211KB

.zero
Size: 4KB - Virtual size: 3KB