JaffaCakes118_f21fc236f99382ba56941352a456882e65c4d99bcb9ce0094a0981920e9dba09

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_f21fc236f99382ba56941352a456882e65c4d99bcb9ce0094a0981920e9dba09
Size

1.4MB
MD5

38d95a020f777979c1939e0881be2115
SHA1

29b9dcd417dff7ce4693fa60c13bb8778db89f70
SHA256

f21fc236f99382ba56941352a456882e65c4d99bcb9ce0094a0981920e9dba09
SHA512

f4df4c8608abf0fa1c7d293a1d2ea6086c432cb17b18ad5fc45c2045dc7bb9f49677b49cd88e60a58a10a2e3e5d7d18427458058fe4b758c88654d2ff22ebf38
SSDEEP

24576:9KHFVDf5/jH9paD8lqAvd/XnHuUrcEj+qx/blRQXBqbPdh0ZWhdbUkT0b4z4u1O:UHFVDfwxa/XHuqcm94AOWhdbUkT0btmO

Score

7^/10

pdf link

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack003/Udspecificerendes/Kommunekemis/demasculinisation/Blizzard.dll	acprotect

One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
pdf link

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack003/$PLUGINSDIR/System.dll
unpack003/Devastatingly143/Begyndelsesordene/vmrawdskver.dll
unpack003/Prostatism/Mellemfristet/Aprioriskes/libfreetype-6.dll
unpack003/Udspecificerendes/Kommunekemis/demasculinisation/Blizzard.dll

Files

JaffaCakes118_f21fc236f99382ba56941352a456882e65c4d99bcb9ce0094a0981920e9dba09
.zip

Password: infected
72c35df79a994d9623c4cfc717808f39a663c7c9c754488cab6123480f68643d
.zip
Untrimmed.exe
.exe windows:4 windows x86 arch:x86

7ed0d71376e55d58ab36dc7d3ffda898

Code Sign

18:21:4f:ce:f7:4c:d2:cf
Certificate

Issuer

OU=Honeybuns Topman Hotshots\ ,O=Kursisten,L=Périgny,ST=Nouvelle-Aquitaine,C=FR,1.2.840.113549.1.9.1=#0c1a636f7270757363756c6f75734046696c65746b6e6976652e4d65

Not Before

27-08-2022 13:59

Not After

26-08-2025 13:59

Subject

OU=Honeybuns Topman Hotshots\ ,O=Kursisten,L=Périgny,ST=Nouvelle-Aquitaine,C=FR,1.2.840.113549.1.9.1=#0c1a636f7270757363756c6f75734046696c65746b6e6976652e4d65

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7a:0e:0b:68:73:f6:da:56:cf:93:ec:a9:72:34:0a:94:db:88:30:2e:2a:47:b4:05:e4:6d:b8:16:77:52:88:86
Signer

Actual PE Digest

7a:0e:0b:68:73:f6:da:56:cf:93:ec:a9:72:34:0a:94:db:88:30:2e:2a:47:b4:05:e4:6d:b8:16:77:52:88:86

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathW
SetFileTime
CloseHandle
GetShortPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
GetFullPathNameW
CreateDirectoryW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
SetEnvironmentVariableW
GetWindowsDirectoryW
GetTempPathW
SetFileAttributesW
ExpandEnvironmentStringsW
LoadLibraryW
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
CreateProcessW
RemoveDirectoryW
lstrcmpiA
CreateFileW
GetTempFileNameW
lstrcpyA
lstrcpyW
lstrcatW
GetSystemDirectoryW
GetVersion
GetProcAddress
LoadLibraryA
GetModuleHandleA
GetModuleHandleW
lstrcmpiW
lstrcmpW
WaitForSingleObject
GlobalFree
GlobalAlloc
LoadLibraryExW
GetExitCodeProcess
FreeLibrary
WritePrivateProfileStringW
SetErrorMode
GetCommandLineW
GetPrivateProfileStringW
FindFirstFileW
FindNextFileW
DeleteFileW
SetFilePointer
ReadFile
FindClose
MulDiv
MultiByteToWideChar
WriteFile
lstrlenA
WideCharToMultiByte

user32

EndDialog
ScreenToClient
GetWindowRect
RegisterClassW
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongW
SetCursor
LoadCursorW
CheckDlgButton
GetMessagePos
LoadBitmapW
CallWindowProcW
IsWindowVisible
CloseClipboard
SetClipboardData
wsprintfW
CreateWindowExW
SystemParametersInfoW
AppendMenuW
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharPrevW
CharNextA
wsprintfA
DispatchMessageW
PeekMessageW
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
GetDC
SetWindowLongW
LoadImageW
SendMessageTimeoutW
FindWindowExW
EmptyClipboard
OpenClipboard
TrackPopupMenu
EndPaint
ShowWindow
GetDlgItem
IsWindow
SetForegroundWindow

gdi32

SelectObject
SetBkMode
CreateFontIndirectW
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW

advapi32

RegCloseKey
RegOpenKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumKeyW

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

CoCreateInstance
CoTaskMemFree
OleInitialize
OleUninitialize

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 160KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

fc0224e99e736751432961db63a41b76

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GlobalAlloc
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 835B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 578B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Devastatingly143/Begyndelsesordene/network-wired-acquiring-symbolic.svg
Devastatingly143/Begyndelsesordene/start-here-symbolic.symbolic.png
.png
Devastatingly143/Begyndelsesordene/trophy-gold.png
.png
Devastatingly143/Begyndelsesordene/view-pin-symbolic.svg
.xml
Devastatingly143/Begyndelsesordene/vmrawdskver.dll
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Laursens/Synstetiskes/Laquais/Ttsiddende/ServiceCore.dll
.dll windows:6 windows x64 arch:x64

be6e213fa7580cb0840f3582136e536d

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19-09-2018 00:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

32:b5:c7:f8:c1:8a:7a:2b:fb:b5:27:46
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

04-06-2019 05:45

Not After

04-06-2022 05:45

Subject

SERIALNUMBER=23638777,CN=ASUSTEK COMPUTER INCORPORATION,O=ASUSTEK COMPUTER INCORPORATION,STREET=4F\, NO. 150\, LI-TE RD.\, PEI TOU,L=TAIPEI,ST=TAIPEI,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3e:e7:b8:78:d1:72:6c:0d:5c:f4:1f:23:9f:f3:7c:84:cd:a6:38:66:a7:32:67:5f:8f:89:00:3c:7d:bf:0b:3a
Signer

Actual PE Digest

3e:e7:b8:78:d1:72:6c:0d:5c:f4:1f:23:9f:f3:7c:84:cd:a6:38:66:a7:32:67:5f:8f:89:00:3c:7d:bf:0b:3a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\SourceCode\GC3.Service\production_V4.2\GamingCenter.Service\ServiceSDK\Release\ServiceCore.pdb

Imports

kernel32

CopyFileW
FindNextFileW
FindPackagesByPackageFamily
lstrcmpW
FindClose
OpenEventW
DisconnectNamedPipe
CreateNamedPipeW
ConnectNamedPipe
GetOverlappedResult
WriteFile
GetWindowsDirectoryW
OutputDebugStringA
GetEnvironmentVariableW
LoadLibraryW
FreeLibrary
GetFirmwareEnvironmentVariableW
FlushViewOfFile
TerminateThread
GetThreadId
MapViewOfFile
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
Sleep
CreateThread
GetModuleFileNameW
WideCharToMultiByte
MultiByteToWideChar
GetPrivateProfileStringW
GetSystemDirectoryW
GetExitCodeProcess
CreateFileMappingW
VerifyVersionInfoW
CreateProcessW
VerSetConditionMask
WTSGetActiveConsoleSessionId
LocalFree
GetProcAddress
Process32FirstW
Process32NextW
FormatMessageW
CreateToolhelp32Snapshot
OpenProcess
LocalAlloc
InitializeCriticalSectionEx
PeekNamedPipe
CreatePipe
TerminateProcess
GetCurrentProcess
SetLastError
CreateDirectoryW
ResetEvent
WaitForMultipleObjects
GetLastError
CreateEventW
WaitForSingleObject
SetEvent
DeleteCriticalSection
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SystemTimeToFileTime
FileTimeToSystemTime
lstrcmpA
FileTimeToLocalFileTime
GetCurrentThreadId
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
CloseHandle
ReadFile
GetFileSize
CreateFileW
FindFirstFileW
GetProcessHeap
HeapAlloc
OutputDebugStringW
FlushFileBuffers
HeapFree

user32

SetWindowPos
GetShellWindow
GetWindowThreadProcessId
FindWindowW
ShowWindow
IsIconic

advapi32

SetSecurityDescriptorDacl
CloseEventLog
NotifyChangeEventLog
ReadEventLogW
GetOldestEventLogRecord
GetNumberOfEventLogRecords
GetTokenInformation
RegQueryValueExW
AddAccessAllowedAce
DuplicateTokenEx
GetLengthSid
CreateProcessAsUserW
RegOpenKeyExW
InitializeAcl
RegNotifyChangeKeyValue
CryptDecrypt
CryptEncrypt
CryptSetKeyParam
CryptImportKey
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
RegDeleteTreeW
RegDeleteKeyExW
LookupPrivilegeValueW
OpenEventLogW
AdjustTokenPrivileges
RegCloseKey
RegQueryInfoKeyW
AllocateAndInitializeSid
SetEntriesInAclW
RegCreateKeyExW
ConvertStringSidToSidW
CreateProcessWithTokenW
RegEnumKeyExW
RegSetValueExW
OpenProcessToken
FreeSid
InitializeSecurityDescriptor

shell32

SHGetFolderPathW
ShellExecuteW
SHGetKnownFolderPath
SHGetSpecialFolderPathW

ole32

StringFromCLSID
CoUninitialize
CoCreateGuid
CoTaskMemFree
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance
CLSIDFromString

oleaut32

VariantClear
SysFreeString
VariantInit
SysStringLen
VarBstrCmp
SysAllocStringByteLen
SysStringByteLen
SysAllocString

msvcp140

?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
_Query_perf_frequency
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Xbad_alloc@std@@YAXXZ
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
_Query_perf_counter
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?_Ipfx@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?snextc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
?sgetc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
?_Throw_C_error@std@@YAXH@Z
_Thrd_start
_Thrd_join
_Mtx_init
_Mtx_lock
_Mtx_unlock
_Cnd_init
_Cnd_wait
_Cnd_signal
_Cnd_destroy
_Mtx_destroy
?_Throw_Cpp_error@std@@YAXH@Z
_Thrd_id
?_Xinvalid_argument@std@@YAXPEBD@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?uncaught_exception@std@@YA_NXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?unshift@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?id@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@2V0locale@2@A
_Cnd_do_broadcast_at_thread_exit
?_Getcat@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z
?get@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEBA?AV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@V32@0AEAVios_base@2@AEAHPEAUtm@@PEB_W4@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
?getloc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXXZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
_Mtx_destroy_in_situ
_Mtx_init_in_situ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ

bcrypt

BCryptOpenAlgorithmProvider
BCryptDestroyKey
BCryptExportKey
BCryptDecrypt
BCryptEncrypt
BCryptFinalizeKeyPair
BCryptGetProperty
BCryptGenRandom
BCryptGenerateKeyPair
BCryptCloseAlgorithmProvider
BCryptImportKey
BCryptImportKeyPair
BCryptGenerateSymmetricKey
BCryptSetProperty

shlwapi

PathFileExistsW
PathAppendW
PathIsDirectoryW

wevtapi

EvtQuery
EvtExportLog
EvtFormatMessage
EvtNext
EvtOpenPublisherMetadata

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW
WTSQueryUserToken
WTSQuerySessionInformationW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

api-ms-win-core-path-l1-1-0

PathCchRemoveFileSpec
PathAllocCombine
PathCchAppend

hid

HidP_GetCaps
HidD_GetPreparsedData
HidD_GetHidGuid
HidD_GetAttributes
HidD_GetFeature
HidD_FreePreparsedData

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW
SetupDiGetDeviceInterfaceDetailW

winhttp

WinHttpSetTimeouts
WinHttpOpenRequest
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpOpen
WinHttpConnect
WinHttpCloseHandle
WinHttpReadData

crypt32

CryptDecodeObject
CryptQueryObject
CertGetNameStringW
CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CryptMsgGetParam
CryptMsgClose

wintrust

WinVerifyTrust

vcruntime140

__std_exception_destroy
__std_terminate
__std_exception_copy
wcsrchr
_purecall
strchr
__std_type_info_compare
_CxxThrowException
memcmp
memcpy
memset
strstr
__C_specific_handler
__std_type_info_destroy_list
memchr
__CxxFrameHandler3
__RTDynamicCast
memmove

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfwprintf
__stdio_common_vswprintf_s
__acrt_iob_func
setvbuf
__stdio_common_vsscanf
__stdio_common_vsprintf
fopen_s
__stdio_common_vsnprintf_s
__stdio_common_vswprintf
fgetc
fgetwc
fputwc
ungetc
ungetwc
fseek
__stdio_common_vsprintf_s
fflush
ferror
fsetpos
_fseeki64
fgetpos
fwrite
fread
__stdio_common_vsnwprintf_s
ftell
fclose
__stdio_common_vfprintf

api-ms-win-crt-utility-l1-1-0

srand
rand

api-ms-win-crt-runtime-l1-1-0

signal
_crt_atexit
_invalid_parameter_noinfo
_configure_narrow_argv
_seh_filter_dll
_errno
_initialize_narrow_environment
_initterm_e
_initialize_onexit_table
_initterm
_register_onexit_function
_beginthreadex
_execute_onexit_table
_invalid_parameter_noinfo_noreturn
_cexit
terminate

api-ms-win-crt-string-l1-1-0

isalnum
tolower
_wcsicmp
strncpy_s
isalpha
towlower
strncmp
wcsnlen
strnlen
isspace
isdigit
wcscpy_s
_stricmp
wcstok_s
wcsncpy_s
_wcsnicmp
wcscat_s

api-ms-win-crt-time-l1-1-0

_localtime64_s
wcsftime
_time64

api-ms-win-crt-heap-l1-1-0

free
malloc
realloc
_callnewh

api-ms-win-crt-convert-l1-1-0

_itow_s
wcstol
_wtoi
mbstowcs_s

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

Exports

Exports

QueryLibrary

Sections

.text
Size: 381KB - Virtual size: 381KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 147KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Laursens/Synstetiskes/Laquais/Ttsiddende/System.Xml.ReaderWriter.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:02:13:8c:0c:1c:31:35:bc:d2:5f:00:00:00:00:02:13
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11-02-2021 20:09

Not After

10-02-2022 20:09

Subject

CN=.NET,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

83:d4:16:a6:5a:d6:da:53:01:65:e4:a8:f0:b5:11:fa:36:db:2a:4e:12:5d:a6:02:79:03:e2:5e:21:e0:13:81
Signer

Actual PE Digest

83:d4:16:a6:5a:d6:da:53:01:65:e4:a8:f0:b5:11:fa:36:db:2a:4e:12:5d:a6:02:79:03:e2:5e:21:e0:13:81

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\a\_work\1\s\artifacts\obj\System.Xml.ReaderWriter\net6.0-Release\System.Xml.ReaderWriter.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Laursens/Synstetiskes/Laquais/Ttsiddende/battery-caution-symbolic.symbolic.png
.png
Laursens/Synstetiskes/Laquais/Ttsiddende/dialog-password-symbolic.symbolic.png
.png
Laursens/Synstetiskes/Laquais/Ttsiddende/emblem-default.png
.png
Prostatism/Mellemfristet/Aprioriskes/format-justify-fill-symbolic.svg
.xml
Prostatism/Mellemfristet/Aprioriskes/help-browser.png
.png
Prostatism/Mellemfristet/Aprioriskes/lang-5146.dll
.dll windows:6 windows x86 arch:x86

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:fa:99:4d:66:0d:e6:59:ee:90:37:ec:b4:37:d7:66
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

14-10-2019 00:00

Not After

18-10-2022 12:00

Subject

CN=Piriform Software Ltd,OU=RE 901,O=Piriform Software Ltd,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-04-2011 19:41

Not After

15-04-2021 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-10-2019 00:00

Not After

17-10-2030 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6f:01:ba:5c:73:7a:6a:91:82:fa:04:f6:3a:3e:c6:f3:1b:03:91:8b:45:a0:0b:24:c8:2b:5a:5c:21:66:d2:79
Signer

Actual PE Digest

6f:01:ba:5c:73:7a:6a:91:82:fa:04:f6:3a:3e:c6:f3:1b:03:91:8b:45:a0:0b:24:c8:2b:5a:5c:21:66:d2:79

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Prostatism/Mellemfristet/Aprioriskes/libfreetype-6.dll
.dll windows:4 windows x64 arch:x64

1146bb668972f1fbf26bf7714c615b95

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

libbz2-1

BZ2_bzDecompress
BZ2_bzDecompressEnd
BZ2_bzDecompressInit

kernel32

CloseHandle
CreateFileA
CreateFileMappingA
DeleteCriticalSection
EnterCriticalSection
GetFileSizeEx
GetLastError
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
MapViewOfFile
MultiByteToWideChar
ReadFile
Sleep
TlsGetValue
UnmapViewOfFile
VirtualProtect
VirtualQuery
WideCharToMultiByte

msvcrt

___lc_codepage_func
___mb_cur_max_func
__iob_func
_amsg_exit
_errno
_initterm
_lock
_setjmp
_unlock
abort
calloc
fputc
free
fwrite
getenv
localeconv
longjmp
malloc
memchr
memcmp
memcpy
memmove
memset
qsort
realloc
strcat
strcmp
strcpy
strerror
strlen
strncmp
strncpy
strrchr
strstr
strtol
vfprintf
wcslen

libbrotlidec

BrotliDecoderDecompress

libharfbuzz-0

hb_buffer_add_utf8
hb_buffer_clear_contents
hb_buffer_create
hb_buffer_destroy
hb_buffer_get_glyph_infos
hb_buffer_get_glyph_positions
hb_buffer_get_length
hb_buffer_guess_segment_properties
hb_font_destroy
hb_font_get_face
hb_font_set_scale
hb_ft_font_create
hb_ot_layout_collect_lookups
hb_ot_layout_lookup_collect_glyphs
hb_ot_layout_lookup_would_substitute
hb_ot_tags_from_script_and_language
hb_set_create
hb_set_destroy
hb_set_is_empty
hb_set_next
hb_set_subtract
hb_shape

libpng16-16

png_create_info_struct
png_create_read_struct
png_destroy_read_struct
png_error
png_get_IHDR
png_get_error_ptr
png_get_io_ptr
png_get_valid
png_read_end
png_read_image
png_read_info
png_read_update_info
png_set_expand_gray_1_2_4_to_8
png_set_filler
png_set_gray_to_rgb
png_set_interlace_handling
png_set_longjmp_fn
png_set_packing
png_set_palette_to_rgb
png_set_read_fn
png_set_read_user_transform_fn
png_set_strip_16
png_set_tRNS_to_alpha

zlib1

inflate
inflateEnd
inflateInit2_
inflateReset

Exports

Exports

FTC_CMapCache_Lookup
FTC_CMapCache_New
FTC_ImageCache_Lookup
FTC_ImageCache_LookupScaler
FTC_ImageCache_New
FTC_Manager_Done
FTC_Manager_LookupFace
FTC_Manager_LookupSize
FTC_Manager_New
FTC_Manager_RemoveFaceID
FTC_Manager_Reset
FTC_Node_Unref
FTC_SBitCache_Lookup
FTC_SBitCache_LookupScaler
FTC_SBitCache_New
FT_Activate_Size
FT_Add_Default_Modules
FT_Add_Module
FT_Angle_Diff
FT_Atan2
FT_Attach_File
FT_Attach_Stream
FT_Bitmap_Blend
FT_Bitmap_Convert
FT_Bitmap_Copy
FT_Bitmap_Done
FT_Bitmap_Embolden
FT_Bitmap_Init
FT_Bitmap_New
FT_CeilFix
FT_ClassicKern_Free
FT_ClassicKern_Validate
FT_Cos
FT_DivFix
FT_Done_Face
FT_Done_FreeType
FT_Done_Glyph
FT_Done_Library
FT_Done_MM_Var
FT_Done_Size
FT_Error_String
FT_Face_CheckTrueTypePatents
FT_Face_GetCharVariantIndex
FT_Face_GetCharVariantIsDefault
FT_Face_GetCharsOfVariant
FT_Face_GetVariantSelectors
FT_Face_GetVariantsOfChar
FT_Face_Properties
FT_Face_SetUnpatentedHinting
FT_FloorFix
FT_Get_Advance
FT_Get_Advances
FT_Get_BDF_Charset_ID
FT_Get_BDF_Property
FT_Get_CID_From_Glyph_Index
FT_Get_CID_Is_Internally_CID_Keyed
FT_Get_CID_Registry_Ordering_Supplement
FT_Get_CMap_Format
FT_Get_CMap_Language_ID
FT_Get_Char_Index
FT_Get_Charmap_Index
FT_Get_Color_Glyph_Layer
FT_Get_Color_Glyph_Paint
FT_Get_Colorline_Stops
FT_Get_FSType_Flags
FT_Get_First_Char
FT_Get_Font_Format
FT_Get_Gasp
FT_Get_Glyph
FT_Get_Glyph_Name
FT_Get_Kerning
FT_Get_MM_Blend_Coordinates
FT_Get_MM_Var
FT_Get_MM_WeightVector
FT_Get_Module
FT_Get_Multi_Master
FT_Get_Name_Index
FT_Get_Next_Char
FT_Get_PFR_Advance
FT_Get_PFR_Kerning
FT_Get_PFR_Metrics
FT_Get_PS_Font_Info
FT_Get_PS_Font_Private
FT_Get_PS_Font_Value
FT_Get_Paint
FT_Get_Paint_Layers
FT_Get_Postscript_Name
FT_Get_Renderer
FT_Get_Sfnt_LangTag
FT_Get_Sfnt_Name
FT_Get_Sfnt_Name_Count
FT_Get_Sfnt_Table
FT_Get_SubGlyph_Info
FT_Get_Track_Kerning
FT_Get_Transform
FT_Get_TrueType_Engine_Type
FT_Get_Var_Axis_Flags
FT_Get_Var_Blend_Coordinates
FT_Get_Var_Design_Coordinates
FT_Get_WinFNT_Header
FT_Get_X11_Font_Format
FT_GlyphSlot_Embolden
FT_GlyphSlot_Oblique
FT_GlyphSlot_Own_Bitmap
FT_Glyph_Copy
FT_Glyph_Get_CBox
FT_Glyph_Stroke
FT_Glyph_StrokeBorder
FT_Glyph_To_Bitmap
FT_Glyph_Transform
FT_Gzip_Uncompress
FT_Has_PS_Glyph_Names
FT_Init_FreeType
FT_Library_SetLcdFilter
FT_Library_SetLcdFilterWeights
FT_Library_SetLcdGeometry
FT_Library_Version
FT_List_Add
FT_List_Finalize
FT_List_Find
FT_List_Insert
FT_List_Iterate
FT_List_Remove
FT_List_Up
FT_Load_Char
FT_Load_Glyph
FT_Load_Sfnt_Table
FT_Matrix_Invert
FT_Matrix_Multiply
FT_MulDiv
FT_MulFix
FT_New_Face
FT_New_Glyph
FT_New_Library
FT_New_Memory_Face
FT_New_Size
FT_OpenType_Free
FT_OpenType_Validate
FT_Open_Face
FT_Outline_Check
FT_Outline_Copy
FT_Outline_Decompose
FT_Outline_Done
FT_Outline_Embolden
FT_Outline_EmboldenXY
FT_Outline_GetInsideBorder
FT_Outline_GetOutsideBorder
FT_Outline_Get_BBox
FT_Outline_Get_Bitmap
FT_Outline_Get_CBox
FT_Outline_Get_Orientation
FT_Outline_New
FT_Outline_Render
FT_Outline_Reverse
FT_Outline_Transform
FT_Outline_Translate
FT_Palette_Data_Get
FT_Palette_Select
FT_Palette_Set_Foreground_Color
FT_Property_Get
FT_Property_Set
FT_Reference_Face
FT_Reference_Library
FT_Remove_Module
FT_Render_Glyph
FT_Request_Size
FT_RoundFix
FT_Select_Charmap
FT_Select_Size
FT_Set_Char_Size
FT_Set_Charmap
FT_Set_Debug_Hook
FT_Set_Default_Log_Handler
FT_Set_Default_Properties
FT_Set_Log_Handler
FT_Set_MM_Blend_Coordinates
FT_Set_MM_Design_Coordinates
FT_Set_MM_WeightVector
FT_Set_Named_Instance
FT_Set_Pixel_Sizes
FT_Set_Renderer
FT_Set_Transform
FT_Set_Var_Blend_Coordinates
FT_Set_Var_Design_Coordinates
FT_Sfnt_Table_Info
FT_Sin
FT_Stream_OpenBzip2
FT_Stream_OpenGzip
FT_Stream_OpenLZW
FT_Stroker_BeginSubPath
FT_Stroker_ConicTo
FT_Stroker_CubicTo
FT_Stroker_Done
FT_Stroker_EndSubPath
FT_Stroker_Export
FT_Stroker_ExportBorder
FT_Stroker_GetBorderCounts
FT_Stroker_GetCounts
FT_Stroker_LineTo
FT_Stroker_New
FT_Stroker_ParseOutline
FT_Stroker_Rewind
FT_Stroker_Set
FT_Tan
FT_Trace_Set_Default_Level
FT_Trace_Set_Level
FT_TrueTypeGX_Free
FT_TrueTypeGX_Validate
FT_Vector_From_Polar
FT_Vector_Length
FT_Vector_Polarize
FT_Vector_Rotate
FT_Vector_Transform
FT_Vector_Unit
TT_New_Context
TT_RunIns

Sections

.text
Size: 542KB - Virtual size: 541KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Puntlatsh/Chromophobic30/APM_Aiff.dll
.dll windows:5 windows x86 arch:x86

3e064ee4c6db94f08b3e7aaf4c13b6ee

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4d:7a:5e:95:c9:2e:17:b8:e5:b3:1a:2b:d0:45:3a:49
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

14-04-2015 00:00

Not After

13-07-2018 23:59

Subject

CN=Nero AG,O=Nero AG,L=Karlsruhe,ST=Baden Wuerttemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2a:36:41:b9:fa:8b:db:22:e0:8a:a4:cb:1a:9b:cc:f4:f4:8d:64:e7
Signer

Actual PE Digest

2a:36:41:b9:fa:8b:db:22:e0:8a:a4:cb:1a:9b:cc:f4:f4:8d:64:e7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Builds\149\N2\HO_MMC_g_2016_r_2016\Sources\AudioPluginMgr\plugins\aiff\Release\Aiff.pdb

Imports

mfc110u

ord10130
ord10132
ord10131
ord10129
ord10133
ord5528
ord11563
ord11564
ord8990
ord11927
ord3780
ord11774
ord14408
ord8816
ord12058
ord6840
ord9318
ord10847
ord9106
ord3211
ord13699
ord12097
ord12095
ord1707
ord1716
ord1724
ord1720
ord1729
ord4858
ord4895
ord4866
ord4878
ord4874
ord4870
ord4901
ord1467
ord4862
ord4905
ord4883
ord4847
ord4853
ord4886
ord4441
ord5664
ord9541
ord4433
ord3000
ord14410
ord7771
ord14416
ord14328
ord6739
ord11555
ord14055
ord12860
ord13952
ord13524
ord5806
ord2628
ord11962
ord3882
ord3317
ord3316
ord3210
ord12006
ord996
ord7879
ord300
ord2122
ord2707
ord8055
ord10100
ord3247
ord3250
ord13577
ord6091
ord6000
ord3758
ord922
ord13076
ord1403
ord4821
ord3635
ord6401
ord457
ord3109
ord3348
ord3349
ord4033
ord4424
ord10317
ord11233
ord10860
ord8891
ord1104
ord12010
ord9060
ord2706
ord13573
ord6089
ord11969
ord7345
ord499
ord5461
ord1135
ord6367
ord3092
ord4163
ord8597
ord2938
ord3814
ord1063
ord8979
ord3636
ord3639
ord6360
ord3090
ord4160
ord1059
ord8977
ord6419
ord1126
ord9059
ord8064
ord5285
ord7563
ord7573
ord7572
ord5109
ord5287
ord5131
ord5401
ord9200
ord5635
ord5425
ord5128
ord293
ord5792
ord2279
ord1645
ord4265
ord1688
ord2942
ord14240
ord280
ord2935
ord4825
ord6887
ord2335
ord2194
ord968
ord13077
ord1441
ord5753
ord550
ord8349
ord1646
ord6046
ord1175
ord1656
ord8028
ord316
ord306
ord1040
ord1523
ord1644
ord1654
ord4264
ord5755
ord8027
ord296
ord286
ord290
ord1039
ord1514
ord1516
ord1678
ord1681
ord2941
ord8610
ord8204
ord8308
ord5756
ord5211
ord1517
ord5212
ord485
ord1524
ord1521
ord1502
ord12182
ord14424
ord12239
ord14477
ord2329
ord323
ord1045
ord6617
ord266
ord2331
ord2324
ord265
ord4754
ord4891
ord3791
ord1505
ord324
ord1046
ord2311
ord2354
ord2357
ord2322
ord2356
ord484
ord2216
ord2320
ord2134
ord2248
ord2345
ord1504

msvcr110

_localtime64_s
ldexp
_wtoi
_mktime64
isdigit
_recalloc
floor
calloc
free
memmove
__RTDynamicCast
iswalnum
memcpy_s
wcsftime
frexp
_CxxThrowException
__CxxFrameHandler3
memcpy
wcschr
wcsncpy_s
atoi
iswalpha
_snwprintf_s
__clean_type_info_names_internal
_except_handler4_common
?terminate@@YAXXZ
_initterm_e
_initterm
_malloc_crt
_amsg_exit
__CppXcptFilter
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
_stricmp
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
??1type_info@@UAE@XZ
_wcsnicmp
memset
_purecall

kernel32

LockResource
GetLastError
MultiByteToWideChar
GetFileSize
FileTimeToSystemTime
CreateFileW
SizeofResource
LoadResource
FindResourceW
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
LeaveCriticalSection
GetFileTime
CloseHandle
FileTimeToLocalFileTime
SetFilePointer
WriteFile
ReadFile
FreeLibrary
GetProcAddress
InitializeCriticalSection
EnterCriticalSection
DeleteCriticalSection
LoadLibraryW
GetEnvironmentVariableW
ResumeThread
WaitForSingleObject
GetTickCount
SetEvent
ResetEvent
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
LocalFree
LocalAlloc
CreateSemaphoreW
CreateEventW
CreateMutexW
ReleaseMutex
ReleaseSemaphore
InterlockedIncrement

user32

IsWindow
GetMenuItemCount
GetClassNameW
GetWindowTextW
GetWindowLongW
ModifyMenuW
GetMenuStringW
SendMessageW
GetMenuItemID
AdjustWindowRect
EnableWindow
GetClientRect
GetWindowRect
MessageBoxW
SetWindowTextW
GetSubMenu
GetWindow

advapi32

RegQueryValueExW
RegOpenKeyW
RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegCreateKeyW

ole32

CoCreateInstance

oleaut32

SysFreeString

crypt32

CertGetNameStringW
CertFindCertificateInStore
CryptMsgGetParam
CryptQueryObject

msvcp110

??0id@locale@std@@QAE@I@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAPBDH@Z

wintrust

WinVerifyTrust

Exports

Exports

NERO_PLUGIN_GetPrimaryAudioObject
NERO_PLUGIN_ReadyToFinish

Sections

.text
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Puntlatsh/Chromophobic30/Corbin.Und
Puntlatsh/Chromophobic30/Siddebadets.Eng
Symbranchia/libgmp-10.dll
.dll windows:4 windows x64 arch:x64

50d3e0798b0b3d30fc332b48dda65861

Code Sign

5d:38:d8:bd:64:45:50:68:c2:d1:c7:40:88:c5:e2:8a
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

13-02-2019 00:00

Not After

12-02-2022 23:59

Subject

CN=Tim Kosse,O=Tim Kosse,POSTALCODE=50823,STREET=Lukasstr. 10,L=Köln,ST=NRW,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30-05-2000 10:48

Not After

30-05-2020 10:48

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

13:ea:28:70:5b:f4:ec:ed:0c:36:63:09:80:61:43:36
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30-05-2000 10:48

Not After

30-05-2020 10:48

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

93:8f:a8:f6:fa:33:15:d7:f9:f4:a9:a5:53:fd:8a:d8:79:97:c5:95:85:5d:35:a5:28:92:5a:81:2e:1a:19:15
Signer

Actual PE Digest

93:8f:a8:f6:fa:33:15:d7:f9:f4:a9:a5:53:fd:8a:d8:79:97:c5:95:85:5d:35:a5:28:92:5a:81:2e:1a:19:15

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
GetLastError
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
MultiByteToWideChar
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
WideCharToMultiByte

msvcrt

___lc_codepage_func
___mb_cur_max_func
__iob_func
_amsg_exit
_errno
_initterm
_lock
_unlock
abort
calloc
ferror
fgetc
fputc
fread
free
fwrite
getc
islower
isspace
isupper
isxdigit
localeconv
malloc
memcpy
memmove
memset
putc
raise
realloc
strchr
strerror
strlen
strncmp
strstr
strtol
strtoul
tolower
ungetc
vfprintf
wcslen

Exports

Exports

__gmp_0
__gmp_allocate_func
__gmp_asprintf
__gmp_asprintf_final
__gmp_asprintf_funs
__gmp_asprintf_memory
__gmp_asprintf_reps
__gmp_assert_fail
__gmp_assert_header
__gmp_binvert_limb_table
__gmp_bits_per_limb
__gmp_default_allocate
__gmp_default_fp_limb_precision
__gmp_default_free
__gmp_default_reallocate
__gmp_digit_value_tab
__gmp_divide_by_zero
__gmp_doprnt
__gmp_doprnt_integer
__gmp_doprnt_mpf2
__gmp_doscan
__gmp_errno
__gmp_exception
__gmp_extract_double
__gmp_fac2cnt_table
__gmp_fib_table
__gmp_fprintf
__gmp_fprintf_funs
__gmp_free_func
__gmp_fscanf
__gmp_fscanf_funs
__gmp_get_memory_functions
__gmp_init_primesieve
__gmp_invalid_operation
__gmp_jacobi_table
__gmp_junk
__gmp_limbroots_table
__gmp_mt_recalc_buffer
__gmp_nextprime
__gmp_odd2fac_table
__gmp_oddfac_table
__gmp_primesieve
__gmp_printf
__gmp_randclear
__gmp_randclear_mt
__gmp_randget_mt
__gmp_randinit
__gmp_randinit_default
__gmp_randinit_lc_2exp
__gmp_randinit_lc_2exp_size
__gmp_randinit_mt
__gmp_randinit_mt_noseed
__gmp_randinit_set
__gmp_randiset_mt
__gmp_rands
__gmp_rands_initialized
__gmp_randseed
__gmp_randseed_ui
__gmp_reallocate_func
__gmp_scanf
__gmp_set_memory_functions
__gmp_snprintf
__gmp_snprintf_funs
__gmp_sprintf
__gmp_sprintf_funs
__gmp_sqrt_of_negative
__gmp_sscanf
__gmp_sscanf_funs
__gmp_tmp_reentrant_alloc
__gmp_tmp_reentrant_free
__gmp_urandomb_ui
__gmp_urandomm_ui
__gmp_vasprintf
__gmp_version
__gmp_vfprintf
__gmp_vfscanf
__gmp_vprintf
__gmp_vscanf
__gmp_vsnprintf
__gmp_vsprintf
__gmp_vsscanf
__gmpf_abs
__gmpf_add
__gmpf_add_ui
__gmpf_ceil
__gmpf_clear
__gmpf_clears
__gmpf_cmp
__gmpf_cmp_d
__gmpf_cmp_si
__gmpf_cmp_ui
__gmpf_cmp_z
__gmpf_div
__gmpf_div_2exp
__gmpf_div_ui
__gmpf_dump
__gmpf_eq
__gmpf_fits_sint_p
__gmpf_fits_slong_p
__gmpf_fits_sshort_p
__gmpf_fits_uint_p
__gmpf_fits_ulong_p
__gmpf_fits_ushort_p
__gmpf_floor
__gmpf_get_d
__gmpf_get_d_2exp
__gmpf_get_default_prec
__gmpf_get_prec
__gmpf_get_si
__gmpf_get_str
__gmpf_get_ui
__gmpf_init
__gmpf_init2
__gmpf_init_set
__gmpf_init_set_d
__gmpf_init_set_si
__gmpf_init_set_str
__gmpf_init_set_ui
__gmpf_inits
__gmpf_inp_str
__gmpf_integer_p
__gmpf_mul
__gmpf_mul_2exp
__gmpf_mul_ui
__gmpf_neg
__gmpf_out_str
__gmpf_pow_ui
__gmpf_random2
__gmpf_reldiff
__gmpf_set
__gmpf_set_d
__gmpf_set_default_prec
__gmpf_set_prec
__gmpf_set_prec_raw
__gmpf_set_q
__gmpf_set_si
__gmpf_set_str
__gmpf_set_ui
__gmpf_set_z
__gmpf_size
__gmpf_sqrt
__gmpf_sqrt_ui
__gmpf_sub
__gmpf_sub_ui
__gmpf_swap
__gmpf_trunc
__gmpf_ui_div
__gmpf_ui_sub
__gmpf_urandomb
__gmpn_add
__gmpn_add_1
__gmpn_add_err1_n
__gmpn_add_err2_n
__gmpn_add_err3_n
__gmpn_add_n
__gmpn_add_n_atom
__gmpn_add_n_bd1
__gmpn_add_n_bt1
__gmpn_add_n_core2
__gmpn_add_n_coreihwl
__gmpn_add_n_coreisbr
__gmpn_add_n_goldmont
__gmpn_add_n_init
__gmpn_add_n_pentium4
__gmpn_add_n_silvermont
__gmpn_add_n_sub_n
__gmpn_add_n_x86_64
__gmpn_add_nc_atom
__gmpn_add_nc_bd1
__gmpn_add_nc_bt1
__gmpn_add_nc_core2
__gmpn_add_nc_coreihwl
__gmpn_add_nc_coreisbr
__gmpn_add_nc_goldmont
__gmpn_add_nc_pentium4
__gmpn_add_nc_silvermont
__gmpn_add_nc_x86_64
__gmpn_addlsh1_n
__gmpn_addlsh1_n_atom
__gmpn_addlsh1_n_bd1
__gmpn_addlsh1_n_core2
__gmpn_addlsh1_n_coreisbr
__gmpn_addlsh1_n_init
__gmpn_addlsh1_n_pentium4
__gmpn_addlsh1_n_silvermont
__gmpn_addlsh1_n_x86_64
__gmpn_addlsh1_n_zen
__gmpn_addlsh1_nc_atom
__gmpn_addlsh1_nc_bd1
__gmpn_addlsh1_nc_coreisbr
__gmpn_addlsh1_nc_zen
__gmpn_addlsh2_n
__gmpn_addlsh2_n_atom
__gmpn_addlsh2_n_core2
__gmpn_addlsh2_n_coreisbr
__gmpn_addlsh2_n_init
__gmpn_addlsh2_n_pentium4
__gmpn_addlsh2_n_silvermont
__gmpn_addlsh2_n_x86_64
__gmpn_addlsh2_nc_coreisbr
__gmpn_addlsh_n
__gmpn_addmul_1
__gmpn_addmul_1_atom
__gmpn_addmul_1_bd1
__gmpn_addmul_1_bt1
__gmpn_addmul_1_core2
__gmpn_addmul_1_coreibwl
__gmpn_addmul_1_coreihwl
__gmpn_addmul_1_coreinhm
__gmpn_addmul_1_coreisbr
__gmpn_addmul_1_goldmont
__gmpn_addmul_1_init
__gmpn_addmul_1_pentium4
__gmpn_addmul_1_silvermont
__gmpn_addmul_1_x86_64
__gmpn_addmul_1_zen
__gmpn_addmul_1c_core2
__gmpn_addmul_1c_silvermont
__gmpn_addmul_2
__gmpn_addmul_2_atom
__gmpn_addmul_2_bd1
__gmpn_addmul_2_coreihwl
__gmpn_addmul_2_coreisbr
__gmpn_addmul_2_fat
__gmpn_addmul_2_init
__gmpn_addmul_2_k8
__gmpn_addmul_2_pentium4
__gmpn_and_n
__gmpn_andn_n
__gmpn_bases
__gmpn_bc_mulmod_bnm1
__gmpn_bc_set_str
__gmpn_bdiv_dbm1c
__gmpn_bdiv_dbm1c_init
__gmpn_bdiv_dbm1c_x86_64
__gmpn_bdiv_q
__gmpn_bdiv_q_1
__gmpn_bdiv_q_itch
__gmpn_bdiv_qr
__gmpn_bdiv_qr_itch
__gmpn_binvert
__gmpn_binvert_itch
__gmpn_broot
__gmpn_broot_invm1
__gmpn_brootinv
__gmpn_bsqrt
__gmpn_bsqrtinv
__gmpn_cmp
__gmpn_cnd_add_n
__gmpn_cnd_add_n_atom
__gmpn_cnd_add_n_coreisbr
__gmpn_cnd_add_n_init
__gmpn_cnd_add_n_x86_64
__gmpn_cnd_sub_n
__gmpn_cnd_sub_n_atom
__gmpn_cnd_sub_n_coreisbr
__gmpn_cnd_sub_n_init
__gmpn_cnd_sub_n_x86_64
__gmpn_cnd_swap
__gmpn_com
__gmpn_com_atom
__gmpn_com_bd1
__gmpn_com_bt2
__gmpn_com_core2
__gmpn_com_init
__gmpn_com_x86_64
__gmpn_com_zen
__gmpn_compute_powtab
__gmpn_copyd
__gmpn_copyd_atom
__gmpn_copyd_bd1
__gmpn_copyd_bt1
__gmpn_copyd_bt2
__gmpn_copyd_core2
__gmpn_copyd_init
__gmpn_copyd_nano
__gmpn_copyd_x86_64
__gmpn_copyd_zen
__gmpn_copyi
__gmpn_copyi_atom
__gmpn_copyi_bd1
__gmpn_copyi_bt1
__gmpn_copyi_bt2
__gmpn_copyi_core2
__gmpn_copyi_init
__gmpn_copyi_nano
__gmpn_copyi_x86_64
__gmpn_copyi_zen
__gmpn_cpuid
__gmpn_cpuvec
__gmpn_cpuvec_init
__gmpn_cpuvec_initialized
__gmpn_dc_set_str
__gmpn_dcpi1_bdiv_q
__gmpn_dcpi1_bdiv_qr
__gmpn_dcpi1_bdiv_qr_n
__gmpn_dcpi1_bdiv_qr_n_itch
__gmpn_dcpi1_div_q
__gmpn_dcpi1_div_qr
__gmpn_dcpi1_div_qr_n
__gmpn_dcpi1_divappr_q
__gmpn_div_q
__gmpn_div_qr_1
__gmpn_div_qr_1n_pi1
__gmpn_div_qr_2
__gmpn_div_qr_2n_pi1
__gmpn_div_qr_2u_pi1
__gmpn_divexact
__gmpn_divexact_1
__gmpn_divexact_1_atom
__gmpn_divexact_1_init
__gmpn_divexact_1_nano
__gmpn_divexact_1_x86_64
__gmpn_divexact_by3
__gmpn_divexact_by3c
__gmpn_divisible_p
__gmpn_divmod_1
__gmpn_divrem
__gmpn_divrem_1
__gmpn_divrem_1_core2
__gmpn_divrem_1_coreisbr
__gmpn_divrem_1_init
__gmpn_divrem_1_x86_64
__gmpn_divrem_2
__gmpn_dump
__gmpn_fft_best_k
__gmpn_fft_next_size
__gmpn_fib2_ui
__gmpn_fib2m
__gmpn_gcd
__gmpn_gcd_1
__gmpn_gcd_11
__gmpn_gcd_11_bd1
__gmpn_gcd_11_bt1
__gmpn_gcd_11_bt2
__gmpn_gcd_11_core2
__gmpn_gcd_11_coreisbr
__gmpn_gcd_11_init
__gmpn_gcd_11_k10
__gmpn_gcd_11_nano
__gmpn_gcd_11_x86_64
__gmpn_gcd_11_zen
__gmpn_gcd_22
__gmpn_gcd_subdiv_step
__gmpn_gcdext
__gmpn_gcdext_1
__gmpn_gcdext_hook
__gmpn_gcdext_lehmer_n
__gmpn_get_d
__gmpn_get_str
__gmpn_hamdist
__gmpn_hgcd
__gmpn_hgcd2
__gmpn_hgcd2_jacobi
__gmpn_hgcd_appr
__gmpn_hgcd_appr_itch
__gmpn_hgcd_itch
__gmpn_hgcd_jacobi
__gmpn_hgcd_matrix_adjust
__gmpn_hgcd_matrix_init
__gmpn_hgcd_matrix_mul
__gmpn_hgcd_matrix_mul_1
__gmpn_hgcd_matrix_update_q
__gmpn_hgcd_mul_matrix1_vector
__gmpn_hgcd_reduce
__gmpn_hgcd_reduce_itch
__gmpn_hgcd_step
__gmpn_invert
__gmpn_invert_limb
__gmpn_invert_limb_table
__gmpn_invertappr
__gmpn_ior_n
__gmpn_iorn_n
__gmpn_jacobi_2
__gmpn_jacobi_base
__gmpn_jacobi_n
__gmpn_lshift
__gmpn_lshift_atom
__gmpn_lshift_core2
__gmpn_lshift_coreisbr
__gmpn_lshift_init
__gmpn_lshift_k10
__gmpn_lshift_pentium4
__gmpn_lshift_silvermont
__gmpn_lshift_x86_64
__gmpn_lshift_zen
__gmpn_lshiftc
__gmpn_lshiftc_atom
__gmpn_lshiftc_core2
__gmpn_lshiftc_coreisbr
__gmpn_lshiftc_init
__gmpn_lshiftc_k10
__gmpn_lshiftc_pentium4
__gmpn_lshiftc_silvermont
__gmpn_lshiftc_x86_64
__gmpn_lshiftc_zen
__gmpn_matrix22_mul
__gmpn_matrix22_mul1_inverse_vector
__gmpn_matrix22_mul_itch
__gmpn_mod_1
__gmpn_mod_1_1p
__gmpn_mod_1_1p_cps
__gmpn_mod_1_1p_cps_init
__gmpn_mod_1_1p_cps_x86_64
__gmpn_mod_1_1p_init
__gmpn_mod_1_1p_x86_64
__gmpn_mod_1_fat
__gmpn_mod_1_init
__gmpn_mod_1s_2p
__gmpn_mod_1s_2p_cps
__gmpn_mod_1s_2p_cps_init
__gmpn_mod_1s_2p_cps_x86_64
__gmpn_mod_1s_2p_init
__gmpn_mod_1s_2p_x86_64
__gmpn_mod_1s_3p
__gmpn_mod_1s_3p_cps
__gmpn_mod_1s_4p
__gmpn_mod_1s_4p_cps
__gmpn_mod_1s_4p_cps_init
__gmpn_mod_1s_4p_cps_x86_64
__gmpn_mod_1s_4p_init
__gmpn_mod_1s_4p_x86_64
__gmpn_mod_34lsub1
__gmpn_mod_34lsub1_init
__gmpn_mod_34lsub1_pentium4
__gmpn_mod_34lsub1_x86_64
__gmpn_modexact_1_odd_x86_64
__gmpn_modexact_1c_odd
__gmpn_modexact_1c_odd_init
__gmpn_modexact_1c_odd_x86_64
__gmpn_mu_bdiv_q
__gmpn_mu_bdiv_q_itch
__gmpn_mu_bdiv_qr
__gmpn_mu_bdiv_qr_itch
__gmpn_mu_div_q
__gmpn_mu_div_q_itch
__gmpn_mu_div_qr
__gmpn_mu_div_qr_itch
__gmpn_mu_divappr_q
__gmpn_mu_divappr_q_itch
__gmpn_mul
__gmpn_mul_1
__gmpn_mul_1_atom
__gmpn_mul_1_bd1
__gmpn_mul_1_bt1
__gmpn_mul_1_coreihwl
__gmpn_mul_1_coreisbr
__gmpn_mul_1_goldmont
__gmpn_mul_1_init
__gmpn_mul_1_pentium4
__gmpn_mul_1_silvermont
__gmpn_mul_1_x86_64
__gmpn_mul_1_zen
__gmpn_mul_1c_atom
__gmpn_mul_1c_bd1
__gmpn_mul_1c_bt1
__gmpn_mul_1c_coreisbr
__gmpn_mul_1c_goldmont
__gmpn_mul_1c_pentium4
__gmpn_mul_1c_silvermont
__gmpn_mul_1c_x86_64
__gmpn_mul_1c_zen
__gmpn_mul_2
__gmpn_mul_basecase
__gmpn_mul_basecase_bd1
__gmpn_mul_basecase_bt1
__gmpn_mul_basecase_core2
__gmpn_mul_basecase_coreibwl
__gmpn_mul_basecase_coreihwl
__gmpn_mul_basecase_coreisbr
__gmpn_mul_basecase_fat
__gmpn_mul_basecase_init
__gmpn_mul_basecase_k8
__gmpn_mul_basecase_pentium4
__gmpn_mul_basecase_silvermont
__gmpn_mul_basecase_zen
__gmpn_mul_fft
__gmpn_mul_n
__gmpn_mullo_basecase
__gmpn_mullo_basecase_core2
__gmpn_mullo_basecase_coreibwl
__gmpn_mullo_basecase_coreihwl
__gmpn_mullo_basecase_coreisbr
__gmpn_mullo_basecase_fat
__gmpn_mullo_basecase_init
__gmpn_mullo_basecase_k8
__gmpn_mullo_basecase_pentium4
__gmpn_mullo_basecase_silvermont
__gmpn_mullo_basecase_zen
__gmpn_mullo_n
__gmpn_mulmid
__gmpn_mulmid_basecase
__gmpn_mulmid_n
__gmpn_mulmod_bnm1
__gmpn_mulmod_bnm1_next_size
__gmpn_nand_n
__gmpn_neg
__gmpn_ni_invertappr
__gmpn_nior_n
__gmpn_nussbaumer_mul

Sections

.text
Size: 501KB - Virtual size: 501KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Symbranchia/microphone-hardware-disabled-symbolic.symbolic.png
.png
Symbranchia/network-idle-symbolic.svg
Udspecificerendes/Kommunekemis/demasculinisation/Blizzard.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

CreateFileA
LoadLibraryA

Sections

a
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

b
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

c
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Udspecificerendes/Kommunekemis/demasculinisation/Bluetooth Suite help_LV.chm
.chm
Udspecificerendes/Kommunekemis/demasculinisation/How-To CFF Extension.pdf
.pdf
- http://rcCheckButton.top
- http://www.codeproject.com/

Sharing

General

Malware Config

Signatures

Files

Password: infected

7ed0d71376e55d58ab36dc7d3ffda898

Code Sign

18:21:4f:ce:f7:4c:d2:cfCertificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

7a:0e:0b:68:73:f6:da:56:cf:93:ec:a9:72:34:0a:94:db:88:30:2e:2a:47:b4:05:e4:6d:b8:16:77:52:88:86Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 1KB - Virtual size: 171KB

.ndata Size: - Virtual size: 160KB

.rsrc Size: 117KB - Virtual size: 117KB

fc0224e99e736751432961db63a41b76

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 835B

.data Size: 512B - Virtual size: 120B

.reloc Size: 1024B - Virtual size: 578B

Headers

DLL Characteristics

File Characteristics

Sections

.rdata Size: 512B - Virtual size: 112B

.rsrc Size: 1024B - Virtual size: 808B

be6e213fa7580cb0840f3582136e536d

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6aCertificate

Key Usages

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0fCertificate

Extended Key Usages

Key Usages

32:b5:c7:f8:c1:8a:7a:2b:fb:b5:27:46Certificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

3e:e7:b8:78:d1:72:6c:0d:5c:f4:1f:23:9f:f3:7c:84:cd:a6:38:66:a7:32:67:5f:8f:89:00:3c:7d:bf:0b:3aSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

18:21:4f:ce:f7:4c:d2:cf
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

7a:0e:0b:68:73:f6:da:56:cf:93:ec:a9:72:34:0a:94:db:88:30:2e:2a:47:b4:05:e4:6d:b8:16:77:52:88:86
Signer

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 1KB - Virtual size: 171KB

.ndata
Size: - Virtual size: 160KB

.rsrc
Size: 117KB - Virtual size: 117KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 835B

.data
Size: 512B - Virtual size: 120B

.reloc
Size: 1024B - Virtual size: 578B

.rdata
Size: 512B - Virtual size: 112B

.rsrc
Size: 1024B - Virtual size: 808B

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

32:b5:c7:f8:c1:8a:7a:2b:fb:b5:27:46
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

3e:e7:b8:78:d1:72:6c:0d:5c:f4:1f:23:9f:f3:7c:84:cd:a6:38:66:a7:32:67:5f:8f:89:00:3c:7d:bf:0b:3a
Signer

.text
Size: 381KB - Virtual size: 381KB

.rdata
Size: 147KB - Virtual size: 147KB

.data
Size: 10KB - Virtual size: 12KB

.pdata
Size: 17KB - Virtual size: 16KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB

33:00:00:02:13:8c:0c:1c:31:35:bc:d2:5f:00:00:00:00:02:13
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

83:d4:16:a6:5a:d6:da:53:01:65:e4:a8:f0:b5:11:fa:36:db:2a:4e:12:5d:a6:02:79:03:e2:5e:21:e0:13:81
Signer

.text
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

02:fa:99:4d:66:0d:e6:59:ee:90:37:ec:b4:37:d7:66
Certificate

61:1c:b2:8a:00:00:00:00:00:26
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

6f:01:ba:5c:73:7a:6a:91:82:fa:04:f6:3a:3e:c6:f3:1b:03:91:8b:45:a0:0b:24:c8:2b:5a:5c:21:66:d2:79
Signer