Overview
overview
10Static
static
3OneDrives.exe
windows7-x64
7OneDrives.exe
windows10-2004-x64
10$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3Bonvivante...29.dll
windows7-x64
1Bonvivante...29.dll
windows10-2004-x64
1Lanthanotu...on.dll
windows7-x64
1Lanthanotu...on.dll
windows10-2004-x64
1Portliest/...or.dll
windows7-x64
1Portliest/...or.dll
windows10-2004-x64
1Static task
static1
Behavioral task
behavioral1
Sample
OneDrives.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
OneDrives.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
Bonvivanters/Genremaleri/Lifeguards/lang-1029.dll
Resource
win7-20241010-en
Behavioral task
behavioral6
Sample
Bonvivanters/Genremaleri/Lifeguards/lang-1029.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
Lanthanotus95/Inlayed/Hovedvagts/completion.dll
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
Lanthanotus95/Inlayed/Hovedvagts/completion.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
Portliest/Blokadegreb/Baandstoppene/DataCollector.dll
Resource
win7-20240729-en
Behavioral task
behavioral10
Sample
Portliest/Blokadegreb/Baandstoppene/DataCollector.dll
Resource
win10v2004-20241007-en
General
-
Target
JaffaCakes118_8e6e83ba1eb2ceb0eddc7e0fd98e1fb775f4809e4acfe8d5e66dadaa806ad2d5
-
Size
343KB
-
MD5
1f6289310bb74bb4f8d741b883890795
-
SHA1
2076ea6fc59c25abf0a4bc7ad3cf537cf9fd6407
-
SHA256
8e6e83ba1eb2ceb0eddc7e0fd98e1fb775f4809e4acfe8d5e66dadaa806ad2d5
-
SHA512
6033bf439601b9654085417fbe38ef55e0cc5756e149948999a42f422b05e726be842c1a6ef49110e6816e6b8c3ac955cc35dd22662ed3f3ab46bd45cc3e88bc
-
SSDEEP
6144:8jbHno5xbUuCRbMYCvBTJu41mBOER6YxRmCEjzPPHEIdpD5bQvUJOmrD+8W31Zd5:ybHj/kBTJd1yjRqXPHECWUJOQD+4dcvX
Malware Config
Signatures
-
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.
resource unpack002/$PLUGINSDIR/System.dll unpack002/Lanthanotus95/Inlayed/Hovedvagts/completion.dll -
NSIS installer 2 IoCs
resource yara_rule static1/unpack001/OneDrives.bin nsis_installer_1 static1/unpack001/OneDrives.bin nsis_installer_2
Files
-
JaffaCakes118_8e6e83ba1eb2ceb0eddc7e0fd98e1fb775f4809e4acfe8d5e66dadaa806ad2d5.zip
-
OneDrives.bin.exe windows:4 windows x86 arch:x86
ea4e67a31ace1a72683a99b80cf37830
Code Sign
12:29:de:7b:f5:96:92:74Certificate
IssuerCN=Reperusal Lommetrklderne Picksomeness\ ,OU=pathomania Yeasts Heterodyning\ ,O=Eksekutorerne,L=Lamonzie,ST=Nouvelle-Aquitaine,C=FR,1.2.840.113549.1.9.1=#0c2445766967686564736b616c656e646572656e4050686f746f636f6c6c6f747970652e4772Not Before26-06-2022 04:16Not After25-06-2025 04:16SubjectCN=Reperusal Lommetrklderne Picksomeness\ ,OU=pathomania Yeasts Heterodyning\ ,O=Eksekutorerne,L=Lamonzie,ST=Nouvelle-Aquitaine,C=FR,1.2.840.113549.1.9.1=#0c2445766967686564736b616c656e646572656e4050686f746f636f6c6c6f747970652e47722b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30Certificate
IssuerCN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PLNot Before28-07-2022 08:56Not After27-07-2033 08:56SubjectCN=Certum Timestamp 2022,O=Asseco Data Systems S.A.,C=PLExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87Certificate
IssuerCN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PLNot Before19-05-2021 05:32Not After18-05-2036 05:32SubjectCN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PLExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27Certificate
IssuerCN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PLNot Before31-05-2021 06:43Not After17-09-2029 06:43SubjectCN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PLKey Usages
KeyUsageCertSign
KeyUsageCRLSign
3a:bc:54:62:99:56:2a:7d:cb:91:d9:30:65:e6:56:40:88:9f:fc:74:df:60:40:fb:ce:69:dd:d6:50:c7:06:8eSigner
Actual PE Digest3a:bc:54:62:99:56:2a:7d:cb:91:d9:30:65:e6:56:40:88:9f:fc:74:df:60:40:fb:ce:69:dd:d6:50:c7:06:8eDigest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
advapi32
RegCreateKeyExA
RegEnumKeyA
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
SetFileSecurityA
RegOpenKeyExA
RegEnumValueA
shell32
SHGetFileInfoA
SHFileOperationA
SHGetPathFromIDListA
ShellExecuteExA
SHGetSpecialFolderLocation
SHBrowseForFolderA
ole32
IIDFromString
OleInitialize
OleUninitialize
CoCreateInstance
CoTaskMemFree
comctl32
ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked
user32
SetClipboardData
CharPrevA
CallWindowProcA
PeekMessageA
DispatchMessageA
MessageBoxIndirectA
GetDlgItemTextA
SetDlgItemTextA
GetSystemMetrics
CreatePopupMenu
AppendMenuA
TrackPopupMenu
FillRect
EmptyClipboard
LoadCursorA
GetMessagePos
CheckDlgButton
GetSysColor
SetCursor
GetWindowLongA
SetClassLongA
SetWindowPos
IsWindowEnabled
GetWindowRect
GetSystemMenu
EnableMenuItem
RegisterClassA
ScreenToClient
EndDialog
GetClassInfoA
SystemParametersInfoA
CreateWindowExA
ExitWindowsEx
DialogBoxParamA
CharNextA
SetTimer
DestroyWindow
CreateDialogParamA
SetForegroundWindow
SetWindowTextA
PostQuitMessage
SendMessageTimeoutA
ShowWindow
wsprintfA
GetDlgItem
FindWindowExA
IsWindow
GetDC
SetWindowLongA
LoadImageA
InvalidateRect
ReleaseDC
EnableWindow
BeginPaint
SendMessageA
DefWindowProcA
DrawTextA
GetClientRect
EndPaint
IsWindowVisible
CloseClipboard
OpenClipboard
gdi32
SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectA
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject
kernel32
GetExitCodeProcess
WaitForSingleObject
GetProcAddress
GetSystemDirectoryA
WideCharToMultiByte
MoveFileExA
GetTempFileNameA
RemoveDirectoryA
WriteFile
CreateDirectoryA
GetLastError
CreateProcessA
GlobalLock
GlobalUnlock
CreateThread
lstrcpynA
SetErrorMode
GetDiskFreeSpaceA
lstrlenA
GetCommandLineA
GetVersion
GetWindowsDirectoryA
SetEnvironmentVariableA
GetTempPathA
CopyFileA
GetCurrentProcess
ExitProcess
GetModuleFileNameA
GetFileSize
ReadFile
GetTickCount
Sleep
CreateFileA
GetFileAttributesA
SetCurrentDirectoryA
SetFileAttributesA
GetFullPathNameA
GetShortPathNameA
MoveFileA
CompareFileTime
SetFileTime
SearchPathA
lstrcmpiA
lstrcmpA
CloseHandle
GlobalFree
GlobalAlloc
ExpandEnvironmentStringsA
LoadLibraryExA
FreeLibrary
lstrcpyA
lstrcatA
FindClose
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
SetFilePointer
GetModuleHandleA
FindNextFileA
FindFirstFileA
DeleteFileA
MulDiv
Sections
.text Size: 25KB - Virtual size: 24KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 106KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ndata Size: - Virtual size: 84KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/System.dll.dll windows:4 windows x86 arch:x86
8c8a576201f68de1a3f26fc723b9f30f
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
MultiByteToWideChar
GlobalFree
GlobalSize
lstrcpynA
lstrcpyA
GetProcAddress
VirtualFree
FreeLibrary
lstrlenA
LoadLibraryA
GetModuleHandleA
GlobalAlloc
WideCharToMultiByte
VirtualAlloc
VirtualProtect
GetLastError
user32
wsprintfA
ole32
StringFromGUID2
CLSIDFromString
Exports
Exports
Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc
Sections
.text Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 867B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 104B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1024B - Virtual size: 636B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bing/Anelace/Udvirker.Neg
-
Bonvivanters/Genremaleri/Lifeguards/lang-1029.dll.dll windows:6 windows x86 arch:x86
Code Sign
04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before22-10-2013 12:00Not After22-10-2028 12:00SubjectCN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
02:fa:99:4d:66:0d:e6:59:ee:90:37:ec:b4:37:d7:66Certificate
IssuerCN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before14-10-2019 00:00Not After18-10-2022 12:00SubjectCN=Piriform Software Ltd,OU=RE 901,O=Piriform Software Ltd,L=London,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
61:1c:b2:8a:00:00:00:00:00:26Certificate
IssuerCN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before15-04-2011 19:41Not After15-04-2021 19:51SubjectCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate
IssuerCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before01-01-2021 00:00Not After06-01-2031 00:00SubjectCN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before07-01-2016 12:00Not After07-01-2031 12:00SubjectCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
00:22:21:39:a9:1c:46:e8:12:83:a1:43:23:9f:70:3e:27:da:97:e8:d2:4f:3f:74:91:a2:cc:eb:6e:f6:e1:b4Signer
Actual PE Digest00:22:21:39:a9:1c:46:e8:12:83:a1:43:23:9f:70:3e:27:da:97:e8:d2:4f:3f:74:91:a2:cc:eb:6e:f6:e1:b4Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rdata Size: 512B - Virtual size: 112B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 142KB - Virtual size: 142KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bonvivanters/Genremaleri/Lifeguards/mail-read-symbolic.svg.xml
-
Lanthanotus95/Inlayed/Hovedvagts/completion.dll.dll windows:4 windows x64 arch:x64
71b979f392e3e71cf15fb888d48241a6
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
kernel32
DeleteCriticalSection
EnterCriticalSection
GetLastError
InitializeCriticalSection
LeaveCriticalSection
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
msvcrt
__iob_func
_amsg_exit
_initterm
_lock
_unlock
abort
calloc
free
fwrite
isalnum
memset
realloc
strlen
strncmp
vfprintf
Exports
Exports
sqlite3_completion_init
Sections
.text Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 320B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.pdata Size: 1024B - Virtual size: 600B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.xdata Size: 512B - Virtual size: 456B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.bss Size: - Virtual size: 272B
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.edata Size: 512B - Virtual size: 89B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 1024B - Virtual size: 928B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.CRT Size: 512B - Virtual size: 88B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 16B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 116B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/4 Size: 1024B - Virtual size: 768B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/19 Size: 32KB - Virtual size: 31KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/31 Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/45 Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/57 Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/70 Size: 1024B - Virtual size: 807B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/81 Size: 12KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/92 Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Portliest/Blokadegreb/Baandstoppene/DataCollector.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Code Sign
02:80:ae:12:d4:c5:28:dc:0a:a1:06:fb:9f:17:aa:37Certificate
IssuerCN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before16-04-2021 00:00Not After21-04-2022 23:59SubjectCN=HP Inc.,O=HP Inc.,L=Palo Alto,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before22-10-2013 12:00Not After22-10-2028 12:00SubjectCN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate
IssuerCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before01-01-2021 00:00Not After06-01-2031 00:00SubjectCN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before07-01-2016 12:00Not After07-01-2031 12:00SubjectCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ea:fc:a3:95:c6:54:00:68:e8:9c:7c:ab:ee:53:2b:c1:e7:79:ad:67:8a:88:e5:49:ed:5a:9a:f8:e3:1a:3c:6dSigner
Actual PE Digestea:fc:a3:95:c6:54:00:68:e8:9c:7c:ab:ee:53:2b:c1:e7:79:ad:67:8a:88:e5:49:ed:5a:9a:f8:e3:1a:3c:6dDigest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
F:\jnks\workspace\Modern_Psdr_Master_UCDE\DataCollection\DataCollector\obj\Release\net46\DataCollector.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 60KB - Virtual size: 59KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Postings/Overnormalized.Afk
-
Rier/spellfix.c