381dbadb1613e5fa3e013f69abc6c01b3ee6510a5944b02e3c69c4e0f59a3e94

Sharing

Copy URL

Twitter E-mail

General

Target

381dbadb1613e5fa3e013f69abc6c01b3ee6510a5944b02e3c69c4e0f59a3e94
Size

9.2MB
MD5

414bb575d2734b3cb8939ec6b00bb69d
SHA1

2b5b86126a9cd3ab3ff3d221b61c255c84cdd103
SHA256

381dbadb1613e5fa3e013f69abc6c01b3ee6510a5944b02e3c69c4e0f59a3e94
SHA512

8cf0f3eaf3745cd81c41e3a4395abf30d87cc243d59aef89a18c2e0eebb14a9610131af285c6e9bf92af74fa1d3bc5abc6ba851ad77168c6a805b7c00795c147
SSDEEP

98304:1H3fWjXBdrmqVhxQq05IutOiQwlfatFQzCiClyCNOjuKHONfP6NvUxZXZKvwaQYS:kXEicQb8O98YNZ6wa5Dt2

Score

1^/10

Malware Config

Signatures

Files

381dbadb1613e5fa3e013f69abc6c01b3ee6510a5944b02e3c69c4e0f59a3e94
.exe windows:5 windows x86 arch:x86

9d9db7a1c8a5c88d7d3795d9fb0f8ffe

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4a:9b:19:3d:fd:36:39:3e:94:0a:f7:54:51:21:52:9a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

07-09-2017 00:00

Not After

27-09-2019 23:59

Subject

CN=Beijing Sogou Technology Development Co.\, Ltd.,OU=Desktop Business Division,O=Beijing Sogou Technology Development Co.\, Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7d:c7:02:07:5f:cc:db:9e:63:38:5f:f5:13:14:c4:ce
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

30-09-2015 00:00

Not After

28-09-2018 23:59

Subject

CN=Sogou.com,OU=Desktop,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

49:7b:27:dd:53:45:44:83:90:50:fe:e3:5c:13:4a:23:52:fd:9f:f3:97:23:f2:da:75:36:10:51:42:e7:89:02
Signer

Actual PE Digest

49:7b:27:dd:53:45:44:83:90:50:fe:e3:5c:13:4a:23:52:fd:9f:f3:97:23:f2:da:75:36:10:51:42:e7:89:02

Digest Algorithm

sha256

PE Digest Matches

false

d0:99:5e:b3:1c:fb:17:c2:0d:2a:bb:5b:96:54:2d:e1:1f:91:c2:94
Signer

Actual PE Digest

d0:99:5e:b3:1c:fb:17:c2:0d:2a:bb:5b:96:54:2d:e1:1f:91:c2:94

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\project\sogouime\branch\PinyinDev_R_8_1_NK_C3.0\Bin\SogouPdb\SogouInput\SGTool.pdb

Imports

imm32

ImmDisableIME
ImmGetIMEFileNameW
ImmDestroyContext
ImmAssociateContext
ImmGetHotKey
ImmInstallIMEW
ImmSetHotKey

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

comctl32

InitCommonControlsEx
ImageList_Create
ImageList_ReplaceIcon

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

wininet

InternetCloseHandle
InternetOpenUrlW
InternetSetOptionW
InternetOpenW
InternetQueryOptionW
InternetErrorDlg
HttpAddRequestHeadersW
InternetReadFile
InternetQueryDataAvailable
HttpQueryInfoW
HttpSendRequestW
HttpOpenRequestW
InternetConnectW
InternetGetConnectedState
InternetWriteFile
InternetConnectA
HttpSendRequestExW
HttpEndRequestW
HttpOpenRequestA
InternetCrackUrlA
InternetCanonicalizeUrlW
InternetSetCookieW

iphlpapi

GetAdaptersInfo

kernel32

GetExitCodeProcess
GlobalAddAtomW
LoadLibraryA
GetSystemDirectoryA
GetLocaleInfoW
lstrcmpW
MoveFileExW
WriteProfileStringW
GetACP
SetWaitableTimer
EnumSystemLocalesW
WaitForSingleObjectEx
RaiseException
InitializeCriticalSection
DeleteCriticalSection
lstrlenW
EnterCriticalSection
LeaveCriticalSection
GetLastError
InterlockedIncrement
InterlockedDecrement
GetProcAddress
GetModuleHandleW
lstrcmpiW
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleFileNameW
LocalFree
GetTempPathW
CloseHandle
Module32NextW
Module32FirstW
CreateToolhelp32Snapshot
GetCurrentProcess
Process32NextW
SuspendThread
GetThreadContext
SetThreadContext
SetEnvironmentVariableA
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
GetStringTypeA
LCMapStringA
GetCurrentDirectoryA
GetFullPathNameA
GetStartupInfoA
SetHandleCount
GetConsoleMode
GetConsoleCP
IsValidCodePage
GetOEMCP
HeapCreate
GetFileInformationByHandle
GetDateFormatA
GetTimeFormatA
GetFullPathNameW
GetCPInfo
GetDriveTypeW
FindFirstFileA
GetDriveTypeA
ExitProcess
UnhandledExceptionFilter
RtlUnwind
HeapSize
HeapDestroy
IsProcessorFeaturePresent
SwitchToThread
GetModuleHandleA
WriteFileEx
ReadFileEx
DisconnectNamedPipe
GetOverlappedResult
WaitForMultipleObjectsEx
CreateNamedPipeW
ConnectNamedPipe
GetWindowsDirectoryW
OpenFileMappingA
CreateFileMappingA
GlobalReAlloc
GetWindowsDirectoryA
CompareStringW
MoveFileW
GetEnvironmentVariableW
ExpandEnvironmentStringsW
ExpandEnvironmentStringsA
PeekNamedPipe
SleepEx
SetNamedPipeHandleState
CreateIoCompletionPort
TransactNamedPipe
GetQueuedCompletionStatus
GlobalHandle
LCMapStringW
IsDebuggerPresent
lstrcatW
VirtualQuery
TlsFree
TlsAlloc
FlushFileBuffers
GetFileAttributesExW
QueryDosDeviceW
GetLogicalDriveStringsW
GetProcessId
CreateProcessW
DuplicateHandle
FormatMessageW
InitializeCriticalSectionAndSpinCount
TlsSetValue
TlsGetValue
WaitNamedPipeW
GetFileAttributesW
CopyFileA
lstrcatA
lstrcpyA
DeviceIoControl
LocalAlloc
RemoveDirectoryW
CreateDirectoryW
SetFileTime
GetFileTime
VirtualFree
VirtualProtect
VirtualAlloc
GetModuleFileNameA
CreateFileMappingW
IsBadReadPtr
ExitThread
GetSystemTimeAsFileTime
Process32FirstW
GetCurrentProcessId
TerminateProcess
OpenProcess
GetSystemDirectoryW
GlobalFree
GlobalAlloc
GetCommandLineW
GetCurrentThreadId
GetFileSize
CreateFileW
QueryPerformanceCounter
QueryPerformanceFrequency
LoadLibraryW
ResetEvent
SetEvent
WaitForSingleObject
CreateEventW
OpenEventW
GetExitCodeThread
GlobalLock
GlobalUnlock
FindResourceExW
SetEndOfFile
MulDiv
WaitForMultipleObjects
GetSystemInfo
SetFilePointer
GlobalMemoryStatusEx
GetTimeZoneInformation
SetUnhandledExceptionFilter
lstrcpyW
lstrcpynW
lstrcpynA
ResumeThread
HeapAlloc
HeapReAlloc
GetProcessHeap
HeapFree
SetFileAttributesW
CopyFileW
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateMutexW
InterlockedExchange
InterlockedCompareExchange
GetTempFileNameW
DeleteFileW
FindFirstFileW
FindNextFileW
FindClose
CreateThread
TerminateThread
GetTickCount
OpenMutexW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
ReleaseMutex
LockResource
GetCurrentThread
GetVersionExW
GetStartupInfoW
WideCharToMultiByte
GetStdHandle
SetFilePointerEx
ReadFile
WriteFile
GetFileType
GetFileSizeEx
CreateFileA
GetLocalTime
SystemTimeToFileTime
FormatMessageA
SetLastError
FlushInstructionCache
lstrlenA
OutputDebugStringW
DebugBreak
Sleep

user32

LoadIconW
RemoveMenu
GetSystemMenu
UpdateLayeredWindow
EndDialog
GetDlgItem
DialogBoxParamW
GetKeyboardLayoutList
UnloadKeyboardLayout
DestroyWindow
DrawTextW
PostQuitMessage
GetWindowTextLengthW
SetWindowLongW
VkKeyScanW
KillTimer
DispatchMessageW
IsWindow
GetWindowDC
GetMessageW
CreateWindowExW
ShowWindow
EndPaint
BeginPaint
UnregisterClassA
GetScrollInfo
SetScrollInfo
CheckDlgButton
AdjustWindowRectEx
LoadKeyboardLayoutW
GetMenuItemID
MenuItemFromPoint
GetMenuItemRect
GetCursor
mouse_event
MsgWaitForMultipleObjectsEx
IsCharAlphaNumericW
GetLastInputInfo
WindowFromPoint
wsprintfA
DefWindowProcW
RegisterClassExW
LoadCursorW
SetTimer
SetFocus
SendMessageW
EnumWindows
TrackMouseEvent
CharNextW
MessageBoxW
ActivateKeyboardLayout
TranslateMessage
UnregisterHotKey
RegisterHotKey
SendInput
GetUserObjectInformationW
GetThreadDesktop
ExitWindowsEx
CloseWindow
OpenClipboard
EmptyClipboard
SetWindowTextW
BringWindowToTop
keybd_event
InvalidateRect
CloseClipboard
RegisterClipboardFormatW
SetClipboardData
SetCursorPos
SetPropW
UnhookWindowsHookEx
UnregisterClassW
GetAsyncKeyState
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
ClipCursor
DestroyCursor
SystemParametersInfoW
LoadMenuW
LoadAcceleratorsW
wsprintfW
CharLowerW
MessageBeep
TrackPopupMenuEx
GetMenuItemCount
LoadStringA
SetMenuDefaultItem
GetMenuItemInfoW
CallWindowProcW
DrawIcon
TranslateAcceleratorW
LoadBitmapW
GetClassInfoExW
LoadStringW
GetPropW
NotifyWinEvent
SendMessageTimeoutW
EnumThreadWindows
GetWindowTextW
IsWindowEnabled
CreatePopupMenu
AppendMenuW
SetMenuItemInfoW
DestroyMenu
InflateRect
FillRect
EnumChildWindows
RedrawWindow
SetCursor
AttachThreadInput
GetKeyState
PostThreadMessageW
GetClassLongW
SetClassLongW
MonitorFromRect
IntersectRect
SubtractRect
ScreenToClient
PtInRect
SetLayeredWindowAttributes
GetDesktopWindow
GetWindowThreadProcessId
SetWindowRgn
GetClassNameW
OffsetRect
RegisterWindowMessageW
ClientToScreen
SetRect
GetDC
ReleaseDC
GetForegroundWindow
SetForegroundWindow
CopyRect
SetRectEmpty
ReleaseCapture
SetCapture
GetCursorPos
MoveWindow
IsRectEmpty
MonitorFromPoint
DestroyIcon
CreateDialogParamW
IsDialogMessageW
PeekMessageW
GetSystemMetrics
LoadImageW
FindWindowExW
wvsprintfW
GetParent
GetWindow
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
IsWindowVisible
GetWindowRect
GetWindowLongW
GetClientRect
GetFocus
PostMessageW
EnableWindow
FindWindowW
IsIconic
SetWindowPos
IsDlgButtonChecked

gdi32

CreateFontIndirectW
GetTextExtentPointW
SetTextCharacterExtra
CreateDIBSection
GetFontData
StretchDIBits
EnumFontFamiliesExW
SetViewportOrgEx
OffsetRgn
CombineRgn
RestoreDC
SaveDC
CreateRectRgn
SelectClipRgn
GetClipRgn
GetCharABCWidthsFloatW
ExtCreateRegion
PtInRegion
CreatePolygonRgn
GetObjectW
DeleteObject
Rectangle
CreatePen
SelectObject
CreateSolidBrush
GetStockObject
SetBkMode
SetTextColor
CreateCompatibleDC
DeleteDC
GetDeviceCaps
RemoveFontResourceW
AddFontResourceW
SetStretchBltMode
StretchBlt
SetPixel
CreateDCW
GetPixel
GetFontUnicodeRanges
GetTextMetricsW
DPtoLP
SetMapMode
GetTextExtentExPointW
GetTextExtentPoint32W
MoveToEx
LineTo
CreateCompatibleBitmap
BitBlt

comdlg32

GetOpenFileNameW
GetSaveFileNameW
ChooseColorW

advapi32

RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegSaveKeyW
RegRestoreKeyW
SetSecurityDescriptorSacl
GetLengthSid
InitializeAcl
AddAccessAllowedAceEx
BuildExplicitAccessWithNameW
GetSecurityDescriptorSacl
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetNamedSecurityInfoW
SetNamedSecurityInfoW
CryptGetKeyParam
CryptDecrypt
CryptReleaseContext
CryptDestroyKey
CryptEncrypt
CryptSetKeyParam
CryptImportKey
CryptAcquireContextW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclW
OpenProcessToken
RegQueryValueExW
RegFlushKey
ConvertSidToStringSidW
LookupAccountNameW
RegEnumKeyW
RegEnumValueW
RegUnLoadKeyW
RegOpenKeyW
RegLoadKeyW
RegCreateKeyW
DuplicateTokenEx
CreateProcessAsUserW
LookupAccountSidW
GetTokenInformation
FreeSid
EqualSid
AllocateAndInitializeSid

shell32

SHGetFolderPathW
SHGetSpecialFolderPathW
Shell_NotifyIconW
SHFileOperationW
ShellExecuteExW
ShellExecuteW
ExtractIconW
SHChangeNotify
CommandLineToArgvW

ole32

OleSetContainedObject
CreateStreamOnHGlobal
CoInitializeEx
CoInitializeSecurity
OleUninitialize
OleInitialize
CoInitialize
CoUninitialize
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
OleCreate

oleaut32

SysStringLen
VarUI4FromStr
SysAllocString
VariantInit
VariantCopy
SysStringByteLen
SysAllocStringByteLen
VariantChangeType
VariantClear
SysFreeString

psapi

GetProcessMemoryInfo
GetModuleFileNameExW
GetModuleInformation

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

ws2_32

accept
listen
__WSAFDIsSet
select
send
getsockname
bind
shutdown
closesocket
getsockopt
getpeername
setsockopt
connect
socket
sendto
recvfrom
WSAStartup
gethostbyname
gethostname
inet_ntoa
inet_addr
WSAGetLastError
htonl
getservbyname
htons
gethostbyaddr
getservbyport
ntohs
WSASetLastError
WSACleanup
ioctlsocket
recv

wldap32

ord41
ord211
ord143
ord60
ord50
ord26
ord30
ord32
ord35
ord79
ord200
ord33
ord301
ord27
ord22
ord46

shlwapi

StrStrIW
wnsprintfA
SHDeleteKeyW
StrCSpnW
StrToIntW
PathFileExistsW
StrCmpIW

msimg32

TransparentBlt
GradientFill
AlphaBlend

oleacc

LresultFromObject
AccessibleObjectFromWindow

Sections

.text
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 400KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 410KB - Virtual size: 410KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9d9db7a1c8a5c88d7d3795d9fb0f8ffe

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

4a:9b:19:3d:fd:36:39:3e:94:0a:f7:54:51:21:52:9aCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

7d:c7:02:07:5f:cc:db:9e:63:38:5f:f5:13:14:c4:ceCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

49:7b:27:dd:53:45:44:83:90:50:fe:e3:5c:13:4a:23:52:fd:9f:f3:97:23:f2:da:75:36:10:51:42:e7:89:02Signer

d0:99:5e:b3:1c:fb:17:c2:0d:2a:bb:5b:96:54:2d:e1:1f:91:c2:94Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

imm32

wtsapi32

comctl32

userenv

wininet

iphlpapi

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

psapi

version

ws2_32

wldap32

shlwapi

msimg32

oleacc

Sections

.text Size: 5.6MB - Virtual size: 5.6MB

.rdata Size: 1.4MB - Virtual size: 1.4MB

.data Size: 400KB - Virtual size: 1.4MB

.rsrc Size: 1.4MB - Virtual size: 1.4MB

.reloc Size: 410KB - Virtual size: 410KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

4a:9b:19:3d:fd:36:39:3e:94:0a:f7:54:51:21:52:9a
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

7d:c7:02:07:5f:cc:db:9e:63:38:5f:f5:13:14:c4:ce
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

49:7b:27:dd:53:45:44:83:90:50:fe:e3:5c:13:4a:23:52:fd:9f:f3:97:23:f2:da:75:36:10:51:42:e7:89:02
Signer

d0:99:5e:b3:1c:fb:17:c2:0d:2a:bb:5b:96:54:2d:e1:1f:91:c2:94
Signer

.text
Size: 5.6MB - Virtual size: 5.6MB

.rdata
Size: 1.4MB - Virtual size: 1.4MB

.data
Size: 400KB - Virtual size: 1.4MB

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

.reloc
Size: 410KB - Virtual size: 410KB