WindscribeVPN-10_11[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

WindscribeVPN-10_11.zip
Size

26.8MB
MD5

37f4558a18584be87c8bd21d611505d8
SHA1

19df34113c194709d21e5015352327e6521868f7
SHA256

3b1611cdb278a2ba185fb83a7585c1b3a4232e5a4c6c98e88e6e64ff31439934
SHA512

ba07104652d487af35c7f22b303b15da9537cfb9f284b9945111188e86b6d67061dac264ffaa4ee31f540ced3e2a790dc3e56eecb27bc48e4640c0ef165b99de
SSDEEP

786432:Fh5SIMAh2bCN8bRPis96jdP/oPKlapF2BpLpR1:FzM62W81NMjhblk2nL31

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Launcher.dll
unpack001/data/appInfo/services/Launhcer.dll
unpack001/data/appInfo/services/data/Launcher.dll

Files

WindscribeVPN-10_11.zip
.zip
Launcher.dll
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Launcher.exe
.exe windows:6 windows x86 arch:x86

93d099f09873f4f31b1b7ec7cb84e6f0

Code Sign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3a:10:10:87:8e:d6:f7:dd:d4:ec:8e:8f
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

18-09-2019 12:58

Not After

11-12-2022 11:53

Subject

CN=Adersoft,O=Adersoft,L=Paris,C=FR,1.2.840.113549.1.9.1=#0c14737570706f72744061646572736f66742e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9f
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

27-05-2021 09:55

Not After

28-06-2032 09:55

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20-06-2018 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20-02-2019 00:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18-03-2009 10:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:fb:58:56:78:83:c0:9f:de:c5:ac:2a:33:b7:94:e6:e3:17:b1:5a:f9:ed:78:3e:8f:61:f7:67:75:db:dd:23
Signer

Actual PE Digest

03:fb:58:56:78:83:c0:9f:de:c5:ac:2a:33:b7:94:e6:e3:17:b1:5a:f9:ed:78:3e:8f:61:f7:67:75:db:dd:23

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetModuleHandleW
lstrcmpiW
MultiByteToWideChar
LoadLibraryExW
ExitProcess
LocalAlloc
LocalFree
FormatMessageW
WaitForSingleObject
GetExitCodeProcess
CreateThread
SetLastError
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
FindResourceExW
GetACP
WideCharToMultiByte
FreeResource
SetFilePointer
ReadFile
CreateFileW
CreateFileMappingW
MapViewOfFile
IsBadReadPtr
UnmapViewOfFile
GetCurrentProcessId
EnumResourceNamesW
GetFileAttributesW
GetFileSize
OpenEventW
SetEvent
ExpandEnvironmentStringsW
Sleep
FlushFileBuffers
GetFileType
WriteFile
WriteConsoleW
GetStringTypeW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
CloseHandle
FindNextFileW
FindFirstFileExW
FindClose
GetFileSizeEx
GetConsoleCP
ReadConsoleW
GetConsoleMode
SetFilePointerEx
LCMapStringW
GetStdHandle
GetModuleHandleExW
GetCommandLineW
GetCommandLineA
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetModuleFileNameW
SizeofResource
LockResource
LoadResource
FindResourceW
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
HeapFree
RtlUnwind
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
WaitForSingleObjectEx
ResetEvent
InitializeCriticalSectionAndSpinCount
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
GetCurrentProcess
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
OutputDebugStringW
IsDebuggerPresent
FreeLibrary
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionEx
IsValidCodePage

user32

UnregisterClassW
MessageBoxW
GetDlgItem
SetWindowPos
MapWindowPoints
GetClientRect
wsprintfA
GetWindowRect
GetMonitorInfoW
MonitorFromWindow
GetWindowLongW
GetWindow
SetTimer
SendMessageW
GetParent
SetWindowTextW
CharNextW
DispatchMessageW
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjects
CreateWindowExW
DestroyWindow
LoadCursorW
GetClassInfoExW
RegisterClassExW
CallWindowProcW
SetWindowLongW
DefWindowProcW
DialogBoxParamW
EndDialog
GetActiveWindow
KillTimer

advapi32

RegDeleteValueW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
CreateProcessWithLogonW
RegDeleteKeyW
RegCreateKeyExW

shell32

ShellExecuteW

ole32

CLSIDFromProgID
CLSIDFromString
CoUninitialize
CoGetObject
CoGetInstanceFromFile
CoInitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
StringFromGUID2
CoTaskMemFree

oleaut32

VariantCopy
VariantClear
SafeArrayUnaccessData
VariantChangeType
SafeArrayAccessData
SysAllocString
SysFreeString
VariantInit
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
SysStringLen
LoadTypeLibEx
SysAllocStringLen

wintrust

WinVerifyTrust

crypt32

CertFreeCertificateContext
CertFindCertificateInStore
CryptMsgGetParam
CertCloseStore
CryptMsgClose
CryptQueryObject

version

GetFileVersionInfoW
VerQueryValueA
GetFileVersionInfoSizeW

Sections

.text
Size: 221KB - Virtual size: 220KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Launcher.exe.manifest
data/BKppqGJ
data/BNmMmro
data/BYSg0LpJa1nE
data/BlCBFlp
data/DMmsxub
data/DOjXRFCAmj
data/DQCqVO
data/DQWoqxrAB
data/DRMAiugX
data/DRWQKJkxMZguT
data/DReGIWuHgNiU
data/DRyrosKZfcet
data/DSnBe
data/DTSIdkMT
data/DUGMAxyvEpBTWc
data/DVWSmDPIE
data/DVrydb
data/DYGkjAakrZQrW
data/DoKGzxcRF
data/DoShMQ
data/DoYYxdD
data/DpLpzIXOifCXu
data/DqPiBT
data/DqxyvUzufxA
data/DrCPQb
data/DrCufptqB
data/DrKJfVNYIoWrs
data/DrKYppYOH
data/DsZmSvBOLYAk
data/DtqfIbaAZDPZEc
data/DuHzWMtHuSsCzz
data/DulFfwATW
data/DveXKeoSelZ
data/DxpeGeUG
data/DzMsXfkDkyoozZ
data/DzjFQoKaZ
data/EAdtaxgmsMqhQa
data/EArETxiqpzgev
data/HddJPrXlKSaJ
data/Hfehe4uzyFeO
data/HxvSuLrqVtQ8
data/HyR1LavQKkN9
data/I4iIUKLltziH
data/IAQlznO8Ac17
data/IIu2DRfwJOme
data/Ip4p8jkCrfml
data/IriNcin5TrsM
data/KPYbrodAKRLIMF
data/KPpAYMcStaMzW
data/KRFYlDC
data/KRSBHiVR
data/KSLAcksngtDr
data/KSwHTXWozxku
data/KTBZs
data/KTObISSC
data/KTuYGS
data/KWHhlEihgOaqp
data/KWPyCb
data/KXGeshA
data/KZQnwMLfHdK
data/KZePOkw
data/KZvKe
data/KrNvAotIIciU
data/KrVyDXBv
data/KsUAZaaronprQY
data/KspYZEmxqnUgMX
data/KtSALnAhcaz
data/KttknrYOV
data/KuamRXjDIQ
data/KvJewXoq
data/KvMDQojav
data/KvZYfNKXlsWt
data/KykGFp
data/LAPKwfOsmuy
data/LBTdNPIl
data/LBnBMeQNmI
data/LCBEH
data/LCuijDB
data/LDjXZJIZXUhq
data/LFEMSOeeebEEo
data/LHNOukTuhSoon
data/LHmnZ
data/LIsUIuZdIetoTu
data/LItVwExwzxX
data/LJhUPZePCPWUcQ
data/LJwVGIcfYlfkW
data/LLaZjQPJJ
data/LMZtvSgfEU
data/LPcYlhCJcoNe
data/LPkWREpeWfjHU
data/LPugzdvI
data/LPwlhsfXQjqqf
data/LQwXF
data/LSdWqyazmvO
data/LTeHBGc
data/LTqqyaZxuXYmo
data/LUxKeTAZ
data/LUzYdm
data/LXXbwaDB
data/LXqDWqTZsAnI
data/Lakny
data/LbEoZrKiiiqrEw
data/LblVXKxmvunLZ
data/LcJpmiAJu
data/LdcXvnhJSra
data/LeGKIbjlBvZSBa
data/LgnFuhMMuYR
data/Lhpqs
data/LjnbYUyFNyjkBC
data/LjsBBW
data/LlgxCkNVVzErc
data/LooLKjcXRmCki
data/LpiCJ
data/LrDzqNb
data/LrcVcu
data/LrwDuhYoGXtIw
data/LrxBPkuLUYleQf
data/LsfmyyIXb
data/LtBhdW
data/LuBPnxvIjhtc
data/LuSXuHS
data/LuaFpg
data/LutCiyiKnJn
data/LvCSldDUjzW
data/LvGojtTdIJ
data/LvXLfoTE
data/LwjBavtPBnQjLL
data/LwwnOAfEW
data/LyKVOwxOMsluPQ
data/LyzKKRnGKBGF
data/LzcerCq
data/MAIDDRSErF
data/MAKvPQdz
data/MBhjybTDpY
data/MDDzOXlyd
data/MDera
data/MGKEIkMU
data/MGNmRQi
data/MNYwYNwUXNb
data/MNahFKpydiu
data/MNqzCND
data/MPVpIryjtIiAyY
data/MPtLzNJapcQwnn
data/MRIQgZZXcyU
data/MSkVXuV
data/MSlMWu
data/MTJnoOeZl
data/MTiMQk
data/MTsxlMMESP
data/MVWAeFc
data/MVzJqrMrmKKkA
data/MWmJQBWNlgWe
data/MWvjqoPFnL
data/MWxBMGdaOv
data/MbiNj
data/McpnXGaSgdJFV
data/MdJVQFLb
data/MdapIRnh
data/MdqMIJbDt
data/MeKnsSIdMMzKaB
data/MiFtbqIbGNn
data/MjtTD
data/MjwsRoWLfrpHGP
data/MltCfkIs
data/MnglWaUa
data/MnhUUG
data/MorNcvlHfoRFuZ
data/MpACBZNm
data/MpKlps
data/MpUWBWr
data/MpkWrvOzZqSk
data/MplZOkWQh
data/MqJtXhk
data/MqbWqZz
data/MrJFwEKguz
data/MrPkFO
data/MsNlY
data/MuQqHEuGexVXCv
data/MwcNcJ
data/MxKOS
data/MxNxaTyhOrnQ
data/MxTduvSCNkrd
data/MxUGnHiUbzTbyZ
data/appInfo/EBqhlo
data/appInfo/ECLhB
data/appInfo/EDAIc
data/appInfo/EGWRkFtA
data/appInfo/EHISNTB
data/appInfo/EHjXCahqHZt
data/appInfo/EHmtqvDJKOpNel
data/appInfo/EHzSjFHyui
data/appInfo/EIRtNHRWEJ
data/appInfo/EKFwkANCqEgza
data/appInfo/EbFYa
data/appInfo/EdVEChIHcBjwvk
data/appInfo/EhIEuYj
data/appInfo/EhMDlWCyY
data/appInfo/EhQSLTFW
data/appInfo/EiqLHoif
data/appInfo/KFpQY
data/appInfo/KGUbsMgsCXYaFb
data/appInfo/KLmEzVZ
data/appInfo/KONVxnHahM
data/appInfo/KPfPVhGGlH
data/appInfo/KiSjOArc
data/appInfo/KisJrvdDKMKZK
data/appInfo/Kjhda
data/appInfo/KjsnAL
data/appInfo/KkGoSI
data/appInfo/KllXmZvmmQiPRX
data/appInfo/KlvxcmXEyQrUO
data/appInfo/KnaFaFFuaw
data/appInfo/KnwDRbN
data/appInfo/KoPtAHB
data/appInfo/KofWwzOiMLMf
data/appInfo/MYNPZWRCMou
data/appInfo/MYSzIYedTiI
data/appInfo/MYVnYOkguRv
data/appInfo/MYdltZNG
data/appInfo/MZhmNlwdjbOX
data/appInfo/MyRxtJpR
data/appInfo/MzmVodJd
data/appInfo/NAPrdXDhgG
data/appInfo/NAZYDBIIqvU
data/appInfo/NaBWtCARv
data/appInfo/NbFfcMsTU
data/appInfo/eBFbr
data/appInfo/eCBdXirHwyvmsS
data/appInfo/eCoQwcnuaFL
data/appInfo/eCtrQSAdq
data/appInfo/eDLfSGvUx
data/appInfo/eFmyiF
data/appInfo/eHWcGV
data/appInfo/eIDtJQlurOqwA
data/appInfo/eIwGAL
data/appInfo/eJtWzL
data/appInfo/eKemVE
data/appInfo/eKhZeuSl
data/appInfo/eeAqZiAvC
data/appInfo/eeFwfknb
data/appInfo/efAzDCN
data/appInfo/efXkX
data/appInfo/efhtP
data/appInfo/egxmi
data/appInfo/egzaReUBCtx
data/appInfo/ehKlnCOcfMWJq
data/appInfo/ehWNABApkY
data/appInfo/eikWeBL
data/appInfo/ejJuasKeCJ
data/appInfo/ejvmdXTcIek
data/appInfo/ekCCln
data/appInfo/eksZsJ
data/appInfo/kFWTr
data/appInfo/kGQaNqECW
data/appInfo/kGoKgRIKSWWzc
data/appInfo/kHAaeyqKUaHKHx
data/appInfo/kHChY
data/appInfo/kHcboVElVIFG
data/appInfo/kKcKM
data/appInfo/kKmXzRpnYt
data/appInfo/kLGPCajdA
data/appInfo/kLnuRFdHmXfw
data/appInfo/kOsUZ
data/appInfo/kgKNamxRs
data/appInfo/kgdoSeerkh
data/appInfo/kgpjyDs
data/appInfo/khDUqmMDgm
data/appInfo/kkpClA
data/appInfo/klZAPOyubRl
data/appInfo/klkbfadzCiNFyY
data/appInfo/knhRjimjZhMH
data/appInfo/mXVVDYh
data/appInfo/mYQkIYXzlZGnf
data/appInfo/mYXDKft
data/appInfo/mYzLf
data/appInfo/mZRLbT
data/appInfo/mycsrPgahYx
data/appInfo/mzWndX
data/appInfo/mzpmaCcOBj
data/appInfo/nAnIj
data/appInfo/naxOonfBzKmC
data/appInfo/services/01
.rar
data/appInfo/services/02
.rar
data/appInfo/services/Launhcer.dll
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
data/appInfo/services/Launhcer.exe
.exe windows:6 windows x86 arch:x86

93d099f09873f4f31b1b7ec7cb84e6f0

Code Sign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3a:10:10:87:8e:d6:f7:dd:d4:ec:8e:8f
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

18-09-2019 12:58

Not After

11-12-2022 11:53

Subject

CN=Adersoft,O=Adersoft,L=Paris,C=FR,1.2.840.113549.1.9.1=#0c14737570706f72744061646572736f66742e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9f
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

27-05-2021 09:55

Not After

28-06-2032 09:55

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20-06-2018 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20-02-2019 00:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18-03-2009 10:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b1:2c:12:6f:38:81:22:3b:4b:eb:ee:5a:25:d8:c4:d1:03:ac:88:dd:95:a1:f9:d2:d7:1a:c0:b8:bd:2d:9b:73
Signer

Actual PE Digest

b1:2c:12:6f:38:81:22:3b:4b:eb:ee:5a:25:d8:c4:d1:03:ac:88:dd:95:a1:f9:d2:d7:1a:c0:b8:bd:2d:9b:73

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetModuleHandleW
lstrcmpiW
MultiByteToWideChar
LoadLibraryExW
ExitProcess
LocalAlloc
LocalFree
FormatMessageW
WaitForSingleObject
GetExitCodeProcess
CreateThread
SetLastError
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
FindResourceExW
GetACP
WideCharToMultiByte
FreeResource
SetFilePointer
ReadFile
CreateFileW
CreateFileMappingW
MapViewOfFile
IsBadReadPtr
UnmapViewOfFile
GetCurrentProcessId
EnumResourceNamesW
GetFileAttributesW
GetFileSize
OpenEventW
SetEvent
ExpandEnvironmentStringsW
Sleep
FlushFileBuffers
GetFileType
WriteFile
WriteConsoleW
GetStringTypeW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
CloseHandle
FindNextFileW
FindFirstFileExW
FindClose
GetFileSizeEx
GetConsoleCP
ReadConsoleW
GetConsoleMode
SetFilePointerEx
LCMapStringW
GetStdHandle
GetModuleHandleExW
GetCommandLineW
GetCommandLineA
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetModuleFileNameW
SizeofResource
LockResource
LoadResource
FindResourceW
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
HeapFree
RtlUnwind
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
WaitForSingleObjectEx
ResetEvent
InitializeCriticalSectionAndSpinCount
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
GetCurrentProcess
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
OutputDebugStringW
IsDebuggerPresent
FreeLibrary
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionEx
IsValidCodePage

user32

UnregisterClassW
MessageBoxW
GetDlgItem
SetWindowPos
MapWindowPoints
GetClientRect
wsprintfA
GetWindowRect
GetMonitorInfoW
MonitorFromWindow
GetWindowLongW
GetWindow
SetTimer
SendMessageW
GetParent
SetWindowTextW
CharNextW
DispatchMessageW
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjects
CreateWindowExW
DestroyWindow
LoadCursorW
GetClassInfoExW
RegisterClassExW
CallWindowProcW
SetWindowLongW
DefWindowProcW
DialogBoxParamW
EndDialog
GetActiveWindow
KillTimer

advapi32

RegDeleteValueW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
CreateProcessWithLogonW
RegDeleteKeyW
RegCreateKeyExW

shell32

ShellExecuteW

ole32

CLSIDFromProgID
CLSIDFromString
CoUninitialize
CoGetObject
CoGetInstanceFromFile
CoInitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
StringFromGUID2
CoTaskMemFree

oleaut32

VariantCopy
VariantClear
SafeArrayUnaccessData
VariantChangeType
SafeArrayAccessData
SysAllocString
SysFreeString
VariantInit
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
SysStringLen
LoadTypeLibEx
SysAllocStringLen

wintrust

WinVerifyTrust

crypt32

CertFreeCertificateContext
CertFindCertificateInStore
CryptMsgGetParam
CertCloseStore
CryptMsgClose
CryptQueryObject

version

GetFileVersionInfoW
VerQueryValueA
GetFileVersionInfoSizeW

Sections

.text
Size: 221KB - Virtual size: 220KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/appInfo/services/Launhcer.exe.manifest
data/appInfo/services/WinRAR.exe
.exe windows:5 windows x86 arch:x86

93d6ffbeb6eb5774e72f7a9d4e82b889

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

52:9e:3f:9f:cf:7d:58:d5:20:d6:07:ab:74:39:50:02
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02-06-2017 00:00

Not After

01-06-2020 23:59

Subject

CN=win.rar GmbH,O=win.rar GmbH,POSTALCODE=10117,STREET=Marienstrasse 12,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-05-2013 00:00

Not After

08-05-2028 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:9e:3f:9f:cf:7d:58:d5:20:d6:07:ab:74:39:50:02
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02-06-2017 00:00

Not After

01-06-2020 23:59

Subject

CN=win.rar GmbH,O=win.rar GmbH,POSTALCODE=10117,STREET=Marienstrasse 12,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-05-2013 00:00

Not After

08-05-2028 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

9b:89:b1:5c:05:2f:38:7e:09:3a:9b:ba:f5:18:32:e8:d1:da:b9:ba:5f:c1:9b:a2:77:d0:7f:99:b8:79:42:d7
Signer

Actual PE Digest

9b:89:b1:5c:05:2f:38:7e:09:3a:9b:ba:f5:18:32:e8:d1:da:b9:ba:5f:c1:9b:a2:77:d0:7f:99:b8:79:42:d7

Digest Algorithm

sha256

PE Digest Matches

true

98:17:ce:4e:f2:84:39:06:72:2c:9f:e2:57:6b:95:0b:7c:60:2e:bb
Signer

Actual PE Digest

98:17:ce:4e:f2:84:39:06:72:2c:9f:e2:57:6b:95:0b:7c:60:2e:bb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Projects\WinRAR\build\winrar32\Release\WinRAR.pdb

Imports

kernel32

DeviceIoControl
BackupRead
BackupSeek
GetShortPathNameW
GetLongPathNameW
GetFileType
GetStdHandle
FlushFileBuffers
GetFileTime
GetDiskFreeSpaceExW
GetVersionExW
GetCurrentDirectoryW
GetFullPathNameW
FoldStringW
LoadResource
SizeofResource
FindResourceW
LoadLibraryExW
CompareStringA
GetCurrentThread
SetThreadPriority
SetThreadExecutionState
CreateEventW
GetSystemDirectoryW
SetCurrentDirectoryW
GetFullPathNameA
SetPriorityClass
GetProcessAffinityMask
CreateThread
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
CreateSemaphoreW
GetSystemTime
TzSpecificLocalTimeToSystemTime
GetCPInfo
IsDBCSLeadByte
WideCharToMultiByte
CompareStringW
GetModuleHandleExW
GetCompressedFileSizeW
EnumResourceNamesW
EnumResourceLanguagesW
BeginUpdateResourceW
UpdateResourceW
EndUpdateResourceW
GetLocaleInfoW
GetNumberFormatW
GetLogicalDrives
LockResource
SuspendThread
ResumeThread
GetStartupInfoW
GetCurrentThreadId
FormatMessageW
CopyFileW
GetThreadPriority
SetErrorMode
GetPriorityClass
WaitForMultipleObjects
MulDiv
CompareFileTime
FindNextChangeNotification
HeapSize
GetProcessHeap
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
IsValidCodePage
FindNextFileA
FindFirstFileExA
GetStringTypeW
WriteConsoleW
SetStdHandle
LCMapStringW
HeapReAlloc
GetModuleFileNameA
ExitProcess
GetConsoleCP
ReadConsoleW
GetConsoleMode
SetFilePointerEx
FreeLibraryAndExitThread
ExitThread
QueryPerformanceFrequency
EncodePointer
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RaiseException
RtlUnwind
InitializeSListHead
QueryPerformanceCounter
IsDebuggerPresent
WaitForSingleObjectEx
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetFileInformationByHandle
GetLocalTime
FindCloseChangeNotification
FindFirstChangeNotificationW
ExpandEnvironmentStringsW
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
FindNextFileW
GetDiskFreeSpaceW
CreateHardLinkW
SetLastError
DosDateTimeToFileTime
LocalFileTimeToFileTime
HeapFree
HeapAlloc
HeapDestroy
HeapCreate
DeleteFileW
SetFileAttributesW
CreateFileW
RemoveDirectoryW
CreateDirectoryW
LoadLibraryW
GetSystemTimeAsFileTime
SetFileTime
SetFilePointer
SetEndOfFile
ReadFile
WriteFile
GetFileSize
FreeLibrary
MoveFileW
GetTickCount
GetCPInfoExW
GetOEMCP
GetACP
GetVolumeInformationW
GetDriveTypeW
Sleep
GetCurrentProcessId
GetCurrentProcess
CreateMutexW
ReleaseMutex
GetLastError
GlobalFree
GlobalUnlock
GlobalLock
GlobalSize
GlobalAlloc
DecodePointer
MultiByteToWideChar
GetVersionExA
GetModuleHandleW
GetProcAddress
GetTempPathW
OpenFileMappingW
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
CloseHandle
WaitForSingleObject
GetCommandLineW
GetModuleFileNameW
GetDateFormatW
GetTimeFormatW
FindFirstFileW
FileTimeToSystemTime
FileTimeToLocalFileTime
FindClose
Beep
GetFileAttributesW

user32

CopyImage
FindWindowExW
FillRect
MessageBoxW
CreateIcon
EnumWindows
SetForegroundWindow
IsCharAlphaW
FlashWindow
CopyRect
RegisterClassExW
GetSysColor
ValidateRect
DrawIconEx
LoadImageW
SystemParametersInfoW
GetSystemMenu
KillTimer
SetTimer
MessageBoxIndirectW
CharLowerW
ExitWindowsEx
CharLowerA
LoadStringW
GetWindow
SetProcessDefaultLayout
CharToOemBuffW
OemToCharBuffA
OemToCharA
GetComboBoxInfo
RedrawWindow
MessageBeep
CharToOemA
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
PeekMessageW
GetScrollInfo
EnableMenuItem
CheckMenuItem
GetFocus
MoveWindow
GetClientRect
GetWindowTextLengthW
EndPaint
BeginPaint
UpdateWindow
AppendMenuW
DrawMenuBar
wsprintfW
ScreenToClient
ClientToScreen
CallWindowProcW
PtInRect
SetMenuItemInfoW
GetMenuItemInfoW
InsertMenuItemW
TrackPopupMenu
DeleteMenu
InsertMenuW
GetSubMenu
SetMenu
LoadMenuW
LoadAcceleratorsW
IsChild
RegisterClassW
PostQuitMessage
SetScrollRange
SetScrollPos
ScrollWindowEx
GetClipboardData
LoadIconW
RegisterWindowMessageW
CreateDialogParamW
PostThreadMessageW
IsDialogMessageW
GetIconInfo
CreateIconIndirect
FindWindowW
RemovePropW
GetPropW
SendMessageW
DefWindowProcW
CreateWindowExW
DestroyWindow
SetFocus
GetWindowTextW
GetWindowLongW
SetWindowLongW
SetWindowPos
GetWindowPlacement
SetWindowPlacement
IsWindowVisible
DialogBoxParamW
SetPropW
GetForegroundWindow
TranslateAcceleratorW
CreateDialogIndirectParamW
BringWindowToTop
GetMenuState
GetMenuItemID
GetLastActivePopup
DispatchMessageW
TranslateMessage
DestroyMenu
CreatePopupMenu
GetMenu
IsWindow
WaitForInputIdle
LoadCursorW
EndDialog
GetDlgItem
SetDlgItemTextW
GetDlgItemTextW
SendDlgItemMessageW
GetWindowRect
MapWindowPoints
GetParent
DestroyIcon
CheckDlgButton
PostMessageW
InvalidateRect
EnumChildWindows
GetClassNameW
ShowWindow
CharToOemBuffA
SetDlgItemInt
GetDlgItemInt
GetMessageW
GetMenuItemCount
GetWindowThreadProcessId
WindowFromPoint
SetCursor
GetKeyState
RegisterClipboardFormatW
SystemParametersInfoA
GetDesktopWindow
IntersectRect
GetCursorPos
SetWindowTextW
ReleaseDC
GetDC
GetSystemMetrics
EnableWindow
IsIconic
IsWindowEnabled
IsDlgButtonChecked
CharUpperW

gdi32

TextOutA
SetPixel
Rectangle
GetTextExtentPoint32W
CreateSolidBrush
CreateDIBSection
GetPixel
DPtoLP
StretchBlt
SetMapMode
GetMapMode
GetDeviceCaps
CreateCompatibleBitmap
CreateBitmap
ExtTextOutW
SetBkColor
DeleteDC
CreateCompatibleDC
BitBlt
GetObjectW
TextOutW
MoveToEx
SetTextColor
LineTo
CreatePen
GetTextFaceW
GetTextMetricsW
SelectObject
DeleteObject
CreateFontW

comdlg32

GetOpenFileNameW
GetSaveFileNameW
CommDlgExtendedError
ChooseFontW

advapi32

AllocateAndInitializeSid
AccessCheck
OpenProcessToken
MapGenericMask
GetFileSecurityW
RegCloseKey
IsTextUnicode
RegSetValueExW
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
CheckTokenMembership
FreeSid
DuplicateToken
SetFileSecurityW
GetSecurityDescriptorLength
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
LookupPrivilegeValueW
AdjustTokenPrivileges
RegQueryValueExW
RegOpenKeyExW

shell32

FindExecutableW
DragFinish
DragQueryFileW
Shell_NotifyIconW
DragAcceptFiles
ShellExecuteW
SHGetSpecialFolderLocation
SHAddToRecentDocs
SHFileOperationW
SHGetFolderPathW
ShellExecuteExW
SHBrowseForFolderW
SHGetMalloc
SHChangeNotify
SHGetDesktopFolder
SHGetFolderLocation
SHGetPathFromIDListW
SHGetFileInfoW
ord100

ole32

RevokeDragDrop
RegisterDragDrop
OleUninitialize
OleInitialize
CLSIDFromString
CreateStreamOnHGlobal
CoTaskMemAlloc
CoInitializeEx
CoTaskMemFree
CoCreateInstance
OleSetClipboard
DoDragDrop

oleaut32

VariantClear
SysAllocString

shlwapi

StrCmpLogicalW
SHAutoComplete

powrprof

SetSuspendState

comctl32

CreateStatusWindowW
ImageList_Create
ImageList_ReplaceIcon
InitCommonControlsEx
PropertySheetW

uxtheme

IsThemeActive
IsAppThemed

gdiplus

GdiplusShutdown
GdiplusStartup
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipDisposeImage
GdipCloneImage
GdipFree
GdipAlloc
GdipCreateBitmapFromHBITMAP
GdipBitmapGetPixel
GdipBitmapSetPixel

msimg32

GradientFill

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 646KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 888KB - Virtual size: 888KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/appInfo/services/data/Launcher.dll
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
data/appInfo/services/data/Launcher.exe
.exe windows:6 windows x86 arch:x86

93d099f09873f4f31b1b7ec7cb84e6f0

Code Sign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3a:10:10:87:8e:d6:f7:dd:d4:ec:8e:8f
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

18-09-2019 12:58

Not After

11-12-2022 11:53

Subject

CN=Adersoft,O=Adersoft,L=Paris,C=FR,1.2.840.113549.1.9.1=#0c14737570706f72744061646572736f66742e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9f
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

27-05-2021 09:55

Not After

28-06-2032 09:55

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20-06-2018 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20-02-2019 00:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18-03-2009 10:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:fb:58:56:78:83:c0:9f:de:c5:ac:2a:33:b7:94:e6:e3:17:b1:5a:f9:ed:78:3e:8f:61:f7:67:75:db:dd:23
Signer

Actual PE Digest

03:fb:58:56:78:83:c0:9f:de:c5:ac:2a:33:b7:94:e6:e3:17:b1:5a:f9:ed:78:3e:8f:61:f7:67:75:db:dd:23

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetModuleHandleW
lstrcmpiW
MultiByteToWideChar
LoadLibraryExW
ExitProcess
LocalAlloc
LocalFree
FormatMessageW
WaitForSingleObject
GetExitCodeProcess
CreateThread
SetLastError
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
FindResourceExW
GetACP
WideCharToMultiByte
FreeResource
SetFilePointer
ReadFile
CreateFileW
CreateFileMappingW
MapViewOfFile
IsBadReadPtr
UnmapViewOfFile
GetCurrentProcessId
EnumResourceNamesW
GetFileAttributesW
GetFileSize
OpenEventW
SetEvent
ExpandEnvironmentStringsW
Sleep
FlushFileBuffers
GetFileType
WriteFile
WriteConsoleW
GetStringTypeW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
CloseHandle
FindNextFileW
FindFirstFileExW
FindClose
GetFileSizeEx
GetConsoleCP
ReadConsoleW
GetConsoleMode
SetFilePointerEx
LCMapStringW
GetStdHandle
GetModuleHandleExW
GetCommandLineW
GetCommandLineA
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetModuleFileNameW
SizeofResource
LockResource
LoadResource
FindResourceW
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
HeapFree
RtlUnwind
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
WaitForSingleObjectEx
ResetEvent
InitializeCriticalSectionAndSpinCount
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
GetCurrentProcess
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
OutputDebugStringW
IsDebuggerPresent
FreeLibrary
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionEx
IsValidCodePage

user32

UnregisterClassW
MessageBoxW
GetDlgItem
SetWindowPos
MapWindowPoints
GetClientRect
wsprintfA
GetWindowRect
GetMonitorInfoW
MonitorFromWindow
GetWindowLongW
GetWindow
SetTimer
SendMessageW
GetParent
SetWindowTextW
CharNextW
DispatchMessageW
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjects
CreateWindowExW
DestroyWindow
LoadCursorW
GetClassInfoExW
RegisterClassExW
CallWindowProcW
SetWindowLongW
DefWindowProcW
DialogBoxParamW
EndDialog
GetActiveWindow
KillTimer

advapi32

RegDeleteValueW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
CreateProcessWithLogonW
RegDeleteKeyW
RegCreateKeyExW

shell32

ShellExecuteW

ole32

CLSIDFromProgID
CLSIDFromString
CoUninitialize
CoGetObject
CoGetInstanceFromFile
CoInitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
StringFromGUID2
CoTaskMemFree

oleaut32

VariantCopy
VariantClear
SafeArrayUnaccessData
VariantChangeType
SafeArrayAccessData
SysAllocString
SysFreeString
VariantInit
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
SysStringLen
LoadTypeLibEx
SysAllocStringLen

wintrust

WinVerifyTrust

crypt32

CertFreeCertificateContext
CertFindCertificateInStore
CryptMsgGetParam
CertCloseStore
CryptMsgClose
CryptQueryObject

version

GetFileVersionInfoW
VerQueryValueA
GetFileVersionInfoSizeW

Sections

.text
Size: 221KB - Virtual size: 220KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/appInfo/services/data/Launcher.exe.manifest
data/bLaeciqdkmrP
data/bNnKkyalyMD
data/bkWBnMenWqGS
data/bnLIZbi
data/c1YEOuKPjdGg
data/dMOwH
data/dNaisDpS
data/dNmLljiOf
data/dNqwIQLvzOe
data/dNwhBRLUXkQI
data/dOAmThWUI
data/dPyzOWYzKKNB
data/dQcvIEx
data/dRFcKMjpAJpct
data/dRLzlR
data/dRUVHCiPkKpssO
data/dRizBPByPcjWJ
data/dSWjYBYLaN
data/dSgclPmjvWc
data/dSkJwDAx
data/dUGIQrfNSeoDgn
data/dUokgtmUMOeVQ
data/dVvQEqxbzAp
data/dXUtuGdrt
data/dXbbSBxwu
data/dXtCxY
data/dYsqfaaIzhonk
data/dYwPlRscLlR
data/dZSXHw
data/dZZhZRlPuuFP
data/dnVVQPTqlleo
data/doNnCfm
data/dovgsKOIkf
data/doyWmACVy
data/dpolFd
data/dprbn
data/driMAmfLucFR
data/dsuwJrAm
data/dwhqWzvea
data/dycXzC
data/dygzpFTOjHcoG
data/dytVhyVQ
data/eaAhlFsM
data/hGe7TEtdocFd
data/hLJlskKss63f
data/hS4s9ydmdMQw
data/hTmOwyAgcHTH
data/hVhkuLFcWUU5
data/hcqPsUfUwfPX
data/hdIzp8tioRwz
data/heTkWqOR4woM
data/hkQtdRkIBiWm
data/hnkzrzUPqtI5
data/homoK5V5llzG
data/hz4fdYftfeDV
data/hzKmkBp9HPGw
data/i4dwEf8x5AV8
data/i6EyLvLWc0Qb
data/i72FOVuNmaLs
data/i7ubcXK00sqO
data/iD6euCFkuNiK
data/iP3DhmOBz918
data/iUFnianwYbaO
data/imjpFqxiKeF0
data/kTDFSmdtRBZ
data/kVDKO
data/kVecMdlrx
data/kYESytgau
data/kYfkwI
data/kYmSCk
data/kZIHdHWvwUYG
data/kZuApXLl
data/kZzHcRbFLb
data/kpTGzYohR
data/kqZbbrZFagB
data/kqtXUJwhQX
data/ksWTrkInjj
data/kuINOhBqNq
data/kveWaIKEyQJque
data/kvjbXVqeCDjMHg
data/kvpZjVdGWEF
data/kvvwZSNA
data/kwpVURb
data/kxFFNpNqDmCdW
data/kxzOeRS
data/kyIsxxRg
data/kzAVjKwr
data/kzUPSNuovkh
data/lAEHO
data/lBvhxIp
data/lHSbowAI
data/lJOjyvSnAbnCj
data/lJkJVrk
data/lKkTBK
data/lMkwTrXDqfdEex
data/lNCDsGyWUd
data/lOZVZJvlqTjRSb
data/lPBcgxne
data/lPJjWBr
data/lPvNvmTMsd
data/lQubOqc
data/lSeCg
data/lTCfCwZ
data/lUPuHX
data/lYQuMPZCMYKlFz
data/lZvlIIK
data/lbenyhcWPAB
data/lbvNtLrEJUyg
data/ldLNLHCzzXoWVB
data/ldlYbmcImJx
data/lesELUdhXoW
data/lezxnZUCb
data/lfLwtWYyncFXIR
data/lgQqbrK
data/lhKnILDW
data/liWzQWfgqm
data/liqrW
data/ljEtsswPrdjjz
data/ljdINmizeio
data/ljdVUZ
data/llmHLjUGYi
data/loZQMdd
data/lpOyqsNARNI
data/lqHzKePxcPNCMx
data/lqNpYhGcHkhKM
data/lrQYW
data/lsPCxiQVxvx
data/lsxRHlHxBs
data/ltBUtIZ
data/lvjzkKoskc
data/lzzsgOpoQ
data/mAANJwdq
data/mAgbiRNhpxLBDI
data/mBYeoKBuIW
data/mCBRnHZnK
data/mCTadj
data/mCVyw
data/mEKodgul
data/mEMNhIJQ
data/mEMclKgygWLLa
data/mFcXmhmujp
data/mHIGE
data/mIEoObkw
data/mIhUSVudIqoJ
data/mKHLNvtMa
data/mKsWCY
data/mKzltma
data/mLDNGSedzb
data/mLPEDjEwkrBDr
data/mMrAbIVP
data/mOwRxoy
data/mQyFjYtw
data/mRHXW
data/mRsoirbc
data/mSMyGXi
data/mTDDtOMSLmN
data/mTxHKANaWyNe
data/mVNjbvHywxb
data/mWdpPtOweERpr
data/mamPPSkmLL
data/mdIOhhSAcuo
data/meFjRMQEpLzQ
data/meKEUM
data/mgnfyawqBwm
data/mjyJbCpuvG
data/mkXTFIUPz
data/mkxkB
data/mmAovvKaOTWR
data/mmIvQKqL
data/mnPjBlZkz
data/mrApOaJKq
data/mrKWuKDWzEz
data/mrRKcWF
data/mrwQlxjW
data/msBZQkipqchFH
data/mtCMrgu
data/mtGMD
data/mtpyeMrNlyIv
data/muamRDMeuScu
data/muedPipbJSTUB
data/muhhcsw
data/mulaNiETYORZRm
data/mvEqJaVwYYm
data/mwWqLZMSuig
data/mwngrtQVEr
data/mwxBJBAHvgsP

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.rdata Size: 512B - Virtual size: 140B

.rsrc Size: 1KB - Virtual size: 1KB

93d099f09873f4f31b1b7ec7cb84e6f0

Code Sign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cdCertificate

Extended Key Usages

Key Usages

3a:10:10:87:8e:d6:f7:dd:d4:ec:8e:8fCertificate

Extended Key Usages

Key Usages

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9fCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fcCertificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

03:fb:58:56:78:83:c0:9f:de:c5:ac:2a:33:b7:94:e6:e3:17:b1:5a:f9:ed:78:3e:8f:61:f7:67:75:db:dd:23Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

wintrust

crypt32

version

Sections

.text Size: 221KB - Virtual size: 220KB

.rdata Size: 68KB - Virtual size: 68KB

.data Size: 6KB - Virtual size: 12KB

.rsrc Size: 46KB - Virtual size: 46KB

.reloc Size: 11KB - Virtual size: 11KB

Headers

DLL Characteristics

File Characteristics

Sections

.rdata Size: 512B - Virtual size: 140B

.rsrc Size: 1KB - Virtual size: 1KB

93d099f09873f4f31b1b7ec7cb84e6f0

Code Sign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cdCertificate

Extended Key Usages

Key Usages

3a:10:10:87:8e:d6:f7:dd:d4:ec:8e:8fCertificate

Extended Key Usages

Key Usages

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9fCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fcCertificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

b1:2c:12:6f:38:81:22:3b:4b:eb:ee:5a:25:d8:c4:d1:03:ac:88:dd:95:a1:f9:d2:d7:1a:c0:b8:bd:2d:9b:73Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

.rdata
Size: 512B - Virtual size: 140B

.rsrc
Size: 1KB - Virtual size: 1KB

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

3a:10:10:87:8e:d6:f7:dd:d4:ec:8e:8f
Certificate

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9f
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

03:fb:58:56:78:83:c0:9f:de:c5:ac:2a:33:b7:94:e6:e3:17:b1:5a:f9:ed:78:3e:8f:61:f7:67:75:db:dd:23
Signer

.text
Size: 221KB - Virtual size: 220KB

.rdata
Size: 68KB - Virtual size: 68KB

.data
Size: 6KB - Virtual size: 12KB

.rsrc
Size: 46KB - Virtual size: 46KB

.reloc
Size: 11KB - Virtual size: 11KB

.rdata
Size: 512B - Virtual size: 140B

.rsrc
Size: 1KB - Virtual size: 1KB

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

3a:10:10:87:8e:d6:f7:dd:d4:ec:8e:8f
Certificate

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9f
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

b1:2c:12:6f:38:81:22:3b:4b:eb:ee:5a:25:d8:c4:d1:03:ac:88:dd:95:a1:f9:d2:d7:1a:c0:b8:bd:2d:9b:73
Signer

.text
Size: 221KB - Virtual size: 220KB

.rdata
Size: 68KB - Virtual size: 68KB

.data
Size: 6KB - Virtual size: 12KB

.rsrc
Size: 46KB - Virtual size: 46KB

.reloc
Size: 11KB - Virtual size: 11KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

52:9e:3f:9f:cf:7d:58:d5:20:d6:07:ab:74:39:50:02
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

52:9e:3f:9f:cf:7d:58:d5:20:d6:07:ab:74:39:50:02
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

9b:89:b1:5c:05:2f:38:7e:09:3a:9b:ba:f5:18:32:e8:d1:da:b9:ba:5f:c1:9b:a2:77:d0:7f:99:b8:79:42:d7
Signer

98:17:ce:4e:f2:84:39:06:72:2c:9f:e2:57:6b:95:0b:7c:60:2e:bb
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 104KB - Virtual size: 103KB

.data
Size: 17KB - Virtual size: 646KB

.gfids
Size: 512B - Virtual size: 248B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 888KB - Virtual size: 888KB

.reloc
Size: 53KB - Virtual size: 53KB