IOC[.]zip | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

IOC.zip
Size

1.4MB
MD5

f1b00142524ba8a4ddc691388a5020fb
SHA1

eaabba82a1c6689eb07ff4629daed8bc153fe42d
SHA256

4b33219c5cadb4d741044874f6f0184d45f43891d28ad5b489716d4da21310fd
SHA512

97ef7b89461a18a09adb5de37605e385c7bb5a2143f6df5b413747f78517fe032632adac51ddbe35b6904a7a306eabc1bfe67474a2cdf16e633c73b0bd0e9570
SSDEEP

24576:+Rjjcd4pTEcRst4DRCFT2+Ob902gk6OesN9yWHnBgqKErnV5y/u/0t2O:+1TTEcRsGRmT2NgnKN9fHiErnV5y/M0b

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

unpack001/SensApi.dll

resource
unpack001/SensApi.dll

Files

IOC.zip
.zip
SensApi.dll
.dll windows:5 windows x86 arch:x86

b399e51a947e793f861568c6ba605bfd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\trunk\trunk_1\CSP\out\win32\release\cprevchk.pdb

Imports

msi

ord8
ord70
ord141
ord96

advapi32

RegOpenKeyExW
SetThreadToken
RevertToSelf
OpenThreadToken
CryptVerifySignatureW
CryptGetHashParam
CryptContextAddRef
CryptReleaseContext
RegQueryValueExW
CryptAcquireContextA
CryptCreateHash
RegEnumValueW
CryptDestroyKey
CryptDestroyHash
RegCloseKey
CryptHashData
CryptAcquireContextW
RegQueryInfoKeyW
CryptGetProvParam
CryptGenRandom
CryptEnumProviderTypesA
CryptEnumProvidersA
CryptVerifySignatureA

crypt32

CertFindCRLInStore
CertFreeCRLContext
CertFindCertificateInStore
CertFreeCertificateContext
CertOpenStore
CertAddCertificateContextToStore
CertCreateCRLContext
CertFindCertificateInCRL
CryptFindOIDInfo
CertCompareCertificateName
CertGetIssuerCertificateFromStore
CryptVerifyCertificateSignatureEx
CertFreeCertificateChain
CertFindExtension
CertGetIntendedKeyUsage
CryptUnregisterDefaultOIDFunction
CertCloseStore
CertGetCertificateChain
CertGetCertificateContextProperty
CryptGetDefaultOIDDllList
CertDuplicateStore
CryptInitOIDFunctionSet
CryptEncodeObjectEx
CertDuplicateCertificateContext
CertVerifyTimeValidity
CertAddStoreToCollection
CryptRegisterDefaultOIDFunction
CertEnumCertificatesInStore
CertVerifyCertificateChainPolicy
CertCreateCertificateContext
CertEnumCertificateContextProperties
CertSetCertificateContextProperty
CertVerifyRevocation
CertOIDToAlgId
CryptEncodeObject
CryptImportPublicKeyInfo
CryptDecodeObject
CryptVerifyCertificateSignature
CertAddEncodedCertificateToStore
CertAddEncodedCRLToStore
CryptEnumOIDInfo
CertAlgIdToOID
CryptImportPublicKeyInfoEx

msvcrt

_isatty
_write
_lseeki64
_fileno
_read
__pioinfo
__badioinfo
wcstombs
iswctype
ferror
wctomb
_itoa
_snprintf
_iob
isleadbyte
__mb_cur_max
mbtowc
isdigit
_amsg_exit
_initterm
_XcptFilter
__uncaught_exception
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
??1type_info@@UAE@XZ
memmove
memcpy
memset
_resetstkoflw
ungetwc
fputwc
fgetwc
__CxxFrameHandler
wcsstr
calloc
strchr
strtoul
tolower
strcspn
localeconv
memchr
_strtoi64
_strtoui64
isxdigit
fclose
fseek
toupper
fwrite
??0bad_cast@@QAE@ABV0@@Z
??1bad_cast@@UAE@XZ
setvbuf
fsetpos
fgetc
fflush
fgetpos
ungetc
isspace
fputc
_CxxThrowException
setlocale
__crtLCMapStringA
__pctype_func
isupper
___lc_codepage_func
___lc_handle_func
islower
___mb_cur_max_func
__crtLCMapStringW
__crtGetStringTypeW
__iob_func
abort
isalnum
sprintf
gmtime
sscanf
mktime
localtime
wcschr
_snwprintf
time
getenv
strncpy
_mbscmp
_time64
_localtime64
realloc
wcscspn
wcsspn
iswalnum
strrchr
wcsftime
_mbsstr
_msize
malloc
free
_wtoi
??8type_info@@QBEHABV0@@Z
_gmtime64
_vscwprintf
_mktime64
_wcsicmp
_purecall
strncmp
??_U@YAPAXI@Z
??_V@YAXPAX@Z
??0exception@@QAE@XZ
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABV0@@Z
??2@YAPAXI@Z
??3@YAXPAX@Z
_errno
strtol

winhttp

WinHttpOpenRequest
WinHttpGetProxyForUrl
WinHttpCrackUrl
WinHttpReadData
WinHttpQueryAuthSchemes
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSetOption
WinHttpGetIEProxyConfigForCurrentUser
WinHttpSendRequest
WinHttpConnect
WinHttpOpen
WinHttpSetCredentials
WinHttpCloseHandle

kernel32

HeapSize
HeapReAlloc
HeapDestroy
GetVersionExA
GetSystemTime
FormatMessageA
FormatMessageW
OpenFileMappingA
CreateFileMappingA
MapViewOfFile
GetSystemInfo
UnmapViewOfFile
GetModuleFileNameA
lstrcmpW
WriteFile
GetLocalTime
SetFilePointer
OpenEventA
SetEvent
GetPrivateProfileStringW
GetCurrentThread
LockResource
GetModuleHandleA
FindNextFileW
DeleteCriticalSection
GetCurrentThreadId
CloseHandle
FileTimeToLocalFileTime
lstrlenA
SystemTimeToFileTime
GetModuleHandleW
GetSystemTimeAsFileTime
lstrlenW
OutputDebugStringW
LoadLibraryA
FindClose
EnterCriticalSection
GetProcAddress
VerifyVersionInfoW
MultiByteToWideChar
CreateFileW
ReadFile
FileTimeToSystemTime
LeaveCriticalSection
SizeofResource
WideCharToMultiByte
TlsSetValue
InitializeCriticalSection
VerSetConditionMask
LoadResource
FreeLibrary
FindResourceW
InterlockedDecrement
InterlockedIncrement
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
RtlUnwind
VirtualAlloc
HeapFree
RaiseException
GetCurrentProcess
GlobalFree
GetVersion
OutputDebugStringA
GetModuleFileNameW
GetFileAttributesW
FindResourceExW
TlsGetValue
FindFirstFileW
GetFileSize
GetEnvironmentVariableW
GetLastError
LocalFree
LocalAlloc
SetLastError
TlsFree
TlsAlloc
GetProcessHeap
HeapAlloc

user32

UnregisterClassA

ole32

CoUninitialize
CoCreateInstance
CoInitializeEx

oleaut32

VariantTimeToSystemTime
SystemTimeToVariantTime
SysFreeString
VarBstrFromDate
VariantClear

shlwapi

PathAppendW
PathFindFileNameW

shell32

SHGetFolderPathW
ord165

Exports

Exports

IsNetworkAlive
IsNetworkAlive
IsNetworkAlive
IsNetworkAlive
DllInstall
IsNetworkAlive
IsNetworkAlive
IsNetworkAlive
IsNetworkAlive
IsNetworkAlive

Sections

.text
Size: 923KB - Virtual size: 924KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 133KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 875KB - Virtual size: 874KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
视频和图片资料被盗版 - Music Plus.exe
.exe windows:5 windows x86 arch:x86

15fbeb456666924b3e63e4c5eed298f3

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04-03-2014 00:00

Not After

03-03-2024 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:fb:71:33:19:02:7f:3f:1f:1c:06:67:b3:c3:8c:a9
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

14-05-2015 00:00

Not After

07-05-2017 23:59

Subject

SERIALNUMBER=2748129,CN=Adobe Systems\, Incorporated,OU=Acrobat DC,O=Adobe Systems\, Incorporated,L=San Jose,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c1:4c:1a:57:5e:07:69:db:c2:32:aa:e9:d6:63:a8:52:2a:69:ef:9e
Signer

Actual PE Digest

c1:4c:1a:57:5e:07:69:db:c2:32:aa:e9:d6:63:a8:52:2a:69:ef:9e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\CB\ARM_Trunk\BuildResults\bin\Win32\Release\AdobeARM.pdb

Imports

msi

ord16
ord118
ord171
ord141
ord115
ord119
ord88
ord240
ord281
ord205
ord114
ord160
ord159
ord32
ord92
ord8
ord116
ord70
ord181
ord195

psapi

GetModuleFileNameExW
GetModuleBaseNameW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wininet

DeleteUrlCacheEntryW

sensapi

IsNetworkAlive

secur32

LsaFreeReturnBuffer
LsaGetLogonSessionData

kernel32

ResumeThread
SuspendThread
GlobalAddAtomW
GetModuleHandleA
GetVersionExA
LoadLibraryA
CompareStringW
GlobalFindAtomW
FreeResource
InterlockedDecrement
FindNextFileW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileAttributesExW
GetFileSizeEx
GetFileTime
InterlockedIncrement
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
SetThreadPriority
LocalReAlloc
DeleteCriticalSection
TlsFree
SetErrorMode
GlobalFlags
GetStartupInfoW
GetSystemTimeAsFileTime
ExitThread
CreateThread
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
RaiseException
HeapReAlloc
ExitProcess
SetStdHandle
GetFileType
HeapSize
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapCreate
QueryPerformanceCounter
GetCurrentDirectoryA
GetDriveTypeA
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringW
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GlobalDeleteAtom
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesW
GetLocaleInfoW
CompareStringA
InterlockedExchange
GetModuleFileNameW
GetFullPathNameW
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
MulDiv
GetCurrentProcessId
ProcessIdToSessionId
GlobalMemoryStatusEx
GetEnvironmentVariableW
GetCurrentThread
UnmapViewOfFile
OpenFileMappingW
MapViewOfFile
GetVolumeInformationW
HeapFree
GetProcessHeap
HeapAlloc
OpenEventW
Module32NextW
Module32FirstW
Process32NextW
GetLongPathNameW
Process32FirstW
CreateToolhelp32Snapshot
GetCurrentProcess
lstrcmpA
lstrcmpW
LocalAlloc
GetExitCodeProcess
CreateProcessW
SetLastError
OpenMutexW
CreateMutexW
GetThreadPriority
RemoveDirectoryW
GetVersionExW
lstrlenA
WideCharToMultiByte
SetCurrentDirectoryW
GetCurrentDirectoryW
FreeLibrary
GetPrivateProfileSectionNamesW
GetPrivateProfileStringW
WritePrivateProfileStringW
MoveFileExW
MoveFileW
WaitNamedPipeW
CreateNamedPipeW
ConnectNamedPipe
SetNamedPipeHandleState
DisconnectNamedPipe
LocalFree
FormatMessageW
GetThreadLocale
GetModuleHandleW
VirtualAlloc
VirtualFree
GetTempPathW
OpenProcess
CopyFileW
GetProcAddress
GetACP
LoadLibraryW
lstrlenW
GetTickCount
WaitForSingleObject
CreateEventW
Sleep
SetEvent
MultiByteToWideChar
CloseHandle
CreateFileW
ReadFile
SetFilePointer
GetFileSize
CreateFileA
FindClose
FindFirstFileW
DeleteFileW
SetFileAttributesW
WriteFile
GetLastError
CreateDirectoryW
GetFileAttributesW
FindResourceW
LoadResource
LockResource
SizeofResource
TlsSetValue

user32

GetDesktopWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
SendDlgItemMessageA
WinHelpW
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
TrackPopupMenu
SetMenu
ShowScrollBar
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
DefWindowProcW
CallWindowProcW
PtInRect
GetMenu
SystemParametersInfoA
GetWindowPlacement
CopyRect
GetSysColor
EndPaint
BeginPaint
ReleaseDC
GetDC
ScreenToClient
DrawTextExW
DrawTextW
TabbedTextOutW
GetWindowTextLengthW
SetFocus
ShowWindow
SetWindowLongW
GetDlgCtrlID
IsDialogMessageW
SetDlgItemTextW
DestroyMenu
GetDlgItem
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetKeyState
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
EnableMenuItem
CheckMenuItem
PostQuitMessage
CharUpperW
GetMenuState
GetMenuStringW
GetWindow
FindWindowW
ExitWindowsEx
RegisterWindowMessageW
EnumWindows
GetWindowTextW
IsWindowVisible
GetWindowThreadProcessId
FindWindowExW
SystemParametersInfoW
SetActiveWindow
DrawAnimatedRects
SetForegroundWindow
SetMenuDefaultItem
ModifyMenuW
GetMenuItemID
GetMenuItemCount
GetSubMenu
ClientToScreen
GetCursorPos
LoadMenuW
SetCursor
DrawFocusRect
InflateRect
SetRectEmpty
GetParent
SetWindowTextW
LoadCursorW
GetActiveWindow
KillTimer
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
PeekMessageW
UpdateWindow
GetFocus
IsWindow
UnregisterClassW
SetTimer
GetWindowRect
SendMessageW
LoadIconW
EnableWindow
PostMessageW
SetWindowPos
GetForegroundWindow
MessageBoxW
SendDlgItemMessageW
GetSysColorBrush
ValidateRect
GrayStringW

gdi32

GetStockObject
ScaleViewportExtEx
DeleteDC
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
GetClipBox
SetMapMode
SetTextColor
SetBkMode
SetBkColor
RestoreDC
SaveDC
CreateBitmap
ScaleWindowExtEx
SetWindowExtEx
GetDeviceCaps
GetTextExtentPoint32W
CreateFontIndirectW
GetObjectW
DeleteObject
PtVisible

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

LookupAccountNameW
RegCloseKey
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyW
RegFlushKey
ControlService
QueryServiceStatusEx
CloseServiceHandle
OpenServiceW
OpenSCManagerW
CreateWellKnownSid
RegCreateKeyW
OpenThreadToken
DuplicateToken
CheckTokenMembership
IsValidSid
GetLengthSid
ConvertSidToStringSidW
RegCreateKeyExW
CopySid
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
RegEnumKeyExW
RegSetValueExW
RegDeleteValueW
RegEnumValueW
RegQueryInfoKeyW
CreateProcessAsUserW
OpenProcessToken
DuplicateTokenEx
GetTokenInformation
AdjustTokenPrivileges
LookupPrivilegeValueW
LookupAccountSidW
GetUserNameW
RegQueryValueExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegOpenKeyExW

shell32

ShellExecuteW
SHGetFolderPathW
SHCreateDirectoryExW
SHFileOperationW
SHAppBarMessage
Shell_NotifyIconW

comctl32

InitCommonControlsEx
_TrackMouseEvent

shlwapi

PathStripToRootW
PathFindExtensionW
PathFindFileNameW
PathIsUNCW
SHDeleteKeyW

ole32

CoUninitialize
CoTaskMemFree
CoInitializeEx
CoInitializeSecurity
CoCreateInstance

oleaut32

VariantClear
VariantInit
VariantChangeType

urlmon

URLDownloadToFileW

crypt32

CryptDecodeObject
CryptMsgClose
CertCloseStore
CertFreeCertificateContext
CryptProtectData
CertFindCertificateInStore
CryptMsgGetParam
CryptQueryObject
CryptUnprotectData
CertGetNameStringW

wintrust

WinVerifyTrust

userenv

DestroyEnvironmentBlock
UnloadUserProfile
CreateEnvironmentBlock

Sections

.text
Size: 393KB - Virtual size: 392KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 229KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 355KB - Virtual size: 355KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b399e51a947e793f861568c6ba605bfd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msi

advapi32

crypt32

msvcrt

winhttp

kernel32

user32

ole32

oleaut32

shlwapi

shell32

Exports

Exports

Sections

.text Size: 923KB - Virtual size: 924KB

.rdata Size: 133KB - Virtual size: 136KB

.data Size: 7KB - Virtual size: 16KB

.rsrc Size: 875KB - Virtual size: 874KB

15fbeb456666924b3e63e4c5eed298f3

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49Certificate

Extended Key Usages

Key Usages

10:fb:71:33:19:02:7f:3f:1f:1c:06:67:b3:c3:8c:a9Certificate

Extended Key Usages

Key Usages

c1:4c:1a:57:5e:07:69:db:c2:32:aa:e9:d6:63:a8:52:2a:69:ef:9eSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msi

psapi

version

wininet

sensapi

secur32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

urlmon

crypt32

wintrust

userenv

Sections

.text Size: 393KB - Virtual size: 392KB

.rdata Size: 229KB - Virtual size: 228KB

.data Size: 10KB - Virtual size: 27KB

.rsrc Size: 355KB - Virtual size: 355KB

.reloc Size: 47KB - Virtual size: 47KB

.text
Size: 923KB - Virtual size: 924KB

.rdata
Size: 133KB - Virtual size: 136KB

.data
Size: 7KB - Virtual size: 16KB

.rsrc
Size: 875KB - Virtual size: 874KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

10:fb:71:33:19:02:7f:3f:1f:1c:06:67:b3:c3:8c:a9
Certificate

c1:4c:1a:57:5e:07:69:db:c2:32:aa:e9:d6:63:a8:52:2a:69:ef:9e
Signer

.text
Size: 393KB - Virtual size: 392KB

.rdata
Size: 229KB - Virtual size: 228KB

.data
Size: 10KB - Virtual size: 27KB

.rsrc
Size: 355KB - Virtual size: 355KB

.reloc
Size: 47KB - Virtual size: 47KB